⬢ GM Security — 2026-06-20: $8.8M across 29 incidents

Daily crypto security briefing

2026-06-20 17:10 UTC · last 72h · 29 items · $8.8M reported losses · 47 sources

Last 24 hours

[EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. — ~$1.1M (@PeckShieldAlert)
[EXPLOIT · NEW] @GoPlusSecurity: 🚨GoPlus Security Alert: — ~$4.7M (@GoPlusSecurity)
also: @GoPlusSecurity · @GoPlusSecurity
[ADVISORY · NEW] Michael Saylor fires back as STRC crash sparks fraud claims (crypto.news)
[ADVISORY · NEW] CZ proposes freezing Satoshi Bitcoin stash to stop quantum theft (crypto.news)
[ENFORCEMENT · NEW] Garcia brothers admit $8M crypto heist after family kidnapping — ~$8.0M (crypto.news)
[ADVISORY · NEW] EU targets privacy coins while leaving Bitcoin transfers untouched (crypto.news)
[OTHER · NEW] @pcaversaccio: dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mi… (pcaversaccio)

Earlier · 24–72h

[SCAM · NEW] @zachxbt: A short story about Indian scammers who called the cops on themselves: — ~$475K (@zachxbt)
[SCAM · NEW] Anime Girls Could Steal Your Crypto as Wallpaper Malware Targets Steam Gamers (Decrypt)
[ADVISORY · NEW] @CertiK: "Auditing the code is necessary, but no longer sufficient." (CertiK)
[EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain… — ~$221K (@PeckShieldAlert)
[ADVISORY · NEW] North Korea’s crypto hack spree draws fresh G7 warning (crypto.news)
[EXPLOIT · NEW] JB — exploit — $50K (DeFiLlama Hacks DB)
[ADVISORY · NEW] @Quantstamp: As social engineering attacks rise, OPSEC matters more than ever. (@Quantstamp)
[ADVISORY · NEW] @HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac… (@HalbornSecurity)
[EXPLOIT · NEW] @Phalcon_xyz: .@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but t… — ~$2.3M (@Phalcon_xyz)
also: @SlowMist_Team · @SlowMist_Team
[ADVISORY · NEW] @chainalysis: 🇧🇷 Brazil received ~$318B in crypto this past year—1/3 of LatAm’s total value. But growth attracts more than legitima… (@Chainalysis)
[ADVISORY · NEW] Rockwell Automation FactoryTalk Historian Site Edition (CISA Cybersecurity Advisories)
[EXPLOIT · DEVELOPING · day 5] @Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec… (@Phalcon_xyz)
[ADVISORY · NEW] @CertiKAlert: #CertiKInsight 🚨 (@CertiKAlert)
also: @CertiKAlert
[ADVISORY · NEW] @HalbornSecurity: Quantum computing is an approaching threat to blockchain security. 🔐 (@HalbornSecurity)
[OTHER · DEVELOPING · day 3] @spreekaway: https://t.co/MzmtARehtY (@spreekaway)
[ADVISORY · DEVELOPING · day 3] @spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi (@spreekaway)
[ADVISORY · DEVELOPING · day 2] @CertiK: Passkeys remove seed phrases, but not security risks. (CertiK)
[OTHER · DEVELOPING · day 5] @pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser c… (pcaversaccio)
[OTHER · DEVELOPING · day 5] @tayvano_: > beautiful simple clean (@tayvano_)
[OTHER · DEVELOPING · day 6] @tayvano_: Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. (@tayvano_)

🧠 Deep reads

💡 Security thought-spark

Today’s ~$5.8M in flash loan and price manipulation exploits on BNB Chain PancakeSwap pools (GoPlus, OLPC/LABUBU) prove that even obscure token pairs are prime targets—audit all new liquidity pools for TWAP manipulation before launch.

Full data: https://gmsecurity.net/briefing.json. Feedback or a source to add? [email protected]. George Donnelly offers Web3 development & security consulting.