Over the past 72 hours, at least $18.7M in confirmed losses were reported, led by a $4.7M bridge exploit on Axelar/Secret Network and a $4.7M smart-contract bug attack. Social engineering and smart-contract bugs dominated incidents, while a rug-pull, flash loan, and private-key compromise also caused losses. Source gaps suggest this summary may undercount actual activity.
-
#PeckShieldAlert ethereum:0x4ba01f22827018b4772cd326c7627fb4956a7c00 has dropped -85% @Main_St_Finance https://t.co/RLnpvBthg0 https://t.co/hF3bEPk14m
@PeckShieldAlert: #PeckShieldAlert ethereum:0x4ba01f22827018b4772cd326c7627fb4956a7c00 has dropped -85% @Main_St_Finance -
π¨GoPlus Security Alert: On June 19, @mySwapxyz (Starknet) was exploited. The attacker deployed a fake "EVIL" token contract (0x028c9a) and exploited a vulnerability in a project contract (0x01114c), draining approximately $305,000 from mySwap CL liquidity pools, including https://t.co/8sVDg98bmh https://t.co/yDms1GkODh [Loss ~$305,000; Protocols: Starknet]
@GoPlusSecurity: π¨GoPlus Security Alert: -
#PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. The exploiter bridged the stolen funds to #Ethereum, deposited 633.4 $ETH into #TornadoCash, and sent 0.0221 $BNB and 0.0411 $ETH to a dead address. https://t.co/lCDWwThsjH [Loss ~$1,100,000; Protocols: PancakeSwap]
@PeckShieldAlert: #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. -
Michael Saylor fires back as STRC crash sparks fraud claims
Strategy co-founder Michael Saylor has defended the companyβs Bitcoin-backed capital strategy after its STRC preferred stock fell well below its $100 par value and triggered fresh criticism from market participants. According to a June 20 X post by Saylor, Strategyβsβ¦
-
dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mins for confirmations, and then wait another day or two to get money into their bank account. if fully shielded txs took 1-2 mins to be included, most users would
@pcaversaccio: dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mi⦠-
CZ proposes freezing Satoshi Bitcoin stash to stop quantum theft
Binance founder Changpeng Zhao has proposed freezing up to 1 million Bitcoin linked to Satoshi Nakamoto if those coins remain unmoved after a future transition to quantum-resistant cryptography. Speaking during a June 18 appearance on the Galaxy Brains podcast hostedβ¦
-
Garcia brothers admit $8M crypto heist after family kidnapping
~$8.0M Β· Two Texas brothers have pleaded guilty to federal robbery charges after prosecutors said they kidnapped a Minnesota family and forced the transfer of more than $8 million in cryptocurrency. According to the U.S. Attorneyβs Office for the District of Minnesota,β¦
-
EU targets privacy coins while leaving Bitcoin transfers untouched
The European Union has approved anti-money laundering rules that will ban regulated crypto firms from supporting privacy coins while leaving direct Bitcoin transfers between private wallets outside the scope of mandatory identification requirements. According to Regulation (EU) 2024/1624, which willβ¦
-
Axelar shuts down Secret Network bridge routes after $4.7M exploit
~$4.7M Β· Axelar has disabled its Secret Network bridge connections after a security incident resulted in the loss of roughly $4.7 million worth of bridged assets. According to Axelar, the exploit affected assets transferred from the Axelar chain to Secret Network throughβ¦
-
Anime Girls Could Steal Your Crypto as Wallpaper Malware Targets Steam Gamers
Researchers found malicious Wallpaper Engine downloads on Steam Workshop distributing infostealers, backdoors, and account-hijacking malware.
-
Namada Shielded Pools β exploit
$600K Β· Attack method: Protocol Vulnerability. Reported loss ~$600,000. On June 19, 2026, approximately $600,000 in assets (ATOM, USDC, OSMO, TIA, NYM, etc.) were drained from Namadaβs Multi-Asset Shielded Pool (MASP) through an IBC Transfer Logic Exploit. The loss initially went unnoticed because a stale indexer continued displaying funds as available, while live RPC queries showed zero balances on the chain. The attacker swept shielded IBC assets cross-chain. Namada confirmed the exploit and is investigating.
-
A short story about Indian scammers who called the cops on themselves: Earlier this week a follower DM'd me from his personal account complaining that 5.73 BTC ($475K) of his was 'unjustly' frozen at Changelly in Mar 2025. So I went and plotted the Bitcoin transaction in my https://t.co/gZxM4dRCW3 [Loss ~$475,000; 5.73 BTC]
@zachxbt: A short story about Indian scammers who called the cops on themselves: -
"Auditing the code is necessary, but no longer sufficient." At Proof of Talk, CertiK CBO Jason Jiang discussed evolving attack vectors, institutional adoption, AI security, and why security must extend beyond smart contracts. Read the full interviewπ https://t.co/s1Vp2sVTZ7
@CertiK: "Auditing the code is necessary, but no longer sufficient." -
Microsoft found malware that hijacks crypto wallets and spreads through USB sticks
The software intercepts shortcut files and directs them to install a worm that harvests private keys from the Windows clipboard and inserts its own destination wallet addresses when it detects a transfer.
-
North Koreaβs crypto hack spree draws fresh G7 warning
G7 leaders urged joint action on North Korea crypto theft as reports tie DPRK hackers to $2.02B stolen in 2025 and missile funding.
-
#CertiKInsight π¨ @msftsecurity warns about a new crypto clipper active since Feb 2026. The malware monitors the clipboard, steals seed phrases/private keys, captures screenshots, and swaps copied wallet addresses. Stay vigilant!π https://t.co/44h2CCoegk
@CertiKAlert: #CertiKInsight π¨ -
#PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain (381 $BNB) https://t.co/aqcbcQRWa5 [Loss ~$220,600]
@PeckShieldAlert: #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain⦠-
JB β exploit
$50K Β· Technique: Protocol Logic / Flashloan Price Manipulation. Chain: BSC. Target: Token. Reported loss ~$50,000.
-
Ex-Celsius CEO Mashinsky gets U.S. CFTC ban in final resolution with regulator
Alexander Mashinsky, the founder of failed crypto lender Celsius, had earlier been imprisoned for fraud and is now formally banned from CFTC registration.
-
Quantum computing is an approaching threat to blockchain security. π For most networks, the cryptographic foundations were never built to withstand it. @QRLedger has been building to address that problem ever since 2018. https://t.co/SshyHndbNW
@HalbornSecurity: Quantum computing is an approaching threat to blockchain security. π -
As social engineering attacks rise, OPSEC matters more than ever. Excited to have Roman, Incident Lead @Quantstamp, at @ETHCincoDeMayo sharing practical ways to lock down your devices, laptops, and accounts! https://t.co/uOPSlAMghj
@Quantstamp: As social engineering attacks rise, OPSEC matters more than ever. -
Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contracts. π Our engagement with @RaylsLabs covered smart contract auditing, L1 security assessment, architecture advisory, and cryptographic review. https://t.co/EtzY6neCp1
@HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac⦠-
https://t.co/MzmtARehtY
@spreekaway: https://t.co/MzmtARehtY -
That's right: ZERO. https://t.co/yex0V1k3wi
@spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi -
Passkeys remove seed phrases, but not security risks. From WebAuthn validation to account abstraction, sync, and recovery flows, every layer becomes part of the asset security model. Explore the security considerations for Passkey-based Web3 walletsπ https://t.co/IsP34cG66u
@CertiK: Passkeys remove seed phrases, but not security risks. -
π§π· Brazil received ~$318B in crypto this past yearβ1/3 of LatAmβs total value. But growth attracts more than legitimate users. Our latest research reveals: - Cartel money laundering is the largest identified category of illicit inflows. - Russian sanctions evaders are https://t.co/sEozjcnl3y [Loss ~$318,000,000,000]
@chainalysis: π§π· Brazil received ~$318B in crypto this past yearβ1/3 of LatAmβs total value. But growth attracts more than legitimaβ¦ -
Rockwell Automation FactoryTalk Historian Site Edition
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. The following versions of Rockwell Automation FactoryTalk Historian Site Edition are affected: FactoryTalk Historian SE 11 (CVE-2025-13036) FactoryTalk Historian SE <=11.00 (CVE-2025-44019) FactoryTalk Historian SE <=11.00 (CVE-2025-36539) CVSS Vendor Equipment Vulnerabilities v3 7.7 Rockwell Automation Rockwell Automation FactoryTalk Historian Site Edition Concurrent Execution using Shared Resource with Improper Sβ¦
-
Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the execution trace is similar. This follow-up exploit hit escapeHatch on a different deployment β the "Private Rollup Bridge" contract (0x7379), and targets a binding https://t.co/NQ7TRe4Jq7 https://t.co/SzCFRP0Mh8
@Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec⦠-
ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser can be designed (i'm _not_ a browser expert btw). please share your feedback in the https://t.co/Vsma2KA2gl thread: https://t.co/UCtKIcmrZ6 https://t.co/bENx8qr8W8 https://t.co/fvOU0dMNkr
@pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser cβ¦
Sources unavailable: Rekt Newsletter (HTTP 403 (native fetch)); Week in Ethereum News (HTTP 403 (native fetch)); Immunefi (Feed not recognized as RSS 1 or 2.); CoinDesk (Crypto) (HTTP 404 (native fetch)); CoinDesk (Regulation) (HTTP 404 (native fetch))
Generated by crypto-security-briefing Β· automated digest, verify before acting.