⬢ GM Security — 2026-06-20: $19.3M across 29 incidents

Daily crypto security briefing

2026-06-20 23:00 UTC · last 72h · 29 items · $19.3M reported losses · 49 sources

Last 24 hours

[EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto,… — ~$7.5M (@PeckShieldAlert)
[EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. — ~$1.1M (@PeckShieldAlert)
also: DeFiLlama Hacks DB
[ADVISORY · NEW] @PeckShieldAlert: #PeckShieldAlert ethereum:0x890a5122aa1da30fec4286de7904ff808f0bd74a has plummeted 70%. — ~$18.0M (@PeckShieldAlert)
also: @PeckShieldAlert
[EXPLOIT · NEW] @GoPlusSecurity: 🚨GoPlus Security Alert: — ~$4.7M (@GoPlusSecurity)
also: @GoPlusSecurity · @GoPlusSecurity
[ADVISORY · NEW] Michael Saylor fires back as STRC crash sparks fraud claims (crypto.news)
[ADVISORY · NEW] CZ proposes freezing Satoshi Bitcoin stash to stop quantum theft (crypto.news)
[ENFORCEMENT · NEW] Garcia brothers admit $8M crypto heist after family kidnapping — ~$8.0M (crypto.news)
[OTHER · NEW] @spreekaway: indeed, no one else does it like Main Street https://t.co/kMWamDladg (@spreekaway)
[OTHER · NEW] @pcaversaccio: dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mi… (pcaversaccio)

Earlier · 24–72h

[ADVISORY · NEW] EU targets privacy coins while leaving Bitcoin transfers untouched (crypto.news)
[SCAM · NEW] @zachxbt: A short story about Indian scammers who called the cops on themselves: — ~$475K (@zachxbt)
[EXPLOIT · NEW] Axelar shuts down Secret Network bridge routes after $4.7M exploit — ~$4.7M (crypto.news)
also: The Block
[SCAM · NEW] Anime Girls Could Steal Your Crypto as Wallpaper Malware Targets Steam Gamers (Decrypt)
[EXPLOIT · NEW] Namada Shielded Pools — exploit — $600K (SlowMist Hacked DB)
[ADVISORY · NEW] @CertiK: "Auditing the code is necessary, but no longer sufficient." (CertiK)
[EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain… — ~$221K (@PeckShieldAlert)
[ADVISORY · NEW] North Korea’s crypto hack spree draws fresh G7 warning (crypto.news)
[OTHER · NEW] Morgan Stanley files amendments for ETH and SOL ETFs, revealing lowest fees in market (The Block)
[ADVISORY · NEW] @Quantstamp: As social engineering attacks rise, OPSEC matters more than ever. (@Quantstamp)
[ADVISORY · NEW] @HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac… (@HalbornSecurity)
[ADVISORY · NEW] @chainalysis: 🇧🇷 Brazil received ~$318B in crypto this past year—1/3 of LatAm’s total value. But growth attracts more than legitima… (@Chainalysis)
[ADVISORY · NEW] Rockwell Automation FactoryTalk Historian Site Edition (CISA Cybersecurity Advisories)
[ADVISORY · NEW] @CertiKAlert: #CertiKInsight 🚨 (@CertiKAlert)
also: @CertiKAlert
[ADVISORY · NEW] @HalbornSecurity: Quantum computing is an approaching threat to blockchain security. 🔐 (@HalbornSecurity)
[OTHER · DEVELOPING · day 3] @spreekaway: https://t.co/MzmtARehtY (@spreekaway)
[ADVISORY · DEVELOPING · day 3] @spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi (@spreekaway)
[ADVISORY · DEVELOPING · day 2] @CertiK: Passkeys remove seed phrases, but not security risks. (CertiK)

🧠 Deep reads

💡 Security thought-spark

Today's $7.5M MEV bot drain from a private key compromise, combined with a $4.7M and a $1.1M smart contract exploit, shows that both privileged-key hygiene and contract logic flaws remain the dominant vectors—audit your most permissioned addresses and re-check any recent pool updates for flash-loan-safe invariants.

Full data: https://gmsecurity.net/briefing.json. Feedback or a source to add? [email protected]. George Donnelly offers Web3 development & security consulting.