Over the last 72 hours, at least ~$40.6M in losses were reported, led by a ~$18M token crash and a ~$7.5M MEV bot drain via private key compromise and phishing. Dominant vectors include private-key-compromise, social-engineering, and smart-contract bugs; social attacks (kidnapping, Indian scammers) accounted for ~$16.5M. Supply-chain malware targeting Steam users and a bridge exploit also emerged. Note: 5 sources failed, so this summary may underrepresent true activity.

• Private key compromises and wallet drainers remain the top financial threat.
• Social engineering attacks (kidnapping, impersonation) are growing in complexity and scale.
• Smart contract bugs persist across DEX pools and shielded pools.
• Supply-chain malware (USB, wallpaper) broadens attack surface beyond DeFi.

• ✨MistTrack Quarterly Update: Risk Decay Model, Connection Path Analysis, and Developer Plan Risk scoring is only the starting point of AML analysis. The real challenge lies in understanding how risk propagates through complex fund flows, identifying exposure paths, and making

  @MistTrack_io: ✨MistTrack Quarterly Update: Risk Decay Model, Connection Path Analysis, and Developer Plan

  @MistTrack_io · Sun, 21 Jun 2026 12:30:45 GMT
• Bitcoin price holds $64K as LAB and AERO lead altcoin gains: Weekend crypto watch
  Bitcoin recovered above $64,000 over the weekend after Friday’s drop below $62,400, but the wider crypto market still showed limited momentum. According to crypto.news market data, Bitcoin traded near $64,166 at press time, up 0.77% over 24 hours. The move…
  crypto.news · Sun, 21 Jun 2026 10:36:02 GMT
• Brothers face 20 years after $8m crypto kidnapping plea
  ~$8.0M · Two Texas brothers pleaded guilty after prosecutors said they held a Minnesota family at gunpoint and forced an $8M cryptocurrency transfer.
  crypto.news · social engineering · Sun, 21 Jun 2026 07:29:55 GMT

• #PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto, including 1,474.58 $WETH, 2.87M $USDC, & 2M $USDT. The attacker swapped the stolen funds for 4.4K ETH and has already deposited 1K ETH into #TornadoCash https://t.co/qY6IVDdnGJ [Loss ~$7,500,000]

  @PeckShieldAlert: #PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto,…

  ~$7.5M · @PeckShieldAlert · private-key compromise, phishing / wallet drainer · Sat, 20 Jun 2026 22:13:48 GMT

• indeed, no one else does it like Main Street https://t.co/kMWamDladg

  @spreekaway: indeed, no one else does it like Main Street https://t.co/kMWamDladg

  @spreekaway · Sat, 20 Jun 2026 19:56:39 GMT

• #PeckShieldAlert ethereum:0x890a5122aa1da30fec4286de7904ff808f0bd74a has plummeted 70%. AlphaUSDC Delta V2 (Curator: #AlphaPING) holds a 30% exposure ($18M) to the msY/USDC market. The #Morpho msY/USDC market is 100% utilized. https://t.co/A2THMamJ9v https://t.co/4T4NbnnrgH [Loss ~$18,000,000; Protocols: Morpho]

  @PeckShieldAlert: #PeckShieldAlert ethereum:0x890a5122aa1da30fec4286de7904ff808f0bd74a has plummeted 70%.

  ~$18.0M · @PeckShieldAlert · Sat, 20 Jun 2026 18:12:17 GMT

• 🚨GoPlus Security Alert: On June 19, @mySwapxyz (Starknet) was exploited. The attacker deployed a fake "EVIL" token contract (0x028c9a) and exploited a vulnerability in a project contract (0x01114c), draining approximately $305,000 from mySwap CL liquidity pools, including https://t.co/8sVDg98bmh https://t.co/yDms1GkODh [Loss ~$305,000; Protocols: Starknet]

  @GoPlusSecurity: 🚨GoPlus Security Alert:

  ~$4.7M · @GoPlusSecurity · smart-contract bug · Sat, 20 Jun 2026 14:13:00 GMT

• #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. The exploiter bridged the stolen funds to #Ethereum, deposited 633.4 $ETH into #TornadoCash, and sent 0.0221 $BNB and 0.0411 $ETH to a dead address. https://t.co/lCDWwThsjH [Loss ~$1,100,000; Protocols: PancakeSwap]

  @PeckShieldAlert: #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M.

  ~$1.1M · @PeckShieldAlert · smart-contract bug · Sat, 20 Jun 2026 12:46:05 GMT
• Michael Saylor fires back as STRC crash sparks fraud claims
  Strategy co-founder Michael Saylor has defended the company’s Bitcoin-backed capital strategy after its STRC preferred stock fell well below its $100 par value and triggered fresh criticism from market participants. According to a June 20 X post by Saylor, Strategy’s…
  crypto.news · Sat, 20 Jun 2026 12:15:03 GMT

• dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mins for confirmations, and then wait another day or two to get money into their bank account. if fully shielded txs took 1-2 mins to be included, most users would

  @pcaversaccio: dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mi…

  pcaversaccio · Sat, 20 Jun 2026 11:48:05 GMT
• CZ proposes freezing Satoshi Bitcoin stash to stop quantum theft
  Binance founder Changpeng Zhao has proposed freezing up to 1 million Bitcoin linked to Satoshi Nakamoto if those coins remain unmoved after a future transition to quantum-resistant cryptography. Speaking during a June 18 appearance on the Galaxy Brains podcast hosted…
  crypto.news · Sat, 20 Jun 2026 09:30:02 GMT
• Garcia brothers admit $8M crypto heist after family kidnapping
  ~$8.0M · Two Texas brothers have pleaded guilty to federal robbery charges after prosecutors said they kidnapped a Minnesota family and forced the transfer of more than $8 million in cryptocurrency. According to the U.S. Attorney’s Office for the District of Minnesota,…
  crypto.news · social engineering · Sat, 20 Jun 2026 07:04:40 GMT
• EU targets privacy coins while leaving Bitcoin transfers untouched
  The European Union has approved anti-money laundering rules that will ban regulated crypto firms from supporting privacy coins while leaving direct Bitcoin transfers between private wallets outside the scope of mandatory identification requirements. According to Regulation (EU) 2024/1624, which will…
  crypto.news · Fri, 19 Jun 2026 22:15:24 GMT
• Anime Girls Could Steal Your Crypto as Wallpaper Malware Targets Steam Gamers
  Researchers found malicious Wallpaper Engine downloads on Steam Workshop distributing infostealers, backdoors, and account-hijacking malware.
  Decrypt · supply-chain attack, social engineering · Fri, 19 Jun 2026 14:39:56 GMT
• Namada Shielded Pools — exploit
  $600K · Attack method: Protocol Vulnerability. Reported loss ~$600,000. On June 19, 2026, approximately $600,000 in assets (ATOM, USDC, OSMO, TIA, NYM, etc.) were drained from Namada’s Multi-Asset Shielded Pool (MASP) through an IBC Transfer Logic Exploit. The loss initially went unnoticed because a stale indexer continued displaying funds as available, while live RPC queries showed zero balances on the chain. The attacker swept shielded IBC assets cross-chain. Namada confirmed the exploit and is investigating.
  SlowMist Hacked DB · smart-contract bug · Fri, 19 Jun 2026 12:00:00 GMT

• A short story about Indian scammers who called the cops on themselves: Earlier this week a follower DM'd me from his personal account complaining that 5.73 BTC ($475K) of his was 'unjustly' frozen at Changelly in Mar 2025. So I went and plotted the Bitcoin transaction in my https://t.co/gZxM4dRCW3 [Loss ~$475,000; 5.73 BTC]

  @zachxbt: A short story about Indian scammers who called the cops on themselves:

  ~$475K · @zachxbt · social engineering · Fri, 19 Jun 2026 11:52:19 GMT

• "Auditing the code is necessary, but no longer sufficient." At Proof of Talk, CertiK CBO Jason Jiang discussed evolving attack vectors, institutional adoption, AI security, and why security must extend beyond smart contracts. Read the full interview👇 https://t.co/s1Vp2sVTZ7

  @CertiK: "Auditing the code is necessary, but no longer sufficient."

  CertiK · Fri, 19 Jun 2026 11:31:01 GMT
• Microsoft found malware that hijacks crypto wallets and spreads through USB sticks
  The software intercepts shortcut files and directs them to install a worm that harvests private keys from the Windows clipboard and inserts its own destination wallet addresses when it detects a transfer.
  CoinDesk · private-key compromise, supply-chain attack · Fri, 19 Jun 2026 08:48:14 GMT

• #CertiKInsight 🚨 @msftsecurity warns about a new crypto clipper active since Feb 2026. The malware monitors the clipboard, steals seed phrases/private keys, captures screenshots, and swaps copied wallet addresses. Stay vigilant!👇 https://t.co/44h2CCoegk

  @CertiKAlert: #CertiKInsight 🚨

  @CertiKAlert · private-key compromise · Fri, 19 Jun 2026 07:12:21 GMT

• #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain (381 $BNB) https://t.co/aqcbcQRWa5 [Loss ~$220,600]

  @PeckShieldAlert: #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain…

  ~$221K · @PeckShieldAlert · bridge exploit · Fri, 19 Jun 2026 03:46:00 GMT
• Morgan Stanley files amendments for ETH and SOL ETFs, revealing lowest fees in market
  The disclosure of additional amendments typically reflects active communication with the SEC and progress in the launch process.
  The Block · Fri, 19 Jun 2026 02:54:48 GMT
• Ex-Celsius CEO Mashinsky gets U.S. CFTC ban in final resolution with regulator
  Alexander Mashinsky, the founder of failed crypto lender Celsius, had earlier been imprisoned for fraud and is now formally banned from CFTC registration.
  CoinDesk · Thu, 18 Jun 2026 19:26:55 GMT

• Quantum computing is an approaching threat to blockchain security. 🔐 For most networks, the cryptographic foundations were never built to withstand it. @QRLedger has been building to address that problem ever since 2018. https://t.co/SshyHndbNW

  @HalbornSecurity: Quantum computing is an approaching threat to blockchain security. 🔐

  @HalbornSecurity · Thu, 18 Jun 2026 17:00:00 GMT

• As social engineering attacks rise, OPSEC matters more than ever. Excited to have Roman, Incident Lead @Quantstamp, at @ETHCincoDeMayo sharing practical ways to lock down your devices, laptops, and accounts! https://t.co/uOPSlAMghj

  @Quantstamp: As social engineering attacks rise, OPSEC matters more than ever.

  @Quantstamp · social engineering · Thu, 18 Jun 2026 15:18:15 GMT

• Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contracts. 🔐 Our engagement with @RaylsLabs covered smart contract auditing, L1 security assessment, architecture advisory, and cryptographic review. https://t.co/EtzY6neCp1

  @HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac…

  @HalbornSecurity · smart-contract bug · Thu, 18 Jun 2026 15:00:12 GMT

• https://t.co/MzmtARehtY

  @spreekaway: https://t.co/MzmtARehtY

  @spreekaway · Thu, 18 Jun 2026 14:22:19 GMT

• That's right: ZERO. https://t.co/yex0V1k3wi

  @spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi

  @spreekaway · Thu, 18 Jun 2026 14:12:39 GMT

Sources unavailable: Rekt Newsletter (HTTP 403 (native fetch)); Week in Ethereum News (HTTP 403 (native fetch)); Immunefi (Invalid character in tag name Line: 34 Column: 49 Char: @); CoinDesk (Crypto) (HTTP 404 (native fetch)); CoinDesk (Regulation) (HTTP 404 (native fetch))

📸 Share image for socials — 1200×630

⬇ Download PNG

Generated by crypto-security-briefing · automated digest, verify before acting.