⬢ GM Security — 2026-06-21: $14.6M across 27 incidents

Daily crypto security briefing

2026-06-21 12:50 UTC · last 72h · 27 items · $14.6M reported losses · 49 sources

📊 Trend tracker

• 25 new today · 2 developing
• 7-day: 110 incidents, $205.4M stolen
• 30-day: 110 incidents, $205.4M stolen
• 7-day vectors: smart-contract bug (22), private-key compromise (8), phishing / wallet drainer (8)
• Repeat targets (30d): bitcoin (5), thetanuts (5), uxlink (4), certik (3), steam (3)

Last 24 hours

• [OTHER · NEW] Bitcoin price holds $64K as LAB and AERO lead altcoin gains: Weekend crypto watch (crypto.news)
• [EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto,… — ~$7.5M (@PeckShieldAlert)
  also: CoinDesk · crypto.news
• [ENFORCEMENT · NEW] Brothers face 20 years after $8m crypto kidnapping plea — ~$8.0M (crypto.news)
• [ADVISORY · NEW] @PeckShieldAlert: #PeckShieldAlert ethereum:0x890a5122aa1da30fec4286de7904ff808f0bd74a has plummeted 70%. — ~$18.0M (@PeckShieldAlert)
  also: @PeckShieldAlert
• [EXPLOIT · NEW] @GoPlusSecurity: 🚨GoPlus Security Alert: — ~$4.7M (@GoPlusSecurity)
  also: @GoPlusSecurity · @GoPlusSecurity
• [ADVISORY · NEW] @MistTrack_io: ✨MistTrack Quarterly Update: Risk Decay Model, Connection Path Analysis, and Developer Plan (@MistTrack_io)
• [OTHER · NEW] @spreekaway: indeed, no one else does it like Main Street https://t.co/kMWamDladg (@spreekaway)

Earlier · 24–72h

• [EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. — ~$1.1M (@PeckShieldAlert)
  also: DeFiLlama Hacks DB
• [ADVISORY · NEW] Michael Saylor fires back as STRC crash sparks fraud claims (crypto.news)
• [ADVISORY · NEW] CZ proposes freezing Satoshi Bitcoin stash to stop quantum theft (crypto.news)
• [ENFORCEMENT · NEW] Garcia brothers admit $8M crypto heist after family kidnapping — ~$8.0M (crypto.news)
• [ADVISORY · NEW] EU targets privacy coins while leaving Bitcoin transfers untouched (crypto.news)
• [SCAM · NEW] @zachxbt: A short story about Indian scammers who called the cops on themselves: — ~$475K (@zachxbt)
• [SCAM · NEW] Anime Girls Could Steal Your Crypto as Wallpaper Malware Targets Steam Gamers (Decrypt)
• [EXPLOIT · NEW] Namada Shielded Pools — exploit — $600K (SlowMist Hacked DB)
• [ADVISORY · NEW] @CertiK: "Auditing the code is necessary, but no longer sufficient." (CertiK)
• [EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain… — ~$221K (@PeckShieldAlert)
• [OTHER · NEW] Morgan Stanley files amendments for ETH and SOL ETFs, revealing lowest fees in market (The Block)
• [ADVISORY · NEW] @Quantstamp: As social engineering attacks rise, OPSEC matters more than ever. (@Quantstamp)
• [ADVISORY · NEW] @HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac… (@HalbornSecurity)
• [NEAR-MISS] Secret Network / Axelar IBC bridge infinite-mint exploit (web search (coverage))
  ~$4.67M drained via a modified bridge contract that minted unbacked wrapped assets, undetected for seven days.
• [NEAR-MISS] Aztec deprecated Private Rollup Bridge exploit (web search (coverage))
  ~$2.16M stolen (1,158 ETH, 150K DAI, ~0.47 renBTC) from a deprecated Aztec bridge withdrawal path.
• [NEAR-MISS] mySwap (Starknet DEX) liquidity pool exploit (web search (coverage))
  ~$305K drained via a fake 'EVIL' token manipulating pool accounting.
• [NEAR-MISS] DxSale BNB Chain liquidity locker drain (web search (coverage))
  ~$7.3M drained when a locker-contract backdoor unlocked deposits, affecting 1,400+ liquidity providers.
• [NEAR-MISS] India ED crypto FEMA probe (Transak, Onramp.money, et al.) (web search (coverage))
  Enforcement raids over ~₹2,500 crore in alleged unauthorized cross-border crypto remittances.
• [OTHER · NEW] @pcaversaccio: dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mi… (pcaversaccio)
• [ADVISORY · NEW] @CertiKAlert: #CertiKInsight 🚨 (@CertiKAlert)
• [ADVISORY · NEW] @HalbornSecurity: Quantum computing is an approaching threat to blockchain security. 🔐 (@HalbornSecurity)
• [OTHER · DEVELOPING · day 3] @spreekaway: https://t.co/MzmtARehtY (@spreekaway)
• [ADVISORY · DEVELOPING · day 3] @spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi (@spreekaway)

🧠 Deep reads

• Microsoft found malware that hijacks crypto wallets and spreads through USB sticks (CoinDesk)
• Ex-Celsius CEO Mashinsky gets U.S. CFTC ban in final resolution with regulator (CoinDesk)

💡 Security thought-spark

MEV bots remain prime targets: today's $7.5M JaredFromSubway drain via private key compromise and wallet-drainer phishing reinforces the need for isolated signing environments and hardware-level key rotation for all automated trading infrastructure.

Full data: https://gmsecurity.net/briefing.json. Feedback or a source to add? [email protected]. George Donnelly offers Web3 development & security consulting.