Q2 2026 is now the most-hacked quarter on record with 83 incidents and ~$755M in losses, led by bridge exploits. In the last 72 hours, total losses exceed $42M from at least 10 incidents, with smart-contract bugs, private-key compromises, and phishing wallet-drainers as the top vectors. The Axelar bridge infinite-mint exploit ($4.7M) and Taiko private-key attack ($1.7M) highlight critical infrastructure threats. A fentanyl-linked Chinese network used fake 'Zksync.jp' tokens for wallet-draining, blending geopolitical crime with crypto fraud. Note: one source (Immunefi) failed this run, so data may be incomplete.
-
Q2 2026 emerges as most-hacked quarter on record with 83 incidents
~$755.0M · Crypto hackers stole $755 million across 83 cybersecurity incidents, as cross–chain bridges remained the most costly attack vector of the crypto industry.
-
Japan arrests senior Prince Group figure Hu Xiaowei tied to U.S. sanctioned network
Japanese authorities have arrested a senior figure allegedly linked to Cambodia’s Prince Group, a conglomerate that U.S. officials have tied to a multibillion-dollar cryptocurrency fraud and money laundering network. The Asahi Shimbun reported that Tokyo’s Metropolitan Police Department arrested Hu…
-
XRP price defends $1.12 as analysts eye breakout setup
XRP price held near $1.13 after testing $1.12 support as ETF inflows, MACD recovery and rising derivatives activity kept traders alert.
-
.@taikoxyz was reportedly attacked, with losses exceeding $1.7M. Our initial investigation suggests the likely root cause was an exposed Raiko SGX enclave signing key on GitHub. Raiko is Taiko’s multi-prover stack for Taiko and Ethereum blocks, so an exposed Raiko SGX enclave key https://t.co/eAq9Xjngz8 https://t.co/8BIiEeNtYJ [Loss ~$1,700,000]
@Phalcon_xyz: .@taikoxyz was reportedly attacked, with losses exceeding $1.7M. Our initial investigation suggests the likely root cau… -
Fentanyl-linked Chinese network tied to crypto fraud from Japan involving fake ‘Zksync.jp’ token: Nikkei
~$1.0M · The linked criminal group allegedly distributed a scam token under the name "zksync.jp" to deceive crypto users worldwide, with losses of over $1 million.
-
🧵1/5 GoPlus Security Alert: Prominent #ETH MEV Bot #JaredFromSubway Loses Approximately $15 Million in a "MEV Honeypot Attack" This attack was neither a traditional phishing scam nor a smart contract code vulnerability. Instead, it was a "honeypot trap" specifically designed to https://t.co/th6o9UFh9q [Loss ~$15,000,000]
@GoPlusSecurity: 🧵1/5 -
Subhead: Skids still inside, still trying to find the twitter logins so they can drop a wallet drainer https://t.co/GxTXE9rESZ
@tayvano_: Subhead: Skids still inside, still trying to find the twitter logins so they can drop a wallet drainer https://t.co/GxT… -
possibly funded by rival US Based Prediction Market Platform but also, yeah doesn't look great for polymarket lol https://t.co/ZUHFWUnSt8
@spreekaway: possibly funded by rival US Based Prediction Market Platform but also, yeah doesn't look great for polymarket lol https… -
Why XRP cannot hold $1.15
XRP keeps losing support and failing at $1.25 even as supply drains, whales accumulate, and CLARITY advances. Why the chart is beating the bullish story.
-
lmaoooooooooo this says so much abt the nsa and hardly anything about ant https://t.co/CSd9yTR3iv
@tayvano_: lmaoooooooooo -
Ethereum price analysis: ETH holds $1.7K as analysts watch $4.6K path
Ethereum trades near $1.70K as analysts watch $1,060 support, $2,850 and $4,630 targets, MACD recovery and Binance outflows as price stalls.
-
✨MistTrack Quarterly Update: Risk Decay Model, Connection Path Analysis, and Developer Plan Risk scoring is only the starting point of AML analysis. The real challenge lies in understanding how risk propagates through complex fund flows, identifying exposure paths, and making
@MistTrack_io: ✨MistTrack Quarterly Update: Risk Decay Model, Connection Path Analysis, and Developer Plan -
Gitcoin — exploit
Attack method: Front-end Attack. Blockchain security firm Blockaid detected a front-end attack on Gitcoin’s subdomain files.gitcoin.co. The compromised site contained malicious “Eleven drainer” code designed to steal users’ cryptocurrency wallet assets. Users were advised not to interact with the site while the issue is being investigated and remediated. This is a frontend compromise incident rather than an on-chain smart contract exploit.
-
Bitcoin price holds $64K as LAB and AERO lead altcoin gains: Weekend crypto watch
Bitcoin recovered above $64,000 over the weekend after Friday’s drop below $62,400, but the wider crypto market still showed limited momentum. According to crypto.news market data, Bitcoin traded near $64,166 at press time, up 0.77% over 24 hours. The move…
-
Brothers face 20 years after $8m crypto kidnapping plea
~$8.0M · Two Texas brothers pleaded guilty after prosecutors said they held a Minnesota family at gunpoint and forced an $8M cryptocurrency transfer.
-
#PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto, including 1,474.58 $WETH, 2.87M $USDC, & 2M $USDT. The attacker swapped the stolen funds for 4.4K ETH and has already deposited 1K ETH into #TornadoCash https://t.co/qY6IVDdnGJ [Loss ~$7,500,000]
@PeckShieldAlert: #PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto,… -
Secret Network’s Axelar bridge drained for $4.67 million in infinite-mint exploit that went unnoticed for seven days
~$4.7M · Secret Network says about $770,000 of the stolen funds still sits in the attacker's Axelar wallet, and that Axelar declined its request to freeze it.
-
indeed, no one else does it like Main Street https://t.co/kMWamDladg
@spreekaway: indeed, no one else does it like Main Street https://t.co/kMWamDladg -
#PeckShieldAlert ethereum:0x890a5122aa1da30fec4286de7904ff808f0bd74a has plummeted 70%. AlphaUSDC Delta V2 (Curator: #AlphaPING) holds a 30% exposure ($18M) to the msY/USDC market. The #Morpho msY/USDC market is 100% utilized. https://t.co/A2THMamJ9v https://t.co/4T4NbnnrgH [Loss ~$18,000,000; Protocols: Morpho]
@PeckShieldAlert: #PeckShieldAlert ethereum:0x890a5122aa1da30fec4286de7904ff808f0bd74a has plummeted 70%. -
🚨GoPlus Security Alert: On June 19, @mySwapxyz (Starknet) was exploited. The attacker deployed a fake "EVIL" token contract (0x028c9a) and exploited a vulnerability in a project contract (0x01114c), draining approximately $305,000 from mySwap CL liquidity pools, including https://t.co/8sVDg98bmh https://t.co/yDms1GkODh [Loss ~$305,000; Protocols: Starknet]
@GoPlusSecurity: 🚨GoPlus Security Alert: -
#PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. The exploiter bridged the stolen funds to #Ethereum, deposited 633.4 $ETH into #TornadoCash, and sent 0.0221 $BNB and 0.0411 $ETH to a dead address. https://t.co/lCDWwThsjH [Loss ~$1,100,000; Protocols: PancakeSwap]
@PeckShieldAlert: #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. -
dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mins for confirmations, and then wait another day or two to get money into their bank account. if fully shielded txs took 1-2 mins to be included, most users would
@pcaversaccio: dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mi… -
Anime Girls Could Steal Your Crypto as Wallpaper Malware Targets Steam Gamers
Researchers found malicious Wallpaper Engine downloads on Steam Workshop distributing infostealers, backdoors, and account-hijacking malware.
-
JB — exploit
$50K · Attack method: Flashloan Price Manipulation. Reported loss ~$50,000. The JB DeFi protocol suffered an exploit involving flashloan and price manipulation, resulting in approximately $50,000 being drained. The attack exploited protocol logic through flash loan-enabled price manipulation on the Solidity-based contract.
-
Namada Shielded Pools — exploit
$600K · Attack method: Protocol Vulnerability. Reported loss ~$600,000. On June 19, 2026, approximately $600,000 in assets (ATOM, USDC, OSMO, TIA, NYM, etc.) were drained from Namada’s Multi-Asset Shielded Pool (MASP) through an IBC Transfer Logic Exploit. The loss initially went unnoticed because a stale indexer continued displaying funds as available, while live RPC queries showed zero balances on the chain. The attacker swept shielded IBC assets cross-chain. Namada confirmed the exploit and is investigating.
-
mySwap CL — exploit
$300K · Attack method: Smart Contract Vulnerability. Reported loss ~$300,000. On June 19, 2026, at approximately 7:15 AM UTC, the mySwap CL (Concentrated Liquidity) protocol on Starknet was exploited, resulting in around $300,000–$305,000 being drained from its liquidity pools. The mySwap interface had been closed to new liquidity deposits for over six months, and the drained funds were mostly residual LP positions across more than 100,000 positions. The attacker bridged the stolen assets and used Railgun to obscure the transaction flow. The exploit nearly emptied all remaining liquidity in the proto…
Sources unavailable: Immunefi (Invalid character in tag name Line: 34 Column: 49 Char: @)
Generated by GM Security · automated digest, verify before acting.