Q2 2026 is the most-hacked quarter on record with 83 incidents and ~$755M in losses, led by bridge exploits. In the last 72 hours, total reported losses exceed ~$55M across multiple incidents. Dominant vectors include smart-contract bugs, private-key compromise, and phishing-wallet drainers. A significant social-engineering campaign seeks to deploy wallet drainers via compromised accounts. Note: 1 source failed, so data may be incomplete.

• 🧊 On-chain — Tether USDT freezes (7d): 10 addresses (2026-06-22). Source: Dune
• Bridge exploits remain the highest-value single vector this quarter.
• Private-key and phishing attacks are dropping wallet drainers at scale.
• Smart-contract bugs caused eight-figure losses across multiple chains.
• Social engineering is increasingly used to compromise digital identities.

• Q2 2026 emerges as most-hacked quarter on record with 83 incidents
  ~$755.0M · Crypto hackers stole $755 million across 83 cybersecurity incidents, as cross–chain bridges remained the most costly attack vector of the crypto industry.
  Cointelegraph (Security) · bridge exploit · Mon, 22 Jun 2026 10:52:50 GMT
• Japan arrests senior Prince Group figure Hu Xiaowei tied to U.S. sanctioned network
  Japanese authorities have arrested a senior figure allegedly linked to Cambodia’s Prince Group, a conglomerate that U.S. officials have tied to a multibillion-dollar cryptocurrency fraud and money laundering network. The Asahi Shimbun reported that Tokyo’s Metropolitan Police Department arrested Hu…
  crypto.news · Mon, 22 Jun 2026 10:15:43 GMT
• XRP price defends $1.12 as analysts eye breakout setup
  XRP price held near $1.13 after testing $1.12 support as ETF inflows, MACD recovery and rising derivatives activity kept traders alert.
  crypto.news · Mon, 22 Jun 2026 09:19:04 GMT
• Fentanyl-linked crypto fraud tied to fake Zksync.jp token: Nikkei
  Nikkei says a fentanyl-linked Chinese network used a Japan base and fake Zksync.jp token to run crypto fraud tied to sanctioned wallets.
  crypto.news · social engineering, phishing / wallet drainer · Mon, 22 Jun 2026 06:26:25 GMT

• 🔍#BeosinInsight If every trade your bot makes looks profitable, would you suspect it's being exploited? Jaredfromsubway.eth, one of Ethereum's most active MEV bots, didn't. On June 21, it fell victim to a meticulously engineered honeypot attack and lost over $7.5 million https://t.co/koZV3FHFhL [Loss ~$7,500,000]

  @Beosin_com: 🔍#BeosinInsight

  ~$7.5M · @Beosin_com · smart-contract bug · Mon, 22 Jun 2026 06:17:09 GMT

• "It’s getting harder to trust digital identities." CertiK's Jialiang Chang spoke with @TheStreet about how AI-generated voices, images, and videos are reshaping fraud risks and creating new challenges for identity verification in financial services. Read more👇

  @CertiK: "It’s getting harder to trust digital identities."

  CertiK · social engineering · Mon, 22 Jun 2026 06:12:01 GMT

• .@taikoxyz was reportedly attacked, with losses exceeding $1.7M. Our initial investigation suggests the likely root cause was an exposed Raiko SGX enclave signing key on GitHub. Raiko is Taiko’s multi-prover stack for Taiko and Ethereum blocks, so an exposed Raiko SGX enclave key https://t.co/eAq9Xjngz8 https://t.co/8BIiEeNtYJ [Loss ~$1,700,000]

  @Phalcon_xyz: .@taikoxyz was reportedly attacked, with losses exceeding $1.7M. Our initial investigation suggests the likely root cau…

  ~$1.7M · @Phalcon_xyz · private-key compromise · Mon, 22 Jun 2026 05:09:56 GMT

• 🧵1/5 GoPlus Security Alert: Prominent #ETH MEV Bot #JaredFromSubway Loses Approximately $15 Million in a "MEV Honeypot Attack" This attack was neither a traditional phishing scam nor a smart contract code vulnerability. Instead, it was a "honeypot trap" specifically designed to https://t.co/th6o9UFh9q [Loss ~$15,000,000]

  @GoPlusSecurity: 🧵1/5

  ~$15.0M · @GoPlusSecurity · smart-contract bug · Sun, 21 Jun 2026 15:27:33 GMT

• Subhead: Skids still inside, still trying to find the twitter logins so they can drop a wallet drainer https://t.co/GxTXE9rESZ

  @tayvano_: Subhead: Skids still inside, still trying to find the twitter logins so they can drop a wallet drainer https://t.co/GxT…

  @tayvano_ · phishing / wallet drainer · Sun, 21 Jun 2026 15:25:52 GMT

• possibly funded by rival US Based Prediction Market Platform but also, yeah doesn't look great for polymarket lol https://t.co/ZUHFWUnSt8

  @spreekaway: possibly funded by rival US Based Prediction Market Platform but also, yeah doesn't look great for polymarket lol https…

  @spreekaway · Sun, 21 Jun 2026 14:07:04 GMT
• Why XRP cannot hold $1.15
  XRP keeps losing support and failing at $1.25 even as supply drains, whales accumulate, and CLARITY advances. Why the chart is beating the bullish story.
  crypto.news · Sun, 21 Jun 2026 14:00:00 GMT

• lmaoooooooooo this says so much abt the nsa and hardly anything about ant https://t.co/CSd9yTR3iv

  @tayvano_: lmaoooooooooo

  @tayvano_ · social engineering · Sun, 21 Jun 2026 13:44:49 GMT
• Ethereum price analysis: ETH holds $1.7K as analysts watch $4.6K path
  Ethereum trades near $1.70K as analysts watch $1,060 support, $2,850 and $4,630 targets, MACD recovery and Binance outflows as price stalls.
  crypto.news · Sun, 21 Jun 2026 13:30:00 GMT

• ✨MistTrack Quarterly Update: Risk Decay Model, Connection Path Analysis, and Developer Plan Risk scoring is only the starting point of AML analysis. The real challenge lies in understanding how risk propagates through complex fund flows, identifying exposure paths, and making

  @MistTrack_io: ✨MistTrack Quarterly Update: Risk Decay Model, Connection Path Analysis, and Developer Plan

  @MistTrack_io · Sun, 21 Jun 2026 12:30:45 GMT
• Gitcoin — exploit
  Attack method: Front-end Attack. Blockchain security firm Blockaid detected a front-end attack on Gitcoin’s subdomain files.gitcoin.co. The compromised site contained malicious “Eleven drainer” code designed to steal users’ cryptocurrency wallet assets. Users were advised not to interact with the site while the issue is being investigated and remediated. This is a frontend compromise incident rather than an on-chain smart contract exploit.
  SlowMist Hacked DB · frontend / DNS hijack · Sun, 21 Jun 2026 12:00:00 GMT
• Bitcoin price holds $64K as LAB and AERO lead altcoin gains: Weekend crypto watch
  Bitcoin recovered above $64,000 over the weekend after Friday’s drop below $62,400, but the wider crypto market still showed limited momentum. According to crypto.news market data, Bitcoin traded near $64,166 at press time, up 0.77% over 24 hours. The move…
  crypto.news · Sun, 21 Jun 2026 10:36:02 GMT

• #PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto, including 1,474.58 $WETH, 2.87M $USDC, & 2M $USDT. The attacker swapped the stolen funds for 4.4K ETH and has already deposited 1K ETH into #TornadoCash https://t.co/qY6IVDdnGJ [Loss ~$7,500,000]

  @PeckShieldAlert: #PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto,…

  ~$7.5M · @PeckShieldAlert · private-key compromise, phishing / wallet drainer · Sat, 20 Jun 2026 22:13:48 GMT

• indeed, no one else does it like Main Street https://t.co/kMWamDladg

  @spreekaway: indeed, no one else does it like Main Street https://t.co/kMWamDladg

  @spreekaway · Sat, 20 Jun 2026 19:56:39 GMT

• #PeckShieldAlert ethereum:0x890a5122aa1da30fec4286de7904ff808f0bd74a has plummeted 70%. AlphaUSDC Delta V2 (Curator: #AlphaPING) holds a 30% exposure ($18M) to the msY/USDC market. The #Morpho msY/USDC market is 100% utilized. https://t.co/A2THMamJ9v https://t.co/4T4NbnnrgH [Loss ~$18,000,000; Protocols: Morpho]

  @PeckShieldAlert: #PeckShieldAlert ethereum:0x890a5122aa1da30fec4286de7904ff808f0bd74a has plummeted 70%.

  ~$18.0M · @PeckShieldAlert · Sat, 20 Jun 2026 18:12:17 GMT

• 🚨GoPlus Security Alert: On June 19, @mySwapxyz (Starknet) was exploited. The attacker deployed a fake "EVIL" token contract (0x028c9a) and exploited a vulnerability in a project contract (0x01114c), draining approximately $305,000 from mySwap CL liquidity pools, including https://t.co/8sVDg98bmh https://t.co/yDms1GkODh [Loss ~$305,000; Protocols: Starknet]

  @GoPlusSecurity: 🚨GoPlus Security Alert:

  ~$4.7M · @GoPlusSecurity · smart-contract bug · Sat, 20 Jun 2026 14:13:00 GMT

• #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. The exploiter bridged the stolen funds to #Ethereum, deposited 633.4 $ETH into #TornadoCash, and sent 0.0221 $BNB and 0.0411 $ETH to a dead address. https://t.co/lCDWwThsjH [Loss ~$1,100,000; Protocols: PancakeSwap]

  @PeckShieldAlert: #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M.

  ~$1.1M · @PeckShieldAlert · smart-contract bug · Sat, 20 Jun 2026 12:46:05 GMT

• dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mins for confirmations, and then wait another day or two to get money into their bank account. if fully shielded txs took 1-2 mins to be included, most users would

  @pcaversaccio: dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mi…

  pcaversaccio · Sat, 20 Jun 2026 11:48:05 GMT

Sources unavailable: Immunefi (Feed not recognized as RSS 1 or 2.)

📸 Share image for socials — 1200×630

⬇ Download PNG

Generated by GM Security · automated digest, verify before acting.