Q2 2026 is the most-hacked quarter on record with 83 incidents and ~$755M in losses, led by bridge exploits and smart contract bugs. The Secret Network's Axelar Bridge was drained of $4.67M via an infinite-mint flaw, while Taiko lost $1.7M from a private key compromise, and several GoPlusSecurity reports indicate smart contract bugs costing an additional ~$17.8M. Dominant attack vectors include smart contract bugs, bridge exploits, private key compromises, and social engineering.

• 🧊 On-chain — Tether USDT freezes (7d): 9 addresses (2026-06-23). Source: Dune
• Bridge exploits and infinite-mint bugs remain top loss drivers
• Social engineering and impersonation scams targeting users and projects
• Private key compromises and wallet drainers persist as critical threats
• Governance votes and acquisitions highlight non-technical but impactful risks

• Thailand Expands Crypto Mining Probe Into $300M Chinese Laundering Network
  Thailand's DSI says a Chinese "grey capital" network used illegal crypto mining and cash mules to launder more than $300 million a year.
  Decrypt · Tue, 23 Jun 2026 13:40:47 GMT
• A shared Quantum computer for Web3 is here, but it doesn’t run on AWS
  Postquant Labs has finalized a decentralized network architecture that coordinates idle quantum processing hardware to actively safeguard $20 billion worth of vulnerable blockchain assets against early cryptographic failure vectors. According to Postquant Labs CEO Colton Dillion, the startup is launching…
  crypto.news · Tue, 23 Jun 2026 13:39:05 GMT
• Franklin Templeton closes 250 Digital acquisition deal and sets up new Franklin Crypto division
  The $1.7 trillion asset manager did not disclose the amount paid for the acquisition of 250 Digital but revealed its plans for a new corporate division exclusively for crypto investments.
  CoinDesk · Tue, 23 Jun 2026 12:35:57 GMT
• Yi He warns of alleged impersonation scam as CoinUp denies Zhu Pan ties
  Yi He warned users about an alleged Binance impersonation scam as CoinUp denied Zhu Pan links and CPX volatility drew scrutiny online.
  crypto.news · social engineering · Tue, 23 Jun 2026 11:20:00 GMT

• 🔥Glad to support @HTX_DAO’s HTX Genesis Hackathon as a security partner! Hosted by HTX DAO & https://t.co/WRWRExdtkS, this global hackathon focuses on AI × Web3 innovations in smart finance, AI Agents, and on-chain infrastructure. $20,000 prize pool + $100k compute power and https://t.co/tSJUyLBCJy [Loss ~$20,000]

  @SlowMist_Team: 🔥Glad to support @HTX_DAO’s HTX Genesis Hackathon as a security partner!

  @SlowMist_Team · Tue, 23 Jun 2026 10:38:44 GMT
• Hut 8 agrees to $2.35 million settlement in investor suit tied to US Bitcoin merger
  ~$2.4M · Hut 8 agreed to pay $2.35M to settle a securities class action over disclosure claims from its 2023 merger with U.S. Bitcoin Corp.
  The Block · Tue, 23 Jun 2026 10:35:55 GMT

• Excited to see our CTO @kang_li join #MYBW2026 as a Star Speaker. Dr. Kang Li will share insights on blockchain security, infrastructure resilience, and building safer digital asset ecosystems. See you in Kuala Lumpur.🇲🇾 https://t.co/fxosnj4pdp

  @CertiK: Excited to see our CTO @kang_li join #MYBW2026 as a Star Speaker.

  CertiK · Tue, 23 Jun 2026 07:39:46 GMT
• Treasury Sanctions Three Individuals and Six Entities for Routing Crypto to ISIS
  OFAC designated three financial facilitators and six money service businesses across Europe, Syria, Turkey, and Nigeria for moving funds to ISIS and its West Africa affiliate using crypto, including two TRON addresses tied to a French national.
  The Defiant · Tue, 23 Jun 2026 01:43:21 GMT
• Synthetix Governance Votes to Retire sUSD, Pay Holders in Vested SNX
  Synthetix governance has moved to retire sUSD entirely under SIP-423, introduced June 12. The proposal would freeze the stablecoin contract and pay all holders back at face value in vested SNX at a conversion of four SNX per sUSD. A companion SIP-424 covering technical implementation is pending.
  The Defiant · governance attack · Tue, 23 Jun 2026 01:43:21 GMT

• guys 😭 https://t.co/LGBXxmyoFF https://t.co/Z6O7asZ6OP

  @tayvano_: guys 😭 https://t.co/LGBXxmyoFF https://t.co/Z6O7asZ6OP

  @tayvano_ · Tue, 23 Jun 2026 01:17:00 GMT
• OFAC Sanctions ISIS Operators for Financing Terror Group with Crypto
  Summary OFAC designated three individuals and six entities across Europe, the Middle East, and West Africa for facilitating financial transactions… The post OFAC Sanctions ISIS Operators for Financing Terror Group with Crypto appeared first on Chainalysis.
  Chainalysis · Tue, 23 Jun 2026 00:27:35 GMT
• Secret Network's Axelar Bridge Drained $4.67M via Infinite-Mint Flaw
  ~$4.7M · Secret Network's cross-chain bridge to Axelar has been suspended after an attacker exploited a years-old minting flaw in a CW20-ICS20 contract to drain $4.67 million in wrapped tokens over seven undetected days. The exploit ran from June 10 to June 17, drained seven Axelar-wrapped assets, and has
  The Defiant · smart-contract bug · Mon, 22 Jun 2026 22:57:40 GMT

• Oh shit Brazil’s govt also got pwn’d by Mythos. https://t.co/V0rSWLvkqt

  @tayvano_: Oh shit Brazil’s govt also got pwn’d by Mythos. https://t.co/V0rSWLvkqt

  @tayvano_ · Mon, 22 Jun 2026 21:57:36 GMT
• a16z-Backed Goldfinch Finance Winds Down After Originating $100M in Loans
  Warbler Labs posted an official governance proposal on June 12 to wind down Goldfinch Prime and move the protocol to maintenance mode. A Snapshot vote is passing 100% in favor. Depositors face a two-or-more-year recovery horizon as GFI trades 99.8% below its January 2022 all-time high.
  The Defiant · Mon, 22 Jun 2026 20:30:59 GMT
• Solana treasury firm Solmate’s largest stakeholder sues board for self-dealing, fiduciary breaches
  Board members Ron Sade and Keren Maimon personally bought about 2.298 million SLMT shares at $4.97, diluting shareholders ~20%.
  The Block · Mon, 22 Jun 2026 20:17:43 GMT

• What separates a high-caliber security audit from a surface-level one? 🤔 Our SVP Security & Field CISO @urruts was on the @QRLedger Show to explain how blockchain security audits work, Halborn's approach, and how AI is changing the space. 📺 Watch: https://t.co/bAhwd2DSTz https://t.co/LIJcUgtKx1

  @HalbornSecurity: What separates a high-caliber security audit from a surface-level one? 🤔

  @HalbornSecurity · Mon, 22 Jun 2026 18:58:03 GMT

• when i screamed at yall to stop getting malware’d this is NOT what i meant https://t.co/33m829Yf98

  @tayvano_: when i screamed at yall to stop getting malware’d this is NOT what i meant https://t.co/33m829Yf98

  @tayvano_ · social engineering · Mon, 22 Jun 2026 17:43:42 GMT

• Politicians and security nerds will never speak the same language lmao. https://t.co/cwlZtNuJW4

  @tayvano_: Politicians and security nerds will never speak the same language lmao. https://t.co/cwlZtNuJW4

  @tayvano_ · Mon, 22 Jun 2026 17:06:05 GMT

• 🧵1/4 ⚠️ Vulnerability Analysis: Breakdown of the Taiko Exploit on Ethereum L2 The vault contract of @taikoxyz on #ETH was exploited, resulting in losses exceeding $1.7 million. 🔍 Attack Flow Analysis: In the attack transaction below, the attacker registered two malicious SGX https://t.co/gEbqZhSlu4 https://t.co/GDvlZqsicH [Loss ~$1,700,000]

  @GoPlusSecurity: 🧵1/4

  ~$1.7M · @GoPlusSecurity · smart-contract bug · Mon, 22 Jun 2026 16:19:41 GMT
• Re7 Labs Opens $223K USDC Compensation Pool for USR Exploit Victims
  Re7 Labs opened a 223,000 USDC compensation pool for wallets affected by the March exploit of Resolv Labs' USR stablecoin. The Morpho curator joins Gauntlet, which opened a 4.37 million USDC payout earlier this month, in publishing claim mechanics.
  The Defiant · Mon, 22 Jun 2026 16:09:04 GMT
• Dormant Wallet Tied to HashFlare Fraud Moves 10,600 ETH Worth $18.5M
  An Ethereum address tied to the HashFlare cloud-mining Ponzi moved 10,600 ETH worth about $18.5 million on Monday morning after sitting idle for roughly three and a half years. Onchain investigator ZachXBT, with help from security firm Cyvers, flagged the movement, the first activity from the
  The Defiant · Mon, 22 Jun 2026 14:34:12 GMT
• Q2 2026 emerges as most-hacked quarter on record with 83 incidents
  ~$755.0M · Crypto hackers stole $755 million across 83 cybersecurity incidents, as cross–chain bridges remained the most costly attack vector of the crypto industry.
  Cointelegraph (Security) · bridge exploit · Mon, 22 Jun 2026 10:52:50 GMT

• "It’s getting harder to trust digital identities." CertiK's Jialiang Chang spoke with @TheStreet about how AI-generated voices, images, and videos are reshaping fraud risks and creating new challenges for identity verification in financial services. Read more👇

  @CertiK: "It’s getting harder to trust digital identities."

  CertiK · social engineering · Mon, 22 Jun 2026 06:12:01 GMT

• .@taikoxyz was reportedly attacked, with losses exceeding $1.7M. Our initial investigation suggests the likely root cause was an exposed Raiko SGX enclave signing key on GitHub. Raiko is Taiko’s multi-prover stack for Taiko and Ethereum blocks, so an exposed Raiko SGX enclave key https://t.co/eAq9Xjngz8 https://t.co/8BIiEeNtYJ [Loss ~$1,700,000]

  @Phalcon_xyz: .@taikoxyz was reportedly attacked, with losses exceeding $1.7M. Our initial investigation suggests the likely root cau…

  ~$1.7M · @Phalcon_xyz · private-key compromise · Mon, 22 Jun 2026 05:09:56 GMT

• 🧵1/5 GoPlus Security Alert: Prominent #ETH MEV Bot #JaredFromSubway Loses Approximately $15 Million in a "MEV Honeypot Attack" This attack was neither a traditional phishing scam nor a smart contract code vulnerability. Instead, it was a "honeypot trap" specifically designed to https://t.co/th6o9UFh9q [Loss ~$15,000,000]

  @GoPlusSecurity: 🧵1/5

  ~$15.0M · @GoPlusSecurity · smart-contract bug · Sun, 21 Jun 2026 15:27:33 GMT

• Subhead: Skids still inside, still trying to find the twitter logins so they can drop a wallet drainer https://t.co/GxTXE9rESZ

  @tayvano_: Subhead: Skids still inside, still trying to find the twitter logins so they can drop a wallet drainer https://t.co/GxT…

  @tayvano_ · phishing / wallet drainer · Sun, 21 Jun 2026 15:25:52 GMT

• 🧵1/3 ⚠️ Vulnerability Analysis: Analysis of the @BnbLabubu Exploit On June 20, DeFi game @BnbLabubu was exploited due to a vulnerability in the OLPCToken contract (0x58815C), resulting in approximately $1.115 million in losses. 🔍 Vulnerability Mechanism Analysis: A https://t.co/UJ8kYxdqfA [Loss ~$1,115,000]

  @GoPlusSecurity: 🧵1/3

  ~$1.1M · @GoPlusSecurity · smart-contract bug · Sun, 21 Jun 2026 14:41:56 GMT

• possibly funded by rival US Based Prediction Market Platform but also, yeah doesn't look great for polymarket lol https://t.co/ZUHFWUnSt8

  @spreekaway: possibly funded by rival US Based Prediction Market Platform but also, yeah doesn't look great for polymarket lol https…

  @spreekaway · Sun, 21 Jun 2026 14:07:04 GMT

• lmaoooooooooo this says so much abt the nsa and hardly anything about ant https://t.co/CSd9yTR3iv

  @tayvano_: lmaoooooooooo

  @tayvano_ · social engineering · Sun, 21 Jun 2026 13:44:49 GMT

• ✨MistTrack Quarterly Update: Risk Decay Model, Connection Path Analysis, and Developer Plan Risk scoring is only the starting point of AML analysis. The real challenge lies in understanding how risk propagates through complex fund flows, identifying exposure paths, and making

  @MistTrack_io: ✨MistTrack Quarterly Update: Risk Decay Model, Connection Path Analysis, and Developer Plan

  @MistTrack_io · Sun, 21 Jun 2026 12:30:45 GMT

Sources unavailable: Immunefi (Invalid character in tag name Line: 34 Column: 49 Char: @)

📸 Share image for socials — 1200×630

⬇ Download PNG

Generated by GM Security · automated digest, verify before acting.