Over the past 72 hours, aggregated losses exceed $986M, led by an $860M access-control incident in RWA tokenization on XDC Network and two $47M events: a global infostealer takedown freezing funds and a flash-loan attack. Dominant vectors include access-control, phishing-wallet-drainer, flash-loan attacks, and governance/smart-contract exploits. Multiple high-impact supply-chain, social-engineering, and private-key compromise alerts also emerged, while four items lack loss data or clear vector attribution.
-
Most RWAs are Treasuries. @XDCNetwork is different. Over $860M in tokenized real-world credit, including debentures, receivables, and business loans, settles on XDC. CertiK now helps secure that infrastructure as an XDC validator. Learn more below. https://t.co/wnqTci2Ktk [Loss ~$860,000,000]
@CertiK: Most RWAs are Treasuries. @XDCNetwork is different. -
$47M in Crypto Frozen in Global Infostealer Takedown: Europol
~$47.0M · Police disrupted SocGholish, Amadey, and StealC, malware that harvests crypto wallets and passwords, freezing €41 million in crypto.
-
the latest tornado cash proposal 67 is _malicious_: https://bafybeie5hxovqc4ifcnrnhvmjbefxgeix6oqvzaspyytdxiyscji22v5pu[.]ipfs[.]inbrowser[.]link/governance/67 decompilation of the proposal: https://t.co/bfGfEkb1o3 the try to set the governance address to a vanity address that https://t.co/0VbG4KO9Yc https://t.co/rny5WWdd8M
@pcaversaccio: the latest tornado cash proposal 67 is _malicious_: https://bafybeie5hxovqc4ifcnrnhvmjbefxgeix6oqvzaspyytdxiyscji22v5pu… -
To be clear: these guys rolled their own crypto so fucking hard that anyone could get your private key from public information. This was not a highly sophisticated, premeditated attack. It’s embarrassing. It’s worse than 2011 era btc wallets ever were lol. https://t.co/teHYs6zU0F
@tayvano_: To be clear: these guys rolled their own crypto so fucking hard that anyone could get your private key from public info… -
They did it. They actually did it. They actually managed to fuck up and reuse nonces for Ed25519 sigs. Incredible things happening on Cardano. Innovation, even. 😳 https://t.co/3fhyZ2A81V
@tayvano_: They did it. They actually did it. -
#PeckShieldAlert Our community member has reported that @gnosis_ 's X account has been compromised. Do *Not* interact with it or click any links. https://t.co/LMLiQb9UZ0
@PeckShieldAlert: #PeckShieldAlert Our community member has reported that @gnosis_ 's X account has been compromised. Do *Not* interact w… -
CoinEx denies claims it served as $3.84 billion gateway to sanctioned Iranian crypto firms
Blockchain analysts TRM Labs says CoinEx facilitated more than $3.8 billion in blockchain-traced flows with sanctioned Iranian crypto entities. CoinEx disputes the findings.
-
Thailand issues arrest warrant for Chinese businessman tied to $28 million illegal crypto mining probe: report
~$28.0M · Chinese businessman Wang Yicheng was accused of involvement in illegal crypto mining operations that used $28 million worth of electricity.
-
China hands death sentence to convict who laundered $7M through crypto
~$7.0M · China has sentenced a convicted drug trafficker to death after authorities found he laundered more than 48 million yuan, about $7.04 million, through cryptocurrency as part of a major cross-border narcotics operation. China’s Supreme People’s Procuratorate said at a June…
-
🚨 SlowMist TI Alert 🚨 A new Shai-Hulud / Miasma / Hades npm malware variant linked to the compromised npm developer account czirker, affecting the npm ecosystem. The campaign uses a preconfigured binding.gyp file to execute during npm install; reported scope includes 23 https://t.co/Y12BuqUvDX
@SlowMist_Team: 🚨 SlowMist TI Alert 🚨 -
Ethereum price holds $1,600 as whales buy the dip
Ethereum holds near $1,655 as ETF outflows, whale buying, dormant selling and weak indicators keep recovery fragile around $1,800 this week.
-
🗓 Weekly Web3 Security Roundup | Jun 15 - Jun 21 🚨 Spotlight on 3 notable incidents | ~$18.3M lost this week Featuring a vulnerability breakdown and in-depth analysis of selected key cases👇 https://t.co/p76YlrASyi https://t.co/BQtX6N9Qtn [Loss ~$18,300,000]
@Phalcon_xyz: 🗓 Weekly Web3 Security Roundup | Jun 15 - Jun 21 -
MemeCore's M token suddenly crashes 80% with no clear trigger
The token fell from nearly $3 to about $0.50 in hours, wiping out close to $3 billion in market value, with no exploit or announcement to explain it. Onchain investigator ZachXBT warned in April that M's price had been propped up by insiders.
-
XRP slides 2.8% as weak bounce keeps $1 support in focus
Sellers broke another support level on heavy volume, while the recovery failed to reclaim the zone that would ease downside pressure.
-
#CertiKInsight 🚨 The KyberSwap exploiter address moved 2K ETH (~$3.3M) to TornadoCash through 0x6B686cf613F05D09C097eECFc349c091e6F2ad8D yesterday. On Nov 22nd 2023, KyberNetwork suffered flashloan exploits across multiple chains, resulting in a loss of ~$47M. Stay Vigilant! https://t.co/vVu69yFpyi [Loss ~$3,300,000; Protocols: across]
@CertiKAlert: #CertiKInsight 🚨 -
#PeckShieldAlert $MIM has dropped -36% to 0.5 https://t.co/y2nKlrY2wY https://t.co/7IerebpzPk
@PeckShieldAlert: #PeckShieldAlert $MIM has dropped -36% to 0.5 -
#PeckShieldAlert The #KyberSwap exploiter-labeled address moved another 2K $ETH to #TornadoCash. In total, the exploiter has laundered 16,100 $ETH (~$40M) through the mixer over the last 2 years. This represents over 80% of the $48.8M stolen during the November 2023 exploit. https://t.co/Ic2tPWTPPj [Loss ~$40,000,000]
@PeckShieldAlert: #PeckShieldAlert The #KyberSwap exploiter-labeled address moved another 2K $ETH to #TornadoCash. -
Ex-Ethereum Foundation Researchers Launched Their Own Lab https://t.co/U3uxZwlFEN
@tayvano_: Ex-Ethereum Foundation Researchers Launched Their Own Lab https://t.co/U3uxZwlFEN -
Fake Crypto Influencer Gets 15 Months for $1.4M Telegram Staking Fraud
~$1.4M · Noman Saleem impersonated crypto influencers on Telegram, luring victims into a fake staking scheme before vanishing with their funds.
-
Today, the DOJ seized tech used by the crime-facilitating Huione Group to transfer and launder billions of dollars in fraud proceeds. Chainalysis provided key intelligence to the investigation. Here's what you need to know about Huione and why this crackdown matters.
@chainalysis: Today, the DOJ seized tech used by the crime-facilitating Huione Group to transfer and launder billions of dollars in f… -
A deprecated contract isn't a dead contract. ⚠️ Earlier this month, an attacker drained $2.1M from Aztec Connect, a zk-Rollup bridge that was deprecated back in March 2023 with its admin keys already renounced Here's what happened 👇 https://t.co/7w5JAgiyOE [Loss ~$2,100,000]
@HalbornSecurity: A deprecated contract isn't a dead contract. ⚠️ -
But surely he won't do it below 1.0. R-right? https://t.co/mEUHz5Svci
@spreekaway: But surely he won't do it below 1.0. -
https://t.co/a7RQYh6vQU
@spreekaway: https://t.co/a7RQYh6vQU -
Zcash eyes 15% drop as price approaches critical $400 support
Zcash has erased most of its mid-June recovery, bringing the privacy coin back to a major support zone as sellers regain control. According to crypto.news data, Zcash (ZEC) traded near $412 on June 24, down roughly 15% from its June…
-
Yield Yak — exploit
Attack method: Frontend Attack. According to security firm Blockaid, Yield Yak suffered a frontend attack. Its subdomain vote.yieldyak.com was injected with Eleven Drainer malicious code, posing risks of asset theft upon access. This mirrors a similar frontend attack previously experienced by Gitcoin.
-
Aztec Bridge - Rekt
$2.2M · One deprecated contract, one flawed escape hatch circuit, and a verifier that should have been retired years earlier. Aztec’s legacy rollup contract lost roughly $2.198 million after a ZK proof passed a broken root-binding check.
-
Best Tools for Monitoring Cryptocurrency Transactions for Fraud and Suspicious Activity | TRM Labs
Learn what the best cryptocurrency transaction monitoring tools must offer to detect fraud and suspicious activity patterns, and why TRM Labs stands out for proactive, risk-based blockchain analytics.
-
THORChain Resumes Trading After Month-Long Halt From $10.7M Exploit
~$10.7M · The cross-chain DEX restored signing, churning, swaps, and LP actions Tuesday morning, six weeks after an Asgard vault breach drained funds across four chains.
-
Crypto’s Clarity Act Has a New Enemy: Catholic Leaders
A group of 82 Catholic leaders warned a key provision of the crypto bill, protecting software developers from prosecution, could enable human trafficking.
-
BlockThreat - Week 25, 2026
$20M stolen across 13 incidents. Jared Got Sandwiched. DPRK is back at it.
Sources unavailable: Immunefi (Invalid character in tag name Line: 34 Column: 49 Char: @)
Generated by GM Security · automated digest, verify before acting.