Over the last 72 hours, the most material incidents include a ~$860M RWA protocol access-control exploit, a ~$47M global infostealer/phishing takedown, and a ~$47M flash-loan event, with total reported losses exceeding $954M. Dominant attack vectors are smart-contract bugs, supply-chain compromises, and social-engineering/phishing. Multiple high-profile supply-chain attacks and a governance-attack on Tornado Cash also emerged, while a Base chain halt and several private-key-compromise incidents underscore persistent infrastructure risk.
-
South Korea revises debt relief rules to include crypto assets
South Korea has expanded cryptocurrency disclosure requirements for its public debt relief program by including virtual asset holdings in applicant asset reviews and linking debt forgiveness more closely to repayment capacity. According to local media, the Financial Services Commission saidβ¦
-
Ark Invest buys Coinbase, Robinhood, Circle and Bullish on market dip
Cathie Woodβs Ark Invest has increased its positions in Coinbase, Circle, Bullish, and Robinhood after all four stocks posted losses in Thursdayβs trading session. Ark Investβs latest daily trading disclosure showed the firm bought 9,014 Coinbase shares across its ARKβ¦
-
Coinbase-backed Base returns after 2-hour consensus halt
Base returned online after a two-hour outage caused by a consensus issue, with Coinbaseβs layer-2 network promising a full post-mortem.
-
π§΅1/3 π§―Old contract exploits keep happening β how should projects respond? Recently, smart contract vulnerability attacks have been occurring frequently. In particular, legacy contracts deployed years ago are being increasingly exploited as attackers leverage AI techniques to https://t.co/1txrdXwlxc
@GoPlusSecurity: π§΅1/3 -
π¨ SlowMist TI Alert π¨ The Mini Shai-Hulud, Miasma, and Hades malware family, now expanding beyond npm into the Go module ecosystem. Affected Go modules: https://t.co/CRRD64BbZv https://t.co/wFOScxyaxw https://t.co/dt2Som48vx is a Cosmos SDK-based Layer 1 blockchain project https://t.co/2Rft5D5ugG
@SlowMist_Team: π¨ SlowMist TI Alert π¨ -
π¨GoPlus Security Alert: #Polymarket suffered a supply chain attack, with multiple users losing approximately $3 million @Polymarket Due to a compromise of a third-party vendor, malicious code was injected into the frontend. Around 15 user accounts collectively lost https://t.co/j0Ol2wY0VK https://t.co/La1aKILSwX [Loss ~$3,000,000]
@GoPlusSecurity: π¨GoPlus Security Alert: -
the good news: this makes slightly more sense than SBF's bet the bad news: they still don't know what log(0) is https://t.co/rcX2H3WGEg
@spreekaway: the good news: this makes slightly more sense than SBF's bet -
Even the DAO extractoooors are capitulating https://t.co/vjTvQSRcjb
@spreekaway: Even the DAO extractoooors are capitulating https://t.co/vjTvQSRcjb -
21Shares slashes crypto forecasts despite rising institutional demand
21Shares has cut several of its 2026 crypto forecasts, saying institutional adoption has continued to grow even as weaker prices and slower enterprise adoption have delayed parts of the industryβs recovery. According to 21Sharesβ midyear outlook, the digital asset industryβ¦
-
Genuinely what the fuck do you want the govt to do about this? This framing is so constant with these fucktards and itβs absolutely why the USG is now blocking access to the latest models. π€¬ βWe control the most powerful shit but canβt detect or prevent it from getting in the https://t.co/BMWGNfwLAL
@tayvano_: Genuinely what the fuck do you want the govt to do about this? -
Michael Saylor built a flywheel for a bull market. It is now spinning in reverse
Strategy turned a software company into the largest corporate Bitcoin holder on earth by exploiting a simple loop: trade above your Bitcoinβs value, issue stock, buy more Bitcoin, repeat. In June 2026, Bitcoin broke below $60,000, the stock fell underβ¦
-
Completely insane to let the fucking government control your product, release processes, and, ultimately, your profits. What the fuck are you guys doing. https://t.co/naHqtROAu3
@tayvano_: Completely insane to let the fucking government control your product, release processes, and, ultimately, your profits. -
Polymarket to Refund Users After Scammers Swipe Millions in Website Exploit
Hackers infiltrated Polymarketβs website via a compromised third-party vendor, the company said, swiping millions in crypto from users.
-
CoinEx Denies 'Knowledge' of Aiding Sanctioned Iran Crypto Market in $3.8 Billion Disconnect
TRM Labs said it uncovered over $3.84 billion in crypto flows between CoinEx and a web of more than 60 sanctioned Iranian platforms.
-
Wallet Screening Best Practices for Compliance Teams | TRM Labs
Learn why wallet screening matters, how it fits into AML/CFT programs, and best practices across KYC, sanctions, transaction monitoring, Travel Rule, and operationalization. See how TRM Labs supports compliance outcomes and how to measure success.
-
One of my 4am tweets mentions nonce reuse. I was speaking casually bc I was flabbergasted by just how fucking stupid this is. And nonce reuse is historically the stupidest thing so they got crossed in my heads. I got the other one right, so I'll repeat it now: These guys rolled https://t.co/kSnep3Z9YC
@tayvano_: One of my 4am tweets mentions nonce reuse. I was speaking casually bc I was flabbergasted by just how fucking stupid th⦠-
Kraken in talks to buy 15% stake in DeFi lender Aave at $385 million valuation
The DeFi lender is rebuilding after the fallout from April's KelpDAO exploit sparked a multibillion-dollar exodus of deposits despite Aave itself not being hacked.
-
a16z-backed crypto firm rebrands, shifts focus to solving AIβs global copyright headache
The startup formerly known as Story Protocol raised $140 million to secure internet rights and is now building an audit layer for data consent, licensing, and provenance for tech firms.
-
AI agents move funds on-chain at machine speed. One compromised compliance oracle can push them into a sanctions violation. π¨ The fix is layered: multiple oracles, default-deny on outages, reject stale data, on-chain logs, circuit breakers. π https://t.co/YDTMzTNIFQ
@HalbornSecurity: AI agents move funds on-chain at machine speed. One compromised compliance oracle can push them into a sanctions violat⦠-
#PeckShieldAlert @apyx_fi's $apxUSD has dropped below $0.8. https://t.co/YUYPIEuRDF [Loss ~$0.8]
@PeckShieldAlert: #PeckShieldAlert @apyx_fi's $apxUSD has dropped below $0.8. https://t.co/YUYPIEuRDF -
Most RWAs are Treasuries. @XDCNetwork is different. Over $860M in tokenized real-world credit, including debentures, receivables, and business loans, settles on XDC. CertiK now helps secure that infrastructure as an XDC validator. Learn more below. https://t.co/wnqTci2Ktk [Loss ~$860,000,000]
@CertiK: Most RWAs are Treasuries. @XDCNetwork is different. -
$47M in Crypto Frozen in Global Infostealer Takedown: Europol
~$47.0M Β· Police disrupted SocGholish, Amadey, and StealC, malware that harvests crypto wallets and passwords, freezing β¬41 million in crypto.
-
the latest tornado cash proposal 67 is _malicious_: https://bafybeie5hxovqc4ifcnrnhvmjbefxgeix6oqvzaspyytdxiyscji22v5pu[.]ipfs[.]inbrowser[.]link/governance/67 decompilation of the proposal: https://t.co/bfGfEkb1o3 the try to set the governance address to a vanity address that https://t.co/0VbG4KO9Yc https://t.co/rny5WWdd8M
@pcaversaccio: the latest tornado cash proposal 67 is _malicious_: https://bafybeie5hxovqc4ifcnrnhvmjbefxgeix6oqvzaspyytdxiyscji22v5pu⦠-
OHIF Viewers DICOM
View CSAF Summary Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. The following versions of OHIF Viewers DICOM are affected: OHIF DICOM Web Viewer Framework <=v3.12.0 CVSS Vendor Equipment Vulnerabilities v3 8.2 Open Health Imaging Foundation (OHIF) OHIF Viewers DICOM Server-Side Request Forgery (SSRF) Background Critical Infrastructure Sectors: Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expandβ¦
-
To be clear: these guys rolled their own crypto so fucking hard that anyone could get your private key from public information. This was not a highly sophisticated, premeditated attack. Itβs embarrassing. Itβs worse than 2011 era btc wallets ever were lol. https://t.co/teHYs6zU0F
@tayvano_: To be clear: these guys rolled their own crypto so fucking hard that anyone could get your private key from public info⦠-
They did it. They actually did it. They actually managed to fuck up and reuse nonces for Ed25519 sigs. Incredible things happening on Cardano. Innovation, even. π³ https://t.co/3fhyZ2A81V
@tayvano_: They did it. They actually did it. -
#PeckShieldAlert Our community member has reported that @gnosis_ 's X account has been compromised. Do *Not* interact with it or click any links. https://t.co/LMLiQb9UZ0
@PeckShieldAlert: #PeckShieldAlert Our community member has reported that @gnosis_ 's X account has been compromised. Do *Not* interact w⦠-
π Weekly Web3 Security Roundup | Jun 15 - Jun 21 π¨ Spotlight on 3 notable incidents | ~$18.3M lost this week Featuring a vulnerability breakdown and in-depth analysis of selected key casesπ https://t.co/p76YlrASyi https://t.co/BQtX6N9Qtn [Loss ~$18,300,000]
@Phalcon_xyz: π Weekly Web3 Security Roundup | Jun 15 - Jun 21 -
#CertiKInsight π¨ The KyberSwap exploiter address moved 2K ETH (~$3.3M) to TornadoCash through 0x6B686cf613F05D09C097eECFc349c091e6F2ad8D yesterday. On Nov 22nd 2023, KyberNetwork suffered flashloan exploits across multiple chains, resulting in a loss of ~$47M. Stay Vigilant! https://t.co/vVu69yFpyi [Loss ~$3,300,000; Protocols: across]
@CertiKAlert: #CertiKInsight π¨ -
#PeckShieldAlert $MIM has dropped -36% to 0.5 https://t.co/y2nKlrY2wY https://t.co/7IerebpzPk
@PeckShieldAlert: #PeckShieldAlert $MIM has dropped -36% to 0.5
Sources unavailable: Immunefi (Invalid character in tag name Line: 34 Column: 49 Char: @)
Generated by GM Security Β· automated digest, verify before acting.