# 🛡️ Crypto Security Briefing — 2026-06-17 **18 incidents** · **$58.3M reported losses** · last 72h · 19 live sources ## Executive summary The most material incident is a $36M exploit at Humanity Protocol, with a separate $20M Coinbase spoofing case and a $2.2M theft from Aztec Connect, totaling at least $58.3M in direct losses. Dominant attack vectors include phishing-wallet-drainers and smart contract exploits, though several incidents lack clear vector attribution. Regulatory actions are intensifying, with the CLARITY Act proposing $150M for crypto fraud investigations and the UK designating HTX under major sanctions. Enforcement is also rising globally, as seen in South Korea's arrests for USDT laundering linked to Cambodian fraud. **Trends to watch** - Large-scale exploits remain the top financial risk to protocols. - Phishing and wallet drainers are a persistent, low-friction attack vector. - Sanctions enforcement is increasingly targeting cryptocurrency addresses. - Authorities are successfully using blockchain analysis for fund recovery. **Attack vectors:** phishing / wallet drainer (1) ## Incidents & reports ### [DeFi Lending and DEX Fees Slump as Leverage Drains Out After June Selloff](https://thedefiant.io/news/defi/defi-lending-and-dex-fees-slump-as-leverage-drains-out-after-june-selloff) _The Defiant_ Fees fell as much as 65% week over week across the largest lending protocols and decentralized exchanges. ### [OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses](https://www.chainalysis.com/blog/ofac-sanctions/) _Chainalysis_ As far back as the early 1800s, the U.S. Department of the Treasury has issued economic sanctions to achieve foreign… The post OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses appeared first on Chainalysis. ### [CLARITY Act to set aside $150M for crypto fraud investigations](https://crypto.news/clarity-act-to-set-aside-150m-for-crypto-fraud-investigations/) _crypto.news_ The Digital Asset Market Clarity Act has secured a $150 million allocation for law enforcement efforts targeting cryptocurrency scams and other digital asset crimes, according to U.S. Senator Cynthia Lummis. In a post published on X on June 16, the… ### [Humanity Protocol Launches New H Token Airdrop After $36M Exploit](https://thedefiant.io/news/tokens/humanity-protocol-h-token-airdrop-recovery-36m-exploit) `$36.0M` · _The Defiant_ Humanity Protocol has announced a full token migration and 1:1 airdrop of a new H token after the June 8 exploit that drained approximately $36 million. ### [OpenZeppelin Confidential Contracts v0.5 Diff Audit](https://www.openzeppelin.com/news/openzeppelin-confidential-contracts-v0.5-diff-audit) _OpenZeppelin_ Summary Type:Library Timeline:From 2026-05-18 → To 2026-05-21 Languages:Solidity Findings Total issues: 12 (6 resolved) Critical: 0 (0 resolved) · High: 0 (0 resolved) · Medium: 5 (2 resolved) · Low: 0 (0 resolved) Notes & Additional Information 6 notes raised (3 resolved) Client Reported Issues 1 issue reported (1 resolved) ### [UK Designates HTX: What the Biggest Crypto Sanctions Action Yet Means for Compliance Teams | TRM Labs](https://www.trmlabs.com/resources/blog/uk-designates-htx-what-the-biggest-crypto-sanctions-action-yet-means-for-compliance-teams) _TRM Labs_ The UK designated HTX for alleged Russian sanctions evasion. TRM covers immediate response steps, look-back guidance, and OFSI reporting obligations. ### [Pyra to shut down after Drift exploit derails recovery efforts](https://crypto.news/pyra-to-shut-down-after-drift-exploit-derails-recovery-efforts/) _crypto.news_ Pyra has announced plans to shut down operations after months of efforts to recover from the impact of the Drift exploit, with user withdrawals remaining available until September 15, 2026. According to a June 15 announcement from Pyra, the crypto… ### [South Korea arrests 23 over USDT laundering for Cambodian fraud network](https://crypto.news/south-korea-detains-23-suspects-over-usdt-laundering-for-cambodia-based-fraud-network/) phishing / wallet drainer · _crypto.news_ South Korean authorities have dismantled an alleged cryptocurrency laundering operation that moved 16.8 billion won ($11.1 million) through USDT transactions and exchange transfers on behalf of a Cambodia-based phishing syndicate. According to local news outlet Newsis, the Seoul Metropolitan Police… ### [Ethereum price tests multi-year support trendline, can it reclaim $2,000?](https://crypto.news/ethereum-price-tests-multi-year-support-trendline-can-it-reclaim-2000/) _crypto.news_ Ethereum price has rebounded toward $1,800 after buyers stepped in near a multi-year support trendline while easing geopolitical tensions triggered a sharp recovery across risk assets. According to crypto.news market data, Ethereum (ETH) price surged more than 10% on June… ### [India’s ED files charges in $20M Coinbase spoofing case](https://crypto.news/indias-ed-files-charges-in-20m-coinbase-spoofing-case/) `$20.0M` · _crypto.news_ The Enforcement Directorate has filed a prosecution complaint in a cryptocurrency fraud case involving more than $20 million in stolen digital assets and has attached assets worth about INR 64.55 crore (approx. $6.83 million) linked to the alleged proceeds of… ### [How Ghana’s EOCO and the UK NCA are Using Blockchain Analysis to Return $15 Million to Fraud Victims](https://www.chainalysis.com/blog/ghana-eoco-uk-nca-blockchain-analysis-case/) _Chainalysis_ When an e‑commerce “investment” platform promising high-yield returns began circulating in Ghana, thousands of people signed up to run online… The post How Ghana’s EOCO and the UK NCA are Using Blockchain Analysis to Return $15 Million to Fraud Victims appeared first on Chainalysis. ### [Oklahoma flags BG Wealth, DSJ over suspected crypto fraud](https://crypto.news/oklahoma-flags-bg-wealth-dsj-over-suspected-crypto-fraud/) _crypto.news_ Oklahoma warns investors about BG Wealth, DSJ and HQI Exchange, citing fake crypto returns, blocked withdrawals and added fee demands. ### [Congress proposes DOJ crypto theft task force a year after NCET shutdown](https://crypto.news/congress-proposes-doj-crypto-theft-task-force-a-year-after-ncet-shutdown/) _crypto.news_ Congress has proposed a new Justice Department task force focused on cryptocurrency theft after the FBI received 181,565 crypto-related complaints and more than $11 billion in reported losses during 2025. According to legislation introduced by Representatives Lance Gooden and Josh… ### [BlockThreat - Week 24, 2026](https://blockthreat.com/blockthreat-week-24-2026/) _BlockThreat_ $42.4M stolen across 15 incidents as attackers return to old code, exposed keys and deprecated protocols still holding value. ### [EU Sanctions Russian Propagandists, Military Suppliers, and Officials in New Listings | TRM Labs](https://www.trmlabs.com/resources/blog/eu-sanctions-russian-propagandists-military-suppliers-and-officials-in-new-listings) _TRM Labs_ EU designates 34 individuals and 47 entities for supporting Russia’s war. Includes TRM analysis of crypto fundraising by a designated propagandist. ### [Analysis of the $2.19 Million Asset Theft from Aztec Connect](https://slowmist.medium.com/analysis-of-the-2-19-million-asset-theft-from-aztec-connect-d867c59b1fc6?source=rss-4ceeedda40e8------2) `$2.2M` · _SlowMist_ Analysis of the $2.19 Million Asset Theft from Aztec Connect: ZK-Rollup Settlement Boundary Bypass Leads to L1/L2 State Discrepancy Background On June 14, 2026, the deprecated Aztec Connect RollupProcessor contract (0xff1f2b4adb9df6fc8eafecdcbf96a2b351680455) was exploited. The attacker constructed a boundary gap between numRealTxs and decoded_slots, extracting approximately $2.19 million worth of assets from the L1 pool in a single atomic transaction. Aztec Connect was deprecated in March 2024, but the immutable contract continues to be exposed to risk due to holding legacy user assets. This… ### [Thetanuts Finance: $2.1M Attack, Partial White-Hat Recovery](https://thedefiant.io/news/hacks/aztec-connect-thetanuts-zk-rollup-exploit-4-3m) `$105K` · _The Defiant_ The on-chain options and structured product protocol Thetanuts Finance was exploited for $2.1 million. Security firm Blockaid published the exploit transaction and exploiter address shortly after the attack. ### [One Indicted Over Crypto ‘Wrench Attack’ in France](https://decrypt.co/371143/one-indicted-over-crypto-wrench-attack-in-france) _Decrypt_ The crypto-related assault reportedly involved attackers posing as police officers, and follows a spate of attacks in the country. --- _Sources: BlockThreat, Rekt News, Cointelegraph (Security), crypto.news, The Defiant, CoinDesk, Decrypt, Protos, SlowMist, OpenZeppelin, Zellic, Chainalysis, TRM Labs, Elliptic, Trail of Bits, CISA Advisories, SANS ISC, DeFiLlama Hacks DB, SlowMist Hacked DB. Automated digest — verify before acting._ _Sources unavailable: Week in Ethereum (HTTP 403 (native fetch)); X (security alerts) (HTTP 503: {"title":"Service Unavailable","detail":"Service Unavailable","type":"about:blank","status":503})._