CRYPTO SECURITY BRIEFING — Wed, 17 Jun 2026 02:42:28 GMT (last 72h) ================================================================ The most material incident is a $36M exploit at Humanity Protocol, with a separate $20M Coinbase spoofing case and a $2.2M theft from Aztec Connect, totaling at least $58.3M in direct losses. Dominant attack vectors include phishing-wallet-drainers and smart contract exploits, though several incidents lack clear vector attribution. Regulatory actions are intensifying, with the CLARITY Act proposing $150M for crypto fraud investigations and the UK designating HTX under major sanctions. Enforcement is also rising globally, as seen in South Korea's arrests for USDT laundering linked to Cambodian fraud. TRENDS: • Large-scale exploits remain the top financial risk to protocols. • Phishing and wallet drainers are a persistent, low-friction attack vector. • Sanctions enforcement is increasingly targeting cryptocurrency addresses. • Authorities are successfully using blockchain analysis for fund recovery. STATS: 18 incidents · $58.3M reported losses · 19 live sources INCIDENTS & REPORTS: - DeFi Lending and DEX Fees Slump as Leverage Drains Out After June Selloff The Defiant · https://thedefiant.io/news/defi/defi-lending-and-dex-fees-slump-as-leverage-drains-out-after-june-selloff - OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses Chainalysis · https://www.chainalysis.com/blog/ofac-sanctions/ - CLARITY Act to set aside $150M for crypto fraud investigations crypto.news · https://crypto.news/clarity-act-to-set-aside-150m-for-crypto-fraud-investigations/ - [$36.0M] Humanity Protocol Launches New H Token Airdrop After $36M Exploit The Defiant · https://thedefiant.io/news/tokens/humanity-protocol-h-token-airdrop-recovery-36m-exploit - OpenZeppelin Confidential Contracts v0.5 Diff Audit OpenZeppelin · https://www.openzeppelin.com/news/openzeppelin-confidential-contracts-v0.5-diff-audit - UK Designates HTX: What the Biggest Crypto Sanctions Action Yet Means for Compliance Teams | TRM Labs TRM Labs · https://www.trmlabs.com/resources/blog/uk-designates-htx-what-the-biggest-crypto-sanctions-action-yet-means-for-compliance-teams - Pyra to shut down after Drift exploit derails recovery efforts crypto.news · https://crypto.news/pyra-to-shut-down-after-drift-exploit-derails-recovery-efforts/ - South Korea arrests 23 over USDT laundering for Cambodian fraud network vectors: phishing / wallet drainer crypto.news · https://crypto.news/south-korea-detains-23-suspects-over-usdt-laundering-for-cambodia-based-fraud-network/ - Ethereum price tests multi-year support trendline, can it reclaim $2,000? crypto.news · https://crypto.news/ethereum-price-tests-multi-year-support-trendline-can-it-reclaim-2000/ - [$20.0M] India’s ED files charges in $20M Coinbase spoofing case crypto.news · https://crypto.news/indias-ed-files-charges-in-20m-coinbase-spoofing-case/ - How Ghana’s EOCO and the UK NCA are Using Blockchain Analysis to Return $15 Million to Fraud Victims Chainalysis · https://www.chainalysis.com/blog/ghana-eoco-uk-nca-blockchain-analysis-case/ - Oklahoma flags BG Wealth, DSJ over suspected crypto fraud crypto.news · https://crypto.news/oklahoma-flags-bg-wealth-dsj-over-suspected-crypto-fraud/ - Congress proposes DOJ crypto theft task force a year after NCET shutdown crypto.news · https://crypto.news/congress-proposes-doj-crypto-theft-task-force-a-year-after-ncet-shutdown/ - BlockThreat - Week 24, 2026 BlockThreat · https://blockthreat.com/blockthreat-week-24-2026/ - EU Sanctions Russian Propagandists, Military Suppliers, and Officials in New Listings | TRM Labs TRM Labs · https://www.trmlabs.com/resources/blog/eu-sanctions-russian-propagandists-military-suppliers-and-officials-in-new-listings - [$2.2M] Analysis of the $2.19 Million Asset Theft from Aztec Connect SlowMist · https://slowmist.medium.com/analysis-of-the-2-19-million-asset-theft-from-aztec-connect-d867c59b1fc6?source=rss-4ceeedda40e8------2 - [$105K] Thetanuts Finance: $2.1M Attack, Partial White-Hat Recovery The Defiant · https://thedefiant.io/news/hacks/aztec-connect-thetanuts-zk-rollup-exploit-4-3m - One Indicted Over Crypto ‘Wrench Attack’ in France Decrypt · https://decrypt.co/371143/one-indicted-over-crypto-wrench-attack-in-france SOURCES UNAVAILABLE: • Week in Ethereum: HTTP 403 (native fetch) • X (security alerts): HTTP 503: {"title":"Service Unavailable","detail":"Service Unavailable","type":"about:blank","status":503}