Binance Square
Chixi
97 Posts

Chixi

0 Following
38 Followers
51 Liked
Posts
PINNED
·
--
Article
When Bitcoin Almost Went Down with WikiLeaksHow Julian Assange's decision almost wrecked a world-changing project, and why Satoshi chose to vanish for good. Nobody believed in Bitcoin back then. 2008. The world was on fire due to the global financial crisis. Amidst the wreckage, someone (or a group of people) using the alias Satoshi Nakamoto published a white paper: "Bitcoin: A Peer-to-Peer Electronic Cash System." The crypto community is feeling super bearish. Not without reason. Before Bitcoin, dozens of digital currency projects tried and failed (DigiCash, b-money, Bit Gold). Crypto experts were already fed up with big claims that ended in disaster.

When Bitcoin Almost Went Down with WikiLeaks

How Julian Assange's decision almost wrecked a world-changing project, and why Satoshi chose to vanish for good.
Nobody believed in Bitcoin back then.
2008. The world was on fire due to the global financial crisis.
Amidst the wreckage, someone (or a group of people) using the alias Satoshi Nakamoto published a white paper: "Bitcoin: A Peer-to-Peer Electronic Cash System."
The crypto community is feeling super bearish.
Not without reason. Before Bitcoin, dozens of digital currency projects tried and failed (DigiCash, b-money, Bit Gold). Crypto experts were already fed up with big claims that ended in disaster.
·
--
Christopher Alexander Delgado, former CEO of Goliath Ventures, admitted guilt for fraud and money laundering in a crypto investment scheme in which prosecutors said he stole at least $400 million from investors. He acknowledged causing losses of at least $250 million and agreed to surrender luxury assets purchased with investor funds ahead of the sentencing hearing on October 8. (Coindesk)
Christopher Alexander Delgado, former CEO of Goliath Ventures, admitted guilt for fraud and money laundering in a crypto investment scheme in which prosecutors said he stole at least $400 million from investors. He acknowledged causing losses of at least $250 million and agreed to surrender luxury assets purchased with investor funds ahead of the sentencing hearing on October 8.

(Coindesk)
·
--
GOOGLonAlpha
NVDAonAlpha
GOOGLUS-0.24%
·
--
Critical Bug in Reserve Protocol: Funding Freeze Loophole Up to $2 Million Exposed by GregoAI AI security researcher GregoAI uncovered a critical vulnerability in the BackingManager contract of Reserve Protocol that could permanently freeze funds up to $2 million per auction. The issue was resolved through the Immunefi bug bounty program and was never exploited in the wild. The vulnerability stems from the rebalance() function lacking access control over the auction type parameter. Anyone can force the protocol to redirect the rebalance from the default Dutch auction to the backup batch route using Gnosis EasyAuction. Once the auction is forced open, the attacker places bids worth around $0.01 on auctions that are not fully funded, then calls the public function precalculateSellAmountSum() immediately after the auction ends. This manipulation shifts the settlement pointer to the final position in the queue, causing the counter variable to remain zero. When settleAuction() is called, this condition triggers a division-by-zero operation that always fails permanently. Both the protocol guarantees and the deposits of all third-party bidders are locked with no recovery path, because the EasyAuction contract cannot be upgraded and has no admin rescue function. GregoAI’s on-chain analysis confirms that a single attack costing about $2.50 can freeze up to $997,207 in one auction. Seven consecutive auctions on the same day could be incapacitated at once, since the eight-day governance cycle would block the creation of the next auctions. Reserve Protocol responded by temporarily halting DTF yield trading covering more than 99% of the affected TVL before the public disclosure. The protocol’s governance then fully removed the batch auction route by setting batchAuctionLength to zero. The minting, redemption, and stRSR mechanisms are confirmed to be unaffected. Source: GregoAI, Reserve Protocol / ABC Labs, Immunefi bug bounty platform, Gnosis. $RSR
Critical Bug in Reserve Protocol: Funding Freeze Loophole Up to $2 Million Exposed by GregoAI

AI security researcher GregoAI uncovered a critical vulnerability in the BackingManager contract of Reserve Protocol that could permanently freeze funds up to $2 million per auction. The issue was resolved through the Immunefi bug bounty program and was never exploited in the wild.

The vulnerability stems from the rebalance() function lacking access control over the auction type parameter. Anyone can force the protocol to redirect the rebalance from the default Dutch auction to the backup batch route using Gnosis EasyAuction.

Once the auction is forced open, the attacker places bids worth around $0.01 on auctions that are not fully funded, then calls the public function precalculateSellAmountSum() immediately after the auction ends. This manipulation shifts the settlement pointer to the final position in the queue, causing the counter variable to remain zero.

When settleAuction() is called, this condition triggers a division-by-zero operation that always fails permanently. Both the protocol guarantees and the deposits of all third-party bidders are locked with no recovery path, because the EasyAuction contract cannot be upgraded and has no admin rescue function.

GregoAI’s on-chain analysis confirms that a single attack costing about $2.50 can freeze up to $997,207 in one auction. Seven consecutive auctions on the same day could be incapacitated at once, since the eight-day governance cycle would block the creation of the next auctions.

Reserve Protocol responded by temporarily halting DTF yield trading covering more than 99% of the affected TVL before the public disclosure. The protocol’s governance then fully removed the batch auction route by setting batchAuctionLength to zero. The minting, redemption, and stRSR mechanisms are confirmed to be unaffected.

Source: GregoAI, Reserve Protocol / ABC Labs, Immunefi bug bounty platform, Gnosis.
$RSR
·
--
Article
Suspicious Transaction on EthereumIt appears this is a suspicious transaction that just took place on the Ethereum network in Block 25434062 (around this morning, 1 July 2026). A large-scale on-chain interaction involving Edel Protocol, an RWA (Real World Assets)-based synthetic asset platform, shows highly unusual patterns and has sparked deep speculation among DeFi observers. Without intending to make any one-sided claims before official confirmation is available, there are several technical anomalies that indicate a potential problem or a highly irrational trading strategy:

Suspicious Transaction on Ethereum

It appears this is a suspicious transaction that just took place on the Ethereum network in Block 25434062 (around this morning, 1 July 2026). A large-scale on-chain interaction involving Edel Protocol, an RWA (Real World Assets)-based synthetic asset platform, shows highly unusual patterns and has sparked deep speculation among DeFi observers.
Without intending to make any one-sided claims before official confirmation is available, there are several technical anomalies that indicate a potential problem or a highly irrational trading strategy:
·
--
The Dutch public prosecutor has filed a request with the Rotterdam court to declare the crypto platform Knaken Cryptohandel and its affiliated entity, Stichting Knaken Payments, bankrupt in the public interest. Knaken has been offline since early June 2026, leaving around 30,000 customers unable to access their crypto assets. The platform operates without a license from the Netherlands market regulator (AFM) required under EU crypto rules, despite offering euro-to-crypto exchange services, trading, and digital asset storage. Although the company claims to have halted operations and is in the process of liquidation, the prosecutor says the process is not properly conducted, raising concerns including an allegation that Knaken instructed customers not to file claims for compensation. If the court grants this request, the court-appointed trustee will take over Knaken’s assets to determine distributions to customers and creditors. In parallel, the Fiscal Information and Investigation Service (FIOD) is carrying out a separate criminal investigation. On Monday, it conducted searches of locations and seized company devices and assets, although no arrests have been made yet. The case comes alongside the end of the EU MiCA (Markets in Crypto-Assets) regulatory transition period on 1 July 2026. After that date, unauthorized platforms can no longer legally serve EU customers—a situation expected to filter the market, which currently has only around 200 fully licensed firms. Knaken previously built its public image through sponsorships of Dutch football clubs such as Ajax, Feyenoord, and Sparta Rotterdam, but those partnerships ended before the company collapsed, in line with Knaken’s acknowledgment in its 2024 annual financial report that its financial position was precarious. Source: Decrypt . co — Dutch Prosecutors Seek to Bankrupt Crypto Platform Knaken After Funds Frozen
The Dutch public prosecutor has filed a request with the Rotterdam court to declare the crypto platform Knaken Cryptohandel and its affiliated entity, Stichting Knaken Payments, bankrupt in the public interest. Knaken has been offline since early June 2026, leaving around 30,000 customers unable to access their crypto assets.

The platform operates without a license from the Netherlands market regulator (AFM) required under EU crypto rules, despite offering euro-to-crypto exchange services, trading, and digital asset storage.

Although the company claims to have halted operations and is in the process of liquidation, the prosecutor says the process is not properly conducted, raising concerns including an allegation that Knaken instructed customers not to file claims for compensation.

If the court grants this request, the court-appointed trustee will take over Knaken’s assets to determine distributions to customers and creditors.

In parallel, the Fiscal Information and Investigation Service (FIOD) is carrying out a separate criminal investigation. On Monday, it conducted searches of locations and seized company devices and assets, although no arrests have been made yet.

The case comes alongside the end of the EU MiCA (Markets in Crypto-Assets) regulatory transition period on 1 July 2026. After that date, unauthorized platforms can no longer legally serve EU customers—a situation expected to filter the market, which currently has only around 200 fully licensed firms.

Knaken previously built its public image through sponsorships of Dutch football clubs such as Ajax, Feyenoord, and Sparta Rotterdam, but those partnerships ended before the company collapsed, in line with Knaken’s acknowledgment in its 2024 annual financial report that its financial position was precarious.

Source:
Decrypt . co — Dutch Prosecutors Seek to Bankrupt Crypto Platform Knaken After Funds Frozen
·
--
Scandal over the handling of cybercrime cases by centralized exchange platforms (Centralized Exchange) has once again triggered strong condemnation from the global crypto community. A well-known CEX platform was reportedly threatened with legal action via email against a hack victim who was fighting for their rights. This controversial move was taken by the exchange after the victim officially reported the asset theft incident and urged the freezing of the perpetrator’s funds—actions the community views as a form of structural intimidation and as a failure to provide protection to consumers. The root of this case began with a large-scale hacking incident that occurred on August 18, 2025. At that time, the victim became the target of an Atomic macOS Stealer (AMOS) malware attack, resulting in digital assets worth $250,000—or the equivalent of Rp4 billion—being drained. Based on on-chain tracking data, the hackers immediately moved all stolen funds from the victim’s wallet to several deposit addresses on the CEX. The perpetrator is strongly suspected of using KYC-mule accounts (fake identities obtained through illegal purchases in dark markets) to deceive the platform’s verification system. The platform’s passive stance, which then shifts to attacking the victim with a legal narrative, underscores the latent risk of centralized oversight systems that are slow to mitigate money laundering resulting from criminal activities. This event serves as a fatal reminder for the community about the importance of full digital sovereignty. In the Web3 ecosystem, the core principle remains unchanged: secure your own assets through self-custody methods, avoid keeping large amounts of capital on a custodian exchange, and strengthen device protection against infostealer threats. Reference: ZachXBT #CryptoSecurity #AtomicStealer #CEXWarning #SelfCustody #Web3Security
Scandal over the handling of cybercrime cases by centralized exchange platforms (Centralized Exchange) has once again triggered strong condemnation from the global crypto community. A well-known CEX platform was reportedly threatened with legal action via email against a hack victim who was fighting for their rights. This controversial move was taken by the exchange after the victim officially reported the asset theft incident and urged the freezing of the perpetrator’s funds—actions the community views as a form of structural intimidation and as a failure to provide protection to consumers.

The root of this case began with a large-scale hacking incident that occurred on August 18, 2025. At that time, the victim became the target of an Atomic macOS Stealer (AMOS) malware attack, resulting in digital assets worth $250,000—or the equivalent of Rp4 billion—being drained. Based on on-chain tracking data, the hackers immediately moved all stolen funds from the victim’s wallet to several deposit addresses on the CEX. The perpetrator is strongly suspected of using KYC-mule accounts (fake identities obtained through illegal purchases in dark markets) to deceive the platform’s verification system.

The platform’s passive stance, which then shifts to attacking the victim with a legal narrative, underscores the latent risk of centralized oversight systems that are slow to mitigate money laundering resulting from criminal activities. This event serves as a fatal reminder for the community about the importance of full digital sovereignty. In the Web3 ecosystem, the core principle remains unchanged: secure your own assets through self-custody methods, avoid keeping large amounts of capital on a custodian exchange, and strengthen device protection against infostealer threats.

Reference: ZachXBT

#CryptoSecurity
#AtomicStealer
#CEXWarning
#SelfCustody
#Web3Security
·
--
Article
$5.6 Million Drained in 8 Hours: On-Chain Investigation of a Multi-Layer Attack on Ethereum and BNB ChainOne victim. Six theft addresses. One aggregator. Funds moved as fast as the block that was confirmed. Specter, an on-chain analyst who in the past few months has consistently been the first to flag major crypto security incidents, reported an attack on a victim wallet with an estimated loss of $5.6 million. All assets were drained from the BNB Chain and Ethereum, converted into ETH and BNB, and then consolidated into a single centralized address in less than 8 hours. Based on data from Etherscan, BscScan, and Debank that is now available, this article fully reconstructs the flow of funds from the attack.

$5.6 Million Drained in 8 Hours: On-Chain Investigation of a Multi-Layer Attack on Ethereum and BNB Chain

One victim. Six theft addresses. One aggregator. Funds moved as fast as the block that was confirmed.
Specter, an on-chain analyst who in the past few months has consistently been the first to flag major crypto security incidents, reported an attack on a victim wallet with an estimated loss of $5.6 million. All assets were drained from the BNB Chain and Ethereum, converted into ETH and BNB, and then consolidated into a single centralized address in less than 8 hours.
Based on data from Etherscan, BscScan, and Debank that is now available, this article fully reconstructs the flow of funds from the attack.
·
--
Article
Tracing the Lazarus GroupExploitation related to cryptocurrency that has occurred since the beginning of January 2026 has caught my attention on an entity that is often mentioned: the Lazarus Group. This name has become familiar to me since the Bybit Exploit incident. To this day, the entity has drawn the attention of on-chain detectives, including Specter as well as ZachXBT. This has also made me focus more on the entity. This time, in this article, I will share some of my findings about the Lazarus Group that may be incomplete and may also contain some errors that need to be corrected.

Tracing the Lazarus Group

Exploitation related to cryptocurrency that has occurred since the beginning of January 2026 has caught my attention on an entity that is often mentioned: the Lazarus Group.
This name has become familiar to me since the Bybit Exploit incident. To this day, the entity has drawn the attention of on-chain detectives, including Specter as well as ZachXBT. This has also made me focus more on the entity. This time, in this article, I will share some of my findings about the Lazarus Group that may be incomplete and may also contain some errors that need to be corrected.
·
--
Article
Fund Movement in the Exploitation of Humanity Protocol & Kelp DAOThe latest on-chain analysis reveals a close relationship between two major hacking incidents that occurred recently. Based on findings by crypto detective ZachXBT, funds originating from the exploitation of the Humanity Protocol and Kelp DAO were found to have been mixed together in a new transaction. This asset-mixing event was detected through the transaction hash: 5d31655a905b1b39ce1a477268b5084cc821157371860b792e60a3fa4aa24931 The similarity of patterns and the movement of these funds strongly indicates the presence of overlapping perpetrators or coordination among the same attacking actors behind both incidents.

Fund Movement in the Exploitation of Humanity Protocol & Kelp DAO

The latest on-chain analysis reveals a close relationship between two major hacking incidents that occurred recently. Based on findings by crypto detective ZachXBT, funds originating from the exploitation of the Humanity Protocol and Kelp DAO were found to have been mixed together in a new transaction. This asset-mixing event was detected through the transaction hash:
5d31655a905b1b39ce1a477268b5084cc821157371860b792e60a3fa4aa24931
The similarity of patterns and the movement of these funds strongly indicates the presence of overlapping perpetrators or coordination among the same attacking actors behind both incidents.
·
--
"$5 Wrench Attack" term that remains relevant. Two Brothers from Texas Plead Guilty in $8 Million Armed Crypto Robbery in MinnesotaMinnesota. Two brothers from Waller, Texas, Isiah Angelo Garcia (25) and Raymond Christian Garcia (24), have pleaded guilty to federal charges related to an armed crypto robbery involving the kidnapping and hostage-taking of a family in Grant, Minnesota, in September 2025. The case is a real-world example of “$5 Wrench Attack,” a term in the crypto community that describes vulnerabilities in self-custody, where digital security can be bypassed with cheap threats of physical violence. According to the indictment, both men forcibly entered the victim’s home, threatening the family with firearms. For nearly nine hours, they held the victim’s wife and child, while Isiah Garcia forced the victim to transfer cryptocurrency worth millions of dollars. The victim was then kidnapped to the family cabin in northern Minnesota to obtain additional cold wallet storage devices, bringing total losses to more than $8 million. Both suspects pleaded guilty to Interference with Commerce by Robbery. They face a maximum sentence of 20 years in prison and are required to pay full restitution. The case serves as a reminder to crypto holders of the risk of a “$5 Wrench Attack,” where physical brute force is far more effective than sophisticated cyberattacks. The FBI Minneapolis and law enforcement partners succeeded in bringing the perpetrators to justice as part of an increased focus on handling violent crime. Source: the official website of the U.S. Attorney’s Office for the District of Minnesota, an FBI announcement, and media reports such as KSTP, NBC News, and ABC News (June 2026).
"$5 Wrench Attack" term that remains relevant.

Two Brothers from Texas Plead Guilty in $8 Million Armed Crypto Robbery in MinnesotaMinnesota. Two brothers from Waller, Texas, Isiah Angelo Garcia (25) and Raymond Christian Garcia (24), have pleaded guilty to federal charges related to an armed crypto robbery involving the kidnapping and hostage-taking of a family in Grant, Minnesota, in September 2025.

The case is a real-world example of “$5 Wrench Attack,” a term in the crypto community that describes vulnerabilities in self-custody, where digital security can be bypassed with cheap threats of physical violence.

According to the indictment, both men forcibly entered the victim’s home, threatening the family with firearms. For nearly nine hours, they held the victim’s wife and child, while Isiah Garcia forced the victim to transfer cryptocurrency worth millions of dollars. The victim was then kidnapped to the family cabin in northern Minnesota to obtain additional cold wallet storage devices, bringing total losses to more than $8 million.

Both suspects pleaded guilty to Interference with Commerce by Robbery. They face a maximum sentence of 20 years in prison and are required to pay full restitution. The case serves as a reminder to crypto holders of the risk of a “$5 Wrench Attack,” where physical brute force is far more effective than sophisticated cyberattacks.

The FBI Minneapolis and law enforcement partners succeeded in bringing the perpetrators to justice as part of an increased focus on handling violent crime.

Source: the official website of the U.S. Attorney’s Office for the District of Minnesota, an FBI announcement, and media reports such as KSTP, NBC News, and ABC News (June 2026).
·
--
INDONESIA SPILLS HUNDREDS OF TRILLIONS OF RUPIAH INTO STATE-OWNED BANKS TO BOOST CREDIT 26 June 2026. The Indonesian government is in the process of strengthening the liquidity of state-owned banks (Himbara) by placing funds from the Excess Budget Balance (SAL). The funds have reached approximately Rp300 trillion since they were first placed in September 2025, with a strong signal that the amount will be increased soon. BRI President Director Hery Gunardi revealed on 26 June 2026 that his side had received information from the Minister of Finance Purbaya Yudhi Sadewa that the available funds would not be withdrawn, but could potentially be added. Previously, there had been reports that the SAL funds worth Rp300 trillion would be returned to Bank Indonesia after the placement period ended in September 2026. The policy arrives amid significant macroeconomic pressure. Bank Indonesia raised the benchmark interest rate by 100 basis points throughout May to June 2026 to 5.75%, driven by the weakening of the rupiah, which had temporarily broken through Rp18,000 per US dollar due to escalating conflict in the Middle East. The increase in interest rates tightens banking liquidity, making government capital injections crucial to maintain credit disbursement momentum. Along the monetary policy route, Bank Indonesia has also distributed macroprudential liquidity incentives (KLM) worth Rp418.1 trillion up to the first week of June 2026. State-owned banks absorbed the largest share of Rp209.6 trillion. For global financial market participants, the combination of domestic liquidity expansion and aggressive interest rate hikes reflects a complex situation: the rupiah is still under pressure, but authorities are working to keep credit flowing. This condition generally serves as a signal that capital will seek higher returns in alternative assets. Source: Bisnis.com (26/6/2026), Kontan.co.id (26/6/2026), Bank Indonesia, Tandaseru.id (23/6/2026)
INDONESIA SPILLS HUNDREDS OF TRILLIONS OF RUPIAH INTO STATE-OWNED BANKS TO BOOST CREDIT

26 June 2026. The Indonesian government is in the process of strengthening the liquidity of state-owned banks (Himbara) by placing funds from the Excess Budget Balance (SAL). The funds have reached approximately Rp300 trillion since they were first placed in September 2025, with a strong signal that the amount will be increased soon.

BRI President Director Hery Gunardi revealed on 26 June 2026 that his side had received information from the Minister of Finance Purbaya Yudhi Sadewa that the available funds would not be withdrawn, but could potentially be added. Previously, there had been reports that the SAL funds worth Rp300 trillion would be returned to Bank Indonesia after the placement period ended in September 2026.

The policy arrives amid significant macroeconomic pressure. Bank Indonesia raised the benchmark interest rate by 100 basis points throughout May to June 2026 to 5.75%, driven by the weakening of the rupiah, which had temporarily broken through Rp18,000 per US dollar due to escalating conflict in the Middle East. The increase in interest rates tightens banking liquidity, making government capital injections crucial to maintain credit disbursement momentum.

Along the monetary policy route, Bank Indonesia has also distributed macroprudential liquidity incentives (KLM) worth Rp418.1 trillion up to the first week of June 2026. State-owned banks absorbed the largest share of Rp209.6 trillion.

For global financial market participants, the combination of domestic liquidity expansion and aggressive interest rate hikes reflects a complex situation: the rupiah is still under pressure, but authorities are working to keep credit flowing. This condition generally serves as a signal that capital will seek higher returns in alternative assets.

Source: Bisnis.com (26/6/2026), Kontan.co.id (26/6/2026), Bank Indonesia, Tandaseru.id (23/6/2026)
·
--
DOJ Sita Infrastruktur Cloud Huione Group, Diduga Cuci Miliaran Dolar Hasil Penipuan Kripto On June 23, 2026, the U.S. Department of Justice (DOJ) announced the seizure of a cloud computing account used by a subsidiary of the Huione Group, a conglomerate from Cambodia. The account held backend infrastructure allegedly used by criminals to move proceeds from crypto investment scams and cyber scams across blockchains, then convert them into official banking systems without detection. The seized account was used to operate Huione Guarantee, also known as Haowang Guarantee. According to court documents, the platform operated a Telegram channel containing the sale of stolen credit card data, malware theft proceeds, the recruitment of human trafficking victims, and money-laundering services from romance scams. Huione Guarantee also provided escrow services for cryptocurrency money laundering. Assistant Attorney General A. Tysen Duva said the account was the technological backbone used to move and conceal billions of dollars in scam proceeds, most of it from Southeast Asia scam centers. The seizure is part of Operation Riptide, an FBI campaign that began on June 9, 2026. At the same time, FinCEN filed a new rule to expand the definition of the Huione Group to include H Pay Service PLC, an entity assessed as an effort to evade sanctions through renaming. The Treasury also imposed new sanctions on nine individuals and 26 entities linked to the Prince Group. According to the FBI Internet Crime Complaint Center, U.S. residents reported losses of more than $20 billion due to online scams in 2025, up 26 percent from the previous year. UNODC previously stated that Huione Guarantee had laundered at least $24 billion through the end of 2024. Source: official DOJ and FinCEN releases, June 23, 2026; Federal Register; coverage by The Block, Decrypt, CyberScoop, thehackernews.
DOJ Sita Infrastruktur Cloud Huione Group, Diduga Cuci Miliaran Dolar Hasil Penipuan Kripto

On June 23, 2026, the U.S. Department of Justice (DOJ) announced the seizure of a cloud computing account used by a subsidiary of the Huione Group, a conglomerate from Cambodia. The account held backend infrastructure allegedly used by criminals to move proceeds from crypto investment scams and cyber scams across blockchains, then convert them into official banking systems without detection.

The seized account was used to operate Huione Guarantee, also known as Haowang Guarantee. According to court documents, the platform operated a Telegram channel containing the sale of stolen credit card data, malware theft proceeds, the recruitment of human trafficking victims, and money-laundering services from romance scams. Huione Guarantee also provided escrow services for cryptocurrency money laundering.

Assistant Attorney General A. Tysen Duva said the account was the technological backbone used to move and conceal billions of dollars in scam proceeds, most of it from Southeast Asia scam centers. The seizure is part of Operation Riptide, an FBI campaign that began on June 9, 2026.

At the same time, FinCEN filed a new rule to expand the definition of the Huione Group to include H Pay Service PLC, an entity assessed as an effort to evade sanctions through renaming. The Treasury also imposed new sanctions on nine individuals and 26 entities linked to the Prince Group.

According to the FBI Internet Crime Complaint Center, U.S. residents reported losses of more than $20 billion due to online scams in 2025, up 26 percent from the previous year. UNODC previously stated that Huione Guarantee had laundered at least $24 billion through the end of 2024.

Source: official DOJ and FinCEN releases, June 23, 2026; Federal Register; coverage by The Block, Decrypt, CyberScoop, thehackernews.
·
--
$18 JUTA $USDC locked on Morpho after three curator AlphaPing markets (msY, AVLT, and AZND) hit issues at the same time. The total affected exposure is estimated to exceed $28 million. The msY token from MainStreet Finance plunged 70–85% on June 20 after the proof-of-reserves provider, Accountable, ended the contract because MainStreet "failed to meet verification standards." The msY/USDC market on Morpho immediately became 100% utilized, with $18 million in depositor funds locked. oracle RedStone still shows the old price ($1.06), so liquidation has not been triggered at all. Borrowers whose collateral is already worthless have no incentive to repay their debt. Without oracle changes, the market could remain stuck permanently. If the oracle is updated to the real price, mass liquidation occurs and full losses are borne by depositors. Resolution is expected to take 60–340 days. Altura saw a run on deposits of $8.5 million within 24 hours, then announced a wind-down on June 21. They themselves acknowledge "maturity mismatch between on-chain and off-chain positions." AlphaPing exposure to AVLT: more than $10 million. The AVLT token has already depegged by 11%. Mu Digital claims the bond unwind has already begun, with payments expected to "start next week." There is no independently verifiable on-chain evidence yet. ROOT CAUSE: This so-called "delta-neutral" vault turns out to have placed ~44% of its assets into two illiquid RWA markets at the same time. The curator even continued filling the troubled markets via Morpho’s Public Allocator automation feature after warning signals were already visible publicly. In its official update today, AlphaPing does not mention this risk management failure at all. The situation is still evolving. As of June 26, 2026, there has been no independent confirmation. Source: CryptoBriefing · Yahoo Finance · Protos.com • Crypto.news · Incrypted.com • @0xAlphaping · @PeckShieldAlert (X) $MORPHO {spot}(MORPHOUSDT)
$18 JUTA $USDC locked on Morpho after three curator AlphaPing markets (msY, AVLT, and AZND) hit issues at the same time. The total affected exposure is estimated to exceed $28 million.

The msY token from MainStreet Finance plunged 70–85% on June 20 after the proof-of-reserves provider, Accountable, ended the contract because MainStreet "failed to meet verification standards." The msY/USDC market on Morpho immediately became 100% utilized, with $18 million in depositor funds locked.

oracle RedStone still shows the old price ($1.06), so liquidation has not been triggered at all. Borrowers whose collateral is already worthless have no incentive to repay their debt. Without oracle changes, the market could remain stuck permanently. If the oracle is updated to the real price, mass liquidation occurs and full losses are borne by depositors. Resolution is expected to take 60–340 days.

Altura saw a run on deposits of $8.5 million within 24 hours, then announced a wind-down on June 21. They themselves acknowledge "maturity mismatch between on-chain and off-chain positions." AlphaPing exposure to AVLT: more than $10 million. The AVLT token has already depegged by 11%.

Mu Digital claims the bond unwind has already begun, with payments expected to "start next week." There is no independently verifiable on-chain evidence yet.

ROOT CAUSE:
This so-called "delta-neutral" vault turns out to have placed ~44% of its assets into two illiquid RWA markets at the same time. The curator even continued filling the troubled markets via Morpho’s Public Allocator automation feature after warning signals were already visible publicly. In its official update today, AlphaPing does not mention this risk management failure at all.

The situation is still evolving. As of June 26, 2026, there has been no independent confirmation.

Source:
CryptoBriefing · Yahoo Finance · Protos.com
• Crypto.news · Incrypted.com
• @0xAlphaping · @PeckShieldAlert (X)
$MORPHO
·
--
Verified
June 26, 2026, on-chain investigator ZachXBT issued a community alert via Telegram: AscendEX (formerly BitMax) is reportedly facing a liquidity crisis. User withdrawals have been stuck for days, even weeks. Some withdrawals are not processed at all. ZachXBT investigated the exchange’s hot wallets via Arkham and TRM. Findings: thin balances in the main assets—ETH, USDT, USDC, and SOL. The EVM wallets 0x9838…/0x4240…, Tron TP523Z…, and two Solana wallets all appear depleted of high-capital assets. Note: Hot wallets are not a complete picture of reserves. Cold storage is not always publicly verified. However, thin balances combined with extensive user reports are a yellow flag that cannot be ignored. Timeline: - May 2026: AscendEX suspended trading of USDR & EURR after an abnormal minting incident involving the stablecoin StablR (an unsupported $13.5 million token was minted) - June 2026: reports of PAXG & other assets locked in a "initiating" status without a transaction hash - Trustpilot (207 reviews): estimated 2,000–5,000 users affected since 2024 Track record: Founded in 2018 by George Cao & Ariel Ling. December 2021: hacked by the Lazarus Group (North Korea); $78 million vanished from Ethereum, BNB Chain, and Polygon hot wallets. Official response: The help center only lists a general acknowledgement of "technical delays." There is no statement regarding insolvency. No verifiable proof of reserves is available. A familiar pattern: stuck withdrawals, disappearing support, reserves called into question. The crypto industry has seen this script many times—and it doesn’t always end peacefully. Users with active assets on AscendEX are advised to independently verify via Arkham, and consider next steps. Source: ZachXBT/Telegram · The Crypto Times · AscendEX Help Center · Gizmodo/StablR · CoinDesk (Dec 2021)
June 26, 2026, on-chain investigator ZachXBT issued a community alert via Telegram: AscendEX (formerly BitMax) is reportedly facing a liquidity crisis. User withdrawals have been stuck for days, even weeks. Some withdrawals are not processed at all.

ZachXBT investigated the exchange’s hot wallets via Arkham and TRM. Findings: thin balances in the main assets—ETH, USDT, USDC, and SOL. The EVM wallets 0x9838…/0x4240…, Tron TP523Z…, and two Solana wallets all appear depleted of high-capital assets.

Note:
Hot wallets are not a complete picture of reserves. Cold storage is not always publicly verified. However, thin balances combined with extensive user reports are a yellow flag that cannot be ignored.

Timeline:
- May 2026: AscendEX suspended trading of USDR & EURR after an abnormal minting incident involving the stablecoin StablR (an unsupported $13.5 million token was minted)
- June 2026: reports of PAXG & other assets locked in a "initiating" status without a transaction hash
- Trustpilot (207 reviews): estimated 2,000–5,000 users affected since 2024

Track record:
Founded in 2018 by George Cao & Ariel Ling. December 2021: hacked by the Lazarus Group (North Korea); $78 million vanished from Ethereum, BNB Chain, and Polygon hot wallets.

Official response:
The help center only lists a general acknowledgement of "technical delays." There is no statement regarding insolvency. No verifiable proof of reserves is available.

A familiar pattern: stuck withdrawals, disappearing support, reserves called into question. The crypto industry has seen this script many times—and it doesn’t always end peacefully.

Users with active assets on AscendEX are advised to independently verify via Arkham, and consider next steps.

Source: ZachXBT/Telegram · The Crypto Times · AscendEX Help Center · Gizmodo/StablR · CoinDesk (Dec 2021)
·
--
Bearish
A fake mobile Wallet Monero app has been circulating on iOS (Apple) that imitates the Android Monfluo. ACX (Monfluo developer) responded briefly in a Matrix chat that he is not affiliated with the app. Monfluo is currently distributed only through its official repository on Codeberg. It is available only for Android. Its latest release (the last time I checked its Codeberg repository) now supports the Indonesian language after a contributor using the pseudonym "Xorchi" (which I suspect is from Indonesia) added Indonesian translations (strings.xml). Previously, the Bitcoin wallet developer for the desktop "Sparrow Wallet" also stated—quoted by Bitcoin Magazine as well—that dozens of fake Bitcoin wallet apps are circulating on iOS (Apple), one of which imitates Sparrow Wallet. Meanwhile, Sparrow is released only for desktop. The lesson is: always make sure the crypto wallet we install comes from an official, verified source. If necessary, we can verify the app’s official source using the GPG public key and GPG signature published by the developer. That is an open-source tradition that has been running for several decades. $XMR {future}(XMRUSDT)
A fake mobile Wallet Monero app has been circulating on iOS (Apple) that imitates the Android Monfluo.

ACX (Monfluo developer) responded briefly in a Matrix chat that he is not affiliated with the app.

Monfluo is currently distributed only through its official repository on Codeberg. It is available only for Android.

Its latest release (the last time I checked its Codeberg repository) now supports the Indonesian language after a contributor using the pseudonym "Xorchi" (which I suspect is from Indonesia) added Indonesian translations (strings.xml).

Previously, the Bitcoin wallet developer for the desktop "Sparrow Wallet" also stated—quoted by Bitcoin Magazine as well—that dozens of fake Bitcoin wallet apps are circulating on iOS (Apple), one of which imitates Sparrow Wallet. Meanwhile, Sparrow is released only for desktop.

The lesson is: always make sure the crypto wallet we install comes from an official, verified source. If necessary, we can verify the app’s official source using the GPG public key and GPG signature published by the developer. That is an open-source tradition that has been running for several decades.
$XMR
·
--
Verified
June 25, 2026, Magic Internet Money (MIM) lost more than 50% of its peg. The first drop saw MIM fall to $0.74 in mid-June, rebound to $0.89, and then plunge to $0.49 on June 24. A pattern of partial recovery → deeper crash is a dangerous signal in DeFi. Root causes: Liquidity imbalance in the Curve Finance pool. An injection of $100,000 on June 15 and the distribution of 140 million SPELL tokens on June 18 failed to hold back selling pressure. Circulating MIM supply: ~ $104 million. Emergency actions: - Gradual interest rate increases across all Cauldrons (including deprecated markets) - Stop Curve bribes and direct incentives until the peg recovers - Logic: borrowers can buy discounted MIM in the market → repay a debt worth $1 → MIM is burned → supply shrinks Macro context: Bitcoin briefly fell below $60,000; cross-market crypto liquidations exceeded $994 million, worsening DeFi liquidity conditions overall. Incident history: - January 2024, smart contract exploit ($6.5 million). - October 2025, logic flaw exploit ($1.8 million). Both came with a depeg. This is the third. Structural risks: MIM depends on DEX liquidity depth, not fiat reserves. When the Curve pool is thin, even small selling pressure can trigger a depeg spiral. The protocol itself acknowledges the gap between the theoretical peg and real market liquidity. An investigation into the root cause is still ongoing. There is no end date for the emergency measures. Source: CoinMarketCap, Abracadabra status page, PeckShieldAlert $SPELL {future}(SPELLUSDT) $CRV {future}(CRVUSDT)
June 25, 2026, Magic Internet Money (MIM) lost more than 50% of its peg.

The first drop saw MIM fall to $0.74 in mid-June, rebound to $0.89, and then plunge to $0.49 on June 24. A pattern of partial recovery → deeper crash is a dangerous signal in DeFi.

Root causes:
Liquidity imbalance in the Curve Finance pool. An injection of $100,000 on June 15 and the distribution of 140 million SPELL tokens on June 18 failed to hold back selling pressure. Circulating MIM supply: ~ $104 million.

Emergency actions:
- Gradual interest rate increases across all Cauldrons (including deprecated markets)

- Stop Curve bribes and direct incentives until the peg recovers

- Logic: borrowers can buy discounted MIM in the market → repay a debt worth $1 → MIM is burned → supply shrinks

Macro context:
Bitcoin briefly fell below $60,000; cross-market crypto liquidations exceeded $994 million, worsening DeFi liquidity conditions overall.

Incident history:
- January 2024, smart contract exploit ($6.5 million).
- October 2025, logic flaw exploit ($1.8 million). Both came with a depeg. This is the third.

Structural risks:
MIM depends on DEX liquidity depth, not fiat reserves. When the Curve pool is thin, even small selling pressure can trigger a depeg spiral. The protocol itself acknowledges the gap between the theoretical peg and real market liquidity.

An investigation into the root cause is still ongoing. There is no end date for the emergency measures.

Source: CoinMarketCap, Abracadabra status page, PeckShieldAlert
$SPELL
$CRV
·
--
Base block production stopped completely after block number 47,806,542 at 15:47 UTC, freezing the Coinbase-built Layer-2 network for more than an hour. The first issue was reported at around 16:03 UTC, with the team immediately publishing an update publicly via X. At 16:24 UTC, the team confirmed it was actively investigating, and around 16:52 UTC engineers announced they had identified the root cause. At 17:21 UTC, Base reported that the internal sequencer and node had partially recovered. At 17:51 UTC, new block sequencing resumed and internal nodes began syncing again, but the root-cause investigation continued. Ecosystem node operators were required to restart their Base nodes to restore synchronization. Root cause: An invalid block entered the sequencer pipeline, and once it landed, the network could not produce any new blocks beyond block 47,806,542. In blockchain architecture, this kind of consensus problem is highly destructive—not just slowing the network, but creating a total hard stop. Nodes that disagreed about the validity of that block cannot reconcile state and continue the chain. Base has not disclosed what caused the invalid block, or whether the issue stemmed from a software bug or another consensus fault. Impact: Mainnet deposits, withdrawals, block production, and software clients were all disrupted during the incident. Base users faced frozen transactions, failed RPC calls, and near-zero DEX activity throughout the outage. This incident is a classic demonstration of the risks of a single point of failure in a centralized L2 architecture. Even if funds are technically safe (L1 Ethereum continues to run normally), chain availability is a separate issue from asset security—balances can’t be used if the network is frozen. An official post-mortem is still pending.
Base block production stopped completely after block number 47,806,542 at 15:47 UTC, freezing the Coinbase-built Layer-2 network for more than an hour.

The first issue was reported at around 16:03 UTC, with the team immediately publishing an update publicly via X. At 16:24 UTC, the team confirmed it was actively investigating, and around 16:52 UTC engineers announced they had identified the root cause.

At 17:21 UTC, Base reported that the internal sequencer and node had partially recovered. At 17:51 UTC, new block sequencing resumed and internal nodes began syncing again, but the root-cause investigation continued. Ecosystem node operators were required to restart their Base nodes to restore synchronization.

Root cause:
An invalid block entered the sequencer pipeline, and once it landed, the network could not produce any new blocks beyond block 47,806,542. In blockchain architecture, this kind of consensus problem is highly destructive—not just slowing the network, but creating a total hard stop. Nodes that disagreed about the validity of that block cannot reconcile state and continue the chain.

Base has not disclosed what caused the invalid block, or whether the issue stemmed from a software bug or another consensus fault.

Impact:
Mainnet deposits, withdrawals, block production, and software clients were all disrupted during the incident.

Base users faced frozen transactions, failed RPC calls, and near-zero DEX activity throughout the outage.

This incident is a classic demonstration of the risks of a single point of failure in a centralized L2 architecture. Even if funds are technically safe (L1 Ethereum continues to run normally), chain availability is a separate issue from asset security—balances can’t be used if the network is frozen. An official post-mortem is still pending.
COINonAlpha
COINUS+0.34%
·
--
Polymarket Users Targeted by Phishing Attack, Losses Reach ~ $2.94 Million (~Rp 46 Billion) Polymarket has become the target of a new phishing attack that caused significant losses for its users. According to an on-chain investigation, the total funds successfully stolen amounted to approximately $2.94 million (about Rp 46 billion, at the current exchange rate). On-chain researcher SpecterAnalyst reported that the attacker drained assets from at least 11 victims’ wallets that held PUSD tokens. The stolen funds were then converted into ETH and consolidated into several main wallet addresses. On-chain trackers such as Arkham show that the portfolio associated with the “Polymarket drainer” has accumulated nearly 1,893K ETH, worth about $2.94 million. Modus OperandiVictims were allegedly tricked using typical phishing techniques: clicking fake links or interacting with fake web3 sites/pages impersonating Polymarket. Once the wallet was connected, the attacker immediately drained the assets in it, especially PUSD, and then swapped them for ETH to make tracking more difficult. As of the time this news was written, there has been no official confirmation from Polymarket regarding this latest incident. However, the crypto community has once again been reminded to always verify URLs, never click suspicious links, and use hardware wallets or multi-signature for large amounts of funds. This incident adds to the list of security cases involving Polymarket throughout 2026, amid the platform’s growing popularity as a place to bet on predictions for various global events. Prevention Tips:Always access Polymarket through the official site: polymarket.com Use browser bookmarks Enable 2FA and review wallet permissions before connecting Avoid logging in via Google if possible to reduce the risk of OAuth phishing Users who suspect they may be victims are advised to immediately check their wallet transaction history and report to the on-chain community for further tracking. (Source: SpecterAnalyst on-chain analysis and public blockchain data, June 25, 2026)
Polymarket Users Targeted by Phishing Attack, Losses Reach ~ $2.94 Million (~Rp 46 Billion)

Polymarket has become the target of a new phishing attack that caused significant losses for its users. According to an on-chain investigation, the total funds successfully stolen amounted to approximately $2.94 million (about Rp 46 billion, at the current exchange rate).

On-chain researcher SpecterAnalyst reported that the attacker drained assets from at least 11 victims’ wallets that held PUSD tokens. The stolen funds were then converted into ETH and consolidated into several main wallet addresses.

On-chain trackers such as Arkham show that the portfolio associated with the “Polymarket drainer” has accumulated nearly 1,893K ETH, worth about $2.94 million.

Modus OperandiVictims were allegedly tricked using typical phishing techniques: clicking fake links or interacting with fake web3 sites/pages impersonating Polymarket. Once the wallet was connected, the attacker immediately drained the assets in it, especially PUSD, and then swapped them for ETH to make tracking more difficult.

As of the time this news was written, there has been no official confirmation from Polymarket regarding this latest incident.

However, the crypto community has once again been reminded to always verify URLs, never click suspicious links, and use hardware wallets or multi-signature for large amounts of funds.

This incident adds to the list of security cases involving Polymarket throughout 2026, amid the platform’s growing popularity as a place to bet on predictions for various global events.

Prevention Tips:Always access Polymarket through the official site: polymarket.com
Use browser bookmarks
Enable 2FA and review wallet permissions before connecting
Avoid logging in via Google if possible to reduce the risk of OAuth phishing

Users who suspect they may be victims are advised to immediately check their wallet transaction history and report to the on-chain community for further tracking.

(Source: SpecterAnalyst on-chain analysis and public blockchain data, June 25, 2026)
·
--
Indonesia has just cracked down on crypto influencers. Indonesia’s financial regulator has issued regulations requiring crypto and finance influencers to disclose paid promotions and obtain certification to recommend assets. The framework, POJK No. 6/2026, takes effect today and gives regulators the authority to block or suspend accounts that do not comply. Specifically for crypto, promotions can now only be carried out through channels operated by licensed providers, and influencers who promote crypto need competency certification. The companies that employ them remain responsible, facing fines of up to 15 billion Indonesian rupiah, or about $835,000, for content posted by their influencers. This follows a series of crypto and finance influencer scandals in Indonesia, including billions of rupiah in fines due to a pump-and-dump scheme in February, as well as influencers sentenced to prison for trade fraud that harmed large numbers of retail investors. Existing agreements have been given six months to be finalized. Cited from: https://x.com/BSCNews/status/2069818583220191356?s=20
Indonesia has just cracked down on crypto influencers.

Indonesia’s financial regulator has issued regulations requiring crypto and finance influencers to disclose paid promotions and obtain certification to recommend assets. The framework, POJK No. 6/2026, takes effect today and gives regulators the authority to block or suspend accounts that do not comply.

Specifically for crypto, promotions can now only be carried out through channels operated by licensed providers, and influencers who promote crypto need competency certification. The companies that employ them remain responsible, facing fines of up to 15 billion Indonesian rupiah, or about $835,000, for content posted by their influencers.

This follows a series of crypto and finance influencer scandals in Indonesia, including billions of rupiah in fines due to a pump-and-dump scheme in February, as well as influencers sentenced to prison for trade fraud that harmed large numbers of retail investors. Existing agreements have been given six months to be finalized.

Cited from:
https://x.com/BSCNews/status/2069818583220191356?s=20
Log in to explore more content
Join global crypto users on Binance Square
⚡️ Get latest and useful information about crypto.
💬 Trusted by the world’s largest crypto exchange.
👍 Discover real insights from verified creators.
Email / Phone number
Sitemap
Cookie Preferences
Platform T&Cs