Monday, February 16, 2026

Credibility is being bought faster than it’s being earned, payrolls are turning into access vectors, and the next failures are starting where trust is assumed, not verified.

This week:

• Paid press releases outnumbered real journalism, with most crypto announcements tracing back to high-risk or fraudulent projects while legitimacy was manufactured through syndication, not scrutiny.

• North Korean operatives bypassed firewalls by passing interviews, embedding inside hundreds of companies as remote developers while quietly copying codebases and credentials for months.

• The new attack surface isn’t the contract or the model, it’s the narrative people believe and the employee you never actually vetted.

When credibility is purchasable and access is remote, crypto doesn’t fail at the protocol. It fails at the narrative and the payroll.

• Press releases became a money printer for scams. Chainstory parsed 2,893 crypto announcements and found 62.5% came from high-risk or outright fraudulent projects while only 27% traced to legitimate teams. Exchanges, cloud-mining schemes, and token mills flooded wire services with “guaranteed placement,” stacking fake “As Seen On” logos while Google quietly buried the duplicates. The signal inverted: real projects attract journalists, scams buy headlines, and retail mistakes volume for validation until the obituaries outnumber the launches. (Read more)

• North Korean operatives stopped hacking companies and started working for them. Over 300 U.S. firms unknowingly hired remote developers using stolen identities, polished LinkedIns, and clean interview performances while repositories, credentials, and infrastructure maps were copied in the background. Salaries funded weapons programs, source code became ransom leverage, and the breach lasted months because the attacker had a company email and a daily stand-up. (Read more)

The State of Web3 Security for 2026:Winning the Red Queen Race in Crypto’s Breakout Year (7 min read)
Attackers moved from movie studio leaks to billion-dollar DeFi drains because crypto added ownership and instant liquidity, turning exploits into cash machines instead of headlines. The obvious bugs are mostly patched, but what remains are key compromises, governance abuse, blind signing, and infrastructure gaps that slip past audits and empty treasuries in minutes. Modern defense is no longer a single audit but stacked controls: pre-transaction checks, real-time monitoring, automated containment, and strict operational permissions.

Auditing New Stablecoin Peg Designs, Risks and Tests (8 min read)
Modern stablecoins rarely break from math and usually break from authority, oracles, and cross-system dependencies that mint risk faster than yield. LSD and hedged dollars add rewards but also timing bugs, keeper failures, and exchange custody exposure that flip volatility straight onto the peg. RWA and hybrid models push the weak point off-chain where admin keys and reserve attestations can print supply before anyone verifies it. Across every design, oracle spoofing and bridge desync remain the silent killers, turning small delays into full depegs.

DNS Hijacks Hit Big Brands: What Your Team Misses (9 min read)
DNS hijacks no longer target startups but billion-dollar brands where forgotten subdomains and dangling records hand attackers instant legitimacy without touching a single line of code. Campaigns abusing abandoned entries quietly redirected thousands of domains, turning trusted URLs into phishing portals and malware hosts while security teams searched for nonexistent exploits. When attackers control what users resolve, they control the breach before the breach even starts.

Threat Intelligence | Analysis of ClawHub Malicious Skills Poisoning (9 min read)
OpenClaw’s plugin hub turned Markdown into malware when attackers hid Base64 download-and-execute chains inside SKILL.md files that users copy-pasted as “installation steps,” turning documentation into remote shell access. Hundreds of poisoned skills reused the same domains and IPs, pulling staged payloads from public hosting, then swapping second-stage binaries to steal files, phish system passwords, and exfiltrate archives to fixed C2 endpoints.

Stablecoin Security Audits in 2026: What Teams Verify Before Launch (16 min read)
Most stablecoin failures don’t start with math errors but with alternate mint paths, stale oracle gates, and redemption flows that finalize twice under pressure. Audits now focus on the value state machine itself: every route that can mint, release collateral, or burn must cross one shared boundary where caps, roles, and nonces are consumed exactly once.

Prediction market wallets are becoming geopolitical leak sensors. Perfectly timed seven-figure shorts and war-adjacent bets now act as permanent onchain breadcrumbs that intelligence services can scrape faster than any traditional spy network.

Crypto kidnappings in France are escalating into routine ransom operations. Magistrates, founders, and random meetup attendees are being abducted for private keys as minors join organized crews and violence replaces phishing as the extraction method.

Signature phishing just tripled as cheap Ethereum fees revived mass wallet-drain tactics. Off-chain approvals, permit abuse, and dusted lookalike addresses now scale for pennies, letting a handful of high-value mistakes fund millions in losses.

North Korea actors hijack founders with deepfake Zoom lures. AI meetings and fake “audio fixes” install wallet-stealing malware that exfiltrates credentials and drains assets before victims realize the call was the breach.

Ransomware crews are hiding inside employee monitoring tools. Legitimate remote support software is being installed through native system installers, giving attackers persistent desktop control while blending into normal admin traffic and setting alerts for wallet activity before deploying encryption payloads.

RSAC 2026 Conference
March 23 - March 26, 2026 | San Francisco, California, US
The biggest vendor-and-practitioner collision in security, mixing threat intel, crypto, enterprise defense, and the annual parade of “next big things.”

Rekt Security Summit
March 27, 2026 | Cannes, France
A security summit built around real exploits, not theory. One day with the researchers, auditors, and investigators who actually break, defend, and dissect protocols, covering exploit mechanics, audit blind spots, bounty economics, insider threats, and what security costs when billions are on the line.

Black Hat Asia 2026
April 21 - April 24, 2026 | Singapore
Hands-on trainings plus briefings that skew technical, with real attacker tradecraft and defensive engineering instead of slideware.

OWASP Global AppSec EU 2026
June 22 - June 26, 2026 | Vienna, Austria
Application security deep work: secure design, exploit classes, supply chain, and the stuff your auditors wish you did before launch.

Security BSides Athens 2026
June 27, 2026 | Athens, Greece
Community-first, practitioner-led talks with a local edge: hands-on lessons, war stories, and the kind of niche findings that don’t fit corporate stages.

Last year, DeFi learned that fancy math doesn’t stop simple mistakes, it just hides them better. zkLend forgot that lesson and lost $9.57M because a rounding bug let an attacker turn tiny deposits into free money while everyone bragged about zero-knowledge tech. Same story as past lending exploits, same repeat operator signs, same “audited” comfort blanket that meant nothing when funds started walking.

Governments don’t just watch the internet, they root-access it. NSA’s TAO unit implants hardware backdoors, exploits zero-days, and logs entire populations under the banner of “targeted intelligence.” Mass surveillance isn’t a bug in the system - it’s the system running as designed.

Skip the bots, hit the brains.

Get your message in front of the sharpest, most battle-tested crowd in crypto.

If they notice you, the whole space will. [Partner with us]

We provide an anonymous platform for whistleblowers and DeFi detectives to present their information to the community. All authors remain anonymous. 
We are all rekt.