# MRTD.NET > MRTD.NET covers crypto and blockchain security, exploit post-mortems, cybersecurity, and SEO/growth — original analysis with primary sources. MRTD.NET publishes original, primary-sourced analysis of crypto-security incidents, cyber news, and SEO/growth. Content is AI-assisted under human editorial oversight with sources cited. See /editorial/ for standards. ## Sections - [Crypto Security](https://mrtd.net/category/crypto-security/): Exploit post-mortems, DeFi hacks, on-chain forensics, and protocol security. - [Cyber & Tech](https://mrtd.net/category/cyber/): Breaches, malware, vulnerabilities, privacy, and the wider tech world. - [SEO & Growth](https://mrtd.net/category/seo-growth/): Search, SEO experiments, growth tactics, and how the web really ranks. ## Key resources - [Crypto Hack Tracker 2026](https://mrtd.net/crypto-hack-tracker-2026/): A structured, primary-sourced index of 3 crypto/DeFi exploits — protocol, chain, estimated loss, attack vector, and a link to each post-mortem. Citable dataset, updated as we publish. - [How to Actually Protect Your Crypto](https://mrtd.net/protect-your-crypto-lessons-from-the-hacks/): Evergreen defense checklist drawn from the incidents we cover. ## Latest articles - [How to Store Your Seed Phrase Safely (Without Losing It Forever)](https://mrtd.net/how-to-store-seed-phrase-safely/): A seed phrase has no reset button — lose it and the crypto is gone, with an estimated 2-4 million BTC already lost this way. Here's how to back up those words so they survive fire, theft, and the day you're not around. - [Fake GTA 6 'Early Access' Sites Are Draining Crypto Wallets -- There Is No Early Access](https://mrtd.net/gta-6-early-access-scam-malware/): As GTA 6 pre-orders open June 25, security firms report a surge of fake 'early access' sites taking irreversible crypto payments and pushing malware that drains wallets and intercepts 2FA codes. Rockstar is not selling early access -- here's how to tell the scams apart and protect your wallet. - [The Crypto Scam Texts You Ignore Are Run by Trafficking Victims](https://mrtd.net/southeast-asia-crypto-scam-compounds/): Behind the 'wrong number' crypto-investment texts is a forced-labor industry: people lured by fake jobs, trafficked into Southeast Asian compounds, and made to run pig-butchering scams that cost victims an estimated $7.2B in 2025. Here's how it works -- and how to refuse it. - [Social Engineering Is How Crypto's Biggest Thefts Now Happen — and How Not to Be Next](https://mrtd.net/crypto-social-engineering-scams-how-to-protect/): In 2026, ~65% of crypto's $11.36B in scam losses come from social engineering, not exploits — including ZachXBT-documented $91M and $282M cases. Here's how the manipulation works (fake support, panic plays, pig-butchering) and the hard rules that stop almost all of it. - [Token Approvals: The Silent Way Wallets Get Drained — and How to Revoke Them](https://mrtd.net/revoke-token-approvals-protect-wallet-drainers/): Most crypto losses aren't exotic hacks — they're approvals you signed and forgot. Here's what a token allowance is, why 'unlimited' approvals are a standing liability, and exactly how to check and revoke them with Revoke.cash, Etherscan, or your wallet. - [Hackers Hijack Brazil's Emergency Alert System, Waking Millions With a Fake 'Extreme Alert'](https://mrtd.net/brazil-emergency-alert-system-hacked-fake-extreme-alert/): Late on June 19, a fake 'Extreme Alert' reading 'misantropi4' blasted to phones across Sao Paulo, Rio, Brasilia and beyond, overriding silent mode in the dead of night. Brazil's regulator pulled the national warning platform offline as federal police opened an investigation into a breach of critical public-safety infrastructure. - [How to Get a New Site Indexed by Google in 2026 (What Works, What's a Waste)](https://mrtd.net/how-to-get-indexed-by-google-2026/): IndexNow covers Bing, Yandex and ChatGPT — but Google ignores it. Here's the evidence-based split: the two fast levers that actually get Google to index a new site, the myths that waste weeks (the Indexing API, sitemap pings, paid indexing bots), and a realistic checklist. - [How Stolen Crypto Gets Traced — and Why It Rarely Stays Hidden](https://mrtd.net/how-stolen-crypto-is-traced-and-recovered/): Public blockchains remember everything, so stolen funds leave a permanent trail. Here's how forensic firms follow the money, where mixers and bridges fall short, the choke points that enable freezes, and what actually gets recovered. - [Weaponized DMCA: How Fake Copyright Strikes Bury Competitors in Google — and How to Fight Back](https://mrtd.net/weaponized-dmca-fake-takedowns-bury-competitors-seo/): A bogus DMCA notice can knock a rival off Google for days with no court and no evidence — as a 2026 case against Press Gazette showed. Here's how takedowns actually affect rankings, why the '18-month penalty' is a myth, and the counter-notice playbook for victims. - [UXLINK Exploiter Routes 8,340 ETH Through Tornado Cash as $44M Haul Is Laundered](https://mrtd.net/uxlink-exploiter-launders-8340-eth-tornado-cash/): On-chain trackers say the UXLINK attacker swapped ~14.6M DAI for 8,298 ETH and funneled 8,340 ETH into Tornado Cash on June 17, 2026 — while ~$10.5M in stolen DAI still sits in the open. A look at the fund flows and why the mixer is back in play. - [How to Actually Protect Your Crypto: 9 Lessons From the Hacks We Cover](https://mrtd.net/protect-your-crypto-lessons-from-the-hacks/): Most crypto losses aren't exotic — they repeat the same handful of failure modes we see in every post-mortem: blind approvals, dust left in dead protocols, registrar and phishing weak points, and chasing thin-liquidity tokens. Here is a practical, no-hype defense checklist drawn directly from the incidents we've reported. - [Russia Will Let Retail Investors Hold Just 3 Cryptos — BTC, ETH, USDT — From July 2026](https://mrtd.net/russia-retail-crypto-allowlist-btc-eth-usdt-july-2026/): From July 1, 2026, Russia's central bank will restrict non-qualified retail investors to just three digital assets — Bitcoin, Ethereum and USDT — with a ~$4,000 annual cap and mandatory risk testing. Everything else, including XRP and Solana, requires 'professional investor' status. It's an allowlist model for retail crypto, and other regulators are watching. - [llms.txt Reality Check: ~10% of Sites Have It, AI Search Engines Almost Never Read It](https://mrtd.net/llms-txt-reality-check-adoption-vs-actual-use/): llms.txt — a proposed markdown 'map' for language models — now sits on roughly one in ten sites. But in 90 days of 500M+ AI-bot visits, only a few hundred fetched it, and Google has explicitly said it doesn't use it. Here's the honest split: near-zero value for AI search, real value for developer tooling. - [GoDaddy Handed a 27-Year-Old Domain to a Stranger — Despite 2FA and a Domain Lock](https://mrtd.net/godaddy-transferred-27-year-domain-to-stranger-2fa-lock/): A nonprofit's 27-year-old domain was moved into a stranger's account in minutes, with the DNS wiped — even though the account had dual two-factor auth and ownership protection turned on. The transfer didn't break the security; it bypassed it entirely, through GoDaddy's own support desk. That's the threat model everyone forgets. - [Reddit Dominates AI-Search Citations — But 2025 Showed How Fast That Can Crater](https://mrtd.net/reddit-dominates-ai-search-citations-2025-volatility/): Reddit appears in roughly 93% of AI-search opportunities and is the single most-cited source for Google AI Overviews and Perplexity. Yet most of that influence is invisible to users, and in 2025 the numbers swung wildly — ChatGPT's Reddit citations fell from ~60% to ~10% in six weeks. Here is what site owners should actually take from it. - [Meta Hid a Face-ID System in Its Smart-Glasses App, Then Deleted It a Day After WIRED Found It](https://mrtd.net/meta-nametag-hidden-face-recognition-smart-glasses-app/): Researchers found a dormant facial-recognition feature called 'NameTag' buried in Meta's AI companion app — face-matching, local databases, the works — shipped to an app with 50M+ installs. Meta removed it within about 24 hours of WIRED's report and insisted it was never enabled. Whether you believe that, 'built but switched off' is its own kind of warning. - ['Disruption Week': 1.4M Scam Accounts Killed, but Only ~$3.8M in Crypto Frozen](https://mrtd.net/disruption-week-14m-scam-accounts-3m-frozen/): A DOJ-led public-private operation disabled more than 1.4 million Southeast Asian scam accounts and made 63 arrests — yet froze under $4 million in crypto. The viral '$3 billion frozen' figure is wrong, and the real gap between accounts taken down and money recovered is the actual lesson. - [Chrome Put a 4GB AI Model on Your Computer: What Gemini Nano Means for Privacy](https://mrtd.net/chrome-gemini-nano-4gb-on-device-ai-privacy/): Recent Chrome builds ship Gemini Nano — a ~4GB on-device AI model — downloaded in the background to power new built-in browser APIs. Running locally is a genuine privacy win, but a multi-gigabyte model installed without a clear prompt raises a fair consent question. Here is what is actually on your machine. - [The $15B Question: What Happens to the 127,271 BTC the US Seized From a Scam Empire](https://mrtd.net/us-15b-bitcoin-seizure-prince-group-reserve-vs-victims/): The US seized 127,271 bitcoin — about 0.64% of all the bitcoin ever mined — from Cambodia's Prince Group, the largest forfeiture in DOJ history. The coins sat untouched since 2020, yet were fully traced. Now the fight is over where $15 billion goes: a federal reserve, or the scam's victims. - [Signal Rejects the UK's Device-Scanning Push, Reopening the E2EE Fight](https://mrtd.net/signal-uk-device-scanning-e2ee-fight/): Signal has again refused to comply with a reported UK plan to scan devices for illegal imagery, bundled with age verification. The objection is not about any single law — it is that client-side scanning is fundamentally incompatible with end-to-end encryption. - [DIP Protocol Drained for ~$111K on BNB Chain in Reserve-Skim Exploit](https://mrtd.net/dip-protocol-bnb-reserve-skim-exploit/): DeFi project DIP Protocol was drained of roughly $111,000 on BNB Chain through a token-transfer bug that let an attacker double-count pool reserves. Here is the class of flaw involved and why it keeps reappearing. - [AI-Search Visibility Data: Classic SEO Still Predicts Citations, But Most Live Off the Map](https://mrtd.net/ai-search-visibility-seo-geo-aeo-what-works/): New vendor analyses spanning tens of thousands of domains suggest page-level SEO strength still correlates with being cited in ChatGPT, Perplexity and AI Overviews, yet a large share of AI recommendations never appear in traditional rank trackers. We separate the load-bearing tactics from the GEO hype. - [Crawl Budget Reclamation: What It Is, Who Needs It, and the Pruning Playbook](https://mrtd.net/crawl-budget-reclamation-pruning-junk-pages-playbook/): SEO practitioners report large traffic gains from pruning junk indexed pages to free Google's "crawl budget." We break down what crawl budget actually is per Google's own docs, who it genuinely matters for, and a concrete reclamation playbook — while staying skeptical of the headline +67% figure. - [Deprecated Aztec Connect Contract Drained of ~$2.19M Three Years After Shutdown](https://mrtd.net/aztec-connect-deprecated-router-2-19m-drain/): An attacker exploited a settlement-boundary flaw in Aztec Connect's abandoned RollupProcessorV3 contract on June 14, 2026, draining roughly $2.19M in ETH and stablecoins. The privacy bridge was sunset in March 2023 and Aztec Labs holds no keys to pause it. The case is a reminder that "deprecated" is not "safe." ## About - [About](https://mrtd.net/about/) - [Editorial standards](https://mrtd.net/editorial/) - [Contact](https://mrtd.net/contact/) Contact: @mrtdnet on Telegram.