web3 is going just great

Credix exploited for $4.5 million, reaches deal with thief The defi lending protocol Credix lost $4.5 million to an exploit after a hacker gained control of an admin wallet and used it to mint tokens and drain liquidity pools. Credix subsequently announced they had negotiated with the thief, who agreed to return the funds "in return for money fully paid by the credix treasury". They have not disclosed how much they paid to the hacker.

Credix exploited for $4.5 million, reaches deal with thief

August 4, 2025
https://www.web3isgoinggreat.com/?id=credix-exploit

Crypto lender Abra pauses withdrawals for international customers The Abra cryptocurrency lender sent an email to customers announcing that "Abra Earn international services are currently paused, effective immediately", attributing the decision to "broader risk management efforts" and saying it was "influenced by external circumstances outside of our control". This has raised concern among Abra customers, and carries troubling echoes of the wave of crypto lenders pausing withdrawals before they collapsed during the 2022 "crypto winter". This isn't the first sign of shakiness at Abra, which was alleged to be insolvent by the Texas state securities regulator in 2023. The company wound down its US operations in mid-2023 and refunded $82 million to US customers, after reaching a settlement with 25 state regulators. Abra also faced a lawsuit from the US federal securities regulator in 2024, which they settled in August of that year.

Crypto lender Abra pauses withdrawals for international customers

July 29, 2025
https://www.web3isgoinggreat.com/?id=abra-pauses-withdrawals-for-international-customers

$731,000 stolen in SuperRare hack A hacker stole RARE tokens priced at around $731,000 after exploiting a vulnerability in a staking contract for the SuperRare NFT platform. The attacker funded the exploiter wallet around six months ago with assets transferred via the Tornado Cash cryptocurrency mixer.

$731,000 stolen in SuperRare hack

July 28, 2025
https://www.web3isgoinggreat.com/?id=superrare-hack

Customers of WOO X lose $14 million after exchange compromise Attackers who compromised devices belonging to a WOO X employee stole $14 million from users of the Taiwanese WOO X cryptocurrency exchange. The phishing attack on the employee gave the hackers access to a development environment, according to statements from WOO X, and the hackers were then able to make withdrawals from customer accounts. WOO X temporarily froze withdrawals, before reopening accounts after a security review. They offered a 10% "bounty" to the thief.

Customers of WOO X lose $14 million after exchange compromise

July 24, 2025
https://www.web3isgoinggreat.com/?id=woo-x-hack

CoinDCX hacked for $44 million The Indian cryptocurrency exchange CoinDCX was hacked, with attackers stealing around $44 million. The company announced the breach the following day, attributing it to a "sophisticated server breach" and claiming that only company funds were impacted.

CoinDCX hacked for $44 million

July 18, 2025
https://www.web3isgoinggreat.com/?id=coindcx-hack

BigONE hacked for over $27 million The BigONE cryptocurrency exchange was hacked for more than $27 million, which the hacker quickly swapped for various other tokens. The attacker compromised one of the exchange's hot wallets after gaining access to the company's production network. BigONE stated they would fully cover the loss. Blockchain security researcher zachxbt responded to the hack by saying, "I do not feel bad for the team as this CEX processed a good bit of volume from pig butchering, romance, investment scams." Elsewhere he suggested that hacks of "sketchy offshore exchanges" would be a positive for the crypto industry, serving as a "natural cleanse".

BigONE hacked for over $27 million

July 16, 2025
https://www.web3isgoinggreat.com/?id=bigone-hack

Arcadia Finance exploited for $3.5 million The Arcadia Finance defi margin protocol was exploited for $3.5 million after an attacker found a vulnerability in a project smart contract. The attacker quickly swapped the stolen tokens and bridged them from Base to the Ethereum mainnet. The attacker stole the funds in two separate transactions that were more than four hours apart. Arcadia is backed by Coinbase Ventures. The project acknowledged the hack, encouraging users to revoke permissions.

Arcadia Finance exploited for $3.5 million

July 15, 2025
https://www.web3isgoinggreat.com/?id=arcadia-finance-exploit

MoonPay apparently gets scammed out of a $250,000 donation to Trump inaugural fund In a seizure request filed by the DC Attorney General, the Justice Department outlined how a Nigerian scammer used the classic "lowercase Ls look like uppercase Is" trick to steal $250,000 — apparently from the MoonPay crypto exchange. Using the email address steve_witkoff@t47lnaugural.com, the scammer directed "Ivan & Mouna" to deposit $250,000 in Tether to a specified wallet address. Mouna then replies to confirm the transaction, providing a link to a blockchain explorer. The FBI was only able to recover around 16% of the stolen funds, issuing seizure requests to Tether and Binance that regained control of $40,353. As it happens, "Ivan & Mouna" match the names of MoonPay CEO Ivan Soto-Wight and CFO Mouna Siala. The crypto address used to send the transaction also appears to be one of MoonPay's company crypto wallets.

MoonPay had told Fox Business shortly before the transaction that they intended to contribute an undisclosed amount to the Trump inaugural fund. Only weeks after the botched donation, MoonPay was selected as a payment processor for Trump's $TRUMP memecoin.

MoonPay apparently gets scammed out of a $250,000 donation to Trump inaugural fund

July 11, 2025
https://www.web3isgoinggreat.com/?id=moonpay-donation-scam

$2.2 million in user funds stolen from Texture; hacker returns 90% An attacker exploited the Solana-based lending protocol Texture, stealing $2.2 million in user funds from one of the project's vaults. Shortly after the attack, Texture sent a message to the thief: "We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%. You made an opsec mistake, but it’s not too late to avoid escalating the situation." The threat and "bounty" offer apparently worked, and the hacker returned $1.98 million, keeping $220,000 as a so-called "greyhat bounty". "As the hacker has fulfilled their side of the agreement, we will not pursue the matter further," wrote Texture.

$2.2 million in user funds stolen from Texture; hacker returns 90%

July 9, 2025
https://www.web3isgoinggreat.com/?id=texture-hack

Kinto token crashes; community claims rug pull, Kinto claims hack The price of Kinto's $K token suddenly crashed 90%, sparking accusations of a rug pull. A tranche of investor tokens had just been unlocked recently, leading some to speculate that investors dumped their tokens on retail buyers. However, Kinto blamed the token crash on the exploit that was recently disclosed by VennBuild, claiming on Twitter that "we got hacked by a state actor". Venn seemed to corroborate Kinto's explanation that the crash was related to the exploit, tweeting that although they had tried to warn all vulnerable projects before publicly disclosing the bug, "Sadly the Kinto token was not found despite being vulnerable, and exploited without time to mitigate." Kinto has announced a plan to try to fundraise to cover a $1.4 million loss in liquidity, then create a new $K token based on a snapshot of previous token holdings.

Kinto token crashes; community claims rug pull, Kinto claims hack

July 10, 2025
https://www.web3isgoinggreat.com/?id=kinto-token-crashes

Security researchers disclose exploit that put over $10 million across multiple protocols at risk On July 9, security researchers at VennBuild and other firms disclosed a "critical backdoor" affecting thousands of smart contracts, which one of the researchers said left "over $10,000,000 at risk for months". The researchers suggested that the backdoor was likely created by Lazarus, a North Korean state-sponsored hacking group. According to the researchers, they found thousands of contracts affected by the exploit, and worked with multiple protocols to upgrade contracts or withdraw vulnerable funds. The researchers theorized that the attackers were "likely a sophisticated group waiting for a bigger target, not small wins."

Security researchers disclose exploit that put over $10 million across multiple protocols at risk

July 9, 2025
https://www.web3isgoinggreat.com/?id=vennbuild-discloses-bug

GMX exchange hacked for $42 million The decentralized perpetual exchange GMX has been exploited for $42 million. The exploit involved a vulnerability in one version of the exchange's price calculation smart contract. GMX paused some trading while they investigated the hack, and placed other temporary restrictions on the platform. GMX offered a 10% "bug bounty" to the hacker if they returned the funds. As of 24 hours after the theft, the hacker had not acknowledged the offer, and had begun swapping the stolen tokens.

GMX exchange hacked for $42 million

July 9, 2025
https://www.web3isgoinggreat.com/?id=gmx-hack

Resupply stablecoin lender exploited for $9.3 million An attacker was able to exploit a vulnerability in a smart contract used by the Resupply stablecoin lender to extract about $9.3 million from the project. After depositing around $200,000, they were able to inflate the price of another token and borrow almost $10 million. Resupply announced the theft shortly afterwards, and stated that they had paused the vulnerable contract. Resupply is a fairly new project, having officially launched on March 20 — about three months before the exploit.

Resupply stablecoin lender exploited for $9.3 million

June 26, 2025
https://www.web3isgoinggreat.com/?id=resupply-exploit

Hacken token crashes after private key leak Web3 cybersecurity firm Hacken had a cybersecurity incident of their own when the private key belonging to a wallet with mint access for the project's $HAI token was leaked. According to Hacken, the leak was attributable to "human error during architectural changes". After a malicious party gained access to the key, they minted around 900 million $HAI on the Ethereum and BNB chains, almost doubling the total supply. The attacker only profited around $250,000, but they crashed the token price by around 97% in the process.

Hacken token crashes after private key leak

June 21, 2025
https://www.web3isgoinggreat.com/?id=hacken-token-crash

Self Chain fires founder after $50 million scam allegations On June 19, a company called Aza Ventures published allegations on Telegram that they had been scammed by someone promising to facilitate OTC sales of steeply discounted tokens for projects like SUI and NEAR. They claimed they had discovered the whole scheme was a Ponzi. Aza Ventures was initially hesitant to name the scammer, hoping they could pressure the scammer to return the stolen funds, but later reports quickly named Self Chain founder Ravindra Kumar as the alleged culprit. Kumar posted on June 19, "I've been accused of serious wrongdoing, which is completely false." On June 23, Self Chain announced that they had terminated Kumar as CEO "due to recent developments that diverge from the founding vision".

Self Chain fires founder after $50 million scam allegations

June 23, 2025
https://www.web3isgoinggreat.com/?id=self-chain-fires-founder

New York scammer "daytwo" steals $4 million from Coinbase users, blows most of it gambling Christian Nieves, a New York man who goes by the handles "daytwo" and "PawsOnHips", has reportedly stolen more than $4 million through a theft ring where he impersonates Coinbase customer support. An investigation by crypto sleuth zachxbt outlined thefts from multiple Coinbase users, including one elderly victim who lost $240,000. zachxbt noted that Nieves seems to have a gambling problem, depositing much of the stolen funds into crypto gambling websites. "You’ll see onchain how casino deposits get smaller as he loses funds," wrote zachxbt. "Recently this escalated to the point where he started stealing cuts from accomplices." He also appears to have used some of the stolen funds on luxury goods, including a Corvette and expensive watches.

New York scammer "daytwo" steals $4 million from Coinbase users, blows most of it gambling

June 23, 2025
https://www.web3isgoinggreat.com/?id=daytwo-thefts

Israeli-linked hackers steal and destroy $90 million from Iranian Nobitex exchange The Iran-based Nobitex cryptocurrency exchange suffered a $90 million hack, and the attacker has also promised to imminently release data and source code from the platform. The hacking group appears to have burned the crypto assets, effectively destroying them rather than taking them for their own profits. Gonjeshke Darande (also "Predatory Sparrow"), a hacking group with links to Israel, claimed responsibility for the theft, accusing the platform of serving as a "key regime tool" to finance terror and violate sanctions. The cyberattack comes shortly after Israel launched air strikes on Iran.

Israeli-linked hackers steal and destroy $90 million from Iranian Nobitex exchange

June 18, 2025
https://www.web3isgoinggreat.com/?id=nobitex-hack

ALEX Lab exploited again ALEX Lab lost $8.3 million in various currencies after an attacker exploited a flaw in the project's smart contracts that allowed them to create a malicious token. They drained a number of pools on the protocol, amounting to around $8.3 million. ALEX announced they would reimburse stolen user funds. This is the second exploit affecting ALEX Labs, after a thief stole around $2 million in May 2024.

ALEX Lab exploited again

June 6, 2025
https://www.web3isgoinggreat.com/?id=alex-lab-exploit-2

Meta Pool exploited An attacker exploited a vulnerability in the staking contract for Meta Pool, which is a liquid staking project. This allowed them to mint 9,700 mpETH, the project's liquid staking token, which is notionally worth $27 million. However, very low liquidity for the token meant that the attacker was only able to swap 10 ETH (~$25,000) of tokens. Meta Pool acknowledged the theft in a post shortly after the exploit was noticed by a blockchain security firm, and announced that the team had paused the project's smart contract.

Meta Pool exploited

June 17, 2025
https://www.web3isgoinggreat.com/?id=meta-pool-exploit

Crypto exchange BitoPro belatedly discloses $11.5 million hack The Taiwanese cryptocurrency exchange BitoPro disclosed that they had suffered a theft from one of their hot wallets, which they said occurred during a system upgrade in which they were transferring assets between wallets. The theft was originally noticed by crypto sleuth zachxbt, who observed a suspicious transfer of around $11.5 million in crypto assets on May 8. The funds sold on decentralized exchanges and then laundered through various cryptocurrency mixing services. BitoPro originally only told customers that the platform was offline for "maintenance", but disclosed the theft on June 2 after zachxbt published his findings.

Crypto exchange BitoPro belatedly discloses $11.5 million hack

June 2, 2025
https://www.web3isgoinggreat.com/?id=bitopro-hack

Cork Protocol exploited for $12 million Cork Protocol, a defi project aimed at "tokenizing the risk of depeg events for stablecoins and liquid (re)staking tokens", suffered a $12 million loss after an attacker exploited a bug in how the project's smart contract calculated exchange rates. The attacker stole around 3,762 wrapped staked ETH (wstETH), which they exchanged for ETH. The project announced that they were investigating the theft and had paused markets. Cork had been audited in whole or in part by four different security firms. The project's funders include Andreessen Horowitz, OrangeDAO, and Steakhouse Financial, and Cork is a part of Andreessen Horowitz's Crypto Startup Accelerator.

Cork Protocol exploited for $12 million

May 28, 2025
https://www.web3isgoinggreat.com/?id=cork-protocol-hack

Cetus DEX exploited for $223 million; some funds "paused" An attacker stole $223 million from the Sui-based Cetus Protocol. The project announced shortly after that $162 million of the funds had been frozen, leaving around $61 million unaccounted for. This led some to question how decentralized the project truly is if the funds can be frozen in such a way.

Cetus DEX exploited for $223 million; some funds "paused"

May 22, 2025
https://www.web3isgoinggreat.com/?id=cetus-exploit

Curve Finance website and Twitter account hacked The website and Twitter accounts belonging to the Curve Finance defi projects were compromised in quick succession. On May 5, an attacker compromised the Twitter account belonging to the project, posting a scam in which they appeared to announce an airdrop. Then, on May 12, the project posted a warning that the website for the Curve frontend was "hijacked" in an apparent domain takeover. This is not the first such compromise for Curve, which suffered a frontend compromise in August 2022 that resulted in $620,000 in losses (later recovered with the help of some exchanges).

Curve Finance website and Twitter account hacked

May 12, 2025
https://www.web3isgoinggreat.com/?id=curve-finance-website-and-twitter-account-hacked

Founder of Zerebro token fakes his death, promotes new "legacy" coin On May 4, 22-year-old Zerebro founder Jeffy Yu published a blog post introducing "legacoins" — a version of memecoins he said would be used to "define the legacy" of those who had died. Several days later, Yu's Twitter account announced that a "deadman's switch" had triggered the launch of his own "legacoin", $LLJEEFFY. Elsewhere, a video appeared to record Yu's suicide, and an obituary describing him as a "martyr of imagination and creativity" appeared on Legacy.com.

It wasn't long, however, before people began to speculate that Yu had faked his death. Wonderland CEO Daniele Sestagalli published a letter he said he had privately received from Yu, where he confessed to faking his death and described it as his "only viable exit from persistent harassment, blackmail, and threats". Others noted that wallets belonging to Yu had been cashing out $ZEREBRO tokens priced at around $1.3 million. Reporters from the San Francisco Standard ultimately located Yu at his parents' house, where he was "agitated and shocked that he had been found after some routine internet searches", and "declined to talk about the false report of his death or how he may have benefited financially from it."

Founder of Zerebro token fakes his death, promotes new "legacy" coin

May 8, 2025
https://www.web3isgoinggreat.com/?id=founder-of-zerebro-token-fakes-his-death-promotes-new-legacy-coin

Bitget accuses "professional arbitrage" group of profiting $20 million from VOXEL market manipulation After trading — and prices — surged in Bitget's market for the thinly traded video game token VOXEL, the company has accused a "professional arbitrage" group of "improperly" profiting $20 million from manipulating the market. A Bitget executive stated on Twitter that they had issued legal demands to eight accounts they said were responsible for "instigating" the unusual trading activity.

Bitget accuses "professional arbitrage" group of profiting $20 million from VOXEL market manipulation

April 27, 2025
https://www.web3isgoinggreat.com/?id=voxel-manipulation

Term Finance loses $1.65 million due to misconfiguration, recovers $1 million The Ethereum-based lending project Term Finance lost $1.6 million when an oracle misconfiguration resulted in unintended liquidations. The team later announced that they had "successfully negotiated [the] return" of 333 ETH (~$600,000) that had been lost, and that another roughly 223 ETH (~$400,000) had been "captured internally", leaving the final loss at around 362 ETH (~$650,000).

Term Finance loses $1.65 million due to misconfiguration, recovers $1 million

April 26, 2025
https://www.web3isgoinggreat.com/?id=term-finance-misconfiguration

$330 million in Bitcoin apparently stolen; laundering spikes Monero price by over 40% 3,250 BTC (~$330 million) were apparently stolen from a bitcoin holder and then quickly moved through multiple exchanges and swapped for the Monero privacycoin. Such a massive swap into Monero was apparently enough to cause the Monero price to spike from around $230 to as high as around $330, before retracting somewhat.

$330 million in Bitcoin apparently stolen; laundering spikes Monero price by over 40%

April 27, 2025
https://www.web3isgoinggreat.com/?id=bc1qcry-theft

Loopscale hacked for $5.8 million two weeks after launch A new Solana-based defi protocol called Loopscale, backed by Coinbase Ventures and Solana Labs, suffered a $5.8 million exploit only two weeks after its launch. The stolen funds represented 12% of the protocol's TVL. The project blamed the exploit on a bug in the protocol's pricing calculations. Although the project had been audited in February by OShield, the audit evidently did not detect the flaw.

Loopscale hacked for $5.8 million two weeks after launch

April 26, 2025
https://www.web3isgoinggreat.com/?id=loopscale-exploit

$5 million in tokens stolen from ZKsync An attacker compromised an admin account belonging to the ZKsync Ethereum layer-2 project, which is built by Matter Labs. By doing so, they were able to steal approximately $5 million worth of the ZK token, which the project said were "the remaining unclaimed tokens from the ZKsync airdrop". The ZK token quickly dropped around 20% in price, likely as a result of the thief trying to sell the tokens.

$5 million in tokens stolen from ZKsync

April 15, 2025
https://www.web3isgoinggreat.com/?id=zksync-theft