Frontend Hijack

DPRK social-engineers tricked Drift Security Council members into blind-signing durable-nonce txs that handed over admin control, draining $285M on Solana.

Malicious JavaScript injected into Safe{Wallet}'s signing UI drained 401,000 ETH ($1.46B) from a Bybit cold-wallet transfer, the largest crypto theft ever.

$53M drained from a 3-of-11 Radiant multi-sig after macOS malware hit three signers; the Safe UI showed clean txs while hardware wallets signed upgrades.

WazirX lost $234.9M from a 4-of-6 Gnosis Safe at custodian Liminal when attackers exploited a mismatch between the Liminal UI and the calldata signers approved.

Attackers hijacked curve.fi's DNS via its domain registrar and served a wallet-drainer frontend, stealing ~$575K from users while the contracts were untouched.

MM Finance users on Cronos lost $2M after the attacker exploited an unclaimed config to swap the DEX frontend's router address, redirecting swap approvals.

Compromised Cloudflare API key let attackers inject malicious approvals into BadgerDAO's frontend for two weeks, draining $120M from users' wallets.