Phishing / Social Engineering

A Venus Protocol user was phished into delegating account control, losing ~$3.7M from their supplied position. Venus contracts were never compromised.

Attackers compromised BigONE's backend and rewrote risk-control logic to auto-approve any withdrawal, draining $27M from the hot wallet without exposing keys.

$8.6M extracted from Ionic Money on Mode after attackers impersonated Lombard Finance for weeks, got a fake LBTC listed, then borrowed against it.

Tapioca DAO lost $4.65M after a Discord member was social-engineered into connecting a hardware wallet; attacker seized TAP/USDO ownership. $2.7M recovered.

Telegram message oracle flaw let an attacker drain $3M from 11 Banana Gun users via manual transfers on victim wallets. Team refunded victims from treasury.

A crypto whale lost $55.47M in DAI after signing a malicious transaction on a phishing copy of DeFi Saver's login page powered by Inferno Drainer.

Malicious PyPI package (bittensor 6.12.2) exfiltrated decrypted coldkeys and stole ~32,000 TAO ($8M); Opentensor firewalled validators in 35 minutes.

DPRK operatives compromised a developer at wallet vendor Ginco via a fake LinkedIn job offer, draining 4,502.9 BTC ($305M) from Japanese exchange DMM Bitcoin.

$26M drained from Taipei market maker Kronos Research after API keys (not private keys) controlling programmatic withdrawals were stolen; WOO halted trading.

A breach of LastPass encrypted vault backups led to a multi-year drain of victims storing seed phrases there; losses grew from $35M to over $400M.

SIM-swap operation drained $477M from FTX wallets within hours of the Chapter 11 filing, exploiting the chaos of crypto's biggest collapse since Mt. Gox.

2FA-bypass exploit drained $34M from 483 Crypto.com accounts; attackers authorised transactions without the second factor ever prompting the user.

Phishing email with a malicious Word macro on a dev's machine let Lazarus-linked attackers drain $55M from bZx's Polygon and BSC deployments.