Recent cyberattacks have raised alarms in the Web3 community, as hackers leverage artificial intelligence and sophisticated techniques to exploit vulnerabilities. With significant losses reported, experts urge users to remain vigilant against evolving threats within decentralized networks.
Overview of Recent Security Breaches
- SBI Crypto suffered a breach resulting in the loss of $21 million in assets through an alleged money-laundering operation.
- A phishing scam targeting GMGN led to 107 users inadvertently approving fraudulent transactions.
- There was a staggering 600% increase in honeypot scams in just one month, with over 2,100 tokens identified.
According to GoPlus Security, October alone saw over $45.84 million lost due to a surge in scams, phishing attacks, token exploits, and wallet hacks. The data underscores how scammers are evolving their tactics, creating high-impact exploits that are affecting countless users and platforms, notably on Ethereum, Binance Smart Chain, and Base.
AI and Automation Fueling Phishing Campaigns
GoPlus has noted a significant rise in phishing attacks, which have collectively resulted in losses exceeding $3.5 million. Many of these scams are powered by phishing-as-a-service platforms, where threat actors employ AI tools to rapidly generate fraudulent websites and launch large-scale campaigns with reduced operational costs.
One notable phishing incident involved the trading platform GMGN, where 107 users were misled by a counterfeit website into authorizing harmful transactions, leading to losses upwards of $700,000. The scam mimicked legitimate wallet interactions, prompting victims to sign requests that granted attackers control over their funds.
In another case, a trader approved a malicious “increaseAllowance” order, resulting in a loss of $325,000 in Coinbase Wrapped Bitcoin, while another user lost $440,000 after approving a fraudulent “permit” transaction. These cases spotlight the rising trend of false contract approvals, often facilitated by deceptive interfaces that mimic trusted applications.
Sophisticated Exploits Linked to State-Sponsored Money Laundering Tactics
The most significant breach involved SBI Crypto, which experienced a hack that drained $21 million in digital assets, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash. While SBI Crypto has not officially confirmed the source of the breach, a joint investigation by ZachXBT and Cyvers suggests that the methods used mirror those of North Korean hacking groups.
Reportedly, the attackers laundered funds through Tornado Cash, a cryptocurrency mixer previously sanctioned for its role in laundering state-sponsored thefts. This money laundering method closely resembles activities linked to the Lazarus Group, although the connection remains unverified.
Rise of Honeypot Tokens in Web3
In addition to phishing and exploits, the report highlights a dramatic spike in honeypot tokens—malicious smart contracts that allow users to purchase tokens but prevent them from selling or withdrawing funds. Honeypot tokens surged by 600% last month, with 2,189 such tokens identified, although this number is still significantly lower than the nearly 40,000 recorded in June 2025.
The Binance Smart Chain accounted for the majority of these tokens, with 1,780, followed by 216 on Ethereum and 131 on Base. These tokens contain hidden restrictions that block transactions, effectively trapping investors’ funds in illiquid assets. This rise signifies a shift toward fraud integrated at the contract level, allowing it to bypass basic security tools.
Social Media Hacks Amplifying Broader Exploits
The broader ecosystem has also experienced losses due to breaches on social media platforms. The official social account of Astra Nova was hacked, triggering a large-scale sell-off of its native RVV token, resulting in losses of approximately $10.3 million. In a separate incident, the decentralized finance platform Garden Finance faced a vulnerability that cost users about $10.8 million, according to ZachXBT.
These incidents highlight an expanding attack surface, impacting both user interfaces and backend contractual code.
Meet William, a proud Bethel University alumnus with a fervent passion for lifestyle and culture topics. His keen interest doesn’t stop there; he’s also deeply engrossed in current events of all kinds. William dedicates himself wholeheartedly to this site, thriving on the collaborative energy he shares with Suzanne, his long-standing partner in crime.
Having navigated their university courses side by side for years, their teamwork on the site is nothing short of dynamic. Together, they bring a unique blend of insights, proving that two heads are indeed better than one in delivering compelling content.
