Yearn Finance reported that a legacy yETH product was hit by an exploit that allowed an attacker to mint a massive amount of fake tokens and swap them for real assets. Related Reading: Bitcoin Miners Face A Harsh December: Rising BTC Difficulty, Falling Hashprice According to on-chain alerts and protocol statements, the attacker created a near-infinite supply of yETH in a single transaction, then used those tokens to pull ETH and liquid-staking derivatives from liquidity pools. The incident was first flagged on November 30, 2025, and the total impact has been reported at roughly $9 million. #PeckShieldAlert Yearn Finance @yearnfi suffered an attack resulting in a total loss of ~$9M. The exploit involved minting a near-infinite number of yETH tokens, depleting the pool in a single transaction. ~1K $ETH (worth ~$3M) was sent to #TornadoCash, while the exploiter’s… pic.twitter.com/IXNygpwoWa — PeckShieldAlert (@PeckShieldAlert) December 1, 2025 How The Exploit Worked Based on reports, the attacker took advantage of a flaw in the yETH minting logic and produced tokens on the order of 235 trillion in one go. Those worthless tokens were then swapped for real assets from Balancer and Curve pools tied to the product, emptying liquidity in minutes. Chain monitors and security researchers showed the mint and subsequent swaps unfolding very quickly on the blockchain. At 21:11 UTC on Nov 30, an incident occurred involving the yETH stableswap pool that resulted in the minting of a large amount of yETH. The contract impacted is a custom version of popular stableswap code, unrelated to other Yearn products. Yearn V2/V3 vaults are not at risk. — yearn (@yearnfi) December 1, 2025 What Assets Were Taken Reports have disclosed that roughly $8 million was pulled from the main yETH stable-swap pool, while about $0.9 million was taken from a yETH–WETH pool. In addition, roughly 1,000 ETH—valued at about $3 million at the time of movement—was sent to Tornado Cash in attempts to obscure the trail. The attacker converted fake yETH into a mix of ETH and liquid staking tokens before attempting to launder funds. Impact On Yearn’s Core Products According to Yearn officials and follow-up coverage, the breach was limited to an older, legacy implementation of the yETH product and did not affect Yearn’s main V2 and V3 vaults. Deposits into the affected pool were isolated while the team and outside experts began an investigation. This isolation is said to have kept the bulk of user funds in active vaults from being touched. Market Reaction And Wider Concerns Crypto markets saw selling pressure as the news spread, with traders weighing the risk that comes from combining liquid staking tokens with custom swap code. Related Reading: Bitcoin Sentiment Sparks CZ Comment: Sell Greed, Buy Fear Yearn Finance said it is working with outside security teams to run a post-mortem and to patch the vulnerability. Based on reports, teams named in coverage include external auditors and blockchain investigators who are tracking the stolen funds and advising on recovery options. The protocol’s notice warned users about the affected legacy product and urged caution while the review continues. Featured image from Unsplash, chart from TradingView
GANA crashed over 90% after hackers reportedly stole $3.1 million from the BNB Smart Chain-based protocol.
CVERC claims the hack was conducted by a "state-level hacking organization" and suggests the U.S. seizure was part of a larger operation involving the same attackers.
Turkey’s BtcTurk suspended crypto deposits and withdrawals after security firm Cyvers detected $48 million in suspicious outflows tied to its hot wallets.
The team behind the DeFi protocol CrediX is suspected of an exit scam following a recent $4.5 million security breach. The team has reportedly “vanished” from the project’s official channels despite promising refunds, leaving customers empty-handed. Related Reading: Ethereum Breakout Is ‘Imminent’ Amid $3,850 Retest – Analyst Eyes $5,000 For This Quarter DeFi Protocol Suffers $4.5 Million Exploit On Friday, security firm CertiK reported that the DeFi lender CrediX’s team had disappeared following the platform’s recent exploit, leaving its website offline since the August 4 incident and suddenly deleting the official X account. For context, the Sonic-based DeFi lender suffered a security breach on Monday after a potential wallet compromise led to the theft of $4.5 million from the protocol’s liquidity pool. Blockchain security firm PeckShield explained that the alleged hack was due to a compromised admin account, which allowed the exploiter to abuse its BRIDGE role to mint unbacked acUSDC (Sonic USDC) tokens, borrow against them, and drain the pool, before bridging the assets from Sonic Network to Ethereum. Notably, SlowMist found that the CrediX multisig wallet added an attacker as an admin and bridge role via ACLManager six days before, which raised concerns among investors. The DeFi lender’s team acknowledged the incident on X, stating that they had disabled the website to prevent users from depositing. Later, the team informed its community that it had allegedly “reached successful parley with the exploiter, who agreed to return the funds within the next 24-48 hours.” According to the now-deleted post, posted on CrediX’s official Telegram account by a user, the attacker agreed to return the funds “in return for money fully paid by the credix treasury.” The team affirmed that they would airdrop the funds to the affected users’ addresses in “the respective timeframe.” CrediX Goes Dark The following day, the team addressed the exploit on Telegram, stating, “We are truly sorry for this devastating incident and the impact it may have on our community,” and affirmed that they would keep users updated on the next steps before disappearing and deactivating the official X account. On Thursday, the Sonic-based Stability DAO confirmed on its Discord server that CrediX had “gone dark and disappeared,” directly affecting the protocol’s users. The exploit affected Stability DAO’s Metavaults as the project had recently integrated with CrediX. In the message, the protocol announced that all the affected teams, including Sonic Labs, Euler, Beets, and Rines Protocol (Trevee), were in communication and actively working on “filing a formal legal report with the authorities in hopes of recovering lost funds.” Additionally, they have obtained information on two of the DeFi lender’s members, which would be added to the report alongside the rest of the evidence. “A full incident report will be shared with the community soon, outlining everything that happened and what steps are being taken,” the message vowed. Related Reading: Cardano (ADA) Targets $0.80 As Price Retests Key Level – Is An 85% Jump Ahead? This incident follows the alarming trend that has been developing this year. As reported by NewsBTC, crypto theft has surged this year, reaching a total loss of $2.7 billion in the first half of 2025. By the end of June, more value had been stolen year-to-date (YTD) than during the same period in 2022, suggesting that theft from crypto services and DeFi projects could potentially hit $4.3 billion by year’s end. Featured Image from Unsplash.com, Chart from TradingView.com
Arkham, a blockchain analytics firm, says it uncovered a five-year-old theft of 127,000 BTC from LuBian, a major 2020 mining pool.
BigONE is working with blockchain security firm SlowMist to track the stolen assets, with fund tracing already underway across Bitcoin, Ethereum, Tron, Solana, and BNB Chain.
BigONE has lost $27 million in a third-party security attack earlier today targeting its hot wallet.
In a positive development for the crypto community, the individual responsible for the GMX exploit accepted the platform’s bounty and returned over $40 million worth of assets stolen from the project. Related Reading: Drop NFTs Like It’s Hot: Snoop Dogg’s Telegram Collection Raises $12M In 30 Minutes Crypto Hacker Takes $42 Million From GMX On Friday, the recent GMX V1 exploit ended on a happy note after the individual responsible for the incident turned into a white-hat hacker. Perpetual and spot crypto exchange GMX lost over $40 million on Wednesday when an attacker exploited a vulnerability in the protocol’s first version on Arbitrum. According to online reports, GMX V1’s vault contract had a vulnerability that allowed the attacker to manipulate the GLP token price through the system’s calculations. Blockchain security firm SlowMist explained that “The root cause of this attack stems from GMX v1’s design flaw, where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation of GLP token pricing.” Through a reentrancy attack, they successfully established massive short positions to manipulate the global average prices, artificially inflating GLP prices within a single transaction and profiting through redemption operations. As a result, approximately $42 million worth of assets, including Legacy Frax Dollar (FRAX), wrapped bitcoin (WBTC), wrapped ETH (WETH), and other tokens, were transferred from the GLP pool to an unknown wallet. The perpetual crypto exchange halted GMX V1’s trading and GLP’s minting and redeeming on both Arbitrum and Avalanche to prevent another attack and protect users’ funds. However, they clarified that the exploit was limited to GMX’s V1 and its GLP pool. GMX V2, its markets, or liquidity pools, and the GMX token were not affected and remained safe. White-Hat Claims $5 Million Bounty Following the incident, GMX sent a message on-chain and on X offering a $5 million white-hat bounty to the attacker, claiming that their abilities were “evident to anyone looking into the exploit transactions.” GMX’s team noted that returning the funds within the next 48 hours and accepting the bounty would allow the hacker to “spend the funds freely,” instead of taking additional risks to access them. They also vowed not to pursue any legal action and to assist the exploiter in providing proof of source for the funds if it is ever required. Today, the exploiter responded in an on-chain message, accepting the bounty and starting the return process. As Lookonchain reported, they initially returned $10.49 million worth of FRAX on Friday morning. Meanwhile, another $32 million worth of assets had been swapped into 11,700 ETH, which are now valued at $35 million after the King of Altcoins’ price jumped to the $2,990 mark. In the following hours, the hacker returned 10,000 ETH, worth $30 million, keeping only 1,700 ETH, valued at $5.2 million, as the bounty. Related Reading: Solana Ready For $160 Reclaim? Analysts Say Breakout Is A Matter Of Time GMX later confirmed that the funds have now been safely returned and thanked the white-hat hacker for their actions, ultimately giving a positive turn to the incident. Lastly, they informed users that “contributors are working on a proposed distribution plan for presentation to the GMX DAO and will share more information shortly.” Featured Image from Unsplash.com, Chart from TradingView.com
The attack targeted pools tied to GMX liquidity tokens, specifically “cauldrons” using GM tokens as collateral.
Larsen confirmed the incident in January, where he clarified the hack affected only his personal accounts, not Ripple’s corporate wallets.
Some 417,348 ETH, valued at approximately $1 billion remain traceable on the blockchain after being moved using privacy-focused THORChain.
The Solana-based memecoin Launchpad Pump.fun’s X account has been hacked and used to promote fake cryptocurrencies, including an “official” PUMP governance token. On-chain investigators suspect the hack is linked to other X account compromises. Related Reading: Red Monday, Green Week? Bitcoin Needs To Reclaim This Level For Trend Continuation – Analyst Pump.Fun Hackers Launch PUMP Memecoin On Wednesday, Pump.fun’s official X account was compromised, with hackers promoting different tokens during the incident. The account started to post different contract addresses (CA) for various memecoins before deleting them. The hackers initially shared the contact address of PUMP, the “official Pump.fun governance token,” stating that “democracy has never been this degen” and that they would be rewarding their “OG DEGENS.” The crypto community quickly identified the memecoin as a scam and alerted other users of the potential account compromise. Blockchain data firm Bubblemaps warned users of the fake memecoin, explaining that PUMP was “heavily bundled and will dump,” as 60% of the token’s supply was held in two clusters. Meanwhile, Pump.fun’s founder, Alon Cohen, confirmed the X hack and asked the community not to interact with it or any links shared until it was recovered. According to on-chain investigator Dethective, the hackers extracted around $600,000 from the token minutes after sharing the memecoin. The crypto sleuth explained that their strategy consisted of posting the CA of a bundled scam token and deleting it after rugging investors. Besides the fake PUMP token, the malicious actor promoted OG, Extract Protocol (EXAI), and Pump.fun Hacked (HACKED), extracting around $90,000 from these memecoins. Dethective noted that some investors continue to buy the tokens after the hackers repeatedly rugged the previous ones, with the last token hitting a $1.5 million market capitalization at the top. The malicious actors asked the crypto community whether they should create a “legit token on Pump.fun” and call it “Hackeddotfun.” They “promised” to pump the memecoin to a market capitalization of $100 million, assuring it wouldn’t “be a bundle” and would be launched through the platform before deleting the posts. Pump.Fun Hack Linked To Jupiter’s X Compromise? Renowned on-chain detective ZachXBT revealed the Pump.fun compromise is “directly connected on-chain” to the Jupiter DAO and DogWifcoin compromises from February 2025 and November 2024, respectively. On his Telegram channel, the internet sleuth suggested that the attacks are “likely not the fault of either the Pump.fun or Jupiter teams.” Instead, Zach suspects a threat actor is “social engineering employees at X with fraudulent documents/emails or a panel is being exploited.” Wu blockchain shared GMGN data revealing that only one Pump.fun memecoin had a market value above $1 million yesterday. The post detailed that several tokens hit the $1 million barrier but quickly experienced a sharp drop. Related Reading: Solana Sentiment Hits 1-Year Low Amid Market Correction – Analyst Suggests Drop To $70 Following the TRUMP and MELANIA memecoins and the recent Libra token controversy, investors have expressed exhaustion from the continued memecoin scams deployed via the Solana-based launchpad. Some community members called the hack “the nail on the meme coin coffin,” as sentiment surrounding the sector’s “memecoin fiesta” is at its lowest point this cycle. At the time of this writing, Pump.fun’s team has regained access to the account and stated they will continue to monitor the situation as “the attack that led to this compromise is unknown, but it’s unlikely that the team is at fault.” Featured Image from Unsplash.com, Chart from TradingView.com
The neobank offered the perpetrator 20% of the stolen funds to return the money within 48 hours, threatening legal action otherwise.
Crypto exchange Phemex appears to have been the victim of a multi-million exploit on Thursday, according to online reports. Millions worth of USDT, USDC, Ethereum (ETH), and other crypto assets were stolen from the exchange’s hot wallets, resulting in a temporary half of withdrawals. Related Reading: Solana (SOL) To $300 This Month? ‘All Bets Are Off’ Once It Reclaims This Level Phemex Suffers First Crypto Exchange Hack Of 2025 On Thursday morning, the first crypto exchange hack of the year hit the industry. Multiple reports revealed suspicious activity involving Phemex’s hot wallets was taking place over several chains. Blockchain security firm Cyvvers shared on X it had detected multiple transactions to several suspicious wallets on different chains, “including BNB, ETH, OP, POL, BASE, and ARB.” The security firm’s initial report stated that over $29 million worth of crypto had been transferred to the suspicious addresses, later raising the sum. “Upon deeper analysis, it has come to light that both BTC and TRON blockchains have also been impacted, with the estimated total loss now reaching approximately $37 million,” the update read. Cyvvers seemingly identified around 125 suspicious transactions spread across the different blockchains and noted that the attackers had started swapping the tokens to Ethereum (ETH) to avoid potential freezing measures. Meanwhile, on-chain data analysis firm Lookonchain broke down the crypto heist, stating that the hack had taken around $31 million worth of crypto assets. According to the analysis, 3.48 million USDC, 3.42 million USDT, and 841 ETH, worth $2.7 million were drained from the exchange’s hot wallet. Additionally, the attackers took 110,701 LINK, 142 billion PEPE, 1.19 million FET, and 29,509 AVAX, valued at around $7.3 million combined. Lookonchain also listed ONDO, TRX, CRV, JASMY, AAVE, SHIB, GRT, and BRETT, as part of the stolen crypto assets. Compensation Plan In The Works After the news, Phemex CEO Federico Variola confirmed the attack on one of the crypto exchange’s hot wallets. Variola assured users that Phemex’s cold wallets remained safe and that they were investigating the reports. The exchange then announced on X the temporary halt of withdrawals due to the emergency inspection and strengthening of the security measures but did not offer further details about the incident. To ensure security, withdrawals have been temporarily suspended while we conduct an emergency inspection and strengthen wallet services. We sincerely apologize for the inconvenience. Withdrawals will be restored soon. Phemex and the development team apologize for the disruption. Our mission to provide a seamless and trusted trading environment remains firm. Nonetheless, the post stated that ongoing business operations were fine and that trading services continued as usual. Phemex’s team also revealed they are working on a compensation plan, which will be announced soon. It’s worth noting that, in 2024, the number of hacks and total value lost increased from the year prior. According to Chainalysis data, 2024 was the fourth consecutive year in which the funds stolen from crypto hacks exceeded the billion-dollar mark. Related Reading: Number Of New Trump-Themed Malicious Tokens Spike 206% After Official Memecoin Launch Additionally, the total value stolen surged to $2.2 billion last year, and it became the year with the most individual hacks, reaching 303 incidents by December. Centralized exchanges (CEXs) were the most targeted platforms in Q2 and Q3, recording some of the largest incidents in the industry’s history, while Decentralized finance (DeFi) platforms accounted for the largest share of stolen assets in Q1, like most quarters between 2021 and 2023. Featured Image from Unsplash.com, Chart from TradingView.com
Seychelles-based OKX has issued a warning about the proliferation of unauthorized OKX wallet add-ons, which are currently available in the Firefox plug-in store. According to user reports, the fake browser extension adds a third-party functionality within the site’s browser interface. Although Firefox’s plug-in store has recorded less than 100 downloads as of this writing, the […]
The crypto community continues to reel from losses due to scams and hacks. According to Chainalysis data, funds stolen from crypto platforms increased by 21% from last year to $2.2 billion. And for the fourth straight year, losses from hacking and crypto scams exceeded $1 billion. While hacking and crypto scams remain a problem for […]
The wallet service provider was subjected to a more than $100 million hack in 2023.
Japanese cryptocurrency exchange DMM Bitcoin announced its decision to shut down operations following a severe security breach in May that resulted in more than $300 million in losses. The latest report states that the exchange has agreed to transfer its assets to SBI VC Trade, the crypto division of Japan’s financial conglomerate SBI Group. Related […]
Crypto sleuth ZachXBT has accused a former professional gamer and cybersecurity analyst of helping steal $3.5 million from numerous memecoins scams. The on-chain detective’s investigation unveiled a connection between the Australian man and nine crypto hacks. Related Reading: US Judge Halts Arkansas Crackdown On Crypto Mining Firm Over Foreign Ownership Case Former Pro Gamer Turned […]
The US has laid charges against a group accused of a hacking spree, with one alleged victim being robbed of over $6.3 million worth of crypto.
In the latest development of the Bitfinex hack saga, Heather Morgan, known as “Razzlekhan,” was sentenced to 18 months for laundering the 120,000 Bitcoin stolen in 2016. The Court decision follows her husband’s 5-year sentence for money laundering and conspiracy to steal. Related Reading: Taiwan’s Financial Authority Pledges To Address Crypto Tax Evasion Within Three […]
In the latest development of the WazirX crypto heist saga, the Delhi Police detained a man for his alleged connection to the July hack, according to local reports. The $235 million theft left millions of investors empty-handed before the second leg of the bull run and dissatisfied with the hacked exchange’s actions to repay its […]
The victims of the WazirX hack last July 2024 are now planning a class-action lawsuit. According to multiple sources, a group of victims is finalizing the plans to sue India’s largest crypto exchange to recover more than $600,000 in crypto assets. Related Reading: Fake Bitcoin ETF Post Lands Man Plea Deal In SEC Hack Case […]
Ancilia accidentally shared a link to a wallet drainer in its attempt to help victims of the $52 million hack on blockchain lending protocol Radiant Capital.
Crypto hack and fraud-related losses decreased in Q3 2024, though Ethereum (ETH) remained the most targeted smart contract platform, according to a report by Immunefi. Losses Primarily Due To Centralized Exchange Hacks Immunefi has released its 2024 Q3 report, detailing the specifics of cryptocurrency-related hacks and losses during the quarter. The report notes two major […]
The ongoing hack has already netted the attackers over $6 million worth of stablecoins, which have been swapped to ETH by the attacker.
Indonesian cryptocurrency exchange Indodax is the latest to fall victim to a hack, resulting in the theft of approximately $22 million in digital assets. Indodax Pauses Platform Operations Due To Security Breach According to a post by blockchain security firm SlowMist on X, the hackers stole digital assets such as Bitcoin (BTC), multiple ERC-20 tokens […]
A cryptocurrency address associated with the $305 million DMM Bitcoin hack in May has reportedly transferred 500 Bitcoin, valued at approximately $30.4 million. According to PeckShield Alert on Aug. 22, the suspect address initially split the funds between two separate addresses, each receiving around 250 BTC. #PeckShieldAlert #DMMBitcoin Hacker-labeled address has moved 500 $BTC (worth […]
The hacker’s use of Tornado Cash marks the first movement of the stolen Unizen funds since March, heightening security concerns.