BigONE is working with blockchain security firm SlowMist to track the stolen assets, with fund tracing already underway across Bitcoin, Ethereum, Tron, Solana, and BNB Chain.
BigONE has lost $27 million in a third-party security attack earlier today targeting its hot wallet.
In a positive development for the crypto community, the individual responsible for the GMX exploit accepted the platform’s bounty and returned over $40 million worth of assets stolen from the project. Related Reading: Drop NFTs Like It’s Hot: Snoop Dogg’s Telegram Collection Raises $12M In 30 Minutes Crypto Hacker Takes $42 Million From GMX On Friday, the recent GMX V1 exploit ended on a happy note after the individual responsible for the incident turned into a white-hat hacker. Perpetual and spot crypto exchange GMX lost over $40 million on Wednesday when an attacker exploited a vulnerability in the protocol’s first version on Arbitrum. According to online reports, GMX V1’s vault contract had a vulnerability that allowed the attacker to manipulate the GLP token price through the system’s calculations. Blockchain security firm SlowMist explained that “The root cause of this attack stems from GMX v1’s design flaw, where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation of GLP token pricing.” Through a reentrancy attack, they successfully established massive short positions to manipulate the global average prices, artificially inflating GLP prices within a single transaction and profiting through redemption operations. As a result, approximately $42 million worth of assets, including Legacy Frax Dollar (FRAX), wrapped bitcoin (WBTC), wrapped ETH (WETH), and other tokens, were transferred from the GLP pool to an unknown wallet. The perpetual crypto exchange halted GMX V1’s trading and GLP’s minting and redeeming on both Arbitrum and Avalanche to prevent another attack and protect users’ funds. However, they clarified that the exploit was limited to GMX’s V1 and its GLP pool. GMX V2, its markets, or liquidity pools, and the GMX token were not affected and remained safe. White-Hat Claims $5 Million Bounty Following the incident, GMX sent a message on-chain and on X offering a $5 million white-hat bounty to the attacker, claiming that their abilities were “evident to anyone looking into the exploit transactions.” GMX’s team noted that returning the funds within the next 48 hours and accepting the bounty would allow the hacker to “spend the funds freely,” instead of taking additional risks to access them. They also vowed not to pursue any legal action and to assist the exploiter in providing proof of source for the funds if it is ever required. Today, the exploiter responded in an on-chain message, accepting the bounty and starting the return process. As Lookonchain reported, they initially returned $10.49 million worth of FRAX on Friday morning. Meanwhile, another $32 million worth of assets had been swapped into 11,700 ETH, which are now valued at $35 million after the King of Altcoins’ price jumped to the $2,990 mark. In the following hours, the hacker returned 10,000 ETH, worth $30 million, keeping only 1,700 ETH, valued at $5.2 million, as the bounty. Related Reading: Solana Ready For $160 Reclaim? Analysts Say Breakout Is A Matter Of Time GMX later confirmed that the funds have now been safely returned and thanked the white-hat hacker for their actions, ultimately giving a positive turn to the incident. Lastly, they informed users that “contributors are working on a proposed distribution plan for presentation to the GMX DAO and will share more information shortly.” Featured Image from Unsplash.com, Chart from TradingView.com
The attack targeted pools tied to GMX liquidity tokens, specifically “cauldrons” using GM tokens as collateral.
Larsen confirmed the incident in January, where he clarified the hack affected only his personal accounts, not Ripple’s corporate wallets.
Some 417,348 ETH, valued at approximately $1 billion remain traceable on the blockchain after being moved using privacy-focused THORChain.
The Solana-based memecoin Launchpad Pump.fun’s X account has been hacked and used to promote fake cryptocurrencies, including an “official” PUMP governance token. On-chain investigators suspect the hack is linked to other X account compromises. Related Reading: Red Monday, Green Week? Bitcoin Needs To Reclaim This Level For Trend Continuation – Analyst Pump.Fun Hackers Launch PUMP Memecoin On Wednesday, Pump.fun’s official X account was compromised, with hackers promoting different tokens during the incident. The account started to post different contract addresses (CA) for various memecoins before deleting them. The hackers initially shared the contact address of PUMP, the “official Pump.fun governance token,” stating that “democracy has never been this degen” and that they would be rewarding their “OG DEGENS.” The crypto community quickly identified the memecoin as a scam and alerted other users of the potential account compromise. Blockchain data firm Bubblemaps warned users of the fake memecoin, explaining that PUMP was “heavily bundled and will dump,” as 60% of the token’s supply was held in two clusters. Meanwhile, Pump.fun’s founder, Alon Cohen, confirmed the X hack and asked the community not to interact with it or any links shared until it was recovered. According to on-chain investigator Dethective, the hackers extracted around $600,000 from the token minutes after sharing the memecoin. The crypto sleuth explained that their strategy consisted of posting the CA of a bundled scam token and deleting it after rugging investors. Besides the fake PUMP token, the malicious actor promoted OG, Extract Protocol (EXAI), and Pump.fun Hacked (HACKED), extracting around $90,000 from these memecoins. Dethective noted that some investors continue to buy the tokens after the hackers repeatedly rugged the previous ones, with the last token hitting a $1.5 million market capitalization at the top. The malicious actors asked the crypto community whether they should create a “legit token on Pump.fun” and call it “Hackeddotfun.” They “promised” to pump the memecoin to a market capitalization of $100 million, assuring it wouldn’t “be a bundle” and would be launched through the platform before deleting the posts. Pump.Fun Hack Linked To Jupiter’s X Compromise? Renowned on-chain detective ZachXBT revealed the Pump.fun compromise is “directly connected on-chain” to the Jupiter DAO and DogWifcoin compromises from February 2025 and November 2024, respectively. On his Telegram channel, the internet sleuth suggested that the attacks are “likely not the fault of either the Pump.fun or Jupiter teams.” Instead, Zach suspects a threat actor is “social engineering employees at X with fraudulent documents/emails or a panel is being exploited.” Wu blockchain shared GMGN data revealing that only one Pump.fun memecoin had a market value above $1 million yesterday. The post detailed that several tokens hit the $1 million barrier but quickly experienced a sharp drop. Related Reading: Solana Sentiment Hits 1-Year Low Amid Market Correction – Analyst Suggests Drop To $70 Following the TRUMP and MELANIA memecoins and the recent Libra token controversy, investors have expressed exhaustion from the continued memecoin scams deployed via the Solana-based launchpad. Some community members called the hack “the nail on the meme coin coffin,” as sentiment surrounding the sector’s “memecoin fiesta” is at its lowest point this cycle. At the time of this writing, Pump.fun’s team has regained access to the account and stated they will continue to monitor the situation as “the attack that led to this compromise is unknown, but it’s unlikely that the team is at fault.” Featured Image from Unsplash.com, Chart from TradingView.com
The neobank offered the perpetrator 20% of the stolen funds to return the money within 48 hours, threatening legal action otherwise.
Crypto exchange Phemex appears to have been the victim of a multi-million exploit on Thursday, according to online reports. Millions worth of USDT, USDC, Ethereum (ETH), and other crypto assets were stolen from the exchange’s hot wallets, resulting in a temporary half of withdrawals. Related Reading: Solana (SOL) To $300 This Month? ‘All Bets Are Off’ Once It Reclaims This Level Phemex Suffers First Crypto Exchange Hack Of 2025 On Thursday morning, the first crypto exchange hack of the year hit the industry. Multiple reports revealed suspicious activity involving Phemex’s hot wallets was taking place over several chains. Blockchain security firm Cyvvers shared on X it had detected multiple transactions to several suspicious wallets on different chains, “including BNB, ETH, OP, POL, BASE, and ARB.” The security firm’s initial report stated that over $29 million worth of crypto had been transferred to the suspicious addresses, later raising the sum. “Upon deeper analysis, it has come to light that both BTC and TRON blockchains have also been impacted, with the estimated total loss now reaching approximately $37 million,” the update read. Cyvvers seemingly identified around 125 suspicious transactions spread across the different blockchains and noted that the attackers had started swapping the tokens to Ethereum (ETH) to avoid potential freezing measures. Meanwhile, on-chain data analysis firm Lookonchain broke down the crypto heist, stating that the hack had taken around $31 million worth of crypto assets. According to the analysis, 3.48 million USDC, 3.42 million USDT, and 841 ETH, worth $2.7 million were drained from the exchange’s hot wallet. Additionally, the attackers took 110,701 LINK, 142 billion PEPE, 1.19 million FET, and 29,509 AVAX, valued at around $7.3 million combined. Lookonchain also listed ONDO, TRX, CRV, JASMY, AAVE, SHIB, GRT, and BRETT, as part of the stolen crypto assets. Compensation Plan In The Works After the news, Phemex CEO Federico Variola confirmed the attack on one of the crypto exchange’s hot wallets. Variola assured users that Phemex’s cold wallets remained safe and that they were investigating the reports. The exchange then announced on X the temporary halt of withdrawals due to the emergency inspection and strengthening of the security measures but did not offer further details about the incident. To ensure security, withdrawals have been temporarily suspended while we conduct an emergency inspection and strengthen wallet services. We sincerely apologize for the inconvenience. Withdrawals will be restored soon. Phemex and the development team apologize for the disruption. Our mission to provide a seamless and trusted trading environment remains firm. Nonetheless, the post stated that ongoing business operations were fine and that trading services continued as usual. Phemex’s team also revealed they are working on a compensation plan, which will be announced soon. It’s worth noting that, in 2024, the number of hacks and total value lost increased from the year prior. According to Chainalysis data, 2024 was the fourth consecutive year in which the funds stolen from crypto hacks exceeded the billion-dollar mark. Related Reading: Number Of New Trump-Themed Malicious Tokens Spike 206% After Official Memecoin Launch Additionally, the total value stolen surged to $2.2 billion last year, and it became the year with the most individual hacks, reaching 303 incidents by December. Centralized exchanges (CEXs) were the most targeted platforms in Q2 and Q3, recording some of the largest incidents in the industry’s history, while Decentralized finance (DeFi) platforms accounted for the largest share of stolen assets in Q1, like most quarters between 2021 and 2023. Featured Image from Unsplash.com, Chart from TradingView.com
Seychelles-based OKX has issued a warning about the proliferation of unauthorized OKX wallet add-ons, which are currently available in the Firefox plug-in store. According to user reports, the fake browser extension adds a third-party functionality within the site’s browser interface. Although Firefox’s plug-in store has recorded less than 100 downloads as of this writing, the […]
The crypto community continues to reel from losses due to scams and hacks. According to Chainalysis data, funds stolen from crypto platforms increased by 21% from last year to $2.2 billion. And for the fourth straight year, losses from hacking and crypto scams exceeded $1 billion. While hacking and crypto scams remain a problem for […]
The wallet service provider was subjected to a more than $100 million hack in 2023.
Japanese cryptocurrency exchange DMM Bitcoin announced its decision to shut down operations following a severe security breach in May that resulted in more than $300 million in losses. The latest report states that the exchange has agreed to transfer its assets to SBI VC Trade, the crypto division of Japan’s financial conglomerate SBI Group. Related […]
Crypto sleuth ZachXBT has accused a former professional gamer and cybersecurity analyst of helping steal $3.5 million from numerous memecoins scams. The on-chain detective’s investigation unveiled a connection between the Australian man and nine crypto hacks. Related Reading: US Judge Halts Arkansas Crackdown On Crypto Mining Firm Over Foreign Ownership Case Former Pro Gamer Turned […]
The US has laid charges against a group accused of a hacking spree, with one alleged victim being robbed of over $6.3 million worth of crypto.
In the latest development of the Bitfinex hack saga, Heather Morgan, known as “Razzlekhan,” was sentenced to 18 months for laundering the 120,000 Bitcoin stolen in 2016. The Court decision follows her husband’s 5-year sentence for money laundering and conspiracy to steal. Related Reading: Taiwan’s Financial Authority Pledges To Address Crypto Tax Evasion Within Three […]
In the latest development of the WazirX crypto heist saga, the Delhi Police detained a man for his alleged connection to the July hack, according to local reports. The $235 million theft left millions of investors empty-handed before the second leg of the bull run and dissatisfied with the hacked exchange’s actions to repay its […]
The victims of the WazirX hack last July 2024 are now planning a class-action lawsuit. According to multiple sources, a group of victims is finalizing the plans to sue India’s largest crypto exchange to recover more than $600,000 in crypto assets. Related Reading: Fake Bitcoin ETF Post Lands Man Plea Deal In SEC Hack Case […]
Ancilia accidentally shared a link to a wallet drainer in its attempt to help victims of the $52 million hack on blockchain lending protocol Radiant Capital.
Crypto hack and fraud-related losses decreased in Q3 2024, though Ethereum (ETH) remained the most targeted smart contract platform, according to a report by Immunefi. Losses Primarily Due To Centralized Exchange Hacks Immunefi has released its 2024 Q3 report, detailing the specifics of cryptocurrency-related hacks and losses during the quarter. The report notes two major […]
The ongoing hack has already netted the attackers over $6 million worth of stablecoins, which have been swapped to ETH by the attacker.
Indonesian cryptocurrency exchange Indodax is the latest to fall victim to a hack, resulting in the theft of approximately $22 million in digital assets. Indodax Pauses Platform Operations Due To Security Breach According to a post by blockchain security firm SlowMist on X, the hackers stole digital assets such as Bitcoin (BTC), multiple ERC-20 tokens […]
A cryptocurrency address associated with the $305 million DMM Bitcoin hack in May has reportedly transferred 500 Bitcoin, valued at approximately $30.4 million. According to PeckShield Alert on Aug. 22, the suspect address initially split the funds between two separate addresses, each receiving around 250 BTC. #PeckShieldAlert #DMMBitcoin Hacker-labeled address has moved 500 $BTC (worth […]
The hacker’s use of Tornado Cash marks the first movement of the stolen Unizen funds since March, heightening security concerns.
Rho Markets has already paused its platform in response to the security breach.
Another DeFi protocol fell victim to an exploit on Friday morning. Dough Finance, an open-source protocol to create non-custodial liquidity markets, suffered a flash loan attack that took nearly $2 million in user funds. The project’s team announced they are working to resolve the situation promptly. Related Reading: SEC’s Crypto Stance Is ‘Anti-Investor’: CoinRoutes CEO […]
This week, online reports surged of a major data leak involving data from millions of students in the US. The hacker demands a Bitcoin (BTC) payment to prevent the public from leaking sensitive information. The security breach seems to be part of a larger attack on a cloud database. Related Reading: Crypto Bet Gone Wrong: […]
DeFi lending protocol UwU Lend has suffered two attacks in the past three days. The second exploit occurred on Thursday during the protocol’s reimbursement process from the first hack. The ongoing saga has taken around $23 million from the protocol. Related Reading: ZkSync Faces Backlash Amid Token Airdrop Controversy DeFi Protocol Hit With $20 Million […]
DMM Bitcoin, one of Japan’s largest cryptocurrency exchanges, recently suffered a major setback when it reported a loss of 48 billion yen ($305 million) in Bitcoin (BTC) due to a security breach. The incident, discovered on May 31, 2024, revealed the illegal leakage of BTC from a DMM Bitcoin wallet. As a result, several services […]
The hacker holds about $4.3 million in various crypto assets in their Ethereum wallet.