web3 is going just great

Crypto stolen from Korean authorities after they post wallet seed phrase When Korean authorities posted a photograph of seized cash and other items from a police raid, they included photos of cards containing crypto wallet seed phrases, which were proudly arranged on the table next to Ledger hardware wallets for the photo op. Because it only takes a seed phrase to gain control of a crypto wallet, someone who saw the press release quickly acted to move around 4 million PRTG tokens from the wallet. The tokens are notionally worth $4.9 million, although the token is not highly liquid. The blunder was likely due to the authorities' lack of knowledge about cryptocurrency. The move was somewhat akin to authorities publicly posting a username and password for a criminal's bank account — though that would likely be an easier mistake to unwind.

Crypto stolen from Korean authorities after they post wallet seed phrase

February 26, 2026
https://www.web3isgoinggreat.com/?id=crypto-stolen-from-korean-authorities-after-they-post-wallet-seed-phrase

South Korean prosecutors lose $22 million of seized crypto to the wallet inspector, later recover it Staff members working for South Korean prosecutors, for some reason, decided to use a "wallet checking tool" during an August 2025 audit of seized crypto assets. The tool they selected turned out to be a phishing tool, and five wallets were drained of 320 BTC. On February 19, the office announced they had recovered the stolen assets and identified the thief.

South Korean prosecutors lose $22 million of seized crypto to the wallet inspector, later recover it

February 19, 2026
https://www.web3isgoinggreat.com/?id=phishing-attack-on-south-korean-prosecutors

Gemini crypto exchange fires 25% of staff, blames AI Gemini, the cryptocurrency exchange founded and run by Cameron and Tyler Winklevoss, will lay off as many as 200 employees globally. The news came amid an announcement that the company would be withdrawing from the UK, EU, and Australia. "These foreign markets have proven hard to win in for various reasons," they said. They also announced that they would be "parting ways" with their CFO, CLO, and COO. As many companies do these days, the Winklevosses tried to pin the layoffs on AI, claiming that the engineers using AI are ten times more productive. "A smaller organization, leveraging the right tools, isn't just more efficient, it's actually faster," they wrote — in a blog post that itself reeks of AI.

Gemini crypto exchange fires 25% of staff, blames AI

February 5, 2026
https://www.web3isgoinggreat.com/?id=gemini-layoffs-2026

Step Finance, SolanaFloor, and Remora Markets shut down after January hack Step Finance announced that, following a $30 million theft in late January, the project would be shutting down. Along with it, they will shut down SolanaFloor — a Solana-focused media project — and Remora Markets — a Solana-based tokenized stocks platform. According to Step Finance, "we explored every possible path forward, including financing and acquisition opportunities. Unfortunately, we were unable to secure a viable outcome and have made the difficult decision to end all operations effective immediately." In reply to Step Finance's announcement, crypto investor Mike Dudas claimed that the project had contacted him about bridge financing, but that Step had never responded to his request for more information about the hack. "i responded: 'would need to see the security post mortem before i could consider investing here' <crickets>"

Step Finance, SolanaFloor, and Remora Markets shut down after January hack

February 23, 2026
https://www.web3isgoinggreat.com/?id=step-finance-shuts-down

YieldBlox lending pool drained of $10.2 million A lending pool operated by YieldBlox on the Stellar blockchain was emptied of around $10.2 million in an oracle manipulation attack on the Reflector oracle supplying prices for the USTRY/USDC market. Reflector has said that there was no flaw with their oracle, and that market illiquidity caused the problem. "Reflector quoted correct prices. ... but it's impossible to quote adequate prices for a market fully handled by a single market-maker with almost zero trading activity." The attacker was able to manipulate the oracle price to show that USTRY was priced at $100 (rather than its actual trading price of around $1.05). Then, they borrowed against the overvalued asset, withdrawing XLM and USDC priced at $10.2 million. However, around 48 million of the stolen XLM (~$7.2 million) were frozen.

YieldBlox lending pool drained of $10.2 million

February 21, 2026
https://www.web3isgoinggreat.com/?id=yieldblox-theft

IoTeX bridge exploited for $2 million after private key compromise IoTeX, a platform to connect IoT devices to blockchain networks, lost around $2 million after a private key compromise enabled an attacker to drain funds from the project's token safe. Initial loss estimates were as high as $8.8 million, although IoTeX CEO Raullen Chai stated that the actual loss was closer to $2 million. Blockchain security researcher Specter has suggested there may be links between this attack and a $50 million theft from the Infini "stablecoin neobank" a year ago.

IoTeX bridge exploited for $2 million after private key compromise

February 21, 2026
https://www.web3isgoinggreat.com/?id=iotex-bridge-exploit

Moonwell lending protocol suffers $1.78 million loss after second oracle misconfiguration in four months After an oracle misconfiguration, the Moonwell defi lending protocol accumulated $1.78 million in bad debt. When the protocol showed that cbETH was priced at just over a dollar, rather than its actual market price of around $2,200, bots and humans alike rushed to take advantage of the mispricing. The error cascaded into liquidations across the platform. This is the second time Moonwell has suffered a loss thanks to an oracle misconfiguration. In November 2025, the platform was left with almost $3.7 million in bad debt after a different asset was mispriced.

Although the vulnerable pull requests were at least partially developed by an AI tool, the security auditor who initially attributed the vulnerability to Claude Opus 4.6 later softened his criticism, noting that even senior developers could have made the same mistake. He did, however, criticize the project for a lack of sufficiently rigorous testing that should have caught the issue.

Moonwell lending protocol suffers $1.78 million loss after second oracle misconfiguration in four months

February 15, 2026
https://www.web3isgoinggreat.com/?id=moonwell-exploit

BlockFills crypto lender halts withdrawals The Chicago-based institutional crypto lending firm BlockFills has halted deposits and withdrawals, citing "recent market and financial conditions" and a desire to "further the protection of clients and the firm". They've also noted the need to "restore liquidity to the platform". Platforms limiting or halting withdrawals — particularly lending platforms — is reminiscient of the 2022 crypto crash, when falling crypto prices exposed crypto firms that had been engaging in highly risky or sometimes illegal behavior. As crypto prices fell, firms were unable to meet their loan obligations or faced margin calls, and the tightly interconnected web of lending within the crypto ecosystem often meant that one company failure cascaded into multiple more. It remains to be seen whether this is an isolated incident or the beginning of a trend as crypto prices hit revisit price lows not seen in over a year.

BlockFills claims to have more than 2,000 institutional clients globally, and boasted of facilitating more than $61 billion in transactions in 2025. The company's backers include Susquehanna Capital and CME Ventures.

BlockFills crypto lender halts withdrawals

February 11, 2026
https://www.web3isgoinggreat.com/?id=blockfills-crypto-lender-halts-withdrawals

CrossCurve users exploited for around $3 million Hackers exploited a bug in smart contracts deployed by the defi protocol CrossCurve to steal an estimated $3 million across multiple blockchains. The thief was able to spoof cross-chain messages, causing the CrossCurve bridge to release assets not belonging to them. CrossCurve took a conciliatory tone in on-chain messages sent to the thief, writing, "These tokens were wrongfully taken from users due to a smart contract exploit. We do not believe this was intentional on your part, and there is no indication of malicious intent." (Who among us hasn't accidentally stolen millions of dollars?) However, they warned, they planned to escalate to working with law enforcement and blockchain security firms to investigate and prosecute the theft if the funds were not returned within 72 hours.

CrossCurve users exploited for around $3 million

February 1, 2026
https://www.web3isgoinggreat.com/?id=crosscurve-users-exploited-for-around-3-million

Bithumb accidentally gives away $44 billion to customers The South Korean cryptocurrency exchange Bithumb disclosed that it had accidentally given its customers more than 620,000 BTC (~$44 billion) in a promotional event gone wrong. Intending to reward each customer with at least ₩2,000 (~$1.40), the exchange accidentally rewarded each customer at least 2,000 BTC (almost $140 million). The exchange announced that they had recovered 99.7% of the erroneously awarded tokens, leaving around 1,860 BTC (~$130 million) unaccounted for. The incident has drawn further scrutiny from Korean regulators, who said that the error "has exposed the vulnerabilities and risks of virtual assets." Regulatory agencies in the country had already been cracking down on crypto firms following a $30 million hack of the Upbit crypto exchange in November 2025.

Bithumb accidentally gives away $44 billion to customers

February 7, 2026
https://www.web3isgoinggreat.com/?id=bithumb-giveaway-error

$29 million stolen from from Step Finance treasury wallets The Solana-based defi portfolio tracker Step Finance lost 261,854 SOL (~$28.7 million) when a thief gained access to treasury and fee wallets. It's not yet clear how the attacker was able to steal the funds, although Step Finance posted to Twitter that the theft occurred via a "well known attack vector". Step wrote that they were working with cybersecurity firms and law enforcement to address the incident.

$29 million stolen from from Step Finance treasury wallets

January 31, 2026
https://www.web3isgoinggreat.com/?id=step-finance-theft

Thief of $90M in seized U.S.-controlled crypto alleged to be government crypto contractor's son Two crypto thieves decided to settle an argument over who was wealthier by screensharing as they transferred crypto between wallets to prove ownership. In doing so, one of them — known online as "Lick" — revealed a wallet address that crypto sleuth zachxbt quickly tied to the theft of around $90 million from US government wallets containing seized crypto assets, including a $20 million theft zachxbt reported in October 2024. zachxbt has alleged that "Lick" is a man named John Daghita. After reporting Daghita's identity, "Lick" appeared to try to scrub his Telegram account, then dusted zachxbt's public crypto wallet from one of the theft addresses.

Daghitia is reportedly the son of Dean Daghita, the owner of Command Services & Support (CMDSS). In October 2024, CMDSS landed a contract with the US Marshals to manage seized crypto assets, which is still active. After zachxbt linked the younger Daghita to his father and CMDSS, CMDSS also scrubbed its online presence. Around that time, Lick began trolling zachxbt again, and later sent 0.6767 ETH (~$1,900) of the stolen funds to zachxbt. CMDSS' website boasts that they are "a proven provider of mission-critical services to the Department of Defense and Department of Justice".

Thief of $90M in seized U​.S.-controlled crypto alleged to be government crypto contractor's son

January 23, 2026
https://www.web3isgoinggreat.com/?id=lick-theft

Aperture Finance users lose at least $3.4 million An attacker exploited a bug in an Aperture Finance smart contract to steal at least $3.4 million from users who had enabled "instant liquidity management" features. Aperture Finane is a defi platform that aims to allow users to trade by telling large language models their "intents". Aperture has said they disabled portions of their web app impacted by the bug, and are working to try to trace and recover stolen funds.

Aperture Finance users lose at least $3.4 million

January 25, 2026
https://www.web3isgoinggreat.com/?id=aperture-finance-exploit

$13.43 million stolen from Matcha Meta users in SwapNet exploit Some users of Matcha Meta, a decentralized exchange aggregator on the Base blockchain, suffered losses after a thief exploited a vulnerability in its SwapNet integration. SwapNet is another DEX aggregator that integrates with Matcha Meta, and Matcha blamed a vulnerability in their smart contracts that enabled a thief to steal assets transferred via the integration. Most of the lost funds came from a single user, who lost $13.34 million in assets. Other users lost a combined $900,000.

$13.43 million stolen from Matcha Meta users in SwapNet exploit

January 25, 2026
https://www.web3isgoinggreat.com/?id=matcha-meta-exploit

Saga halts blockchain after $7 million theft The Saga project halted its blockchain after acknowledging that $7 million had been stolen. An attacker was evidently able to mint a large quantity of Saga Dollar tokens, though it's not yet clear whether it was because of a smart contract vulnerability, private key compromise, or some other issue. The attacker was quick to swap most of the assets to ETH to thwart asset freezes or blockchain halts. The Saga Dollar token lost its peg and fell to around $0.75 after the attack.

Saga halts blockchain after $7 million theft

January 21, 2026
https://www.web3isgoinggreat.com/?id=saga-exploit

Crypto holder loses $283 million to scammer impersonating wallet support A crypto holder has lost $282 million in bitcoin and litecoin after a scammer impersonating a customer support employee for the Trezor hardware wallet manufacturer successfully convinced them into revealing their seed phrase. After gaining access to the assets, they quickly swapped them to the Monero privacycoin. The volume of assets was so large that the Monero price spiked as the scammer laundered the finds. The scammer also swapped assets using the THORChain project, which boasted on social media about the "World record speedrun. ⚡️" (presumably without realizing they were bragging about a thief using their project to launder money). Around $700,000 of the stolen assets were frozen thanks to intervention by a security firm called ZeroShadow, although this represents only 0.2% of the total loss.

Crypto holder loses $283 million to scammer impersonating wallet support

January 10, 2026
https://www.web3isgoinggreat.com/?id=trezor-support-scam

Former NYC Mayor Eric Adams accused of rug pull as NYC Token crashes Shortly after losing his campaign for re-election as mayor of New York City, Eric Adams announced he would be launching "NYC Token". He's pitched the project as a fundraising tool to fight "antisemitism" and "anti-Americanism", and as a project to "teach our children how to embrace the blockchain technology." He launched the project on January 12, and buyers piled in in hopes of being early to a high-profile crypto token endorsed by a public figure. However, within hours, the team began pulling liquidity as the price peaked, extracting around $2.5 million. As the price began to fall, the team added back around $1.5 million, leaving around $1 million unaccounted for.

Additionally, on-chain researchers observed at least one wallet that spent almost $750,000 to purchase around 1.5 million $NYC around 10 minutes before the token was publicly announced, leading to speculation around insider trading. However, because of the token price crash after the team began pulling liquidity, the apparent insider ultimately lost around $500,000. People were quick to accuse Adams, or his unidentified crypto team, of rug-pulling buyers. Adams and the project's social media account have claimed that the team was simply moving or "rebalanc[ing]" liquidity, though they have not yet offered any explanation as to where the missing $1 million went.

Former NYC Mayor Eric Adams accused of rug pull as NYC Token crashes

January 12, 2026
https://www.web3isgoinggreat.com/?id=nyc-token-crash

Truebit exploited for over $26 million A bug in a smart contract belonging to the Ethereum-based Truebit project allowed an attacker to steal 8,535 ETH (~$26.4 million). The thief targeted one of the project's older contracts — deployed in 2021 — which contained a bug in which the price calculation to mint sufficiently large quantities of the protocol's TRU token would overflow, erroneously allowing people to mint large amounts of TRU for next to nothing. The exploiter took advantage of this by minting TRU and swapping it for ETH, ultimately causing the TRU token price to crash 99.9%. Another subsequent attack saw around $300,000 more drained from the project. Truebit acknowledged the hack and urged users not to interact with the vulnerable smart contract.

Truebit exploited for over $26 million

January 8, 2026
https://www.web3isgoinggreat.com/?id=truebit-exploit

Unleash Protocol exploited for $3.9 million Unleash Protocol, a project promising to allow creators to register their intellectual property on the blockchain, has been exploited for around $3.9 million. An attacker was able to gain administrative access, despite the project's governance system ostensibly being protected by a multisignature wallet. They then deployed a new smart contract, which allowed them to siphon assets from the project. The attacker then bridged the funds to ETH and laundered them via the Tornado Cash cryptocurrency mixer.

Unleash Protocol exploited for $3.9 million

December 30, 2025
https://www.web3isgoinggreat.com/?id=unleash-protocol-exploit

Flow blockchain exploited for $3.9 million The Flow blockchain suffered an exploit in which an attacker was able to mint a large number of wrapped FLOW tokens, which they then swapped to tokens on other blockchains. Ultimately around $3.9 million was stolen, and the FLOW token dramatically plunged in price. Some crypto exchanges, such as Upbit and Bithumb, halted withdrawals and deposits for FLOW after the exploit was discovered. Flow later confirmed the exploit, and said that validators "executed a coordinated halt" of the network to shut down the attack.

Flow blockchain exploited for $3.9 million

December 27, 2025
https://www.web3isgoinggreat.com/?id=flow-infinite-mint-exploit

Binance's Trust Wallet extension hacked; users lose $7 million The Trust Wallet Chrome extension was compromised in an apparent supply chain attack. People who used the non-custodial wallet extension after it updated to version 2.68 lost funds after malicious code was introduced to exfiltrate wallet seed phrases so that the attackers could then drain the wallets. Victims have lost a combined $7 million due to the compromise. Binance founder Changpeng Zhao — who supposedly has no managerial role at Binance after he and the company were criminally charged in the US — announced that Binance would reimburse users who lost funds.

Binance's Trust Wallet extension hacked; users lose $7 million

December 25, 2025
https://www.web3isgoinggreat.com/?id=trust-wallet-hack

Crypto trader loses $50 million to address poisoning attack A crypto trader lost almost $50 million in the Tether stablecoin after falling victim to an address poisoning attack. Because blockchain wallet addresses are long, random alphanumeric strings, traders often use the first and/or last several characters to quickly recognize wallets, and copy and paste regularly used wallet addresses from their transaction history. This has given rise to a type of scam known as "address poisoning", where scammers generate wallet addresses that share similar beginning and end characters, and use them to send transactions to wealthy victims. If they're lucky, as they were in this case, the victim will accidentally copy the similar looking scammer's wallet address when making a transfer of significant size.

After the theft, the victim sent an on-chain message to the scammer, offering a $1 million "bounty" for the return of the remaining funds. They threatened, "We have officially filed a criminal case. With the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols, we have already gathered substantial and actionable intelligence regarding your activities." However, there's been no activity from the wallet since the message, and the thief had long since begun laundering the funds via Tornado Cash.

Crypto trader loses $50 million to address poisoning attack

December 19, 2025
https://www.web3isgoinggreat.com/?id=0xcB8078-address-poisoning

Yearn Finance suffers fourth exploit only weeks after third Only weeks after losing $6.6 million to an infinite mint exploit, a Yearn Finance smart contract has again been exploited, allowing an attacker to make off with around 103 ETH (~$300,000). The affected contract is a legacy contract that was part of the Yearn v1 project (once known as iearn). The attacker used a flash loan to manipulate the price of tokens in the vault, allowing them to withdraw the iearn assets, which they then swapped for ETH. This is Yearn's fourth hack, following the $6.6 million theft in November, an $11 million exploit in 2023, and an $11 million exploit in 2021. Yearn also lost around $1.4 million in 2023 in connection to the Euler Finance attack.

Yearn Finance suffers fourth exploit only weeks after third

December 16, 2025
https://www.web3isgoinggreat.com/?id=yearn-finance-exploit-4

Ribbon Finance suffers $2.7 million exploit, plans to use "dormant" users' funds to repay active users Ribbon Finance, which has partially rebranded to Aevo, has lost $2.7 million after attackers exploited a vulnerability in the smart contract for legacy Ribbon vaults that enabled them to manipulate oracle prices and withdraw a large amount of ETH and USDC. Ribbon has announced it will cover $400,000 of the lost funds with its own assets. However, Ribbon is also offering users a lower-than-expected haircut on their assets by assuming that some of the largest affected accounts will not withdraw their assets, having been dormant for several years. While this plan may benefit active users, it seems like it could get very messy if those dormant users do wish to withdraw their assets and discover they've been used to pay others.

Ribbon Finance suffers $2.7 million exploit, plans to use "dormant" users' funds to repay active users

December 12, 2025
https://www.web3isgoinggreat.com/?id=ribbon-finance-exploit

Prysm consensus client bug causes Ethereum validators to lose over $1 million Ethereum validators running the Prysm consensus client lost around 382 ETH ($1.18 million) after a bug resulted in delays that caused validators to miss blocks and attestations. Though the bug had been introduced around a month prior, it did not affect validators until Ethereum completed its "Fusaka" network update on December 3. Around 19% of Ethereum validators use the Prysm consensus client, which is developed by Offchain Labs.

Prysm consensus client bug causes Ethereum validators to lose over $1 million

December 4, 2025
https://www.web3isgoinggreat.com/?id=prysm-bug

Binance employee suspended after launching a token and promoting it with company accounts Binance has announced that the company has suspended an employee who used the platform's official Twitter accounts to promote a memecoin they had launched. The token, called "year of the yellow fruit", pumped in price after official Binance accounts coaxed followers to "harvest abundantly". Binance publicly acknowledged that an employee had been suspended for misconduct over the incident. "These actions constitute abuse of their position for personal gain and violate our policies and code of professional conduct," Binance tweeted from its BinanceFutures account. After this announcement, the memecoin token price spiked even further. Earlier this year, Binance fired another employee after discovering they had used inside information to profit from a token sale event.

Binance employee suspended after launching a token and promoting it with company accounts

December 8, 2025
https://www.web3isgoinggreat.com/?id=binance-employee-suspended

Aerodrome and Velodrome suffer website takeovers, again Attackers redirected users intending to visit the websites for the decentralized exchanges Aerodrome and Velodrome to their own fraudulent versions using DNS hijacking, after taking control of the websites' domains. The platforms urged users not to visit the websites as they worked to regain control. This is the second time such an attack has happened to these same platforms, with another DNS hijacking incident occurring almost exactly two years ago. In that instance, users lost around $100,000 when submitting transactions via the scam websites.

Aerodrome and Velodrome suffer website takeovers, again

November 22, 2025
https://www.web3isgoinggreat.com/?id=aerodrome-and-velodrome-website-takeovers

Cardano founder calls the FBI on a user who says his AI mistake caused a chainsplit On November 21, the Cardano blockchain suffered a major chainsplit after someone created a transaction that exploited an old bug in Cardano node software, causing the chain to split. The person who submitted the transaction fessed up on Twitter, writing, "It started off as a 'let's see if I can reproduce the bad transaction' personal challenge and then I was dumb enough to rely on AI's instructions on how to block all traffic in/out of my Linux server without properly testing it on testnet first, and then watched in horror as the last block time on explorers froze." Charles Hoskinson, the founder of Cardano, responded with a tweet boasting about how quickly the chain recovered from the catastrophic split, then accused the person of acting maliciously. "It was absolutely personal", Hoskinson wrote, adding that the person's public version of events was merely him "trying to walk it back because he knows

Hoskinson's decision to involve the FBI horrified some onlookers, including one other engineer at the company who publicly quit after the incident. They wrote, "I've fucked up pen testing in a major way once. I've seen my colleagues do the same. I didn't realize there was a risk of getting raided by the authorities because of that + saying mean things on the Internet."

Cardano founder calls the FBI on a user who says his AI mistake caused a chainsplit

November 21, 2025
https://www.web3isgoinggreat.com/?id=cardano-founder-calls-the-fbi

Crypto tracking platform DappRadar shuts down, citing financial woes Amid a month of falling crypto prices, the crypto tracking platform DappRadar has announced it will be shutting down after seven years of operation. "Running a platform of this scale became financially unsustainable in the current environment," the company announced on Twitter. The company had previously raised several rounds of financing, with a $2.3 million seed round in 2019 and a $5 million Series A in 2021.

Crypto tracking platform DappRadar shuts down, citing financial woes

November 17, 2025
https://www.web3isgoinggreat.com/?id=dappradar-shuts-down

Elixir shuts down deUSD after Stream Finance halt After the defi yield platform Stream Finance announced a $93 million loss, Elixir announced it would be discontinuing its deUSD synthetic stablecoin. Stream Finance owes $68 million to Elixir, and holds around $75 million deUSD. Elixir has announced that they plan to allow deUSD holders to redeem their tokens for USDC through a process that will also eliminate the risk of Stream Finance cashing out their deUSD without repaying their loan. According to Elixir, "Stream comprised of 99%+ of the lending positions (and has decided to not repay or close positions)".

Elixir shuts down deUSD after Stream Finance halt

November 6, 2025
https://www.web3isgoinggreat.com/?id=elixir-shuts-down-deusd