- SBI Crypto was breached, dropping $21 million in belongings by way of a suspected laundering operation.
- A phishing rip-off concentrating on GMGN tricked 107 customers into approving faux transactions.
- Honeypot token scams rose 600% month-on-month, with over 2,100 tokens detected.
Web3 has entered a brand new part of cyber threats, with attackers now leveraging synthetic intelligence, automation instruments, and complicated social engineering to take advantage of customers throughout decentralised networks.
According to GoPlus Security, over $45.84 million was misplaced in October alone from a surge of scams, phishing assaults, token exploits, and pockets hacks.
The information reveals how scammers are evolving their strategies, creating high-impact exploits which have affected hundreds of customers and platforms throughout Ethereum, Binance Smart Chain, and Base.
Hackers use AI and automation to spice up phishing campaigns
GoPlus noticed a pointy enhance in phishing assaults that led to greater than $3.5 million in losses.
A rising variety of these scams are powered by “Phishing-as-a-Service” platforms, the place menace actors use AI instruments to quickly generate faux web sites and deploy large-scale campaigns with decrease operational prices.
One of the most important phishing instances concerned the buying and selling platform GMGN.
In this incident, 107 customers have been misled by a faux third-party web site into authorising dangerous transactions. Losses totalled greater than $700,000.
The phishing rip-off replicated authentic pockets interactions, tricking victims into signing approval requests that gave attackers management over their funds.
In one other case, a dealer accredited a malicious “increaseAllowance” command, leading to a $325,000 loss in Coinbase Wrapped Bitcoin.
Separately, one other person was hit with a $440,000 loss after signing a fraudulent “permit” transaction.
Both exploits spotlight the rise in faux contract approvals, typically enabled by misleading interfaces mimicking trusted apps.
Sophisticated exploits linked to state-style laundering techniques
The single largest exploit got here from SBI Crypto, which suffered a breach that drained $21 million price of digital belongings. The losses included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash.
Although SBI Crypto didn’t formally verify the supply of the breach, a joint investigation by ZachXBT and Cyvers prompt patterns just like these utilized by North Korean hacker teams.
The attackers allegedly funnelled funds via Tornado Cash, a identified crypto mixer beforehand sanctioned for its function in laundering state-sponsored thefts.
This laundering technique carefully mirrors exercise linked to the Lazarus Group, although the report careworn that the connection stays unverified.
Web3 platforms beneath assault from honeypot tokens
Alongside phishing and exploits, the report discovered a dramatic spike in honeypot tokens.
These are malicious sensible contracts that enable customers to purchase tokens however stop them from promoting or withdrawing funds.
Honeypot tokens surged 600% final month, reaching 2,189 recognized tokens—although nonetheless far fewer than the 40,000 recorded in June 2025.
The Binance Smart Chain accounted for the majority of those tokens at 1,780, adopted by 216 on Ethereum and 131 on Base.
These tokens are embedded with hidden restrictions that block transactions, stranding investor funds in illiquid belongings.
Their enhance underscores a shift towards embedded contract-level fraud, which might bypass fundamental security instruments.
Tokens and socials compromised in wider exploits
The wider ecosystem additionally noticed losses from social media and platform-based breaches.
Astra Nova’s official social account was hijacked, triggering a large-scale sell-off of its native token RVV and inflicting losses of roughly $10.3 million.
In a separate exploit, decentralised finance platform Garden Finance was hit with a vulnerability that price customers round $10.8 million, in accordance with ZachXBT.
These incidents replicate a widening floor of assault throughout each user-facing interfaces and backend contract code.
