- SBI Crypto suffered a security breach and lost $21 million in digital assets amid suspicions of money laundering.
- A phishing scam targeting the GMGN trading platform tricked 107 users into approving fraudulent transactions.
- Honeypot token scams surged by 600% month-over-month, with more than 2,100 malicious tokens detected.
Web3 has entered a new phase of cyber threats as attackers leverage artificial intelligence, automation tools, and sophisticated social engineering to exploit users across decentralized networks.
According to GoPlus Security, more than $45.84 million was lost in October alone due to a rise in scams, phishing attacks, token abuses, and wallet compromises.
The data show how fraudsters are evolving their techniques to create high-impact exploits that affected thousands of users and platforms across Ethereum, Binance Smart Chain, and Base.
Hackers use AI and automation to scale phishing campaigns
GoPlus recorded a sharp increase in phishing attacks that resulted in losses exceeding $3.5 million.
Many of these campaigns are driven by “Phishing-as-a-Service” platforms, where threat actors use AI tools to rapidly generate fake websites and deploy large-scale campaigns while keeping operational costs low.
One of the largest phishing incidents targeted the GMGN trading platform.
In that case, a fraudulent third-party website tricked 107 users into approving malicious transactions, with losses exceeding $700,000.
The phishing scheme replicated legitimate wallet interactions, convincing victims to sign approval requests that granted attackers control over their funds.
In another incident, a trader approved a malicious increaseAllowance transaction, resulting in a $325,000 loss in Coinbase Wrapped Bitcoin.
Separately, another user lost $440,000 after signing a fraudulent approval transaction.
Both exploits highlight the rise of fake contract approvals, often driven by deceptive interfaces that imitate trusted applications.
Sophisticated abuse tied to state-style money laundering tactics
The largest abuse involved SBI Crypto, which experienced a breach that drained $21 million in digital assets, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash.
Although SBI Crypto has not officially confirmed the breach origin, an investigation by ZachXBT and Cyvers pointed to patterns resembling techniques used by North Korean-linked hacking groups.
Attackers are reported to have mixed funds through Tornado Cash, a crypto mixer previously sanctioned for facilitating laundering of state-sponsored thefts.
This laundering approach closely mirrors activity associated with the Lazarus group, although the report cautioned that the link remains unverified.
Web3 platforms hit by a wave of honeypot token scams
Beyond phishing and direct exploits, the report identified a dramatic rise in honeypot tokens.
Honeypots are malicious smart contracts that allow users to buy tokens but prevent them from selling or withdrawing funds, trapping investors in illiquid assets.
Honeypot tokens grew by 600% last month, reaching 2,189 identified tokens — still far below the roughly 40,000 tokens recorded in June 2025.
Binance Smart Chain accounted for the majority of these tokens with 1,780 detections, followed by 216 on Ethereum and 131 on Base.
These tokens embed hidden restrictions that block transactions and lock investors’ funds into non-transferable assets.
Their rise underscores a shift toward fraud embedded within smart contracts—scams that can evade basic security tools.
Compromised tokens and social accounts widen the attack surface
The broader ecosystem also saw significant losses from social-media takeovers and platform breaches.
Astra Nova’s official social account was hijacked, triggering a mass sell-off of its native token RVV and causing approximately $10.3 million in losses.
In a separate incident, decentralized finance platform Garden Finance suffered an exploit that cost users roughly $10.8 million.
These incidents reflect an expanding attack surface that targets both user-facing interfaces and the backend code of smart contracts, emphasizing the need for stronger security practices across Web3.