- SBI Crypto was breached, losing $21 million in assets in an alleged money-laundering operation.
- A phishing scam targeting GMGN tricked 107 users into approving fraudulent transactions.
- Honeypot token scams surged 600% month-over-month, with more than 2,100 tokens detected.
Web3 is entering a new phase of cyber threats, with attackers leveraging artificial intelligence, automation tools, and sophisticated social engineering to exploit users across decentralized networks.
GoPlus Security reports that over $45.84 million was lost in October alone to a wave of scams, phishing attacks, token exploits, and wallet hacks.
The data reveals how fraudsters are scaling and refining their tactics, creating high-impact exploits that have affected thousands of users and platforms across Ethereum, Binance Smart Chain, and Base.
Hackers use AI and automation to scale phishing campaigns
GoPlus observed a sharp rise in phishing attacks that resulted in losses exceeding $3.5 million.
Many of these scams are powered by “Phishing-as-a-Service” platforms, where threat actors use AI to rapidly generate counterfeit websites and run large-scale campaigns with lower operating costs.
One of the largest phishing incidents involved the GMGN trading platform.
In that case, 107 users were deceived by a fake third-party website into approving malicious transactions, resulting in losses of more than $700,000.
These phishing scams mimic legitimate wallet interactions, tricking victims into signing approval requests that give attackers control over their funds.
In another example, a trader approved a malicious “increaseAllowance” instruction, causing a $325,000 loss in Coinbase Wrapped Bitcoin.
Separately, another user lost $440,000 after signing a fraudulent “permit” transaction.
Both exploits highlight the rise of fake contract approvals, often enabled by deceptive interfaces that imitate trusted applications.
Advanced exploits linked to nation-style money laundering tactics
The single largest exploit reported involved SBI Crypto, which suffered a breach that drained $21 million in digital assets. The losses included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash.
Although SBI Crypto has not officially confirmed the breach’s origin, a joint investigation by ZachXBT and Cyvers identified patterns similar to tactics historically used by North Korean-linked hacking groups.
Attackers allegedly funneled funds through Tornado Cash, a crypto mixer previously sanctioned for its role in laundering state-sponsored thefts.
These laundering techniques mirror activity associated with the Lazarus Group, though the report emphasizes that the attribution remains unconfirmed.
Web3 platforms targeted by honeypot tokens
In addition to phishing and exploits, the report found a dramatic increase in honeypot tokens.
Honeypot contracts are malicious smart contracts that let users buy tokens but prevent them from selling or withdrawing funds.
Honeypot tokens jumped 600% last month, reaching 2,189 identified tokens—although this is still well below the roughly 40,000 recorded in June 2025.
Binance Smart Chain accounted for the majority of these tokens with 1,780, followed by 216 on Ethereum and 131 on Base.
These tokens contain hidden restrictions that block transactions, trapping investors’ funds in illiquid assets.
Their rise underscores a shift toward contract-level scams that can bypass basic security tools.
Wider ecosystem impacted by token and social exploits
The broader ecosystem also saw losses from social-media takeovers and platform-based breaches.
The official social account of Astra Nova was hijacked, triggering a mass sell-off of its native RVV token and resulting in losses of about $10.3 million.
In a separate exploit, the decentralized finance platform Garden Finance suffered vulnerabilities that cost users roughly $10.8 million, according to ZachXBT.
These incidents reflect an expanding attack surface that spans both user-facing interfaces and backend contract code.