- SBI Crypto was breached, losing $21 million in assets in an apparent laundering operation.
- A phishing scam targeting GMGN tricked 107 users into approving fraudulent transactions.
- Honeypot token scams rose 600% month-over-month, with more than 2,100 tokens identified.
Web3 has entered a new phase of cyber threats. Attackers now combine artificial intelligence, automation tools, and advanced social engineering to deceive users across decentralized networks.
According to a report by GoPlus Security, over $45.84 million was lost in October alone to a wave of scams, phishing campaigns, token exploits, and wallet hacks.
The data illustrate how scammers are evolving their techniques, producing high-impact exploits that have affected thousands of users and platforms across Ethereum, Binance Smart Chain, and Base.
Hackers leverage AI and automation to scale phishing campaigns
GoPlus observed a sharp increase in phishing attacks that resulted in more than $3.5 million in losses.
Many of these scams are powered by “phishing-as-a-service” platforms, where threat actors use AI to quickly generate fake websites and deploy large-scale campaigns with lower operational costs.
One of the largest phishing incidents targeted the GMGN trading platform.
In that case, 107 users were tricked by a third-party fake website into approving malicious transactions. Total losses exceeded $700,000.
The phishing scheme mimicked legitimate wallet interactions, prompting victims to sign approval requests that effectively granted attackers control over their funds.
In another incident, a trader approved a malicious “increaseAllowance” command, resulting in a loss of $325,000 worth of Coinbase Wrapped Bitcoin.
Separately, a different user lost $440,000 after signing a fraudulent “permit” transaction.
Both exploits underscore the rise of fake contract approvals, often enabled by deceptive interfaces that imitate trusted applications.
Sophisticated exploits show laundering tactics reminiscent of state-level actors
The largest exploit involved SBI Crypto, which suffered a breach that drained $21 million in digital assets, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash.
Although SBI Crypto did not officially confirm the source of the breach, a joint investigation by ZachXBT and Cyvers identified patterns similar to techniques used by North Korean-linked hacking groups.
Attackers reportedly routed funds through Tornado Cash, a well-known cryptocurrency mixer previously sanctioned for its role in laundering state-sponsored thefts.
These laundering methods closely resemble operations associated with the Lazarus Group, although the report stressed that the connection remains unverified.
Web3 platforms targeted by honeypot tokens
Alongside phishing and direct exploits, the report found a dramatic increase in honeypot tokens.
Honeypot tokens are malicious smart contracts that allow buyers to purchase tokens but prevent them from selling or withdrawing funds.
Honeypot tokens rose 600% last month, with 2,189 tokens identified, though this remains far below the 40,000 recorded in June 2025.
Source: GoPlus Security
Binance Smart Chain accounted for the majority of these tokens with 1,780 detections, followed by 216 on Ethereum and 131 on Base.
These contracts include hidden restrictions that block transactions, leaving investors’ funds trapped in illiquid assets.
The surge highlights a shift toward contract-level fraud that can evade basic security tools.
Tokens and social accounts compromised in broad exploits
The broader ecosystem also suffered losses from social account takeovers and platform vulnerabilities.
The official social account for Astra Nova was hijacked, triggering a mass sell-off of its native token RVV and causing losses of roughly $10.3 million.
In a separate exploit, decentralized finance platform Garden Finance was hit by a vulnerability that cost users around $10.8 million, according to ZachXBT.
These incidents reflect an expanding attack surface across user-facing interfaces and backend smart contract code, emphasizing the need for stronger security practices and more robust detection across Web3 ecosystems.