- SBI Crypto breached, losing $21 million in assets amid suspected state-linked money laundering operations
- Phishing scam targeting GMGN tricked 107 users into approving fake transactions
- Honeypot token scams surged 600% month-over-month, with more than 2,100 tokens detected
Web3 has entered a new phase of cyber threats. Attackers are increasingly leveraging artificial intelligence, automated tooling, and sophisticated social engineering to exploit users across decentralized networks.
According to GoPlus Security data, over $45.84 million was lost in October alone to phishing scams, token exploits, and wallet hacks. These incidents reveal how fraudsters are refining their tactics to create high-impact vulnerabilities that affect thousands of users and platforms across Ethereum, Binance Smart Chain, and Base.
Hackers use AI and automation to scale phishing campaigns
GoPlus observed a rapid rise in phishing attacks that resulted in more than $3.5 million in losses. Many of these scams are now driven by “Phishing-as-a-Service” platforms, where threat actors employ AI to quickly generate convincing fake websites and deploy large-scale campaigns at lower operational cost.
One major phishing incident involved the GMGN trading platform. In this case, a third-party fake site tricked 107 users into authorizing malicious transactions, causing combined losses exceeding $700,000. The phishing pages imitated legitimate wallet interactions, deceiving victims into signing approval requests that granted attackers control over their funds.
In a separate exploit, traders unknowingly approved a dangerous “increaseAllowance” transaction, which resulted in a $325,000 loss to Coinbase Wrapped Bitcoin. Other victims lost roughly $440,000 after signing a fraudulent “permit” transaction. Both incidents highlight the growing trend of fake contract approvals, often initiated through deceptive interfaces that mimic trusted apps.
Complex exploits linked to state-style laundering strategies
The largest single exploit reported affected SBI Crypto, which suffered a breach that drained approximately $21 million in digital assets, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash. While SBI Crypto has not officially confirmed the breach’s origin, a joint investigation by ZachXBT and Cyvers identified patterns similar to those used by North Korean-linked hacker groups.
Attackers reportedly routed stolen funds through Tornado Cash, a crypto mixer previously sanctioned for facilitating laundering of thefts tied to state-backed activity. The laundering methods mirror activity associated with groups like the Lazarus Group, though the connection has not been definitively confirmed.
Web3 platforms targeted by rising honeypot token scams
Beyond phishing and direct exploits, the report found a sharp increase in honeypot tokens. These malicious smart contracts allow users to buy tokens but prevent them from selling or withdrawing funds. Honeypot tokens spiked 600% last month, with 2,189 identified tokens—far fewer than the nearly 40,000 recorded in June 2025, but still a significant uptick.
Most of these malicious contracts were found on Binance Smart Chain (1,780 tokens), followed by Ethereum (216) and Base (131). Honeypot contracts hide restrictions that block certain transactions, trapping investors’ funds in illiquid assets. Their growth underscores a shift toward embedded contract-level fraud that can evade basic security tools.
Tokens and social accounts compromised in broader exploit campaigns
The wider ecosystem also experienced losses from compromised social accounts and platforms. Official social media accounts for Astra Nova were hijacked, triggering a mass sell-off of the native RVV token and resulting in approximately $10.3 million in losses. Decentralized finance platform Garden Finance suffered a vulnerability that cost users roughly $10.8 million, according to ZachXBT.
These events illustrate a broadening attack surface that targets both user-facing interfaces and backend contract code. As attackers adopt automation, AI, and more sophisticated laundering techniques, Web3 projects and users must strengthen authentication, contract vetting, and transaction-approval awareness to reduce risk.