- SBI Crypto breached, losing $21 million in assets through an alleged laundering operation.
- A phishing scam targeting GMGN tricked 107 users into approving fraudulent transactions.
- Honeypot token scams surged 600% month-over-month, with more than 2,100 tokens detected.
Web3 has entered a new phase of cyber threats, with attackers increasingly leveraging artificial intelligence, automation tools, and sophisticated social engineering to exploit users across decentralized networks.
GoPlus Security reports that more than $45.84 million was lost in October alone due to a surge in scams, phishing attacks, token exploits, and wallet hacks.
The data reveals how scammers have evolved their tactics, creating high-impact exploits that have affected thousands of users and platforms across Ethereum, Binance Smart Chain, and Base.
Hackers use AI and automation to scale phishing campaigns
GoPlus observed a sharp increase in phishing attacks that resulted in losses exceeding $3.5 million.
Many of these scams are supported by “Phishing-as-a-Service” platforms, where threat actors use AI tools to quickly create fake websites and deploy large-scale campaigns at lower operational cost.
One of the largest phishing incidents targeted the GMGN trading platform.
In this case, 107 users were deceived by a fraudulent third-party website into approving malicious transactions, resulting in losses of more than $700,000.
Phishing schemes replicate legitimate wallet interactions, tricking victims into signing approval requests that give attackers control over their funds.
In another incident, a trader approved a malicious “increaseAllowance” transaction, causing a $325,000 loss involving Coinbase Wrapped Bitcoin.
Separately, another user lost $440,000 after signing a fraudulent “approve” transaction.
Both exploits underscore the rise of fake contract approvals, often enabled by deceptive interfaces that mimic trusted applications.
Advanced exploits tied to nation-style laundering tactics
The largest single exploit stemmed from SBI Crypto, which suffered a breach that drained $21 million in digital assets. The losses included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash.
Although SBI Crypto has not officially confirmed the breach’s origin, a joint investigation by ZachXBT and Cyvers identified patterns similar to those used by North Korean-linked hacking groups.
Attackers reportedly routed funds through Tornado Cash, a cryptocurrency mixer previously sanctioned for its role in laundering state-sponsored thefts.
This laundering method closely mirrors activity attributed to the Lazarus Group, though the report stresses that the connection remains unverified.
Web3 platforms targeted by honeypot tokens
Alongside phishing and exploits, the report found a dramatic spike in honeypot tokens.
Honeypot contracts are malicious smart contracts that allow users to buy tokens but prevent them from selling or withdrawing funds.
Honeypot tokens rose 600% last month, reaching 2,189 identified tokens—though this number remains well below the roughly 40,000 reported in June 2025.
Binance Smart Chain accounted for the majority of these tokens with 1,780, followed by 216 on Ethereum and 131 on Base.
These tokens are embedded with hidden restrictions that block transactions, leaving investors’ funds trapped in illiquid assets.
Their increase highlights a shift toward contract-level scams that can bypass basic security tools.
Tokens and social accounts compromised in broader exploit campaigns
The wider ecosystem also suffered losses from social media hijacks and platform-based attacks.
The official social account of Astra Nova was compromised, triggering a large-scale sell-off of its native token RVV and resulting in losses of roughly $10.3 million.
In a separate exploit, the decentralized finance platform Garden Finance suffered a vulnerability that cost users approximately $10.8 million, according to ZachXBT.
These incidents reflect an expanding attack surface across user-facing interfaces and backend contract code.