- SBI Crypto was hacked, losing $21 million in assets through an alleged laundering operation.
- A phishing scam targeting GMGN tricked 107 users into approving fake transactions.
- Honeypot token scams surged 600% month-over-month, with more than 2,100 tokens detected.
Web3 has entered a new phase of cyberthreats. Attackers are increasingly leveraging artificial intelligence, automation tools, and sophisticated social engineering to exploit users across decentralized networks.
According to GoPlus Security, more than $45.84 million was lost in October alone due to a wave of scams, phishing attacks, token exploits, and wallet hacks.
The data shows how fraudsters are evolving their techniques, producing high-impact exploits that affected thousands of users and platforms on Ethereum, Binance Smart Chain, and Base.
Hackers use AI and automation to scale phishing campaigns
GoPlus observed a sharp rise in phishing attacks that resulted in losses exceeding $3.5 million.
An increasing share of these scams are powered by phishing-as-a-service platforms, where threat actors use AI tools to quickly create fake websites and deploy large-scale campaigns at lower operational cost.
One of the largest phishing incidents involved the GMGN trading platform.
In that case, 107 users were deceived by a fake third-party website into approving malicious transactions, resulting in losses of more than $700,000.
The phishing scheme replicated legitimate wallet interactions, convincing victims to sign approval requests that granted attackers control over their funds.
In another incident, a trader approved a malicious “increaseAllowance” call, causing a loss of $325,000 in Coinbase Wrapped Bitcoin.
Separately, another user lost $440,000 after signing a fraudulent “permit” transaction.
Both exploits highlight the growing number of fake contract approvals, often enabled by deceptive interfaces that mimic trusted applications.
Sophisticated exploits tied to state-style laundering tactics
The largest exploit came from SBI Crypto, which suffered a breach that drained $21 million in digital assets. The losses included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash.
While SBI Crypto has not officially confirmed the source of the breach, a joint investigation by ZachXBT and Cyvers suggested patterns similar to those used by North Korean-linked hacker groups.
Attackers reportedly routed funds through Tornado Cash, a cryptocurrency mixer previously sanctioned for its role in laundering state-sponsored thefts.
This laundering method closely mirrors activity associated with the Lazarus group, though the report notes the connection is not verified.
Web3 platforms targeted by honeypot tokens
Beyond phishing and direct exploits, the report revealed a dramatic spike in honeypot tokens.
Honeypot tokens are malicious smart contracts that allow users to buy tokens but prevent selling or withdrawing funds.
Honeypot tokens jumped 600% last month, reaching 2,189 identified tokens, although that figure remains far below the roughly 40,000 recorded in June 2025.
Source: de sécurité GoPlus
Binance Smart Chain accounted for the bulk of these tokens with 1,780, followed by 216 on Ethereum and 131 on Base.
These tokens embed hidden restrictions that block transactions, locking investors’ funds in illiquid assets.
Their rise signals a shift toward contract-level fraud, which can bypass basic security tools.
Tokens and social platforms exploited in broader attacks
The wider ecosystem also suffered losses due to social media and platform breaches.
The official social account for Astra Nova was hacked, triggering a large sell-off of its native token RVV and causing approximately $10.3 million in losses.
In a separate exploit, decentralized finance platform Garden Finance was hit by a vulnerability that cost users about $10.8 million, according to ZachXBT.
These incidents reflect an expanding attack surface, impacting both user-facing interfaces and backend contract code.