In a dramatic twist of crypto justice, the hacker who successfully exploited Web3 social platform UXLINK for millions has become the victim of an even larger theft. Just days after compromising UXLINK’s smart contract, the attacker lost approximately 542 million UXLINK tokens—valued at over $50 million—to a sophisticated phishing scheme that security experts attribute to notorious draining-as-a-service provider Inferno Drainer. The incident highlights both the sophistication of modern crypto threats and the ironic vulnerability of even successful hackers to basic security traps.
about Crypto Hacker Loses $50M to Phishing After UXLINK ExploitYu Xian
0 posts last weekCrypto Whale Loses $6M in Permit Phishing Scheme
A crypto whale lost over $6 million in staked Ethereum and wrapped Bitcoin after falling victim to a sophisticated phishing scheme that exploited ‘Permit’ signatures, tricking the victim into authorizing fund transfers without paying gas fees. This incident, reported by blockchain security firm Scam Sniffer on September 18, highlights a growing threat where attackers drain assets through off-chain authorizations that show no obvious red flags until funds vanish, underscoring urgent security concerns in the crypto space.
about Crypto Whale Loses $6M in Permit Phishing Scheme$3M Crypto Phishing Attack Targets Multi-Sig Wallet
An unidentified crypto investor lost $3.047 million in USDC through a highly coordinated phishing attack on September 11. The breach targeted a 2-of-4 Safe multi-signature wallet, where the victim approved transfers to an address that closely resembled their intended recipient. The attacker had deployed a fake but Etherscan-verified contract nearly two weeks prior, programming it with legitimate-looking ‘batch payment’ functions. The exploit leveraged the Safe Multi Send mechanism, making the malicious approval difficult to detect as it wasn’t a standard transaction. Request Finance confirmed the attack involved a counterfeit version of its Batch Payment contract, affecting one customer, with the vulnerability now patched. Security firm Scam Sniffer warned that such sophisticated methods—using verified contracts and near-identical addresses—show attackers are refining techniques to bypass user scrutiny, with potential vectors including app vulnerabilities, malware, and DNS hijacking.
about $3M Crypto Phishing Attack Targets Multi-Sig WalletVenus Protocol Paused After $27M Phishing Attack
On September 2, Venus Protocol paused operations after a targeted phishing attack resulted in the loss of nearly $27 million from a single user’s wallet. Security firm Cyvers identified the suspicious transaction involving multiple assets including vUSDT, vUSDC, and BTCB. Experts confirmed the Venus protocol itself remained uncompromised, with the attack instead exploiting malicious transaction approvals granted by the victim. The attacker used sophisticated methods including potential computer poisoning and complex funding routes through Monero exchanges. While initial reports indicated $27 million in losses, subsequent investigations suggest the actual figure may be closer to $20 million as coordination continues with the affected large holder.
about Venus Protocol Paused After $27M Phishing AttackAlby Wallet Faces Backlash Over Bitcoin Inactivity Fees
Alby, a Bitcoin Lightning Network wallet, is facing criticism after users reported unauthorized withdrawals labeled as ‘inactivity fees.’ The controversy escalated when Yu Xian, co-founder of SlowMist, revealed nearly $192 was deducted from his account without direct approval. Alby had updated its Terms of Service weeks earlier, introducing fees for inactive accounts, but many users claim they missed the email warnings. Other users reported losses exceeding $5,400, fueling concerns over custodial risks. While Alby’s founder clarified the wallet is transitioning to self-custody and assured funds are safe, critics argue the deductions resemble embezzlement. The incident raises broader questions about transparency and user consent in crypto wallets.
about Alby Wallet Faces Backlash Over Bitcoin Inactivity FeesCrypto Scammers Pose as Security Firms to Steal Funds
Cybercriminals are adopting sophisticated tactics by posing as blockchain security companies to steal crypto assets and implicate victims, complicating recovery efforts. In May 2025 alone, over $244 million was stolen, with total losses exceeding $2 billion year-to-date. Fraudulent accounts mimic trusted services like Revoke and impersonate experts such as ZachXBT, using fake signature-checking tools to deceive users. SlowMist founder Yu Xian warns that scammers also plant false evidence to frame victims, hindering law enforcement. Victims are advised to stay calm, avoid trusting unsolicited help, and share wallet addresses (masked if needed) to verify ownership during investigations.
about Crypto Scammers Pose as Security Firms to Steal FundsCurve Finance Shifts to New Domain Post DNS Attack
Curve Finance announced a permanent move to Curve.finance following a DNS attack that redirected users to a phishing site. The protocol criticized its .fi domain registrar for slow response times, leaving the malicious site active for hours. This marks Curve’s second DNS hijacking incident since 2022, with attackers increasingly targeting infrastructure over code exploits. Separately, Curve’s X account was briefly compromised earlier in May, though no funds were lost. The crypto industry has suffered $2 billion in losses this year due to similar attacks on exchanges and DeFi protocols.
about Curve Finance Shifts to New Domain Post DNS AttackKiloEx Recovers $7.5M Stolen Funds, Awards 10% Bounty
KiloEx, a decentralized exchange, announced the full recovery of $7.5 million stolen in a security breach traced to a price oracle vulnerability. The attacker, funded via Tornado Cash, manipulated prices across multiple blockchains. KiloEx honored its pledge to award a 10% bounty to the hacker, classifying them as a white hat and avoiding legal action. The exchange framed the resolution as a step toward stronger collaboration with ethical hackers. Industry experts noted the rarity of such outcomes, with SlowMist’s founder highlighting the challenges of negotiation in bounty scenarios. The incident underscores the growing role of ethical hacking in DeFi security.
about KiloEx Recovers $7.5M Stolen Funds, Awards 10% BountyBybit Hack Linked to Safe Developer Machine Vulnerability and Security Concerns
A recent $1.4 billion hack of Bybit was linked to a vulnerability in a Safe developer machine, allowing attackers to manipulate transactions through a compromised AWS S3 bucket. Experts warn that users of Safe’s multi-signature services are at risk, highlighting the need for improved security measures and verification processes in the industry. Safe has since rebuilt its infrastructure and is leading an initiative to enhance transaction verifiability.
about Bybit Hack Linked to Safe Developer Machine Vulnerability and Security ConcernsKanye West Rejects Two Million Dollar Crypto Scam Offer
Kanye West revealed he was approached with a $2 million scam offer involving a fake cryptocurrency promotion, which he rejected to avoid misleading his audience. The proposal included an upfront payment of $750,000 and a promise of $1.25 million after promoting the token, with scammers aiming to steal millions from the public. West, whose net worth is $2.77 billion, emphasized his commitment to integrity in the crypto space.
about Kanye West Rejects Two Million Dollar Crypto Scam Offer