Avoid your next
big mistake

Machine Hallucinations is a series of AI-generated NFT artworks created by Turkish-American media artist Refik Anadol, deployed on the Ethereum blockchain beginning in 2021. The project has generated over $30 million in total NFT sales across multiple collections auctioned through Sotheby's, Christie's, and secondary markets including OpenSea. The project is notable for its institutional legitimacy — MoMA acquired the related 'Unsupervised' work as its first NFT in its permanent collection — but has attracted criticism regarding conflicts of interest between museum endorsement and commercial NFT promotion.

Light Protocol is a Solana-native ZK compression infrastructure layer developed by Luminous Labs Lda, a Portugal-based company co-founded in 2021 by Swen Schäferjohann. The protocol reduces on-chain state storage costs by up to 99% using zero-knowledge proofs and has undergone multiple independent security audits including formal circuit verification. No fraud allegations, regulatory actions, or fund-loss incidents have been identified; primary risk signals are inherent ZK/smart-contract complexity, partially unaudited SDK tooling, and infrastructure scaling concerns raised by Solana node operators.

Jupiter Perps is a perpetual-futures decentralized exchange (DEX) built on Solana, operated by Jupiter Exchange, offering up to 250x leveraged trading on SOL, ETH, and wBTC against a shared liquidity pool called JLP (Jupiter Liquidity Pool). The protocol has grown to become the dominant perps venue on Solana with a JLP TVL that surpassed $2 billion in September 2025 and over $100 billion in cumulative trading volume as of 2024. The platform has undergone multiple independent smart contract audits with no critical exploits against its own contracts reported, though JLP token holdings in third-party vaults were implicated as stolen assets in the April 2026 Drift Protocol breach.

Claynosaurz is a Solana-native NFT collection and web3 animation studio launched in November 2022, comprising 10,222 animated 3D dinosaur characters. Founded by Montreal-based animation professionals with verifiable film industry credits, the project has delivered multiple product milestones including physical merchandise, a Solana Phone exclusive NFT drop, cross-chain expansion to Sui, and a forthcoming Gameloft mobile game. No fraud, rug pull, or regulatory actions have been identified; the primary risk factors relate to NFT market depreciation, complex multi-token ecosystem mechanics, and the inherent execution risk of an early-stage gaming and entertainment IP.

Kaspa is a proof-of-work cryptocurrency launched in November 2021 that implements the GHOSTDAG blockDAG protocol, developed from academic research by Yonatan Sompolinsky at the Hebrew University of Jerusalem. The project claims a fair launch with no premine, no ICO, and no venture capital allocation to insiders, though pre-launch R&D was funded by Polychain Capital through the now-dissolved DAGLabs entity. Kaspa has a credible technical foundation and transparent governance, but faces centralization concerns from institutional ASIC miners and carries unresolved questions about the erasure of early transaction history following a genesis reset in November 2021.

Ethereum (ETH) is the second-largest cryptocurrency by market capitalization (~$278 billion as of May 2026) and the leading smart-contract platform, hosting the majority of decentralized finance (DeFi) and NFT activity. The protocol has a documented history of governance controversy stemming from the 2016 DAO hack hard fork, ongoing centralization concerns around liquid staking and MEV infrastructure, and persistent smart-contract and phishing-based fraud targeting end users, though Ethereum itself has not been the subject of any regulatory enforcement action and its spot ETFs have received SEC approval.

The Solana address FQ1tyso61AH1tzodyJfSwmzsD3GToybbRNoZxUBz21p8 is the token mint for Dasha (ticker: VVAIFU), the native token of vvaifu.fun — a no-code AI agent launchpad on Solana launched via Pump.fun on October 19, 2024. The token reached an all-time high of approximately $0.21 in November 2024, driven by speculative hype around the AI agent narrative, but has since collapsed approximately 99.9% to under $0.0003 as of mid-2026. The team behind vvaifu.fun operates pseudonymously, no formal audits have been disclosed, and CoinMarketCap lists a CertiK security score of 3.5 out of 10.

Bitstamp is a Luxembourg-headquartered cryptocurrency exchange founded in 2011 by Nejc Kodric and Damijan Merlak, widely regarded as the world's longest-running active crypto exchange. It was acquired by Robinhood Markets for approximately $200 million in June 2025 and holds over 50 active licenses and registrations globally, including an EU MiCA CASP license and a MiFID MTF license. The exchange has maintained a strong regulatory compliance posture for most of its history, though it suffered a significant $5.3 million hack in 2015 and a 2025 French court found it civilly liable for a period of unregistered operation in France.

Juicebox is an Ethereum-based programmable treasury and crowdfunding protocol first launched in July 2021 by a pseudonymous developer known as Jango, enabling projects to raise ETH, issue contributor tokens, and manage on-chain treasuries without intermediaries. V3 is the third major iteration of the core contracts, deployed in September 2022, and subsequently patched through versions 3.1, 3.1.1, and 3.1.2 to address a series of high-severity and critical accounting vulnerabilities. A protocol logic exploit in April 2026 resulted in an alleged $52,000 loss via a borrowFrom spoof attack, and the platform's permissionless architecture has enabled misuse by bad actors operating fraudulent fundraising projects.

Rocket Pool is a decentralized, non-custodial Ethereum liquid staking protocol founded in 2016 by David Rugendyke and launched on mainnet in November 2021. It issues two tokens: rETH (a liquid staking derivative) and RPL (a governance and collateral token). As of mid-2026, the protocol holds approximately $924 million in total value locked, making it the second-largest decentralized Ethereum staking provider by TVL, behind Lido Finance.

The Alephium TokenBridge is a Wormhole-fork cross-chain bridge linking the Alephium blockchain to Ethereum and BNB Chain. On May 30, 2026, the bridge was exploited for approximately $815,000 in locked assets, and 13.76 million unbacked wrapped ALPH tokens were minted on Ethereum; the attack completed in roughly seven minutes. Alephium has taken the bridge offline, pledged user compensation, and executed a partial governance burn of fraudulently minted tokens, but the underlying root cause — described by the team as an off-chain backend vulnerability — remains disputed against earlier reports of direct guardian key compromise.

TesseraDAO is a BNB Chain project whose native token TSR was exploited on June 1, 2026, when an attacker used a stolen or insider-held admin private key to mint 99 million TSR tokens and immediately sell them, draining approximately $2.4–2.5 million from liquidity pools and collapsing the token price by 99%. Stolen proceeds were bridged to Ethereum and laundered through Tornado Cash. The project's team has issued no public statement and no recovery plan has been announced.

edgeX Exchange is a StarkEx-powered perpetual futures DEX incubated by Amber Group, which launched its EDGE token on March 31, 2026. On June 1, 2026, the EDGE token collapsed approximately 70–77% within hours, erasing over $220 million in market capitalization and triggering roughly $2.81 million in liquidations. The team attributed the crash to deliberate external market manipulation, while on-chain investigator ZachXBT publicly alleged insider supply control and demanded disclosure of market-maker agreements — allegations that remain publicly unanswered as of June 3, 2026.

Gnosis Pay is a self-custodial Visa debit card platform launched in 2023 that allows users to spend stablecoins such as EURe directly from Safe smart-contract wallets at over 80 million merchants globally. On June 1, 2026, an active exploit was discovered targeting a vulnerability in the Zodiac Delay Modifier v1.1.0 and Roles Modifier v2 modules used by Gnosis Pay, allowing attackers to bypass the platform's built-in three-minute transaction delay protection and drain funds from affected Safe wallets. Gnosis co-founder Martin Köppelmann committed to covering all user losses, and a phased service restoration with new card-linked Safe accounts was announced for affected users as of June 2, 2026.

Alexander Mashinsky is the founder and former CEO of Celsius Network, a cryptocurrency lending platform that collapsed in July 2022 after freezing approximately $4.7 billion in customer assets. In December 2024, Mashinsky pleaded guilty to commodities fraud and a scheme to manipulate the price of Celsius's CEL token; he was sentenced to 12 years in federal prison in May 2025. Regulatory actions were brought by the DOJ, SEC, CFTC, and FTC.

Amazon is a major e-commerce and technology company that has faced significant regulatory challenges and consumer protection issues. While not itself a scam, Amazon's scale has made it a frequent target for impersonation scams and has led to multiple regulatory actions including a $2.5 billion FTC settlement for deceptive Prime subscription practices.

Grass is a Solana-based decentralized physical infrastructure network (DePIN) developed by Wynd Labs that pays users GRASS tokens in exchange for contributing unused internet bandwidth, which is then sold to AI companies and research institutions for large-scale public web scraping. The project launched in June 2023, completed a $3.5M seed round and a subsequent $10M bridge round backed by Polychain Capital and Tribe Capital, and executed its first major token airdrop in October 2024. While the project reports meaningful revenue growth and legitimate enterprise customers, it operates in a legally grey area involving residential proxy networks, carries unanswered questions about code transparency, and its token has declined approximately 94% from its all-time high amid sustained unlock pressure.

Forsage was a smart-contract-based pyramid and Ponzi scheme launched in January 2020 that raised approximately $340 million from investors worldwide across the Ethereum, Tron, and Binance Smart Chain networks. Four founders — including Ukrainian national Olena Oblamska (known online as 'Lola Ferrari') and Russian national Vladimir Okhotnikov (known as 'Lado') — were indicted by the U.S. DOJ in February 2023 on conspiracy to commit wire fraud charges. As of May 2026, Oblamska has been extradited from Thailand and has pleaded not guilty, with a jury trial scheduled for July 14, 2026; the remaining three co-founders are believed to be at large.

SIGMA is a multi-chain Telegram trading bot operating at sigma.win that supports Ethereum, BSC, Base, Solana, Avalanche, and other networks. On May 11, 2026, a crypto trader known as Unihax0r suffered a private key compromise draining over $200,000 across Ethereum, Base, and BSC, with both affected wallets traceable exclusively to SIGMA's wallet generation infrastructure. SIGMA has published no post-mortem, security advisory, or public statement in response to the incident as of late May 2026.

Africrypt was a South African cryptocurrency investment platform founded in 2019 by brothers Raees and Ameer Cajee. In April 2021, the platform abruptly shut down following an alleged hack, after which the founders fled South Africa with investor funds. The case became one of the most prominent alleged cryptocurrency exit scams in African history, though the exact amount lost remains disputed.

Mad Lads is a Solana-based NFT collection launched in April 2023 by Coral, the development company behind Backpack wallet. Created by former Alameda Research and FTX employees Armani Ferrante and Tristan Yver, the project gained significant attention for its innovative mint process that used honeypot tactics to deter bots and for being the first major xNFT collection.

0G Labs (Zero Gravity Labs) is a Web3 AI infrastructure company building a modular, AI-first layer-1 blockchain and decentralized AI operating system, having raised $325 million across multiple funding rounds since March 2024. The project has faced a protocol-level smart contract exploit in December 2025 ($516K lost), a separate compromise of its official social media account in October 2025, and significant community criticism over alleged funding misrepresentation, undisclosed insider token allocations, and concerns that two co-founders departing from Conflux Network constituted a reputational 'soft rug' of that project. No regulatory actions have been identified as of May 2026.

Aave is a decentralized, non-custodial liquidity protocol built on Ethereum and multiple other blockchains, enabling users to supply assets to earn interest or borrow against overcollateralized positions. Founded in 2017 as ETHLend by Finnish lawyer Stani Kulechov, it rebranded to Aave in 2020 and grew into the largest DeFi lending platform by total value locked, reporting over $40 billion in net deposits as of early 2025. The protocol has faced notable security incidents, a multi-year SEC investigation that closed without enforcement in December 2025, ongoing governance tensions between token holders and Aave Labs, and significant indirect exposure to a $292 million exploit in April 2026 attributed to North Korea's Lazarus Group.

Amazon Web Services is a leading cloud computing platform that controls 38% of the cloud infrastructure market. While generally reliable and secure, AWS has experienced multiple significant outages and faces ongoing privacy lawsuits, though no major regulatory sanctions have been identified in recent searches.

Tesla, Inc. is a publicly traded electric vehicle and clean energy company led by CEO Elon Musk. While the company has achieved significant market success and technological advances, it faces ongoing regulatory scrutiny regarding securities disclosures, workplace safety allegations, and autonomous driving claims.

StablR is a Malta-based, MiCA-regulated stablecoin issuer holding an Electronic Money Institution license from the Malta Financial Services Authority (MFSA), backed by strategic investors including Tether and Kraken. On May 24, 2026, an attacker compromised a single private key on the issuer's 1-of-3 minting multisig, gaining full administrative control and minting approximately 8.35 million USDR and 4.5 million EURR (~$13.5 million face value in unbacked tokens). The attacker extracted an estimated $2.8 million net profit after selling into thin DEX liquidity, causing both stablecoins to depeg by more than 20%; StablR subsequently froze minting and redemption, acknowledged the breach caused a MiCA-mandated 1:1 reserve shortfall, and engaged law enforcement and external cybersecurity firms.

USD Coin (USDC) is a fiat-backed stablecoin issued by Circle Internet Group, pegged 1:1 to the US dollar and backed by cash and short-dated US Treasury instruments held in a regulated money market fund. First launched in September 2018 via the Centre Consortium (a joint venture with Coinbase), USDC is among the largest and most regulated stablecoins globally, with approximately $75.8 billion in circulation as of May 2026. The stablecoin has maintained a generally stable peg but experienced a significant temporary depeg to $0.87 in March 2023 following Circle's disclosure of $3.3 billion in deposits held at the failed Silicon Valley Bank.

Revert Lend is a decentralized lending protocol built by Revert Finance that allows Uniswap v3 liquidity providers to use their LP positions as collateral to borrow ERC-20 tokens. The protocol has experienced two confirmed security incidents: a 2023 exploit of the V3Utils contract resulting in approximately $30,000 in losses, and a January 2026 protocol logic exploit on Base chain resulting in approximately $50,000 in losses. The protocol has undergone multiple audits but the recurrence of exploits raises questions about smart contract security practices.

Álvaro Romillo Castillo, a Spanish cryptocurrency influencer operating publicly as 'CryptoSpain,' was arrested on November 6, 2025, by Spain's Civil Guard under Operation PONEI on charges of large-scale fraud, money laundering, and criminal organization in connection with the Madeira Invest Club (MIC), an alleged Ponzi scheme that authorities say defrauded over 3,000 investors of approximately €260 million (roughly $300 million USD) between early 2023 and September 2024. A Spanish National Court judge ordered Romillo held without bail citing flight risk, and the case has acquired a political dimension following revelations of an alleged undisclosed €100,000 cash transfer from Romillo to far-right MEP Luis 'Alvise' Pérez Fernández days before the June 2024 European elections. Romillo faces up to 18 years in prison if charges are classified as mass offenses.

Goliath Ventures (formerly Gen-Z Venture Firm) was an Orlando, Florida-based cryptocurrency investment company whose CEO, Christopher Alexander Delgado, was arrested on February 24, 2026 on federal wire fraud and money laundering charges. Federal prosecutors allege the firm operated as a Ponzi scheme from January 2023 through January 2026, raising at least $328 million from approximately 1,500 to 2,000 investors under false promises of 3–8% monthly returns from cryptocurrency liquidity pools, while actually placing only approximately $1.5 million into any crypto platform. The company filed for Chapter 11 bankruptcy on March 16, 2026, and subsequent civil litigation has named JPMorgan Chase, Bank of America, Coinbase, and the law firm Alston & Bird as alleged enablers.

Lucifer Drainer is a criminal drainer-as-a-service (DaaS) platform that industrializes cryptocurrency wallet theft through a structured affiliate model. Active since at least early 2025, it operates by providing affiliates with phishing kits, automated site-cloning tools, and commission-split infrastructure (operators retain 20% per successful drain) while affiliates supply phishing traffic. Despite Telegram bot bans in August 2025 and documentation domain suspension in November 2025, the operation migrated to IPFS and remained active as of May 2026, making it one of the most operationally resilient drainer platforms in the current threat landscape.

Base is an Ethereum Layer-2 optimistic rollup incubated and operated by Coinbase, built on the OP Stack and launched on mainnet on August 9, 2023. As of mid-2026 it is the largest Layer-2 by DeFi TVL, holding approximately $4.6 billion locked and processing millions of daily transactions. It carries legitimate structural risks — most notably a single Coinbase-operated sequencer and Coinbase's regulatory exposure as operator — that are partially offset by the April 2025 move to Stage 1 decentralization and the May 2026 Azul upgrade introducing a multiproof system.

Celestia is a modular blockchain network that provides a dedicated data availability (DA) and consensus layer for rollups and application-specific chains, using data availability sampling to allow light nodes to verify block data without downloading full blocks. Developed by Celestia Labs and launched on mainnet on October 31, 2023, the project raised $155 million from prominent venture capital firms including Bain Capital Crypto and Polychain Capital. The project has faced significant controversy over its tokenomics, alleged insider token selling, and a 95%+ decline in the TIA token from its June 2024 all-time high of approximately $20.91.

A fraudulent cryptocurrency presale operation, discovered by Malwarebytes on February 18, 2026, that deployed a custom AI chatbot impersonating Google's Gemini assistant to sell a non-existent token called 'Google Coin.' The site mimicked Google's visual identity, displayed fabricated endorsements from OpenAI, Binance, Coinbase, Squarespace, and SpaceX, and promised investors 7x returns through irreversible cryptocurrency payments. Google (Alphabet Inc.) has never issued a cryptocurrency; this operation was entirely fabricated and constitutes an AI-automated impersonation fraud with no legitimate entity behind it.

Lido Finance is the largest Ethereum liquid-staking protocol, launched in December 2020, enabling users to stake ETH and receive the liquid derivative token stETH without meeting the standard 32 ETH validator minimum. Governed by the Lido DAO via the LDO token, the protocol held approximately 24% of all staked ETH and roughly $19 billion in TVL as of early 2026. Lido carries no fraud or exit-scam history, but poses well-documented systemic centralization risk to Ethereum consensus, governance-concentration concerns among LDO token holders, and faces an active US federal securities lawsuit alleging that LDO is an unregistered security.

Veil Cash is a zero-knowledge privacy protocol deployed on Coinbase's Base L2 network, enabling anonymous ETH and USDC transfers via zk-SNARK proofs and a UTXO model. In February 2026 the protocol's legacy pools were exploited due to an incomplete Groth16 trusted-setup ceremony, resulting in 2.9 ETH being drained before funds were returned by the exploiter. The incident attracted industry attention because the same misconfiguration pattern was subsequently replicated in a larger $2.26 million exploit of FoomCash, raising broader questions about cryptographic setup hygiene across ZK DeFi protocols.

The SpaceX brand has been systematically exploited by unaffiliated third-party scammers to promote fraudulent cryptocurrency schemes since at least 2020. SpaceX (the aerospace company founded by Elon Musk) has no official cryptocurrency, token, or digital asset. Documented fraud typologies include fake token presales with rug pulls on Uniswap, fake crypto giveaway and doubling scams, AI deepfake livestreams on YouTube and social media, and wallet-draining airdrop phishing sites — collectively responsible for tens of millions of dollars in documented victim losses.

Aethir is a Singapore-based decentralized GPU cloud computing protocol operating as a Decentralized Physical Infrastructure Network (DePIN), founded in 2021 by Mark Rydon and Daniel Wang. The project raised approximately $109M across funding rounds and a $100M+ checker node sale, launched its ATH token in June 2024, and claims $147M+ ARR from enterprise AI and gaming clients. Risk factors include a 95% token price decline from its all-time high, a redirected Season 3 community airdrop, a cross-chain bridge exploit in April 2026 resulting in up to $400K in losses, heavy insider token allocation, and a ZachXBT flag whose specific basis has not been publicly detailed.

Crossmint is a New York-based web3 infrastructure company founded in 2022 by Alfonso Gómez-Jordana Mañas and Rodrigo Fernández Touza. It provides APIs and no-code tools for embedded wallets, NFT minting, stablecoin orchestration, and AI-agent payments, reporting over 40,000 enterprise and developer customers. The company raised $23.6 million in March 2025 led by Ribbit Capital, holds SOC 2 Type II certification, a VASP license, and received MiCA authorization in Spain in December 2025.

Thodex was a Turkish cryptocurrency exchange founded in 2017 (originally as Koineks) by Faruk Fatih Özer that collapsed in April 2021 when the platform abruptly halted trading and its founder fled to Albania, leaving approximately 391,000 users unable to access funds estimated at $2 billion to $2.6 billion. Özer was arrested in Albania in August 2022, extradited to Turkey in April 2023, convicted in September 2023 and sentenced to 11,196 years in prison alongside his two siblings, and died in a Turkish high-security prison on November 1, 2025, in circumstances that prompted a formal investigation.

BonkBot is a Solana-focused Telegram trading bot launched in 2023, affiliated with the BONK memecoin community but operated as a legally separate entity. It has grown to become one of the largest Telegram-based trading bots by volume, reporting over $14 billion in lifetime trades and more than 500,000 total users, with all 1% trading fees directed toward purchasing and burning BONK tokens. The platform operated in a custodial manner for most of its history before announcing a non-custodial key management system upgrade in October 2024; a March 2024 incident in which 302 users lost approximately $523,000 in SOL highlighted custody risks common to this class of product, though BonkBot attributed the losses to a compromise at a rival bot (Solareum) rather than its own infrastructure.

PGI Global (Praetorian Group International) was a fraudulent cryptocurrency and foreign exchange investment platform operated by Ramil Ventura Palafox from December 2019 through October 2021. The scheme raised over $201 million from more than 90,000 investors worldwide by promising daily returns of 0.5% to 3% through purported Bitcoin and forex trading, while in reality operating as a Ponzi scheme. Palafox pleaded guilty in September 2025 to federal wire fraud and money laundering charges and was sentenced in February 2026 to 20 years in prison. He did not immediately begin serving the sentence: according to the FBI, on April 6, 2026 Palafox removed his court-ordered GPS monitor and fled rather than report to prison, but was recaptured in Los Angeles approximately nine days later, on or about April 15, 2026, and was ordered detained pending transfer to federal prison. The SEC filed parallel civil charges in April 2025 over an alleged $198 million fraud.

Geoffrey Woo is an American entrepreneur and venture capitalist who co-founded Anti Fund with Jake Paul in 2021 and serves as chairman of Ketone-IQ. In February 2026, Woo launched an AI-themed memecoin called AntiHunter (ANTIHUNTER) on the Base blockchain and publicly claimed it carried '0% rug pull risk' because he was already wealthy. On-chain investigator ZachXBT challenged the claim, citing the Paul brothers' documented history of five failed crypto projects — all down 99%+ from peak — and identifying three alleged token sales by Woo's wallet that appeared to contradict his stated promise to pre-announce any insider transactions. As of June 2026, ANTIHUNTER trades approximately 99%+ below its February 2026 all-time high, consistent with ZachXBT's expectations.

On September 1, 2025, blockchain investigator ZachXBT published a leaked spreadsheet documenting over 200 crypto influencers (key opinion leaders, or KOLs) approached to promote a token campaign, with more than 160 confirmed to have accepted payments ranging from $50 to $60,000 per post via the Solana network. Of those 160+, fewer than five disclosed the promotional posts as paid advertisements — a compliance rate under 3% — in apparent violation of U.S. Federal Trade Commission Endorsement Guides and, where promoted assets qualify as securities, Section 17(b) of the Securities Act of 1933. The sponsoring project was later identified as AI memecoin platform Memenetic, which publicly acknowledged the payments.

Clipper is a decentralized exchange (DEX) built by Shipyard Software and governed by AdmiralDAO, designed to offer retail traders the lowest per-transaction costs on trades under $10,000 using a novel Formula Market Maker (FMM) mechanism. On December 1, 2024, a protocol logic exploit drained approximately $457,878 from its Optimism and Base liquidity pools by manipulating a single-asset deposit and withdrawal function; the attacker voluntarily returned 104 ETH in January 2025. While the protocol has legitimate venture backing and a documented technical architecture, the exploit revealed a gap between audited and deployed code, and the protocol has been flagged by on-chain investigator ZachXBT.

Dogecoin (DOGE) is a cryptocurrency created in December 2013 by Billy Markus and Jackson Palmer as a deliberate parody of Bitcoin. It has grown to a top-10 cryptocurrency by market cap (~$17B). While the protocol itself has no documented exploits, Dogecoin carries risks from Elon Musk's outsized price influence (an $258B class action was filed and dismissed), significant whale concentration (149 wallets hold ~108.5B DOGE), and documented illicit use including PlusToken seizures and darknet market acceptance.

Railgun is a zero-knowledge (ZK) privacy protocol deployed on Ethereum and multiple EVM-compatible chains that allows users to interact with DeFi applications privately. The protocol gained significant notoriety in January 2023 when the FBI alleged that North Korea's Lazarus Group used it to launder over $60 million stolen from the Harmony Horizon Bridge, though Railgun disputed these claims. The project distinguishes itself from sanctioned mixer Tornado Cash through a compliance feature called Private Proofs of Innocence, has received public endorsements from Ethereum co-founder Vitalik Buterin, and has accumulated over $4 billion in total transaction volume as of 2025.

Terraform Labs Pte. Ltd. was a Singapore-based blockchain company founded in 2018 by Do Kwon and Daniel Shin, best known for developing the Terra blockchain, the algorithmic stablecoin TerraUSD (UST), and the associated LUNA cryptocurrency. In May 2022, UST lost its dollar peg, triggering a collapse that wiped out approximately $40–45 billion in market capitalization within days. Following SEC civil fraud proceedings, a unanimous jury verdict in April 2024, and a $4.47 billion settlement, the company filed for Chapter 11 bankruptcy in January 2024 and received court approval to wind down operations in September 2024. Co-founder Do Kwon was sentenced to 15 years in federal prison in December 2025.

Michele Spagnuolo, 36, a Staff Information Security Engineer at Google Zürich known online as 'AlphaRaccoon,' was arrested in New York on May 27, 2026, and charged by federal prosecutors with commodities fraud, wire fraud, and money laundering. He is alleged to have accessed nonpublic internal Google search-trend data to place highly accurate prediction-market bets on Polymarket, generating approximately $1.2 million in profits on roughly $2.75 million wagered. The charges, filed simultaneously by the U.S. Attorney's Office for the Southern District of New York (SDNY) and the Commodity Futures Trading Commission (CFTC), represent the second high-profile federal insider-trading prosecution arising from Polymarket activity in 2026. All allegations are unproven; Spagnuolo has not entered a plea.

Kamino Finance is a Solana-based DeFi protocol that combines automated concentrated-liquidity vaults, a lending and borrowing market (K-Lend), and leveraged yield strategies. Launched in August 2022 as a spin-off from Hubble Protocol, it has grown to become the largest DeFi protocol by total value locked on Solana, with multi-billion-dollar deposits as of 2026. The protocol has maintained a zero-bad-debt record since launch, completed more than ten independent security audits, and operates a $1.5 million bug bounty program, though centralization risks around upgrade authority keys and token distribution remain publicly documented concerns.

bandcampro is a Russian-speaking threat actor who operated an 8-month AI-assisted crypto theft and influence campaign (September 2025–May 2026) via the Telegram channel @americanpatriotus, which had accumulated roughly 17,000 subscribers over a five-year run beginning February 2021. The actor distributed a trojanized self-custody wallet called StellarMonster that deployed the GoToResolve remote access tool, enabling seed phrase harvesting and full wallet compromise. A jailbroken Google Gemini instance and 73 stolen API keys automated content generation, credential attacks, and infrastructure management. The campaign was publicly exposed by Trend Micro researchers on or around May 22, 2026.

Polkadot (DOT) is a multi-chain protocol founded by Gavin Wood, ranked #41 by market cap (~$2.3B). The project faces significant headwinds: a $133M treasury overspending crisis (projected 2-year depletion), the 2017 Parity wallet freeze that locked ~$98M of ICO proceeds, an April 2026 Hyperbridge exploit minting $1B in fake bridged DOT (losses ~$2.5M), and steep ecosystem decline with active parachains dropping from 200+ to ~30. No SEC enforcement actions exist, and ETF applications are under review.

DeepSnitch AI is an Ethereum-based utility token project marketed as an AI-powered crypto scam-detection platform, operated by SignalPlex Lab Ltd., a company incorporated in the British Virgin Islands with no publicly disclosed team members. The project raised an alleged $2.87M in a multi-stage presale (figures across sources range from $2.2M to $2.87M and cannot be independently verified from a primary financial source) before listing on Uniswap on March 31, 2026, after which the token price collapsed approximately 99% within days, accompanied by widespread reports of presale buyers unable to claim tokens, a honeypot flag from security scanner Blockaid, and extended team silence. The team subsequently attributed the Blockaid flag to contract anti-dump mechanics misread as a honeypot, launched a V1 platform on April 10, 2026, and the contract flag was reportedly cleared; however, trading volume subsequently went dormant and no Tier 1 or Tier 2 source has independently verified any key claim.

In February 2026, Malwarebytes researcher Stefan Dasic documented a live fraudulent cryptocurrency presale site promoting a non-existent token called 'Google Coin.' The operation deployed a custom AI chatbot impersonating Google's Gemini assistant — using its sparkle icon, green 'Online' indicator, and name — to deliver scripted investment pitches, fabricated institutional endorsements from OpenAI, Binance, Coinbase, Squarespace, and SpaceX, and personalized return projections (e.g. $395 presale investment projected to become $2,755 at listing). Victims were directed to send irreversible cryptocurrency payments to six wallets spanning Bitcoin, Ethereum, Solana, TRON, and XRP Ledger. Google has never issued a cryptocurrency; the token, the chatbot persona, and all associated endorsements were entirely fabricated.

Orca is a concentrated-liquidity automated market maker (AMM) and decentralized exchange built on the Solana blockchain, launched in February 2021 by co-founders Grace "Ori" Kwan and Yutaro Mori. Its core product, Whirlpools, is an open-source CLMM protocol with six independent security audits, a verifiable on-chain build, and no confirmed exploits since inception. The protocol operates via a DAO governed by the ORCA token and has expanded to Eclipse mainnet; the primary documented risk factors are residual upgrade-authority centralization, the legacy Three Arrows Capital investor relationship (now defunct), and a 2023 decision to geo-block U.S. users from the web interface without a public regulatory explanation.

Elijah Armstrong (21), Nino Chindavanh (21), and Jayden Rucker (25), all from the Nashville, Tennessee area, were federally indicted on March 31, 2026 in the Northern District of California for a violent cryptocurrency robbery and kidnapping spree carried out across the San Francisco Bay Area and Los Angeles between November 22 and December 31, 2025. The three men allegedly posed as delivery workers to gain entry into victims' homes, then used firearms, duct tape, and zip ties to restrain and assault victims before forcing cryptocurrency transfers; in at least one documented incident, $6.5 million in digital assets was transferred at gunpoint. All three defendants remain in federal custody without bond.

LeadBlock's Morpho Blue Market refers to a permissionless lending market and associated MetaMorpho vault curated by LeadBlock Partners on the Morpho Blue protocol. On October 13, 2024, an oracle misconfiguration in the LeadBlock-curated PAXG/USDC market enabled an opportunistic user to borrow approximately $230,000 in USDC against only $350 of PAXG collateral, exploiting an overvalued asset price of $2.6 trillion per unit of gold. The incident was attributed to an incorrectly configured SCALE_FACTOR by LeadBlock's oracle provider and raised questions about the adequacy of pre-launch testing and risk curation practices.

BitClout was a blockchain-based social media platform launched in March 2021 by Nader Al-Naji, operating under the pseudonym 'Diamondhands', which later rebranded to the DeSo (Decentralized Social) blockchain. In July 2024, the SEC and DOJ charged Al-Naji with raising approximately $257 million through alleged unregistered securities sales and fraud, while allegedly concealing his identity and misusing at least $7 million of investor funds for personal expenses including a Beverly Hills mansion and cash gifts to family members. Both the DOJ criminal case (dismissed without prejudice, February 2025) and the SEC civil case (dismissed with prejudice, March 2026) were dropped with no penalties, fines, or admissions of guilt, though the documented fundraise scale and the SEC and DOJ allegations remain part of the public record.

Pokemon itself is a legitimate intellectual property owned by The Pokemon Company International, Nintendo, and Game Freak. However, the brand has been extensively exploited in various scam operations including fraudulent NFT projects, trading card fraud schemes, counterfeit merchandise sales, and cryptocurrency investment scams that have collectively resulted in millions of dollars in losses.

ElizaOS (formerly ai16z) is an open-source AI agent framework developed by Eliza Labs and launched on Solana in October 2024. The project reached a $2.6 billion token market cap in January 2025 before collapsing more than 99% amid allegations of unauthorized brand misappropriation from Andreessen Horowitz, disputed claims about the autonomy of its marketed AI agent, and a disputed token migration in late 2025 that critics alleged diluted retail holders. As of April 2026 a federal class action lawsuit (SDNY case 1:26-cv-3238) is pending against Eliza Labs, founder Shaw Walters, co-defendant Sebastian Quinn-Watson, and AI16Z DAO.

Helium Mobile is a Mobile Virtual Network Operator (MVNO) launched by Nova Labs, Inc. in 2023, marketed as the world's first crypto-powered consumer cellular service. It provides coverage primarily via T-Mobile's wholesale 5G network, supplemented by a community-built Wi-Fi hotspot layer, and issues MOBILE token rewards to subscribers and hotspot operators. Parent company Nova Labs settled a $200,000 SEC fraud charge in April 2025 over misrepresentations made to investors about enterprise partnerships, while the MOBILE token has been deprecated in favor of HNT under community governance proposal HIP 138.

Gemcoin was a fraudulent cryptocurrency launched in September 2014 by Steve Chen through his company US Fine Investment Arts (USFIA), operating out of Arcadia, California. The scheme falsely claimed that Gemcoin tokens were backed by billions of dollars in amber and gemstone mine holdings in the Dominican Republic, Argentina, Mexico, and the United States; those mines did not exist. The SEC filed fraud charges and obtained asset freezes in September 2015 when at least $32 million had been raised; a subsequent court-appointed receiver and DOJ criminal prosecution ultimately established total investor losses of approximately $147 million from around 70,000 victims, predominantly Chinese and Chinese-American investors. Steve Chen pleaded guilty in 2020 to conspiracy to commit wire fraud and tax evasion, was sentenced to ten years in federal prison in January 2021, and died in custody on November 19, 2022.

CLS Global FZC LLC (UAE) and ZM Quant Investment Ltd (British Virgin Islands) are crypto market-making firms charged in October 2024 as part of DOJ Operation Token Mirrors, an FBI undercover sting that created a fake token called NexFundAI to expose market-manipulation-as-a-service. Both firms are alleged to have generated billions of dollars in artificial trading volume through algorithmic wash trading on behalf of token promoters. CLS Global pleaded guilty to criminal charges in January 2025 and was sentenced to pay $428,059 in April 2025; parallel DOJ criminal proceedings against ZM Quant (case 1:24-cr-10187) remain on record as of June 2026. The SEC voluntarily dismissed its civil enforcement actions against both entities on March 31, 2026, reflecting a policy shift under the current administration, though those dismissals do not constitute a finding of innocence and do not affect the DOJ criminal proceedings.

Alameda Research was a cryptocurrency trading firm co-founded by Sam Bankman-Fried in 2017 that became central to one of the largest financial frauds in US history. The firm secretly used billions in [[ftx|FTX]] customer funds for trading and investments, leading to both companies filing for bankruptcy in November 2022.

The DPRK IT Worker Network is a state-directed, multi-year operation run by the North Korean government that places thousands of fraudulently credentialed software developers inside U.S. and global technology and crypto companies using stolen identities, fake personas, and U.S.-based facilitators. Workers generate hundreds of millions of dollars annually in illicit wages funneled back to Pyongyang to fund weapons of mass destruction and ballistic missile programs, and have escalated to data theft and extortion. The operation has drawn DOJ indictments of dozens of individuals across multiple enforcement waves (2024–2026), OFAC sanctions designating front companies and facilitators in China, Vietnam, Laos, Russia, and Spain, and FBI warnings to private industry.

Citrine Sleet (also tracked as AppleJeus, Gleaming Pisces, UNC4736, and Labyrinth Chollima) is a North Korean state-sponsored threat cluster attributed to Bureau 121 of the Reconnaissance General Bureau (RGB), active since at least 2018. The group specializes in financially motivated cyberattacks against cryptocurrency exchanges, DeFi protocols, and developer toolchains, deploying trojanized trading applications, supply chain compromises, and zero-day exploits to steal digital assets. Chainalysis estimates DPRK-linked actors have stolen at least $6.75 billion in cryptocurrency since 2016, with Citrine Sleet/UNC4736 operations accounting for multiple hundred-million-dollar individual incidents including the April 2026 Drift Protocol exploit ($285 million) and the October 2024 Radiant Capital breach ($50 million).

TraderTraitor (also tracked as UNC4899, Jade Sleet, Slow Pisces, and PUKCHONG) is a North Korean state-sponsored cyber threat cluster operating under the Reconnaissance General Bureau (RGB), formally designated by the FBI, CISA, and U.S. Treasury as responsible for stealing billions of dollars in cryptocurrency from blockchain companies, exchanges, and developers since at least 2020. The cluster is most prominently attributed to the February 2025 Bybit heist — the largest cryptocurrency theft in history at approximately $1.5 billion — as well as the May 2024 DMM Bitcoin theft ($308 million), the July 2023 JumpCloud supply chain attack, and the April 2022 Ronin Network compromise ($620 million). Chainalysis estimates North Korean actors, dominated by TraderTraitor operations, stole $2.02 billion in 2025 alone, pushing their all-time attributed total to approximately $6.75 billion since 2017.

Marinade Finance is a non-custodial liquid staking protocol on Solana, launched on mainnet August 2, 2021. It operates two primary products — mSOL (liquid staking) and Marinade Native (non-liquid delegation) — and as of mid-2025 held approximately 10–11 million SOL in total staked value, making it one of Solana's largest staking providers. The protocol is governed by MNDE token holders via an on-chain DAO and has compiled a clean auditing track record with no confirmed exploits as of the investigation date.

Korea Mangyongdae Computer Technology Company (KMCTC) is a North Korean state-linked IT firm sanctioned by the U.S. Treasury's Office of Foreign Assets Control (OFAC) on November 4, 2025, for operating overseas IT worker delegations in China and using Chinese nationals as banking proxies to launder proceeds from fraudulent employment and cybercrime schemes. The company is operated under the MAEI 607 Management Office, which connects it to the DPRK's military-industrial apparatus, and its IT workers are alleged to have generated hundreds of millions of dollars annually for the North Korean regime's weapons programs. KMCTC and its president, U Yong Su, are designated on the U.S. SDN list under Executive Order 13810.

Cheil Credit Bank, also known as First Credit Bank and formerly as Kyongyong Credit Bank, is a North Korean state-controlled financial institution headquartered in Pyongyang with representative offices in Beijing, Shenyang, and Shanghai. First designated by OFAC in September 2017 under Executive Order 13810 for operating in North Korea's financial services sector, the bank was dramatically re-expanded on November 4, 2025, when OFAC added 53 cryptocurrency addresses to its Specially Designated Nationals listing, linking it to over $12.7 million in USDT-TRC20 flows between June 2023 and May 2025 — funds attributed primarily to DPRK overseas IT workers and cybercrime proceeds destined for the regime's weapons programs.

Amnokgang Technology Development Company is a North Korean state-controlled IT firm established in 1982 and headquartered in Pyongyang. The U.S. Treasury's Office of Foreign Assets Control (OFAC) sanctioned it on March 12, 2026, for managing overseas DPRK IT worker delegations that allegedly generated nearly $800 million in illicit revenue in 2024 to fund North Korea's weapons of mass destruction programs. Seven cryptocurrency addresses across Ethereum and Tron networks were designated, with TRM Labs reporting over $12 million in tracked on-chain transactions through those addresses.

Safe{Wallet}, operated by the Safe Ecosystem Foundation, is the dominant smart-contract multisig platform on Ethereum and EVM-compatible chains, securing approximately $35 billion in assets across 61 million accounts as of Q1 2026. In February 2025, a developer machine compromise by North Korea's Lazarus Group (TraderTraitor) allowed attackers to inject malicious JavaScript into the app.safe.global frontend, enabling the theft of approximately $1.5 billion in ETH from Bybit — the largest cryptocurrency heist in history. The Safe smart contracts themselves were not compromised; the attack was entirely at the infrastructure and frontend layer. Safe has since rebuilt its infrastructure and launched Safenet, a decentralized transaction-security network, as a structural response.

Krish Kumar is a Tulsa, Oklahoma college student who, between approximately January 2024 and February 2025, raised approximately $7.8 million across two self-managed crypto-focused investment funds — Future Fractal Investments LLC and Arcane Resonance Fund LLC. On March 26, 2026, the SEC filed settled civil charges (LR-26507, Case No. 4:26-cv-00184, N.D. Okla.) alleging Kumar misappropriated nearly $7 million: transferring more than $5.6 million of Future Fractal assets to personal accounts to buy 33,009 options on a Bitcoin mining company, losing approximately 98% in four trading days, then fabricating a cover-up including a photoshopped brokerage screenshot, before raising $1.8 million through a second fund and using $300,000 of that capital to pay off a prior investor in a Ponzi-like manner. Kumar consented to a bifurcated judgment with permanent injunctions; monetary remedies including disgorgement, civil penalties, and a five-year conduct bar remain pending as of June 2026.

Manu Singh, an Indian national age 34, was the Chief Executive Officer of Contrarian, a cryptocurrency market-making firm registered in the British Virgin Islands. On September 4, 2025, a federal grand jury in Oakland (N.D. Cal.) indicted Singh and three co-defendants as part of DOJ/FBI Operation Token Mirrors for alleged wire fraud conspiracy and wire fraud related to coordinated pump-and-dump wash trading schemes. Singh was arrested in Singapore on October 2, 2025 at U.S. request, extradited to the United States, and made his initial court appearance in Oakland on March 30, 2026; he remained in federal custody as of that date. All charges are allegations; Singh has not been convicted and is presumed innocent.

OverHere Limited is a Hong Kong-registered Web3 launchpad founded and controlled by Clinton So. The company served as the primary launch platform for the $HAWK memecoin on December 4, 2024, a token associated with viral internet personality Haliey Welch. Within hours of launch the token surged to an alleged peak market cap of approximately $491 million before collapsing more than 90%, and on December 19, 2024 OverHere Limited and Clinton So were named defendants in a federal securities class action (EDNY Case No. 1:24-cv-08650) alongside co-defendants Alex Larson Schultz and the Tuah the Moon Foundation. The litigation was actively proceeding as of early 2026, with lead plaintiff Alexander Escobar appointed April 23, 2025 and co-lead counsel Wolf Popper LLP and Burwick Law designated by Judge Cheryl L. Pollak; an amended complaint filed in November 2025 expanded the defendant pool and added coordinated fraud allegations.

RIVER is the native governance token of River Protocol, a chain-abstraction stablecoin project that launched via Binance Wallet's inaugural BuildKey IDO in September 2025, raising $100 million in two hours. The token surged to an all-time high of approximately $87.79 on January 26, 2026, before collapsing more than 94% to roughly $5 as of early June 2026. On-chain investigator ZachXBT publicly named RIVER as the anchor case in his May 2026 investigation into Hong Kong-based market maker Heisenberg Guru (HSBG), alleging coordinated supply-control manipulation across centralized exchanges, and offering a $10,000 personal bounty for insider evidence targeting HSBG operators identified by the handles 'Sion' and 'Chao'.

$MELANIA is a Solana-based memecoin launched on January 19, 2025 by MKT World LLC, a Florida company linked to First Lady Melania Trump, one day before her husband's presidential inauguration. The token reached a peak market capitalization of approximately $1.6–1.73 billion before losing roughly 99% of its all-time high value; as of June 2026 it trades near $0.09. A class action lawsuit filed in the Southern District of New York (Hurlock v. Kelsier Ventures, amended October 2025) alleges that Kelsier Ventures CEO Hayden Davis and Meteora co-founder Benjamin Chow orchestrated a pre-engineered pump-and-dump scheme across at least 15 tokens, using Melania Trump's name as 'window dressing' without her alleged knowledge of the insider mechanics.

@beaverd is an anonymous X (Twitter) account that won X's $1 million Creators Prize in February 2026 for an investigative article on Deloitte. Days after the prize announcement, on-chain analytics firm Bubblemaps published a detailed investigation alleging that wallet clusters linked to @beaverd had engaged in serial pump-and-dump activity across dozens of Solana memecoins launched via Pump.fun, extracting an estimated $600,000 in profits. @beaverd did not dispute the wallet links, responding publicly with 'cry me a river, also these aren't even the top 5 greatest hits,' a statement widely interpreted as an implicit admission of the activity.

Sahil Arora (also known online as 'Sahil Crypto', formerly @Habibi_Comm on X) is an Indian-born, Dubai-based entrepreneur documented across multiple Tier 2 sources as a serial celebrity memecoin operator who allegedly orchestrated pump-and-dump schemes involving Caitlyn Jenner, Jason Derulo, Iggy Azalea, Rich the Kid, Floyd Mayweather, Davido, and others between 2021 and 2025. He allegedly paid celebrities fees ranging from $15,000 to $200,000+ per promotional post while secretly controlling 25–40% of each token's supply, then dumping his holdings immediately after the celebrity promotion caused a price spike. Arora was permanently banned from X in June 2024 and admitted in public interviews to profiting from rug pulls; in July 2025 Dubai authorities reportedly detained him and seized assets exceeding $20 million, though Arora publicly denied arrest via video.

Geoffrey Woo, Stanford-educated co-founder of the Anti Fund venture capital firm alongside Jake Paul, launched the AntiHunter (ANTIHUNTER) AI-themed memecoin on the Base blockchain in February 2026, publicly claiming '0% rug pull risk' because he is 'already rich.' Blockchain investigator ZachXBT subsequently identified three token swaps attributed to insider wallets that appear to violate Woo's stated commitment to pre-announce all insider sales, raising credible concerns about transparency. The token reached an all-time high market cap of approximately $12.6 million on February 13, 2026, before declining roughly 99% to a market cap of approximately $85,000 as of early June 2026.

On September 1, 2025, blockchain investigator ZachXBT published a leaked price sheet documenting over 200 crypto influencers (key opinion leaders) who were approached to promote an AI memecoin platform called Memenetic on Solana, with on-chain payment verification showing more than 160 accepted compensation ranging from $50 to $60,000 per post. Fewer than five of the roughly 160 confirmed paid recipients disclosed the arrangements as advertisements, a compliance rate below 3% and in direct violation of FTC Endorsement Guides. The evidence — consisting of Solana wallet addresses and publicly verifiable transaction hashes — indicates the promotions were organized through a tiered commercial infrastructure, with an additional allegation from the Memenetic project team that two intermediaries, @MsCryptomom1 and @imanihamida, allegedly defrauded them of $232,000 in USDC while managing the influencer campaign.

Michele Spagnuolo, 36, a Staff Information Security Engineer at Google Zürich known in crypto communities as 'AlphaRaccoon,' was arrested in New York on May 27, 2026 and charged by the U.S. Department of Justice with commodities fraud, wire fraud, and money laundering. Federal prosecutors allege he accessed confidential internal Google 'Year in Search 2025' data and used it to place approximately $2.75 million in bets on Polymarket prediction markets between October and December 2025, netting over $1.2 million in alleged illegal profits. The case, filed in the Southern District of New York alongside a parallel CFTC civil enforcement action, is among the first insider trading prosecutions applied to a crypto prediction market platform.

CLS Global FZC LLC (UAE) and ZM Quant Investment Ltd (British Virgin Islands) were crypto market-making firms that provided market-manipulation-as-a-service to token issuers. Both were charged in October 2024 by the U.S. DOJ and SEC as part of Operation Token Mirrors, a coordinated FBI sting that used a fake token called NexFundAI to document wash trading solicitation in real time. CLS Global pleaded guilty in January 2025 and was sentenced in April 2025 to pay $428,059 and serve a three-year U.S. market ban; ZM Quant's criminal case (1:24-cr-10187, D. Mass.) remained pending as of mid-2025 with its two individual defendants, Baijun Ou and Ruiqi Liu, based outside the United States. The SEC voluntarily dismissed its parallel civil actions against both entities on March 31, 2026, consistent with the current administration's broader rollback of crypto enforcement actions initiated under the prior administration.

Krish Kumar, a 19-year-old college freshman from Tulsa, Oklahoma, is the subject of settled civil charges filed by the SEC on March 26, 2026, for allegedly misappropriating nearly $7 million from two crypto-focused investment funds he solely managed: Future Fractal Investments LLC and Arcane Resonance Fund LLC. Between January 2024 and February 2025, Kumar raised approximately $7.8 million from roughly two dozen investors, then transferred the vast majority of those assets to personal accounts, lost approximately 98% by purchasing speculative options in a Bitcoin mining company over four trading days, and allegedly fabricated performance records including a photoshopped brokerage screenshot. Kumar later launched a second fund targeting parents of college friends, in a structure the SEC characterizes as resembling a Ponzi scheme.

NYC Token ($NYC) is a Solana-based memecoin launched on January 12–13, 2026, by former New York City Mayor Eric Adams at a Times Square press conference. The token surged to an approximately $540–600 million market capitalization before losing more than 80 percent of its value within roughly 30 minutes, following on-chain movements in which a wallet linked to the token deployer withdrew approximately $2.43–$3.18 million in USDC from the liquidity pool. Adams and the NYC Token team denied any wrongdoing, attributing the liquidity movements to routine market-maker adjustments, while blockchain analytics firms and multiple credible media outlets characterized the pattern as consistent with a 'rug pull.' Adams separately carried a prior federal indictment on bribery and campaign-finance charges — unsealed in September 2024 — that was dismissed with prejudice in April 2025 following a DOJ directive under the Trump administration.

Alex Larson Schultz (known online as 'Doc Hollywood'), OverHere Limited CEO Clinton So, and the Cayman Islands-registered Tuah The Moon Foundation are the principal architects behind the $HAWK memecoin launched December 4, 2024, on Solana, which used the viral celebrity of Hailey Welch ('Hawk Tuah Girl') to attract retail investors before collapsing more than 93% within hours of launch. A federal class action (Case 1:24-cv-08650, EDNY) filed December 19, 2024, alleges unregistered securities violations and a coordinated pump-and-dump scheme; the lawsuit has since been amended to add Welch, her manager, and Meteora DEX as additional defendants. The SEC and FBI investigated Welch and closed their inquiries without charges in early 2025; the civil litigation against Schultz, So, and OverHere remains active.

Jump Trading is a Chicago-based proprietary trading firm founded in 1999, operating one of the largest high-frequency trading operations globally across futures, equities, fixed income, FX, and cryptocurrency markets. Its crypto division, Jump Crypto, became a major force in DeFi infrastructure between 2021 and 2023, co-developing Wormhole, Pyth Network, and the Firedancer Solana validator client. The firm has faced significant regulatory and legal exposure: its subsidiary Tai Mo Shan settled with the SEC in December 2024 for $123 million over TerraUSD manipulation, the Terraform bankruptcy administrator filed a $4 billion civil lawsuit in December 2025 naming Jump and individual executives, and a separate CFTC investigation was reported in 2024 with no public resolution as of mid-2026.

Manu Singh, 34, is the alleged CEO of Contrarian Capital, a British Virgin Islands-registered cryptocurrency market-making firm. On September 4, 2025, a federal grand jury in the Northern District of California indicted Singh and three associates on charges of wire fraud and wire fraud conspiracy as part of DOJ and FBI Operation Token Mirrors, a multi-firm undercover enforcement action targeting coordinated pump-and-dump market manipulation. Singh and co-defendant Vasu Sharma were arrested in Singapore on October 2, 2025 and extradited to the United States; both were in federal custody as of their initial appearance in Oakland on March 30, 2026. All charges are allegations; Singh has not been convicted and is presumed innocent.

SIREN is a BNB Chain AI-themed meme token launched in early 2025 via the Four.meme fair-launch platform. Beginning in March 2026 the token underwent a series of extreme pump-and-dump cycles, crashing roughly 90% from its all-time high of approximately $3.83 within ten days. On-chain investigators ZachXBT and BubbleMaps identified a single wallet cluster holding nearly 50% of circulating supply, linked by ZachXBT to addresses associated with DWF Labs-affiliated tokens; ZachXBT later named SIREN as one of at least six tokens subject to a coordinated market-maker manipulation playbook allegedly enabled by Bitget, alongside RAVE, RIVER, LAB, MYX, and SKYAI.

Morocoin Tech Corp., Berge Blockchain Technology Co. Ltd., Cirkor Inc., AI Wealth Inc., Lane Wealth Inc., AI Investment Education Foundation Ltd., and Zenith Asset Tech Foundation are seven entities charged by the SEC on December 22, 2025 (Case No. 1:25-cv-04102, D. Colo.) with defrauding at least $14 million from U.S. retail investors in a coordinated pig-butchering and AI-themed investment confidence scheme operating from January 2024 through January 2025. The scheme used WhatsApp-based fake investment clubs, deepfake social media advertisements, fabricated AI-generated trading signals, and counterfeit trading platforms that conducted no actual trading, followed by advance fee demands to further extract funds from victims attempting withdrawals.

$TRUMP (Official Trump) is a Solana-based memecoin launched on January 17, 2025, two days before Donald Trump's presidential inauguration, by two Trump-affiliated entities — CIC Digital LLC and Fight Fight Fight LLC — who collectively retain 80% of the 1 billion token supply under a multi-year vesting schedule. The token peaked near $75 within hours of launch before declining approximately 97% to roughly $1.96 as of June 2026, generating an estimated $320–$600 million in fees and token proceeds for insider entities while on-chain analytics attribute more than $4.3 billion in aggregate losses to retail investors. The project has drawn formal congressional investigations, foreign-influence concerns, and ethics scrutiny, though no criminal charges or SEC enforcement actions have been filed against it as of the investigation date.

Aguilar v. Baton Corporation Ltd. (Case No. 1:25-cv-00880, S.D.N.Y.) is an active federal class action alleging that Pump.fun, Solana Labs, the Solana Foundation, and named executives operated a coordinated racketeering enterprise — referred to as the 'Solana-Pump.Fun Racketeering Enterprise' — that rigged its memecoin launchpad to benefit insiders while marketing it as a fair platform to retail investors. Plaintiffs allege aggregate retail losses between $4 billion and $5.5 billion, while the platform collected an alleged $722 million in fees. As of early 2026, defendants have filed motions to dismiss the Second Amended Complaint; no ruling on those motions has been publicly reported as of June 2026.

Crypto Beast is the online handle of Chris Woytko (@cryptobeastreal), a crypto influencer with approximately 800,000 X followers who has been publicly exposed by on-chain investigator ZachXBT for allegedly orchestrating a pump-and-dump scheme on the $ALT (Altcoin Fun) token in July 2025. According to ZachXBT's on-chain analysis, 45 linked wallets coordinated an $11 million dump on July 14, 2025, collapsing the token from a $190 million market cap to approximately $3 million within hours. ZachXBT also documented an alleged pattern of similar bundled rug-pull operations across at least six prior tokens ($ALPHA, $RICH, $YE, $RUG, $ACE, $JOHN). No confirmed legal or regulatory action had been filed as of the time of research.

RaveDAO is a Web3 entertainment and music event protocol that launched its RAVE token on Binance Alpha in December 2025. In April 2026, the token surged approximately 10,800% over nine days before collapsing ~95% within 24–48 hours, wiping an estimated $5.7–6.7 billion in market capitalization. On-chain investigator ZachXBT alleged that wallets linked to the team controlled approximately 90–95% of the 1 billion token supply and documented a bait-and-liquidate short-squeeze scheme; Binance, Bitget, and Gate.io all opened formal investigations, with outcomes not publicly concluded as of June 2026.

Beginning at least as early as March 2026 and escalating sharply through May 2026, a sustained and coordinated phishing campaign has impersonated Xaman Wallet — the dominant self-custody wallet for the XRP Ledger, developed by XRPL Labs — across fake social media accounts, counterfeit domains, fraudulent browser extensions, and fake desktop wallet applications. Xaman founder Wietse Wind confirmed on May 23, 2026 that more than 20 fake X/Twitter accounts and more than 10 fraudulent domains are created daily as part of this campaign. The legitimate Xaman product and XRPL Labs are the impersonated party and bear no responsibility for the fraudulent activity.

A family of increasingly sophisticated wallet-drainer toolkits targeting the Solana ecosystem that weaponize legitimate Solana protocol features — Blinks (blockchain action links), durable nonces, and the system 'assign' instruction — to bypass the transaction-simulation safety layer that most Solana wallets rely on as their primary defense. Documented in detail by security researchers from February 2024 onward and materially escalated in late 2025 and early 2026, these kits are distributed as scam-as-a-service products supporting 90+ wallet types; losses attributable to Solana phishing reached approximately $90 million in H1 2025 alone, before the simulation-bypass generation was widely deployed. A state-level durable-nonce attack on Drift Protocol (April 2026) demonstrated that the same primitive can scale to $285 million in a single operation.

On March 19, 2026, DeFi protocol Neutrl experienced a suspected DNS hijack of its frontend domain, in which attackers allegedly social-engineered the protocol's DNS provider to redirect user traffic to a malicious interface targeting Permit2 wallet approvals. Neutrl paused its smart contracts as a precaution, migrated to new infrastructure by March 21, and confirmed all user funds remained safe via the protocol's custodial isolation framework. This incident is considered the earliest confirmed event in a six-week cluster of DeFi frontend hijacks in early 2026 that also struck HypurrFi (April 3) and CoW Swap (April 14).

On April 3, 2026, the frontend domain hypurr.fi of HypurrFi — a DeFi lending protocol on Hyperliquid EVM — was hijacked via a social engineering attack targeting the domain registrar Openprovider. No user funds were confirmed drained and the protocol's smart contracts remained intact throughout; the team migrated frontend operations to hypurrfi.com and subsequently recovered control of the original domain. The incident is part of a documented six-week cluster of DeFi registrar-level frontend attacks in March–April 2026 targeting Neutrl, HypurrFi, and CoW Swap.

Donald G. Basile, founder of Bitcoin Latinum (LTNM) and CEO of Monsoon Blockchain Corporation, was charged by the SEC on April 17, 2026 with defrauding hundreds of U.S. investors of approximately $16 million through a SAFT offering that relied on fabricated insurance claims, a phantom asset-backed trust, and misrepresentations about how investor funds would be used. The token launched on overseas exchanges in October 2021 and subsequently collapsed by more than 90%, and the SEC alleges Basile diverted investor proceeds to personal real estate, credit card expenses, and a $160,000 horse while no underlying fund was ever created.

An ongoing phishing campaign, active since at least July 2025, impersonates Chainbase — a legitimate Singapore-based Web3 data infrastructure company — to lure cryptocurrency holders into either granting unlimited wallet spend approvals or surrendering seed phrases via fake 'wallet update' forms. The campaign exploits the timing of Chainbase's real $C token airdrop (launched July 14, 2025 on airdrop.chainbase.com) and operates through dozens of rotating domains anchored by chainbz[.]vip, using stolen branding, malicious ads, and social media spam. Chainbase has not authorized any third-party claim sites; all legitimate claims occurred exclusively at airdrop.chainbase.com.

A coordinated phishing campaign active in late May 2026 impersonated MetaMask by sending fake 'mandatory 2026 system upgrade' notifications via email and push alerts, directing victims to pixel-accurate clone sites that solicited a single Permit/token-approval signature draining wallets within seconds. On-chain investigator ZachXBT placed total losses at more than $9 million across 400+ addresses on Ethereum, Polygon, Arbitrum, and Base as of May 30, 2026. The campaign is part of a sustained multi-variant operation against MetaMask users that began at least as early as January 2026; MetaMask itself is an impersonation victim and is not at fault.

On December 24, 2025, a malicious version (v2.68) of the Trust Wallet Chrome extension was published to the Chrome Web Store using a stolen Chrome Web Store API key obtained via the Shai-Hulud 2.0 npm supply chain worm in November 2025. The backdoored extension silently exfiltrated decrypted seed phrases from 2,520 to 2,596 wallet addresses (figure varies by source and verification cutoff) to an attacker-controlled server, resulting in approximately $7–8.5 million in cryptocurrency losses over roughly 48 hours. Trust Wallet (a Binance subsidiary) voluntarily committed to reimbursing all verified victims and released an emergency clean patch (v2.69) on December 26, 2025.

Unicoin, Inc. (formerly TransparentBusiness, Inc.) is a New York-based crypto company that sold 'Unicoin Rights Certificates' — instruments purportedly convertible one-for-one into future Unicoin tokens backed by real-world assets — beginning in February 2022. On May 20, 2025, the U.S. Securities and Exchange Commission filed a civil fraud complaint in the Southern District of New York against the company and four executives, alleging that the firm raised up to $110 million from more than 5,000 investors while fabricating $3 billion in sales, overstating real estate asset values by billions of dollars, and falsely marketing the certificates as SEC-registered. As of June 2026 the case remains active; Unicoin has filed a motion to dismiss and no ruling has been reported.

An industrialized, automated address poisoning campaign targeting Ethereum users accelerated sharply after the Fusaka protocol upgrade on December 3, 2025 reduced gas fees approximately sixfold, removing the prior economic barrier to mass-scale dust-transaction attacks. Security firm ScamSniffer documented at least $62.25 million in confirmed losses across two high-profile victims in December 2025 and January 2026 alone, while Blockaid flagged over 65.4 million poisoning transactions since January 2025 averaging 160,000 per day. The campaign represents a commercial, industrialized threat infrastructure sold as a service on Telegram rather than a single threat actor, and is ongoing as of the research date.

Shai-Hulud is a self-replicating supply chain worm attributed to the financially motivated threat group TeamPCP (also tracked as DeadCatx3, PCPcat, ShellForce, CipherForce, and UNC6780 by Google's Threat Intelligence Group). Active since September 2025, the campaign has compromised hundreds of npm and PyPI packages by harvesting CI/CD credentials through malicious preinstall lifecycle hooks, directly enabling the Trust Wallet Chrome extension hack of December 2025 in which approximately $8.5 million was stolen from 2,520 wallets. As of June 2026, the campaign remains active through copycat variants following TeamPCP's public open-sourcing of the worm's source code on May 12–13, 2026.

Voltage Finance (formerly FuseFi) is a decentralized finance protocol operating on the Fuse Network, offering token swapping, lending, liquidity farming, and cross-chain bridging via an automated market maker. The protocol has been the subject of two confirmed security exploits: a March 2022 reentrancy attack that drained approximately $4.67 million from its lending pools via a third-party partner (Ola Finance), and a March 2025 insider-related exploit of its Simple Staking pools resulting in approximately $322,000 in losses. No funds were recovered in either incident as of the time of this investigation.

Zoth Protocol is an Ethereum-based real-world asset (RWA) re-staking and tokenization platform founded in 2023 by Pritam Dutta and Koushik Bhargav. In March 2025 the protocol suffered two separate security incidents within three weeks: an initial $285,000 logic-flaw exploit on March 1 and a far more damaging $8.4 million deployer-key compromise on March 21 that enabled a malicious proxy contract upgrade. The protocol has since launched a user compensation program, engaged Crystal Blockchain BV for fund recovery, and announced a security overhaul backed by a $15 million strategic token commitment from Bolts Capital.

Treasure DAO is an Arbitrum-based NFT gaming and metaverse ecosystem centered around the MAGIC token, founded in 2021 by John Patten and Karel Vuong. In March 2022, its NFT marketplace suffered a critical smart contract exploit in which attackers purchased approximately $1.4 million worth of NFTs at zero cost by passing a zero-quantity parameter to the buyItem() function, bypassing all payment validation. The project has since undergone significant restructuring, including the shutdown of its proprietary zkSync-based Treasure Chain in May 2025, mass layoffs, and a strategic pivot toward AI agent infrastructure.

Paxful was a U.S.-based peer-to-peer Bitcoin marketplace founded in 2015 by Ray Youssef and Artur Schaback. After operating for a decade and processing approximately $5 billion in trades across 14 million users, the platform ceased operations by November 1, 2025, citing the lasting impact of historic compliance failures and unsustainable remediation costs. In December 2025, Paxful Holdings pleaded guilty to three federal criminal charges — including conspiring to violate the Travel Act, operating an unlicensed money transmitting business, and BSA anti-money laundering violations — and was sentenced in February 2026 to a $4 million criminal penalty; FinCEN separately assessed a $3.5 million civil penalty for the same underlying conduct.

Gravity Bridge is a purpose-built, decentralized blockchain bridge developed by Althea Network that enables bidirectional transfer of ERC-20 tokens between Ethereum and the Cosmos IBC ecosystem. It launched mainnet in December 2021 after three independent security audits and became the most widely adopted bridge in the Cosmos ecosystem. On May 30, 2026, the bridge suffered a critical security incident in which approximately $5.4 million was drained via an alleged validator signing-key compromise, prompting a full bridge halt that remained in effect as of June 2, 2026.

Jonathan Spalletta, 36, of Rockville, Maryland, was charged on March 30, 2026 by the U.S. Attorney's Office for the Southern District of New York with one count of computer fraud and one count of money laundering in connection with two hacks of the decentralized exchange Uranium Finance in April 2021 that allegedly yielded approximately $54.7 million in stolen cryptocurrency. He is alleged to have laundered proceeds through Tornado Cash and converted them into rare collectibles including Magic: The Gathering cards, first-edition Pokemon sets, and antiquities. He surrendered to authorities on March 30, 2026, entered a not-guilty plea, and is awaiting trial scheduled for September 2026 before U.S. District Judge Jed S. Rakoff.

Brandon Michael Tardibone, 28, of Miami, Florida, was federally indicted on May 11, 2026 in the Southern District of Florida (case 1:26-cr-20181) on charges of conspiracy to commit money laundering and harboring an alien unlawfully present in the United States. Prosecutors allege he provided housing and material support to Canadian co-defendant Trenton Richard David Johnston — who allegedly orchestrated a $13 million cryptocurrency fraud scheme via social-engineering impersonation attacks — while Johnston was unlawfully overstaying his visa, and that both defendants jointly laundered more than $1 million of stolen proceeds through luxury goods and South Florida nightlife. All charges are allegations; both defendants are presumed innocent unless and until proven guilty at trial.

LayerZero is a major omnichain interoperability protocol operated by LayerZero Labs, deployed across 130+ blockchains and processing over 200 million cross-chain messages as of early 2026. The protocol gained institutional backing from Citadel Securities, ARK Invest, Tether, and Sequoia Capital, and is the infrastructure behind USDT0, which processed over $70 billion in cross-chain USDT transfers. In April 2026, LayerZero's off-chain DVN infrastructure was compromised via a social engineering attack attributed to North Korea's Lazarus Group (TraderTraitor), enabling the $292 million KelpDAO rsETH bridge exploit — the largest DeFi hack of 2026 — and triggering a multi-billion-dollar client exodus to competing bridge providers.

CoW Protocol (trading interface: CoW Swap) is a decentralized exchange aggregator and MEV-protection protocol spun out of GnosisDAO in 2022. On April 14, 2026, the protocol's cow.fi domain was hijacked via a social engineering attack that exploited registrar Gandi SAS and the Finnish .fi registry authority Traficom using forged identity documents, redirecting users to a phishing interface for approximately 90 minutes and causing confirmed losses of approximately $1.2 million. The protocol's smart contracts were not compromised; CoW DAO subsequently passed CIP-86 in May 2026 to offer discretionary grants reimbursing verified victims up to 100% of their losses.

Daos.fun is a Solana-based platform that allows vetted creators to launch on-chain investment DAOs (marketed as 'meme hedge funds'), raising SOL from the public and trading it across SPL tokens with full unilateral discretion. Launched in September 2024 by pseudonymous developer Baoskee (identified by Alliance DAO as Bao Mai), the platform gained rapid notoriety through the ai16z / ElizaOS DAO and attracted significant speculative capital. Structural risks include fund-manager custody with no investor veto, extreme market-cap-to-NAV premiums documented at 29x–58x, the absence of a public smart-contract audit, and unresolved securities-law exposure in multiple jurisdictions.

Decaf (decaf.so) is a non-custodial stablecoin wallet and payments platform built on Solana and Stellar, founded in 2022 and headquartered in Miami, FL, targeting emerging-market users who need low-cost cross-border payments and fiat cash-out. The company has raised a seed round from recognizable crypto-native and fintech investors including Visa, and has established formal partnerships with Circle, MoneyGram, and the Stellar Development Foundation. No regulatory actions, hacks, or fraud allegations have been identified as of the investigation date.

Dialect (dialect.to) is a Solana-focused smart messaging and infrastructure company best known for co-developing the Blinks (Blockchain Links) and Actions standard with the Solana Foundation, launched in June 2024. Founded in 2021 by Chris Osborn, a named founder with a verifiable academic and professional background, the company raised a $4.1M seed round in March 2022 led by Multicoin Capital and Jump Crypto. No regulatory actions, fraud allegations, or confirmed security incidents specific to Dialect have been documented; the principal risk surface is the Blinks protocol itself, which introduces phishing and malicious-endpoint attack vectors that Dialect attempts to mitigate through a public registry of verified actions.

Dogwifhat (WIF) is a Solana-based memecoin launched anonymously in November 2023, featuring a Shiba Inu dog wearing a pink knitted hat. It reached a peak market capitalization of approximately $4.8 billion in March 2024 before declining more than 90% from its all-time high by mid-2026. The project carries inherent memecoin risks — no utility, anonymous creators, speculative-only value — alongside a notable failed community fundraiser for a Las Vegas Sphere advertisement that raised nearly $700,000 but never executed, ultimately refunding donors in 2025.

DRiP Haus (drip.haus) is a Solana-based digital collectibles distribution platform that uses compressed NFT technology to enable creators to deliver free or low-cost weekly drops to subscribers. Founded in late 2022 by Vibhu Norby, a named serial entrepreneur with a verifiable track record, the company raised $11.5 million across two funding rounds before being acquired by Jupiter, Solana's leading DeFi aggregator, in an all-cash deal announced April 2, 2025. No regulatory actions, fraud allegations, or significant security incidents have been identified; the primary risk factors are platform-level policy changes that reduced accessibility for collectors and the uncertainties inherent in post-acquisition integration.

Dual Finance is a Solana-based structured-products protocol offering Dual Investment Pools (DIPs) and Staking Options, products designed to provide yield to token holders and sustainable liquidity incentives to DAOs. Founded in 2022 by named individuals with verifiable TradFi and FAANG backgrounds, the protocol reached a peak TVL of approximately $35 million in 2023 but has since contracted sharply to under $500K as of mid-2025. No exploits, regulatory actions, or fraud allegations have been identified in public records; the primary concerns are low current TVL, limited publicly-verifiable audit documentation, and significant DUAL token price depreciation since its 2023 ATH.

Edgevana is a Las Vegas-based bare-metal infrastructure and node-deployment platform founded in 2019, specializing in Solana validator onboarding, RPC node provisioning, and decentralized edge compute. The company operates a liquid staking product (edgeSOL) with approximately 839,000 SOL under management and has secured notable partnerships with the Solana Foundation, Avalanche, and StackPath. No regulatory actions, fraud allegations, or significant security incidents have been identified.

Exponent Finance is a Solana-based yield tokenization protocol launched in late 2024 that enables users to separate yield-bearing assets into tradable Principal Tokens (PT) and Yield Tokens (YT), analogous to Pendle Finance on Ethereum. The protocol has attracted $7.1 million in venture funding from institutional backers including Multicoin Capital, Solana Ventures, and RockawayX, and processed over $2 billion in yield volume across 35,000+ users. Key risk considerations include a small but growing team, a SAFE-plus-token-warrant capital structure suggesting a future token launch, TVL that experienced a sharp 60%+ drawdown tied to incentive expiry, and an audit history that is active but still maturing.

Famous Fox Federation (FFF) is a Solana-native NFT ecosystem founded in September 2021, comprising a genesis collection of 7,777 fox PFP NFTs and several sub-collections under the 'Foxosphere' umbrella. The team, operating under the pseudonyms 'DraxxTs' and 'FoxyDev', has built and shipped multiple on-chain utilities including the Rafffle raffle platform, the Citrus NFT lending protocol, a token marketplace, and gamified staking missions. No regulatory actions, exploits, or rug-pull incidents have been identified through public sources, though the founders remain pseudonymous and $FOXY token value has declined substantially from its all-time high.

Fartcoin (FARTCOIN) is a Solana-based memecoin launched anonymously on October 18, 2024 via the Pump.fun launchpad, inspired by a suggestion from Truth Terminal, an autonomous AI chatbot developed by Andy Ayrey and funded with a $50,000 grant by Marc Andreessen of a16z. The token carries no stated utility and derives all value from speculation, community sentiment, and association with the AI-agent narrative; it reached an all-time high market capitalization of approximately $2.3 billion in January 2025 before declining more than 93% to approximately $160 million by May 2026. As a memecoin with an anonymous founding team, no intrinsic value, high whale concentration, and significant price volatility, it represents substantial speculative risk.

Firedancer is an independent, high-performance Solana validator client developed by Jump Crypto (Jump Trading Group), written from scratch in C primarily by a team led by Chief Science Officer Dr. Kevin Bowers and founding engineer Ritchie Patel. Released under the Apache 2.0 open-source license, it aims to increase Solana's throughput toward one million transactions per second while improving network resilience through client diversity. As of May 2026, the client is live on Solana mainnet with roughly 20% of validators running it, though full rollout remains cautious pending completion of comprehensive third-party security audits. The project carries a notable backer-risk signal: Jump Crypto's parent subsidiary Tai Mo Shan settled SEC charges for $123 million in December 2024 over TerraUSD manipulation, and a separate CFTC investigation was reported in 2024 with no publicly disclosed outcome as of this writing.

Flash Trade (flash.trade) is a non-custodial, asset-backed perpetuals and spot exchange built on Solana, founded in early 2023 by Anas Khader and Zoheb Shahzan (previously of the Investin project). The protocol is bootstrapped, has undergone multiple third-party security audits, publishes an open-source reference implementation, and has processed over $20 billion in cumulative trading volume. No exploits, regulatory actions, or fraud allegations have been identified; primary risk factors are a modest TVL (~$10.7M), a low-cap governance token (FAF, ~$3.7M market cap), oracle dependency on Pyth Network, and limited public background on the founding team.

Fragmetric (fragmetric.xyz) is a Solana-native liquid restaking protocol that issues fragSOL, fragJTO, and fragBTC as Liquid Restaking Tokens (LRTs) built on Jito's restaking infrastructure. The protocol raised $12 million across seed and strategic rounds from recognized institutional backers including Hashed, Finality Capital, and RockawayX, and has undergone multiple independent security audits by Certora and Quantstamp. Material risks include smart-contract complexity inherent to restaking, slashing exposure through Node Consensus Networks (NCNs), partial team pseudonymity, and significant FRAG token price depreciation following the July 2025 listing.

Fuse Wallet is a Solana-based smart wallet developed by Squads Labs, the team behind Squads Protocol, Solana's leading multisig and smart account infrastructure. Launched in public TestFlight in June 2024 and on the Apple App Store in December 2025, Fuse replaces traditional seed phrases with a multi-factor authentication model built on Squads Protocol's audited smart account standard. Squads Labs has raised approximately $40.9 million across multiple funding rounds from institutional investors including Electric Capital, Coinbase Ventures, and Multicoin Capital, and no known regulatory actions, hacks, or fraud allegations have been identified against the product.

Genopets is a Solana-based move-to-earn NFT game launched in 2021, self-described as the first free-to-play move-to-earn title in the space, operated by a named and publicly identifiable founding team. The project raised $8.3 million in seed funding from reputable investors including Pantera Capital and Samsung Next, but its dual-token economy (GENE and KI) has suffered severe inflation-driven value collapse characteristic of the broader move-to-earn category. As of mid-2026 the team remains active, having pivoted toward AI-agent infrastructure under the 'ELITE/WHITTAKR' umbrella, though both tokens trade near all-time lows with minimal liquidity.

Glow Wallet is a non-custodial Solana wallet developed by Luma Labs, Inc., a San Francisco-based company co-founded by Danqing (Dan) Liu and Victor Pontis. Available as a browser extension and mobile app since early 2022, it is marketed as a design-forward wallet with transaction simulation, in-app staking, zero-fee swaps, and a decentralized identity system called Glow ID. No major security breaches specific to Glow have been publicly reported, and no regulatory actions have been identified against the project or its developer.

Goatseus Maximus (GOAT) is a Solana-based memecoin launched on October 10, 2024, via Pump.fun by an anonymous deployer, whose rise was driven almost entirely by the AI agent Truth Terminal promoting the 'Goatse Gospel' internet-culture narrative on social media. The token reached a peak market capitalization above $1 billion in November 2024 — the first Pump.fun token to achieve that milestone — before declining more than 98% from its all-time high by mid-2026. It carries no formal whitepaper, no disclosed development roadmap, no utility, and its creator remains anonymous; its value is derived solely from speculative attention and an AI-generated cultural narrative.

GooseFX was a Solana-based decentralized finance platform founded in 2021 that offered an AMM DEX (GAMMA), single-sided liquidity pools, perpetual futures trading, and an NFT aggregator under the GOFX utility token. The project raised $4.5 million in seed funding from reputable investors including Animoca Brands and CoinShares, received at least one published security audit from Halborn, and accumulated over $700 million in cumulative trading volume during 2024 before announcing a voluntary wind-down in August 2025. No regulatory actions, theft-related exploits, or rug-pull signals have been identified; the protocol sunsetting appears to reflect commercial failure rather than fraud.

The DAO was a decentralized autonomous organization launched on Ethereum in April 2016 that raised approximately $150 million in ETH — the largest crowdfund in history at the time. On June 17, 2016, an unknown attacker exploited a reentrancy vulnerability in its smart contract code, draining approximately 3.6 million ETH (roughly $60–70 million at the time). The incident led to a contentious Ethereum hard fork on July 20, 2016, splitting the chain into Ethereum (ETH) and Ethereum Classic (ETC), and triggered the SEC's 2017 finding that DAO tokens were unregistered securities.

On April 9, 2023, SushiSwap's RouteProcessor2 contract — deployed just one day earlier across 14 blockchain networks — was exploited due to a failure to validate user-supplied pool addresses, allowing an attacker to redirect token transfers from wallets that had approved the contract. Approximately $3.3 million (roughly 1,800 WETH) was drained, with a single high-profile victim (@0xsifu) accounting for the majority of losses. Whitehat security teams front-ran further exploitation and recovered over $750,000, while SushiSwap committed to making all affected users whole through a two-tier compensation process.

SIR.trading (Synthetics Implemented Right) is an Ethereum-based DeFi protocol launched on February 20, 2025, offering leveraged trading without liquidation risk or volatility decay. On March 30, 2025, an attacker exploited a transient storage vulnerability in the protocol's Vault contract to drain the entire $355,000 TVL — one of the first documented real-world exploits targeting Ethereum's EIP-1153 transient storage feature introduced in the Dencun upgrade. The protocol subsequently relaunched after completing additional security audits, but no stolen funds were recovered.

Seneca Protocol is an omnichain CDP (collateralized debt position) protocol deployed on Ethereum mainnet and Arbitrum that allowed users to borrow a stablecoin (senUSD) against yield-bearing collateral assets. On February 28, 2024, a critical arbitrary external-call vulnerability in the protocol's Chamber contract was exploited, resulting in approximately $6.4 million in user funds being drained. Roughly 80% of stolen funds were returned after an on-chain negotiation, but a net loss of approximately $1.28 million remained, and evidence surfaced that the vulnerability had been reported to the team prior to launch.

Roger Ver (born 1979, San Jose, California) is an entrepreneur and early Bitcoin investor nicknamed 'Bitcoin Jesus' for his prominent role evangelizing cryptocurrency beginning in 2011. He later became CEO and Executive Chairman of Bitcoin.com and a principal promoter of Bitcoin Cash (BCH) following the 2017 hard fork. In April 2024 he was arrested in Spain on a U.S. Department of Justice indictment charging mail fraud, tax evasion, and filing false tax returns related to approximately $48 million in allegedly concealed capital gains; in October 2025 he resolved the charges without prison time by entering a deferred prosecution agreement and paying $49.9 million.

Resolv Labs is a UAE-based DeFi startup that operates the Resolv Protocol, issuing the USR delta-neutral stablecoin backed by ETH collateral hedged with perpetual futures short positions. On March 22, 2026, an attacker compromised the protocol's off-chain signing infrastructure via stolen contractor credentials, minting approximately 80 million unbacked USR tokens and extracting roughly $25 million in ETH, causing USR to depeg by up to 97% within minutes. The protocol acknowledged effective insolvency in the immediate aftermath and has since initiated a tiered compensation plan while rebuilding infrastructure security.

Raydium is an automated market maker (AMM) and decentralized exchange built on the Solana blockchain, launched in February 2021 and widely regarded as Solana's primary liquidity hub. On December 16, 2022, the protocol suffered a major security incident in which an attacker compromised an admin private key — suspected to be via a trojan on a team virtual machine — and drained approximately $4.4 million from eight constant product liquidity pools. Raydium responded with a patched program, a community-approved compensation plan funded by team-held RAY tokens, and has since migrated authority to a Squads multisig with hardware wallet and timelock protections.

Raft Protocol was an Ethereum-based over-collateralized stablecoin protocol that allowed users to mint R, a USD-pegged stablecoin, against liquid staking derivative (LSD) collateral such as stETH and cbETH. On November 10, 2023, an attacker exploited a precision rounding error in the protocol's share-token minting contract using a flash loan, minting approximately $6.7 million in unbacked R stablecoins and draining roughly $3.3 million worth of ETH from the protocol. In a notable twist, the attacker lost money on the exploit — a coding error in their own attack script sent 1,570 ETH (~$3.25 million) to a burn address, leaving them with a net loss of approximately 4 ETH after gas and flash loan costs.

QuadrigaCX was Canada's largest cryptocurrency exchange, founded in 2013 by Gerald Cotten and Michael Patryn. Following CEO Gerald Cotten's reported death in India in December 2018, approximately C$215 million owed to over 76,000 customers became inaccessible. The Ontario Securities Commission concluded in June 2020 that Cotten had operated the exchange as a Ponzi scheme for years, committing fraud through fictitious trading accounts and misappropriating roughly C$169 million in customer funds.

Pike Finance is a natively cross-chain lending protocol built on Wormhole's messaging layer and Circle's Cross-Chain Transfer Protocol (CCTP), which launched its beta mainnet in early 2024. Within days of launch, the protocol suffered two separate exploits on April 26 and April 30, 2024, draining approximately $299K and $1.68M respectively for a combined loss of roughly $1.98M. The first exploit stemmed from an improperly validated CCTP integration; the second arose from a storage layout corruption introduced during the emergency patch, allowing attackers to reinitialize and take over spoke contracts.

Penpie is a yield optimizer and vote-escrowed liquidity layer built on top of Pendle Finance, developed by the Magpie XYZ team. On September 3, 2024, the protocol was exploited for approximately $27 million through a reentrancy vulnerability in its batch reward harvesting function, compounded by a permissionlessly registered fake Pendle market. The attacker laundered substantially all stolen funds through Tornado Cash within days, rejecting a negotiated bounty offer from the Penpie team.

Orion Protocol is a decentralized liquidity aggregator that connects centralized and decentralized exchanges into a single non-custodial trading interface, launched in 2020 with its native ORN token. On February 2, 2023, the protocol suffered a reentrancy exploit that drained approximately $3 million across its Ethereum and Binance Smart Chain deployments through a malicious fake-token attack against an unaudited exchange contract. The protocol subsequently rebranded to Lumia in late 2024, migrating all ORN tokens to LUMIA at a 1:1 ratio.

Odin.fun is a Bitcoin-native memecoin launchpad built on the Runes protocol, using the Internet Computer (ICP) blockchain as a settlement layer for fast, low-cost trading. The platform launched in early 2025 and attracted backing from the Taproot Wizards Ordinals project, but has suffered at least two confirmed security exploits — a $178,000 authentication vulnerability in April 2025 and a $7 million liquidity manipulation attack in August 2025 — with the latter draining user funds that the team has acknowledged it cannot fully repay from its own treasury.

Lodestar Finance is an Arbitrum-based decentralized money market protocol that enables lending, borrowing, and leveraged trading against crypto collateral. On December 10, 2022, the protocol suffered a flash loan exploit in which an attacker manipulated the price oracle for the plvGLP collateral token, draining approximately $6.9 million from depositors. The protocol subsequently relaunched in April 2023 with a V2 update, partially compensating victims with recovered GLP assets and esLODE tokens, though the attacker was never identified and no confirmed negotiated return of funds occurred.

LCX Exchange (Liechtenstein Cryptoassets Exchange) is a regulated crypto trading platform incorporated in Liechtenstein and registered with the country's Financial Market Authority (FMA). On January 8, 2022, the exchange suffered a hot wallet compromise resulting in the theft of approximately $6.8–7.94 million in various cryptocurrencies; LCX subsequently covered all user losses from company funds and cooperated with multi-jurisdictional law enforcement, ultimately freezing approximately 60% of stolen assets. As of 2024–2025, LCX remains operational, holds multiple licenses under the Liechtenstein Blockchain Act (TVTG), and has filed a pre-application for a pan-European MiCA license.

Kannagi Finance was a decentralized yield aggregator launched on zkSync Era in June 2023. On July 29, 2023, its anonymous team executed an exit scam, draining approximately $2.13 million in user deposits and deleting all online presence. The incident is considered the first major rug pull on the zkSync Era network, with at least $1.1 million subsequently routed through the Tornado Cash mixer.

Ionic Money is a decentralized money market protocol operating on Mode Network (an OP Superchain L2), rebranded from Midas Capital after two exploits on that predecessor protocol in 2023. In February 2025, Ionic Money suffered a social engineering attack in which attackers impersonating the Lombard Finance team convinced the protocol to list a counterfeit LBTC token as collateral, resulting in approximately $8.6–8.8 million in losses. The protocol and its affiliated ecosystem protocols on Mode Network absorbed significant bad debt, with no confirmed user compensation as of mid-2025.

On November 22, 2023, the HECO Chain cross-chain bridge and the HTX exchange (formerly Huobi), both linked to entrepreneur Justin Sun, were simultaneously exploited in what security researchers attributed to a private key compromise. The HECO bridge lost approximately $87 million in various tokens; additional HTX hot wallet losses brought confirmed totals to roughly $113 million. Blockchain analytics firm Elliptic subsequently attributed the attack to North Korea's Lazarus Group, which began laundering funds through Tornado Cash in March 2024.

Gamma Strategies is a non-custodial, automated concentrated liquidity management protocol operating across multiple EVM chains, allowing users to deposit assets into managed vaults (Hypervisors) that actively rebalance Uniswap V3 and similar DEX positions. On January 4, 2024, the protocol suffered a price manipulation exploit across four vaults resulting in approximately $3.4–6.2 million in losses, caused by misconfigured price change thresholds in deposit proxy settings. The protocol paused deposits, engaged OpenZeppelin for a remediation audit, and committed to a long-term user compensation plan funded by protocol revenue, though full recovery of lost funds was not guaranteed at launch of that plan.

Cryptsy was a Florida-based altcoin exchange that operated from May 2013 until its collapse in January 2016, at which time it was one of the largest altcoin trading platforms by volume. Founder Paul Vernon, known as 'Big Vern,' allegedly staged a hack narrative to conceal his personal theft of over $1 million in customer funds, then fled to China, remotely destroyed the customer database, and was later designated a federal fugitive. A U.S. federal court issued a $8.2 million default judgment against Vernon in 2017, and a 17-count criminal indictment was unsealed in January 2022; Vernon remains a fugitive believed to be residing in China.

Cork Protocol is an Ethereum-based DeFi protocol offering tokenized depeg protection instruments analogous to credit default swaps, founded in 2023 by Phil Fogel and Rob Schmitt and backed by a16z CSX. On May 28, 2025, the protocol suffered a critical smart contract exploit resulting in approximately $12 million in losses, attributed to missing access controls in its Uniswap V4 hook integration. Stolen funds were subsequently laundered through Tornado Cash; a rebuilt version dubbed Cork Phoenix launched on mainnet in January 2026.

Bunni Protocol is a Uniswap liquidity-incentive layer developed by Timeless Finance that evolved from a Uniswap v3 LP-token wrapper (v1) to a full DEX built on Uniswap v4 hooks (v2). On September 2, 2025, Bunni v2 suffered an $8.4 million flash-loan exploit caused by a rounding-direction vulnerability in its withdrawal mechanism — a class of issue that multiple auditors had flagged in advance. The team announced permanent shutdown in October 2025, citing the inability to fund the six-to-seven-figure re-audit required for a secure relaunch.

On August 2, 2016, Bitfinex — a Hong Kong-based cryptocurrency exchange — was breached by hacker Ilya Lichtenstein, who exploited security failures in the exchange's multi-signature wallet architecture to steal 119,756 BTC (approximately $72 million at the time). Bitfinex controversially socialized the losses across all user accounts with a 36.067% haircut and issued BFX debt tokens, which were fully redeemed at par by April 2017. In February 2022, the U.S. Department of Justice arrested Lichtenstein and his wife Heather Morgan after seizing approximately 94,000 BTC worth $3.6 billion — the largest financial seizure in DOJ history at the time — and both subsequently pleaded guilty; Lichtenstein was sentenced to 5 years (released early in January 2026) and Morgan to 18 months.

BigONE is a Seychelles-registered centralized cryptocurrency exchange that launched globally in November 2017, evolving from Yunbi.com, a China-based exchange backed by Li Xiaolai's INBlockchain fund. In July 2025 the exchange suffered a $27 million supply-chain hack; simultaneously, blockchain investigator ZachXBT alleged the platform had processed at least $60 million in pig-butchering and romance-scam proceeds through a single deposit address over the prior seven months. The exchange operates without a license from major financial regulators (FCA, ASIC, CySEC) and carries a documented history of alleged wash trading, user complaints about frozen withdrawals, and tournament prize disputes.

Bedrock Protocol is a multi-asset liquid restaking protocol developed by RockX, offering synthetic Bitcoin (uniBTC), liquid-staked ETH (uniETH), and IoTeX staking (uniIOTX). On September 27, 2024, the protocol suffered a critical smart contract exploit in which a flawed minting function allowed an attacker to mint uniBTC tokens at a 1:1 ETH-to-BTC ratio, draining approximately $2 million from DEX liquidity pools. Subsequent investigation by security firm Fuzzland, disclosed in June 2025, alleged that a former Fuzzland employee planted a supply-chain backdoor to execute the attack; Fuzzland stated it compensated Bedrock for losses and reported the matter to law enforcement.

Astroport is an automated market maker (AMM) DEX originally launched on the Terra blockchain in December 2021, developed by a joint venture of Delphi Labs, Terraform Labs, We3, and Attic Lab. The protocol suffered catastrophic TVL loss during the May 2022 Terra/Luna ecosystem collapse and was subsequently rebuilt as a multi-chain AMM spanning Neutron, Sei, Injective, and Terra 2.0. In July 2024, Astroport was directly exploited via a reentrancy vulnerability in IBC hooks on the Terra chain, resulting in approximately $6.4 million in losses.

ALEX Lab is a Bitcoin DeFi protocol built on the Stacks blockchain, offering a decentralized exchange, yield farming, cross-chain bridging via XLink, and a token launchpad. The protocol suffered two significant security incidents: a May 2024 exploit of its XLink bridge via a compromised private key (alleged to be linked to North Korea's Lazarus Group) that drained approximately $4.3 million, and a second smart contract vault exploit in June 2025 that resulted in roughly $8.3 million in losses. Despite user reimbursement pledges and post-exploit security upgrades, the repeated nature of major incidents materially reduces trust.

On March 15, 2022, Agave (an Aave fork on Gnosis Chain) and Hundred Finance (a Compound fork deployed on Gnosis Chain) were simultaneously exploited via a reentrancy attack that abused post-transfer callback hooks in Gnosis Chain's non-standard ERC-677 bridged tokens, resulting in combined losses of approximately $11.7 million. Hundred Finance suffered a second major exploit in April 2023 on Optimism ($7.4 million), after which the protocol voted to shut down permanently in August 2023. Agave continued operating in diminished capacity before its DAO formally wound down in early 2024.

Griffain is a Solana-based AI-agent coordination platform launched in November 2024 that enables users to deploy autonomous on-chain agents for trading, NFT minting, and wallet management via natural language commands. The platform's native GRIFFAIN token reached a peak market capitalization of approximately $634 million in January 2025 before declining roughly 98% to a market cap near $10 million by early 2026. No regulatory actions, hacks, or fraud allegations have been identified; primary risk factors include agent custody model ambiguity, autonomous trading feature exposure to highly speculative memecoin markets, opaque smart contract audit disclosures, and limited public information on full team composition beyond the named co-founder.

Helium is a decentralized physical infrastructure network (DePIN) founded in 2013 by Amir Haleem, Shawn Fanning, and Sean Carey, operated by Nova Labs, Inc. The network incentivizes individuals to deploy wireless hotspots for IoT (LoRaWAN) and mobile coverage using its HNT token, which migrated to the Solana blockchain in April 2023. The project has a documented history of misrepresenting partner relationships to investors, resulting in a $200,000 SEC civil settlement in April 2025, but has demonstrated meaningful real-world usage growth through verified carrier data-offload partnerships with AT&T, T-Mobile, and Telefonica.

Helius (helius.dev) is a Toronto-founded, Solana-focused developer infrastructure company offering RPC nodes, enhanced APIs, webhooks, data streaming, and validator services. Founded in June 2022 by former Coinbase and AWS engineers, the company has raised $34.85 million across three rounds led by Founders Fund, Haun Ventures, and Foundation Capital, and operates as a key infrastructure layer for the Solana ecosystem. No regulatory actions or security breaches have been identified against Helius; the main risk signals are minor service reliability incidents and unresolved workplace conduct allegations against its CEO.

Hivemapper is a decentralized physical infrastructure network (DePIN) built on Solana that incentivizes drivers to collect street-level imagery via dashcams and rewards them with the native HONEY token. The company, led by named founder Ariel Seidman, has raised over $50 million in total funding and counts Lyft, TomTom, and Volkswagen ADMT among its enterprise customers. While no fraud or regulatory action has been identified, the project carries moderate risks related to token price volatility, hardware shipping delays, a 2022 regulatory ambiguity around whether HONEY constitutes a security, and inherent privacy considerations from mass collection of street-level imagery.

Lulo (lulo.fi), formerly known as Flexlend, is a Solana-based DeFi lending aggregator that automatically routes stablecoin deposits to the highest-yielding protocols on the network, including Kamino, Drift, Marginfi, Morpho, Maple, and Pendle. Founded in 2022 and formally launched in early 2024, the protocol has grown to over $86 million in TVL and surpassed $100 million in cumulative deposits, supported by five independent security audits and backing from Circle Ventures and Solana Ventures. The platform's primary risk profile is composability-layer exposure: deposits are routed across multiple third-party protocols, meaning a failure at any underlying venue could affect user funds, although Lulo's 'Protected' tier includes automated on-chain coverage for such events.

Lifinity was a proactive market maker and oracle-based decentralized exchange built on Solana, operating from February 2022 until it voluntarily shut down in December 2025 after processing approximately $150 billion in lifetime trading volume. The protocol was notable for its use of Pyth oracle pricing instead of traditional AMM mechanics, a no-VC community-funded launch via a veIDO, and a transparent wind-down that distributed roughly $43.4 million in treasury assets to LFNTY token holders. Risk factors include an anonymous pseudonymous founder operating as 'Durden' or 'durdenwannabe,' a $699,090 pool drainage incident in December 2023 caused by a protocol-level bug, and structural dependence on the Pyth oracle as a single external pricing dependency.

Hxro Network is a decentralized derivatives and liquidity primitive built on the Solana blockchain, providing shared exchange, risk management, and settlement infrastructure for on-chain futures, options, and parimutuel betting markets. The project raised $49 million across two token rounds in 2021 from well-regarded institutional investors including Jump Crypto, Blockchain Capital, Susquehanna International Group, and Alameda Research. While the team is publicly identified with traditional finance credentials and multiple third-party security audits have been completed, the HXRO token has experienced a severe decline from its all-time high, and the network has struggled to achieve meaningful adoption relative to competing Solana derivatives protocols.

Honeyland is a mobile-first, play-to-earn blockchain strategy game built on Solana by Hexagon Studios (Singapore), where players manage bee colonies to earn the native HXD token. The project raised $4 million prior to its public token launch in March 2023 and was acquired by Montreal-based Bravo Ready Studios in July 2025. No confirmed fraud, hack, or regulatory action has been identified; the primary risk factors are severe token price depreciation (approximately 99.9% from all-time high), low trading liquidity, and the structural sustainability challenges common to play-to-earn game economies.

Luna Yield ($LUNY) was a purported cross-chain yield aggregator built on Solana that conducted an initial DEX offering (IDO) on the SolPad launchpad in August 2021. Approximately two days after its IDO, the anonymous development team removed all liquidity from protocol pools, deleted the project website and all social media accounts, and transferred an estimated $6.7 million in user funds across multiple cryptocurrencies to obfuscation services, in what multiple crypto news outlets characterized as a rug pull. The incident is widely cited as the first major rug pull on the Solana blockchain.

MiningMax (also styled Mining Max LLC) was a US-registered cryptocurrency mining company that operated from approximately September 2016 through October 2017, allegedly defrauding approximately 18,000 investors across 54 countries out of roughly 270 billion Korean won (approximately $250 million USD). South Korean prosecutors indicted 21 individuals in December 2017 on charges of fraud and violations of Korea's door-to-door sales law; the company's chairman, Nam Ho Park (also known as Daniel Park), and vice chairman fled the country and were placed on Interpol's wanted list. The California Department of Financial Protection and Innovation (DFPI) issued a Desist and Refrain Order against Mining Max LLC and its founder Nam Ho Park in July 2020.

OneCoin was a global fraudulent cryptocurrency scheme founded in 2014 by Ruja Ignatova ("the Cryptoqueen") and Karl Sebastian Greenwood. Operating as both a Ponzi scheme and a multi-level-marketing pyramid, it defrauded an estimated 3.5 million victims across more than 175 countries of over $4 billion by marketing a cryptocurrency that had no real blockchain. Ignatova disappeared in October 2017, is an FBI Ten Most Wanted Fugitive with a $5 million reward, and multiple co-conspirators have been convicted and sentenced to federal prison.

Pincoin and iFan were two cryptocurrency tokens promoted in Vietnam in 2017–2018 by Modern Tech Joint-Stock Company, a Ho Chi Minh City-based firm operated by eight Vietnamese nationals. The scheme promised monthly returns of up to 48 percent through a multi-level marketing structure and is alleged to have defrauded approximately 32,000 investors of roughly 15 trillion Vietnamese dong (approximately $660 million USD), making it one of the largest ICO exit scams on record. The eight operators vacated their offices and allegedly fled Vietnam around March 2018; as of publicly available reporting through 2021, no confirmed arrests or convictions of the principals had been reported in English-language sources.

Trade Coin Club (TCC) was a multi-level marketing cryptocurrency program that operated from late 2016 through mid-2018, allegedly collecting over 82,000 Bitcoin valued at approximately $295 million from more than 100,000 investors worldwide. The program falsely promised daily returns of at least 0.35% generated by an automated trading bot; the SEC and DOJ allege no such trading occurred and that investor withdrawals were funded entirely by new investor deposits, constituting a classic Ponzi scheme. In November 2022, the SEC charged four individuals including founder Douver Torres Braga; Braga was subsequently extradited from Switzerland in February 2025 to face a 13-count federal criminal indictment.

TurtleDex was a purported decentralized cloud storage protocol launched on Binance Smart Chain (BSC) in March 2021. The project raised approximately 9,000 BNB (roughly $2.5 million) in a presale on March 15, 2021, then executed an exit scam on or around March 19, 2021, draining liquidity pools on PancakeSwap and ApeSwap, converting the proceeds to ETH, and disappearing entirely. The team's identities were disclosed only under pseudonyms in a pre-launch AMA, and no funds were recovered.

USI-Tech (United Software Intelligence Technology) was a Dubai-registered cryptocurrency and forex multilevel-marketing scheme that operated from approximately 2016 through early 2018, selling so-called 'BTC Packages' and promising investors an average daily return of 1% over 140 days. Regulators across the United States, Canada, New Zealand, and Spain issued cease-and-desist or warning orders in 2017–2018; an estimated $150 million in investor funds — predominantly in Bitcoin and Ether — was allegedly misappropriated before the platform went offline overnight. Co-founder and CEO Horst Jicha was indicted in the U.S. Eastern District of New York in August 2023, arrested in December 2023, and became a fugitive in October 2024 after allegedly tampering with his ankle monitor and absconding in violation of pretrial-release conditions.

Vitae was a social-media rewards platform operated by Switzerland-registered Vitae AG, which issued the VITAE token and promised users income from content interactions through a multi-level affiliate structure. Belgian and Swiss authorities, coordinated by Europol, shut down the platform in June 2021, arresting five individuals and seizing over €2.6 million in cash and cryptocurrency across 17 raids, alleging the operation was a Ponzi and pyramid fraud that defrauded approximately 223,000 people in 177 countries. The platform's founder, Michael Weber, operated under the alias 'Michael Bradley' and had prior involvement in the BitConnect Ponzi scheme; he remained at large in the United States as of last known reporting.

WoToken was a Chinese cryptocurrency multi-level marketing Ponzi scheme that operated from July 2018 to October 2019, defrauding approximately 715,249 investors of roughly 7.7 billion yuan (approximately $1.1–$1.15 billion USD) in cryptocurrency. Six defendants were tried in May 2020 and four primary operators received prison sentences of up to 8.5 years following a second-instance ruling by the Intermediate People's Court of Yancheng City, Jiangsu Province in October 2020. At least one operator was reported to have prior involvement in the PlusToken scheme, leading observers to describe WoToken as 'PlusToken 2.0.'

Access Protocol is a Solana-based Web3 content monetization platform operated by Access Labs Inc., founded by Mika Honkasalo in 2022. The protocol enables users to stake its native ACS token into publisher stake pools in lieu of traditional subscriptions, with launch partners including CoinGecko and The Block. While the project raised modest seed funding, listed on Coinbase at launch, and has not been implicated in fraud or regulatory action, significant concerns exist around its highly inflationary tokenomics, sharp price decline of roughly 99% from its all-time high, a small and lightly-documented team, and the absence of publicly disclosed smart contract audit reports.

Adrena Protocol was a decentralized peer-to-pool perpetual futures exchange built on Solana, offering up to 100x leverage trading via a dual-token model (ADX governance token and ALP liquidity pool token). Founded circa 2023 by an anonymous team of self-described Solana-native builders, the protocol achieved approximately $8 billion in cumulative trading volume and $10 million in fee revenue before entering maintenance mode in November 2025 after failing to secure sufficient external funding and struggling with user retention. As of early 2026, the founding team has ceased active development, the protocol remains operational in a caretaker state, and a community relaunch targeting RWA (real-world asset) perpetuals has been announced in partnership with oracle provider Autonom.

Aldrin (formerly Cryptocurrencies.ai) is a Solana-based decentralized exchange and AMM protocol that launched its RIN utility token via IDO in mid-2021, backed by investors including Alameda Research. The project's original DEX product experienced severe activity decline following the FTX/Alameda collapse in November 2022 and the concurrent implosion of the Serum orderbook infrastructure it relied upon. As of 2025–2026, Aldrin Labs has pivoted to multi-chain Telegram trading bots (RINbot) on Sui and Aptos, while the original Solana DEX is effectively inactive with near-zero TVL and the RIN token has lost approximately 99.98% of its all-time-high value.

Anza (Anza Technology, Inc.) is a Delaware-incorporated software development firm founded in January 2024 by approximately 45 former Solana Labs engineers and executives, including Solana co-founder Stephen Akridge. The company serves as the primary maintainer of the Agave validator client — a fork of the original Solana Labs codebase and the majority client on the Solana network — and has proposed Alpenglow, a wholesale redesign of Solana's consensus mechanism approved by governance in September 2025. Anza has no token of its own; risk considerations center on its outsized influence over Solana's core protocol, the regulatory context of its formation, and a personal civil lawsuit involving co-founder Stephen Akridge.

Aurory is a Solana-based free-to-play, play-to-earn role-playing game featuring NFT creatures called Nefties, launched in 2021 by a team with backgrounds at major game studios. The project suffered a significant December 2023 exploit of its SyncSpace marketplace bridge, resulting in approximately $830,000 in stolen AURY tokens. As of mid-2026, the AURY token trades near all-time lows, down over 99% from its 2021 peak, reflecting sustained tokenomics pressure, limited adoption, and investor uncertainty following the security incident.

Backpack is a Solana-ecosystem crypto wallet and centralized exchange (operating as Trek Labs Ltd FZE) founded in 2022 by Armani Ferrante and Tristan Yver, both veterans of the FTX and Alameda Research organizations prior to those firms' 2022 collapse. The exchange holds a VARA VASP license in Dubai and a MiFID II license (via acquisition of FTX EU from CySEC in January 2025), has published daily zero-knowledge proof-of-reserves since August 2025, and raised funding at a reported $1 billion valuation in early 2026. Key risk signals include the founders' FTX-era history, a contested FTX EU acquisition that drew a public rebuke from the FTX bankruptcy estate, a 60-plus percent post-TGE collapse of its native BP token, and ongoing US regulatory limitations.

Believe (believe.app) is a Solana-based token launchpad founded by Australian entrepreneur Ben Pasternak, originally launched in January 2025 as 'Clout' before rebranding. The platform popularized a 'tweet-to-token' model under the 'Internet Capital Markets' narrative, enabling anyone to deploy a Solana token by replying to an X post. The platform and its founder face a federal class action lawsuit alleging coordinated investor fraud across three successive token schemes, Pasternak's arrest on criminal assault and strangulation charges, and widespread accusations of supply dilution, broken buyback promises, and fee extraction totaling an estimated $54 million on roughly $6 billion in trading volume.

BlazeStake is a non-custodial Solana liquid staking protocol operated by SolBlaze, launched in May 2022, that issues bSOL tokens to depositors in exchange for staked SOL distributed across 200+ validators. The protocol uses the official Solana Labs stake-pool smart contract, which has received seven external security audits from five firms; upgrade authority is controlled by an ecosystem multisig overseen by the Solana Foundation. The team operates pseudonymously and the protocol has no disclosed regulatory actions or hacks, though it was involved in a publicized partnership dispute with MarginFi in April 2024.

Boop.fun is a Solana-based memecoin launchpad launched in May 2025 that allows users to create community-driven tokens called 'cults,' backed by a native $BOOP token with staking rewards and an influencer-driven airdrop mechanism. The platform reached a $500 million market cap within 90 minutes of launch but declined sharply amid founder credibility disputes — including allegations by former Binance CEO CZ of insider trading and false credential claims — an airdrop mechanism that was terminated early for being 'exploited and manipulated,' and a ~99% collapse in BOOP token price from its all-time high. Founder Dingaling (alleged real name: Dinghua Xiao) stepped down in November 2025, and the platform's ongoing leadership and development trajectory remain uncertain.

Cropper Finance is a permissionless automated market maker (AMM) and yield farming protocol built on the Solana blockchain, launched in mid-2021. The platform raised approximately $1.1–1.5 million across seed and public rounds and underwent security audits by Halborn Security, but operates with a pseudonymous-to-anonymous founding team and has experienced severe TVL and token value decline since its 2021 peak. As of 2025–2026 the protocol shows minimal trading activity, negligible TVL, and near-zero community engagement, raising questions about long-term viability.

Clockwork was a Solana-based smart-contract automation protocol that allowed developers to schedule transactions and build event-driven on-chain programs without relying on centralized cloud infrastructure. Founded in 2021 as Cronos and rebranded in 2022, the project raised $4 million in seed funding from Multicoin Capital, Asymmetric, and Solana Ventures before its founder announced an orderly shutdown effective October 31, 2023, citing limited commercial upside. No fraud, security exploits, or regulatory actions have been identified; the shutdown is assessed as a voluntary wind-down of a legitimate infrastructure project.

Cega (cega.fi) was a decentralized exotic options and structured products protocol that operated from June 2022 through late 2024 on Solana, Ethereum, and Arbitrum. Founded by Arisa Toyosaki, a named former derivatives trader, and backed by Dragonfly Capital, Pantera Capital, and Coinbase Ventures, the protocol processed over $500 million in cumulative transaction volume without a reported user fund loss. In November 2024 Cega was acquired by an undisclosed party and wound down its public-facing product suite, urging remaining depositors to withdraw.

BullX (neo.bullx.io) is a multi-chain DEX trading terminal and Telegram bot launched in mid-2024, primarily targeting Solana memecoin traders. The platform is operated by Future Bridge Inc., incorporated in Panama, with leadership known only by the pseudonym 'Blitz.' BullX accumulated over $12.4 billion in lifetime trading volume and $112 million in fees before suffering a sharp user decline in early 2025 amid allegations of referral commission withholding, CEO inaccessibility, and a two-month social media blackout — though the platform remains operational as of mid-2026.

CryptoZoo was a blockchain-based NFT game co-founded by YouTuber Logan Paul that launched in September 2021 promising players would earn money by breeding virtual animals using the $ZOO token; the game's core gameplay mechanics were never delivered, leading to investor losses, a prominent investigative YouTube series by Coffeezilla, class-action litigation, and an eventual partial refund program. A class-action lawsuit was dismissed with prejudice in October 2025 on the grounds that Paul's promotional statements constituted non-actionable 'puffery', while Paul's own defamation lawsuit against Coffeezilla was proceeding toward a May 2026 jury trial as of the most recent available public records.

Karatbars International GmbH is a Stuttgart-based multi-level marketing company founded in 2011 by Harald Seiz that sold small gold bars through an affiliate network before launching the KaratGold Coin (KBC) in a 2018 ICO that allegedly raised $100 million. Regulatory authorities in Namibia, Germany (BaFin), South Africa, Canada, New Zealand, and the United States (Florida) issued warnings or enforcement actions against the company between 2014 and 2020, with Namibia's central bank formally declaring it a pyramid scheme in May 2019. By late 2020 the company had rebranded as Freebay after the KBC token collapsed; its founder Harald Seiz relocated to Thailand and a German court issued an arrest warrant against him in 2023.

HashOcean (hashocean.com) was a cloud-mining platform that operated from approximately 2014 to 2016, claiming to run data centers in San Francisco, New York, Nuremberg, and Singapore and offering free hashrate to new signups. The site disappeared on or after June 25, 2016, affecting an alleged 700,000 users worldwide. Independent analysis and community assessments characterized it as a Ponzi scheme; no verified law enforcement action or identified operators have been publicly confirmed.

HEX is an ERC-20 token launched in December 2019 by Richard Heart (legal name Richard Schueler), marketed as a blockchain-based certificate of deposit with high staking yields. The U.S. Securities and Exchange Commission filed suit in July 2023 alleging Heart raised over $1 billion through unregistered securities offerings across HEX, PulseChain, and PulseX, and misappropriated at least $12 million for personal luxury purchases; a federal judge dismissed the case in February 2025 on jurisdictional grounds, and the SEC declined to refile. Separate from the U.S. action, Finnish authorities are pursuing Heart on charges of aggravated tax fraud and assault, and Interpol issued a Red Notice for his arrest in December 2024.

GraceToken is an ambiguous name shared by at least two unrelated cryptocurrency projects. The first (ticker: GRCE, Ethereum) was a 2017 charity-fundraising ICO that officially announced its shutdown in January 2018, citing resource exhaustion and inability to gain traction; its team identities were never publicly disclosed. The second (ticker: GRC, BNB Smart Chain) is a separate 2022 community-oriented meme token that reached an all-time high of approximately $0.87 in April 2022 before collapsing to near-zero, with no remaining liquidity or active trading; no Tier 1 or Tier 2 source has confirmed a deliberate rug pull for either project.

Malone Lam Yu Xuan (born July 19, 2004), a Singaporean national residing in Miami and Los Angeles, is the alleged ringleader of a crypto theft and money laundering enterprise responsible for stealing over $263 million across multiple victims between 2023 and 2025. He was arrested by the FBI on September 18, 2024, and faces RICO conspiracy charges in what prosecutors describe as the first Bitcoin-related RICO prosecution in U.S. history. As of early 2026, he remains in pretrial detention while negotiating a plea deal.

Velodrome Finance is an automated market maker (AMM) and decentralized exchange (DEX) launched on June 2, 2022, on the Optimism Layer 2 network. It is a fork and improvement of Andre Cronje's Solidly Exchange, implementing a ve(3,3) governance and liquidity incentive model. The protocol has experienced three documented security incidents: an insider theft of $350,000 by a team member in August 2022, a DNS/frontend social-engineering attack in November–December 2023 resulting in approximately $250,000 in user losses, and a second DNS hijacking in November 2025 attributed to a NameSilo registrar insider, resulting in estimated losses of $700,000–$1,000,000. Smart contracts have not been directly exploited; all monetary losses have stemmed from front-end and operational security failures.

M2 is a UAE-based cryptocurrency exchange licensed by the Abu Dhabi Global Market (ADGM) Financial Services Regulatory Authority, operating as a regulated Multilateral Trading Facility and custodian since late 2023. On October 31, 2024, the exchange suffered a $13.7 million hot wallet breach attributed to an access control vulnerability across the Bitcoin, Ethereum, and Solana networks. M2 subsequently reimbursed all affected customers from its own assets and stated it had engaged law enforcement and regulatory authorities.

Rapper Nelly (Cornell Iral Haynes Jr.) is flagged here not as a perpetrator of crypto fraud, but as a victim of an account compromise. In October 2023, an X (formerly Twitter) account associated with Nelly — handle @NellioETH — was hacked by an unknown third party who then used it to run a social engineering phishing campaign against crypto users. Blockchain investigator ZachXBT first identified and publicized the incident; specific amounts stolen from victims and detailed on-chain forensics have not been publicly confirmed.

Ninamo is a purported crypto entity whose name was submitted for investigation on AVOID.NET. Exhaustive searches across regulatory databases, blockchain explorers, crypto news outlets, scam trackers, social media platforms, domain registries, and the Wayback Machine returned no verifiable information about any crypto project, exchange, token, or DeFi protocol operating under the name Ninamo. No wallet addresses, enforcement actions, community reports, or archived web presence could be located.