Avoid your next
big mistake

PT Digi Global Konsultan is an Indonesian company used as a front for an international pig-butchering cryptocurrency fraud syndicate dismantled by Central Java Police in May 2026. The operation ran from July 2025 to May 2026 out of Sukoharjo District, Central Java, defrauding at least 133 victims — predominantly US citizens — of approximately $2.33 million USD (Rp41.1 billion). Thirty-nine suspects were arrested, including foreign nationals from Nepal and Myanmar, and Indonesian authorities are collaborating with the FBI.

Faris Ali (legal name reported as Faris Hassan in court proceedings) is a UK teenager from Sheffield who, at age 16, orchestrated a violent home-invasion robbery in Hoxton, East London on June 17, 2024, in which three masked attackers posing as Amazon delivery couriers forced a victim at knifepoint to transfer over $4.3 million in cryptocurrency. Blockchain investigator ZachXBT publicly exposed Ali in October 2024 through on-chain forensics and leaked Telegram chat logs; the Metropolitan Police recovered nearly all stolen funds within 72 hours. Ali and two accomplices were sentenced to a combined 16 years in youth detention at Sheffield Crown Court in November 2025.

Meteora is a Solana-based decentralized exchange and liquidity protocol that originated from Mercurial Finance in early 2023. Its co-founder Benjamin Chow resigned in February 2025 amid allegations of insider manipulation across at least 15 token launches, including M3M3, LIBRA, MELANIA, ENRON, and TRUST. Two separate federal class-action lawsuits filed in the Southern District of New York allege that Chow, Meteora, and co-defendants Kelsier Labs LLC collectively orchestrated pump-and-dump schemes causing at least $69 million in investor losses.

LAB is a Dubai-based AI trading terminal project whose native token surged over 350% in 72 hours to a $6 billion fully diluted valuation in May 2026 before collapsing 77% on June 2, 2026, erasing roughly $6 billion in market value. On-chain investigator ZachXBT published findings in May 2026 alleging that insiders — including founder Vova Sadkov (Vladimir Sadkov) and co-founder Mark X — controlled over 95% of the token's circulating supply through opaque OTC loans, unilateral vesting changes, and coordination with Bitget exchange infrastructure. No formal regulatory action has been confirmed as of June 2026; Sadkov and the LAB team did not issue a public rebuttal to the allegations.

ApeMars (APRZ) was an ERC-20 meme token that raised $532,969.34 from 1,884 presale investors across 23 stages before listing on Uniswap on June 6, 2026. On June 7, 2026, the APRZ/WETH price collapsed 99.95% — from $0.00580 to $0.00000032 — in minutes across only 11 trades as ETH was removed from the Uniswap liquidity pool, consistent with a coordinated liquidity drain. The project's official X account was suspended simultaneously, no team statement has been issued as of the investigation date, and approximately $532K in raised presale funds remain unaccounted for.

Syscoin Bridge is the cross-chain bridge infrastructure connecting Syscoin's UTXO chain and its Network Enhanced Virtual Machine (NEVM) EVM-compatible layer. In June 2026, an attacker exploited a proof-validation parsing flaw in the bridge relay, minting approximately 5 billion unauthorized SYS tokens valued at roughly $10 million and inflating the circulating supply by an estimated 568 percent. The bridge was paused immediately and the attacker subsequently returned the funds following private whitehat negotiations, though the incident raised serious questions about audit coverage of the relay component.

The Verus-Ethereum Bridge is a cross-chain infrastructure component enabling asset transfers between the Verus (VRSC) network and Ethereum. On May 18, 2026, the bridge was exploited for approximately $11.58 million through a business-logic validation flaw that allowed an attacker to withdraw far more value on the Ethereum side than was deposited on the Verus side. Following negotiations, the attacker returned approximately 75% of the stolen funds (4,052 ETH) in exchange for a 1,350 ETH bounty and an agreement to halt investigations.

UNK_DeadDrop is a suspected North Korea-aligned threat actor campaign disclosed by Proofpoint on June 8, 2026, in which attackers sent more than 250 phishing emails to software developers at approximately 100 organizations — with a heavy focus on cryptocurrency firms — over a six-week period in April and May 2026. Victims were directed to actor-controlled GitHub and GitLab repositories disguised as coding assignments or code-review projects; opening these repositories silently deployed cross-platform malware including the Go-based Overlord remote-access framework and malicious VS Code extensions (VSIX) capable of stealing browser credentials, cryptocurrency wallets, and API tokens. Proofpoint tracks UNK_DeadDrop as a distinct cluster from the previously documented Contagious Interview / Lazarus campaigns, noting industrialized repository creation and an email-first delivery model as differentiating characteristics.

PlusToken was a cryptocurrency Ponzi scheme that defrauded an estimated 3 million investors of between $2 billion and $3 billion in digital assets.

Bitget is a centralized cryptocurrency exchange founded in 2018 and registered in the Seychelles, serving a self-reported user base in the tens of millions and recording $8.17 trillion in derivatives trading volume in 2025. Since April 2026, on-chain investigator ZachXBT has publicly alleged that Bitget functions as a node in a 'Chinese CEX cartel,' enabling a pattern of insider token supply manipulation across at least four named tokens (RAVE, RIVER, SIREN, and LAB) while naming Bitget's non-public-facing founder Shawn Liu as the alleged operative behind the schemes. No regulatory enforcement action had been filed as of June 2026, and neither Bitget nor Liu had publicly responded to the allegations.

On January 31, 2026, Step Finance, a Solana-based portfolio tracking and DeFi analytics platform, suffered a treasury theft in which an attacker drained approximately 261,854 SOL (valued at roughly $27.3 million at the time) after compromising executive team devices and seizing staking authority over protocol wallets. The incident led to a 93% collapse in the STEP governance token price and ultimately forced the permanent shutdown of Step Finance and its affiliated projects SolanaFloor and Remora Markets by February 24, 2026.

Shunda Park was an industrial-scale pig-butchering fraud compound located in Min Let Pan, Karen State, Myanmar, operated by Chinese criminal networks and employing over 3,500 workers from nearly 30 nations. The compound ran fraudulent cryptocurrency investment schemes targeting Americans and other international victims from at least early 2024 until its seizure by the Karen National Liberation Army in November 2025. The U.S. Department of Justice charged two Chinese national managers with wire fraud conspiracy in April 2026 and restrained over $701 million in related cryptocurrency.

Xinbi Marketplace (also known as Xinbi Guarantee) is a Chinese-language, Telegram-based illicit crypto marketplace that has processed an estimated $24.2 billion in total transaction volume since 2022, making it one of the largest known illicit online marketplaces ever tracked. Operating as an informal escrow provider and vendor platform primarily serving pig-butchering scam networks in Southeast Asia, it was sanctioned by the UK Foreign, Commonwealth and Development Office on 26 March 2026 — the first country-level sanction against the platform — under the Global Human Rights sanctions regime. The operator is formally incorporated as 'Xinbi Co., Ltd' in Colorado, USA, though its actual operations are believed to be based in the Golden Triangle region of Southeast Asia.

On June 5, 2026, Shielded Labs publicly disclosed a critical soundness bug in the Zcash Orchard shielded pool's zero-knowledge proof circuit that had existed undetected since Orchard's activation in May 2022. The flaw — an under-constrained element in the halo2_gadgets elliptic-curve multiplication gadget — could have allowed an attacker to mint unlimited counterfeit ZEC inside the shielded pool with no on-chain trace. An emergency hard fork (NU6.2) was deployed on June 3, 2026, patching the circuit before public disclosure, though Zcash's privacy architecture structurally prevents retrospective confirmation that no exploitation occurred during the four-year exposure window.

AudiA6 was a professional cryptocurrency mixing and laundering service that operated from 2021 until its dismantlement on June 10, 2026, in a coordinated international law enforcement operation. The service processed approximately 10,333 Bitcoin — valued at roughly $389 million at the time of transactions — for ransomware groups, darknet market operators, and other cybercriminals, charging commissions of 3–10%. Two alleged operators, Ruslan Igorevich Tkachuk (Ukrainian, 37) and Alexander Vladimirovich Ledenev (Russian, 25), were arrested in Batumi, Georgia, and face U.S. federal charges in the Eastern District of Pennsylvania carrying up to 20 years in prison each.

LAB is a multi-chain AI trading terminal token that launched its TGE in October 2025 and surged over 350% to a $6 billion fully diluted valuation in early May 2026 before crashing more than 65%. On-chain investigator ZachXBT published findings alleging that insiders control approximately 95% of the token supply, that 100 million LAB tokens worth roughly $480 million were withdrawn from Bitget to 10 freshly created wallets within a 12-hour window, and that the team orchestrated a coordinated retail extraction scheme involving OTC discount deals, unilateral vesting extensions, unpaid marketing obligations, and coercive KOL agreements. No public denial or response has been issued by the project's founders.

Rain Protocol (RAIN) is a decentralized prediction market infrastructure protocol built on Arbitrum that reached approximately $8.8–9 billion in fully diluted valuation by early June 2026, positioning it briefly among the top 15 cryptocurrencies globally. On June 5, 2026, on-chain investigator ZachXBT published findings alleging that addresses linked to the RAIN team share transaction trails with wallets connected to the failed Data Ownership Protocol (DOP) and TOMI projects, both previously linked to Israeli entrepreneur Moshe Hogeg, who faces criminal fraud charges in Israel. ZachXBT characterized the token as a likely insider-controlled pump with 99.97% of circulating supply held by 81 wallets and offered a $100,000 bounty for documentation of centralized exchange market manipulation; Rain Protocol had not issued a public response as of the date of these reports.

Humanity Protocol is a blockchain-based decentralized identity platform founded by Terence Kwok that uses palm-vein biometrics and zero-knowledge proofs to verify unique personhood. The project raised $50 million at a $1.1 billion valuation from institutional investors including Pantera Capital and Jump Crypto, and launched its $H token in June 2025. In June 2026, attackers drained approximately $32–36 million from the project via a compromised employee laptop holding multiple multisig private keys; on-chain investigator ZachXBT alleged the incident may have been staged, claims the team has not publicly rebutted with independent verification.

Morocoin Tech Corp., Berge Blockchain Technology Co. Ltd., Cirkor Inc., AI Wealth Inc., Lane Wealth Inc., AI Investment Education Foundation Ltd., and Zenith Asset Tech Foundation are seven entities charged by the SEC on December 22, 2025 (Case No. 1:25-cv-04102, D. Colo.) with defrauding at least $14 million from U.S. retail investors in a coordinated pig-butchering and AI-themed investment confidence scheme operating from January 2024 through January 2025. The scheme used WhatsApp-based fake investment clubs, deepfake social media advertisements, fabricated AI-generated trading signals, and counterfeit trading platforms that conducted no actual trading, followed by advance fee demands to further extract funds from victims attempting withdrawals.

Amnokgang Technology Development Company is a North Korean state-controlled IT firm established in 1982 and headquartered in Pyongyang. The U.S. Treasury's Office of Foreign Assets Control (OFAC) sanctioned it on March 12, 2026, for managing overseas DPRK IT worker delegations that allegedly generated nearly $800 million in illicit revenue in 2024 to fund North Korea's weapons of mass destruction programs. Seven cryptocurrency addresses across Ethereum and Tron networks were designated, with TRM Labs reporting over $12 million in tracked on-chain transactions through those addresses.

Cheil Credit Bank, also known as First Credit Bank and formerly as Kyongyong Credit Bank, is a North Korean state-controlled financial institution headquartered in Pyongyang with representative offices in Beijing, Shenyang, and Shanghai. First designated by OFAC in September 2017 under Executive Order 13810 for operating in North Korea's financial services sector, the bank was dramatically re-expanded on November 4, 2025, when OFAC added 53 cryptocurrency addresses to its Specially Designated Nationals listing, linking it to over $12.7 million in USDT-TRC20 flows between June 2023 and May 2025 — funds attributed primarily to DPRK overseas IT workers and cybercrime proceeds destined for the regime's weapons programs.

TraderTraitor (also tracked as UNC4899, Jade Sleet, Slow Pisces, and PUKCHONG) is a North Korean state-sponsored cyber threat cluster operating under the Reconnaissance General Bureau (RGB), formally designated by the FBI, CISA, and U.S. Treasury as responsible for stealing billions of dollars in cryptocurrency from blockchain companies, exchanges, and developers since at least 2020. The cluster is most prominently attributed to the February 2025 Bybit heist — the largest cryptocurrency theft in history at approximately $1.5 billion — as well as the May 2024 DMM Bitcoin theft ($308 million), the July 2023 JumpCloud supply chain attack, and the April 2022 Ronin Network compromise ($620 million). Chainalysis estimates North Korean actors, dominated by TraderTraitor operations, stole $2.02 billion in 2025 alone, pushing their all-time attributed total to approximately $6.75 billion since 2017.

Citrine Sleet (also tracked as AppleJeus, Gleaming Pisces, UNC4736, and Labyrinth Chollima) is a North Korean state-sponsored threat cluster attributed to Bureau 121 of the Reconnaissance General Bureau (RGB), active since at least 2018. The group specializes in financially motivated cyberattacks against cryptocurrency exchanges, DeFi protocols, and developer toolchains, deploying trojanized trading applications, supply chain compromises, and zero-day exploits to steal digital assets. Chainalysis estimates DPRK-linked actors have stolen at least $6.75 billion in cryptocurrency since 2016, with Citrine Sleet/UNC4736 operations accounting for multiple hundred-million-dollar individual incidents including the April 2026 Drift Protocol exploit ($285 million) and the October 2024 Radiant Capital breach ($50 million).

The DPRK IT Worker Network is a state-directed, multi-year operation run by the North Korean government that places thousands of fraudulently credentialed software developers inside U.S. and global technology and crypto companies using stolen identities, fake personas, and U.S.-based facilitators. Workers generate hundreds of millions of dollars annually in illicit wages funneled back to Pyongyang to fund weapons of mass destruction and ballistic missile programs, and have escalated to data theft and extortion. The operation has drawn DOJ indictments of dozens of individuals across multiple enforcement waves (2024–2026), OFAC sanctions designating front companies and facilitators in China, Vietnam, Laos, Russia, and Spain, and FBI warnings to private industry.

Beginning approximately January 2, 2026, blockchain investigator ZachXBT flagged an active, automated campaign draining hundreds of wallets across at least a dozen EVM-compatible chains, with over $107,000 stolen in mostly sub-$2,000 increments consolidated into a single aggregation address (0xAc2e5153170278e24667a580baEa056ad8Bf9bFB). The root cause was not confirmed at the time of ZachXBT's initial disclosure; suspected vectors included token-approval abuse, malicious signature exploits, a fake-MetaMask phishing email campaign, and possible spillover from the Trust Wallet browser-extension supply-chain compromise of December 2025. This entry serves as a consumer-protection warning and on-chain address flag.

OKX NFT Aggregator is the NFT marketplace and aggregation layer of OKX, one of the world's largest crypto exchanges, supporting over 21 blockchains and 32 aggregated markets. The product has been implicated in a smart contract storage-collision exploit (June 2024), operates within an exchange that pleaded guilty to U.S. AML violations and agreed to a $504 million DOJ settlement (February 2025), and saw its parent DEX aggregator suspended in March 2025 after North Korea's Lazarus Group used the broader OKX Web3 infrastructure to launder approximately $100 million from the Bybit hack. ZachXBT has flagged the entity in the context of these broader OKX platform concerns.

OKX (formerly OKEx) is one of the world's largest centralized cryptocurrency exchanges by trading volume, founded in 2017 by Mingxing 'Star' Xu and operated by Aux Cayes Fintech Co. Ltd, incorporated in the Seychelles. In February 2025 its Seychelles operating entity pleaded guilty in U.S. federal court to operating an unlicensed money transmitting business for over seven years, agreeing to pay more than $504 million in fines and forfeitures. The exchange carries a moderate-to-elevated risk profile due to this criminal conviction, a pattern of AML failures across multiple jurisdictions, and historical incidents including a 42-day withdrawal freeze in 2020; it has taken substantive remediation steps including monthly proof-of-reserves publication since 2022, a MiCA license in the EU, and a US relaunch in April 2025 under new regional leadership.

Gate.io (rebranded to Gate.com in May 2025) is a major global cryptocurrency exchange founded in 2013 as Bter.com by Lin Han, currently incorporated in the Cayman Islands and serving over 52 million users across more than 4,600 assets. The exchange has faced significant scrutiny including an alleged undisclosed $230 million hack in 2018 attributed to North Korean state actors, a 2025 public notice from the Cayman Islands Monetary Authority (CIMA) confirming it has never been licensed in its ostensible home jurisdiction, and a pattern of user complaints regarding account freezes, withdrawal blocks, and a disputed $LA futures incident in 2025. The exchange publishes monthly proof-of-reserves reports audited by Hacken and holds licenses in several jurisdictions including Malta (MiCA), Dubai (VARA), Cyprus (CySEC), and Australia (AUSTRAC).

Jump Trading is a Chicago-based proprietary trading firm founded in 1999, operating one of the largest high-frequency trading operations globally across futures, equities, fixed income, FX, and cryptocurrency markets. Its crypto division, Jump Crypto, became a major force in DeFi infrastructure between 2021 and 2023, co-developing Wormhole, Pyth Network, and the Firedancer Solana validator client. The firm has faced significant regulatory and legal exposure: its subsidiary Tai Mo Shan settled with the SEC in December 2024 for $123 million over TerraUSD manipulation, the Terraform bankruptcy administrator filed a $4 billion civil lawsuit in December 2025 naming Jump and individual executives, and a separate CFTC investigation was reported in 2024 with no public resolution as of mid-2026.

Curve Finance is a major decentralized exchange and automated market maker (AMM) on Ethereum, optimized for low-slippage swaps of pegged assets such as stablecoins. On July 30, 2023, several of its liquidity pools were drained of approximately $70 million due to a reentrancy vulnerability in the Vyper smart contract compiler (versions 0.2.15, 0.2.16, and 0.3.0), one of the largest DeFi exploits of 2023. Separately, founder Michael Egorov's practice of using large CRV holdings as loan collateral across multiple DeFi protocols created systemic risk that culminated in a $140 million liquidation event in June 2024, generating over $10 million in bad debt across connected protocols.

Hyperliquid suffered a documented ecosystem incident with reported losses of $37K on Arbitrum. This page tracks DeFiLlama's record of the event.

BitMEX (Bitcoin Mercantile Exchange) is a cryptocurrency derivatives exchange founded in 2014 by Arthur Hayes, Ben Delo, and Samuel Reed that pioneered the perpetual swap contract and at its peak was one of the largest crypto derivatives platforms in the world. In October 2020, the CFTC and DOJ charged the exchange and its co-founders with operating an unregistered trading platform and willfully failing to implement anti-money laundering and know-your-customer programs in violation of the Bank Secrecy Act. All three co-founders subsequently pleaded guilty, the exchange paid a $100 million civil settlement, and in March 2025 the founders and the corporate entity received presidential pardons from Donald Trump.

Yearn Finance is a decentralized yield aggregator on Ethereum that routes user deposits into lending protocols to maximize returns. Founded by Andre Cronje in 2020, the protocol has suffered at least four documented security exploits between 2021 and 2025, with aggregate losses exceeding $20 million, and its founder departed in 2022 citing sustained pressure from an SEC investigation. Governance concerns, an interconnected web of affiliated DeFi protocols implicated in their own major hacks, and repeated failures to deprecate vulnerable legacy code compound the protocol's risk profile.

SushiSwap is a decentralized exchange (DEX) and DeFi protocol launched in August 2020 as a fork of Uniswap, offering an automated market maker (AMM), governance token (SUSHI), and multi-chain liquidity pools. The protocol has endured a series of serious controversies spanning its entire history: a founding exit-scam attempt by anonymous creator Chef Nomi, early operational control handed to convicted fraudster Sam Bankman-Fried, an SEC subpoena issued to the protocol and its CEO in 2023, a $3.3 million smart contract exploit the same year, allegations that North Korean IT workers were embedded in its developer team, disputed DAO treasury centralization in 2024, and a governance process in late 2025 where a single wallet controlled 99.9% of a vote. TVL has declined approximately 98.7% from its 2022 peak of over $8 billion to roughly $100 million as of late 2025.

Balancer is a decentralized automated market maker (AMM) protocol on Ethereum, founded in 2018 by Fernando Martinelli and Mike McDonald, that allows multi-token liquidity pools with customizable weighting. The protocol has suffered six documented security incidents between 2020 and 2025, resulting in cumulative losses exceeding $140 million, including a catastrophic $128 million exploit in November 2025 caused by an arithmetic precision flaw in Composable Stable Pool contracts. Despite multiple audits by major firms including Trail of Bits, OpenZeppelin, and Certora, systemic smart contract vulnerabilities and a highly complex protocol architecture have repeatedly exposed user funds to loss.

DAO Maker is a crypto fundraising and launchpad platform founded in 2018 by Christoph Zaknun and Giorgio Marciano, known for its Strong Holder Offering (SHO) and Dynamic Coin Offering (DYCO) mechanisms. The platform suffered two confirmed exploits in August and September 2021 totaling approximately $11 million in losses, affecting over 5,200 users. A promised multi-phase compensation plan was subsequently undermined by an alleged governance vote manipulation, leaving a significant portion of hack victims unreimbursed as of 2024.

On September 25, 2020, the KuCoin cryptocurrency exchange suffered a major security breach in which hackers obtained the private keys to the exchange's hot wallets and stole approximately $281 million in Bitcoin, Ethereum, ERC-20 tokens, and other assets — the largest exchange hack of 2020. KuCoin subsequently recovered approximately 84% of stolen funds through on-chain tracking, project-team token swaps, and law enforcement cooperation, with the remaining 16% covered by the exchange's insurance fund. The hack was attributed to North Korea's Lazarus Group by blockchain analytics firm Chainalysis; separately, in March 2024 the U.S. Department of Justice criminally charged KuCoin and two of its founders for operating an unlicensed money transmitting business and Bank Secrecy Act violations, resulting in a $297.4 million guilty plea settlement in January 2025.

dYdX V3 was a decentralized perpetual futures exchange built on Ethereum using StarkWare's StarkEx Layer-2 technology, operated by dYdX Trading Inc. The platform suffered a $9 million insurance fund drain in November 2023 due to an alleged coordinated market manipulation attack targeting YFI and SUSHI markets, a DNS hijacking attack in July 2024, and a software supply chain compromise in September 2022. The V3 product was formally sunset on October 28, 2024, with trading migrated to the dYdX Chain (V4) on Cosmos.

Compound V2 is a legacy Ethereum-based decentralized lending protocol launched in May 2019 and formally deprecated in December 2025 in favor of Compound V3 (Comet). The protocol has experienced a series of material incidents including a ~$80M COMP token distribution bug in October 2021, a $89M oracle-driven liquidation cascade in November 2020, a confirmed website hijack flagged by ZachXBT in July 2024, a social media phishing hack in 2023 that resulted in $4.4M in losses, and an alleged governance attack in July 2024 in which a whale coordinated the passage of a $24M treasury transfer. V2 is now in wind-down mode with new borrows and mints paused.

Yearn Ether (yETH) is a liquid staking token aggregation vault developed by Yearn Finance, launched under YIP-72 as a self-governed, permissionless product. On November 30, 2025, the yETH weighted stableswap pool was exploited via an arithmetic underflow and stale cache vulnerability, resulting in approximately $9 million in losses — the third major security incident involving a Yearn product since 2021. Approximately $2.4 million was partially recovered; roughly $6.6 million remains unrecovered, with a significant portion laundered through Tornado Cash.

OKX DEX is the decentralized exchange aggregator operated by OKX (Aux Cayes FinTech Co. Ltd.), one of the world's largest centralized crypto exchanges. In December 2023, the DEX suffered a ~$2.7 million exploit caused by a suspected private key leak and a centralized proxy upgrade mechanism with no multi-signature protection. The broader OKX entity has faced severe regulatory sanctions including a $504 million U.S. DOJ settlement in February 2025 for operating an unlicensed money-transmitting business and facilitating over $5 billion in suspicious transactions, a €1.1 million Malta AML fine, and repeated scrutiny over its DEX aggregator being used by North Korea's Lazarus Group to launder stolen funds from the $1.5 billion Bybit hack in early 2025.

The BSC Token Hub, BNB Chain's cross-chain bridge connecting BNB Beacon Chain and BNB Smart Chain, was exploited on October 6, 2022 via a forged IAVL Merkle proof that allowed an attacker to mint approximately 2 million BNB valued at roughly $566–570 million. Rapid validator coordination halted the chain and froze most funds on BSC, limiting the attacker's realized gain to an estimated $137 million, though the incident exposed deep structural centralization concerns about BNB Smart Chain's 21-validator Proof of Staked Authority model.

Bitfinex is a cryptocurrency exchange and Tether (USDT) is the world's largest stablecoin by market capitalization, both operated under the parent company iFinex Inc., incorporated in the British Virgin Islands. The two entities have faced multiple significant regulatory actions, including an $18.5 million settlement with the New York Attorney General over alleged concealment of an $850 million loss, a $42.5 million CFTC fine for misrepresenting USDT reserve backing, and an ongoing DOJ bank-fraud investigation. Tether's USDT reached approximately $188 billion in circulation as of May 2026, and the company engaged KPMG for its first full reserve audit in March 2026.

THORChain is a decentralized cross-chain liquidity protocol built on the Cosmos SDK that enables native asset swaps across major blockchains without wrapped tokens. The protocol has suffered at least six significant security incidents since 2021, including a May 15, 2026 exploit in which a malicious validator node exploited a GG20 threshold signature scheme vulnerability to drain approximately $10.7–10.8 million across nine chains. THORChain has also faced documented use by the North Korean Lazarus Group as a primary money laundering channel, a $200 million insolvency crisis in early 2025 requiring a debt-to-equity restructuring, and ongoing questions about its permissionless design and unwillingness to block illicit flows.

Bitcoin Mission is an entity that has been flagged by on-chain investigator ZachXBT, though the specific nature, founding, and full scope of the entity could not be independently verified through publicly available Tier 1 or Tier 2 sources at the time of this investigation. Multiple unrelated legitimate entities share the name 'Bitcoin Mission' (including a Christian-focused Bitcoin podcast and a GitHub organization), making disambiguation difficult. The trust score of 25 reflects the ZachXBT flag combined with the absence of verifiable public transparency about the entity.

DAO Maker Vesting refers to the smart contract infrastructure operated by DAO Maker, a crypto launchpad platform, that was compromised in two separate exploits in 2021 resulting in combined losses of approximately $11 million. The August 2021 incident drained $7 million in USDC from 5,251 user accounts via a compromised admin private key, and a second exploit in September 2021 extracted approximately $4 million from vesting contracts via an unauthenticated init() function vulnerability. Victims allege that DAO Maker has failed to honor its full compensation commitments over three years after the hacks, with governance manipulation alleged to have been used to cancel the USDR reimbursement program.

Aguilar v. Baton Corporation Ltd. (Case No. 1:25-cv-00880, S.D.N.Y.) is an active federal class action alleging that Pump.fun, Solana Labs, the Solana Foundation, and named executives operated a coordinated racketeering enterprise — referred to as the 'Solana-Pump.Fun Racketeering Enterprise' — that rigged its memecoin launchpad to benefit insiders while marketing it as a fair platform to retail investors. Plaintiffs allege aggregate retail losses between $4 billion and $5.5 billion, while the platform collected an alleged $722 million in fees. As of early 2026, defendants have filed motions to dismiss the Second Amended Complaint; no ruling on those motions has been publicly reported as of June 2026.

HTX (formerly Huobi Global) is one of the world's largest cryptocurrency exchanges, rebranded in September 2023 following the de facto acquisition of Huobi by interests linked to Justin Sun in late 2022. The exchange has suffered at least three significant security incidents totaling over $130 million in losses since September 2023, and in May 2026 was sanctioned by the UK government for alleged facilitation of Russian sanctions evasion — the first such crypto-exchange designation under the UK Russia sanctions framework. HTX also faces FCA legal proceedings over illegal financial promotions to UK consumers, has withdrawn its Hong Kong licensing applications twice, and has been publicly criticized for opaque reserve practices.

Changpeng Zhao (CZ), born February 10, 1977, is the founder and former CEO of Binance, the world's largest cryptocurrency exchange by trading volume. On November 21, 2023, Zhao pleaded guilty to a federal charge of failing to implement an effective anti-money laundering (AML) program under the Bank Secrecy Act, as part of a landmark $4.3 billion resolution between Binance and U.S. federal regulators. He was sentenced to four months in federal prison in April 2024, served that term, and was subsequently pardoned by President Donald Trump in October 2025.

Terra 2.0 (LUNA) is a replacement blockchain launched in May 2022 by Terraform Labs following the catastrophic collapse of the original Terra network and its algorithmic stablecoin TerraUSD (UST), which erased approximately $40–60 billion in market value in one week. The project's founder, Do Kwon, was arrested in March 2023, found liable for securities fraud in a U.S. civil trial in April 2024, pleaded guilty to wire fraud and conspiracy in August 2025, and was sentenced to 15 years in federal prison in December 2025. Terraform Labs itself filed for Chapter 11 bankruptcy in January 2024 and received court approval to wind down operations by September 2024, leaving Terra 2.0 as a severely diminished chain with minimal developer activity and an approximately 79% year-over-year decline in token value.

Justin Sun is the founder of the TRON blockchain and TRX token, and the controlling figure behind HTX (formerly Huobi) and Poloniex exchanges. In March 2023, the U.S. Securities and Exchange Commission charged Sun and three of his companies with fraud, market manipulation through wash trading, unregistered securities offerings, and orchestrating an undisclosed celebrity promotion scheme; the case partially settled in March 2026 with Rainberry Inc. paying a $10 million penalty while claims against Sun personally were dismissed. Sun has faced additional scrutiny including a reported FBI/DOJ criminal investigation, UK sanctions against an HTX entity over alleged Russia-linked transactions, a $114 million hot-wallet hack at Poloniex in November 2023, and disputed claims of diplomatic immunity through a Grenada WTO ambassadorship he held until mid-2022.

HTX, formerly Huobi Global, is one of the world's largest centralized cryptocurrency exchanges by trading volume, rebranded in September 2023 under the influence of TRON founder Justin Sun. On May 26, 2026, the UK Foreign, Commonwealth and Development Office designated Huobi Global S.A. — the Panama-registered legal entity behind the exchange — under Regulation 17A of the Russia (Sanctions) (EU Exit) Regulations 2019, making HTX the first major global crypto exchange to receive banking-style sanctions from UK authorities. Blockchain analytics firms TRM Labs and Elliptic documented over $4.9 billion in direct flows from HTX to sanctioned Russia-linked entities since 2021, and UK authorities allege the platform channeled over $1.5 billion to Russia through connections to previously sanctioned entities Garantex and the A7 payments network.

Solana MEV sandwich bots are automated programs that exploit Solana's transaction ordering mechanisms to front-run and back-run retail user trades, extracting an estimated $370 million to $500 million from users between January 2024 and May 2025. The practice has drawn enforcement responses from the Solana Foundation, Jito Labs, and Marinade Finance, and is the subject of an active federal class-action lawsuit in the Southern District of New York naming Pump.fun, Solana Labs, and related entities. While coordinated countermeasures reduced attack profitability by an estimated 60-70% in 2025, attacks continue and disproportionately harm memecoin traders using high slippage settings on Raydium and Pump.fun.

An industrial-scale pattern of fraud on the Solana blockchain exploits the Token-2022 Permanent Delegate extension, a legitimate feature that grants a mint-level authority the unconditional ability to burn or transfer any holder's tokens without their signature. First publicly documented in September 2024 by a Jupiter Core Working Group member, the exploit has since scaled into an automated rug pull factory pattern where scammers burn victim tokens seconds after purchase. RugCheck.xyz identifies the Permanent Delegate extension as a significant risk indicator on a substantial fraction of newly launched Solana tokens.

Bitcoin Latinum (LTNM) is a cryptocurrency token launched in 2020 by Donald G. Basile through his companies GIBF GP, Inc. and Monsoon Blockchain Corporation. In April 2026, the U.S. Securities and Exchange Commission charged Basile with orchestrating a $16 million investor fraud scheme, alleging he raised funds through Simple Agreements for Future Tokens (SAFTs) using fabricated insurance coverage claims and nonexistent asset-backing structures, then diverted millions to personal expenses. The token, which peaked near $9,336 in December 2021, has since collapsed to near zero, and multiple civil lawsuits from defrauded investors preceded the SEC action.

Blur Finance (ticker: BLR) was a yield aggregator DeFi protocol that operated on BNB Chain and Polygon in mid-2022. In August 2022, developers allegedly executed a textbook rug pull, withdrawing approximately $600,000 from user-deposited funds before deleting all social media channels and abandoning the project. The BLR token collapsed 99%, and the protocol's smart contracts on both chains have since been formally flagged on BscScan and PolygonScan as rug pull addresses.

Donald G. Basile, founder of Bitcoin Latinum (LTNM) and CEO of Monsoon Blockchain Corporation, was charged by the SEC on April 17, 2026 with defrauding hundreds of U.S. investors of approximately $16 million through a SAFT offering that relied on fabricated insurance claims, a phantom asset-backed trust, and misrepresentations about how investor funds would be used. The token launched on overseas exchanges in October 2021 and subsequently collapsed by more than 90%, and the SEC alleges Basile diverted investor proceeds to personal real estate, credit card expenses, and a $160,000 horse while no underlying fund was ever created.

A family of increasingly sophisticated wallet-drainer toolkits targeting the Solana ecosystem that weaponize legitimate Solana protocol features — Blinks (blockchain action links), durable nonces, and the system 'assign' instruction — to bypass the transaction-simulation safety layer that most Solana wallets rely on as their primary defense. Documented in detail by security researchers from February 2024 onward and materially escalated in late 2025 and early 2026, these kits are distributed as scam-as-a-service products supporting 90+ wallet types; losses attributable to Solana phishing reached approximately $90 million in H1 2025 alone, before the simulation-bypass generation was widely deployed. A state-level durable-nonce attack on Drift Protocol (April 2026) demonstrated that the same primitive can scale to $285 million in a single operation.

In February 2026, Malwarebytes researcher Stefan Dasic documented a live fraudulent cryptocurrency presale site promoting a non-existent token called 'Google Coin.' The operation deployed a custom AI chatbot impersonating Google's Gemini assistant — using its sparkle icon, green 'Online' indicator, and name — to deliver scripted investment pitches, fabricated institutional endorsements from OpenAI, Binance, Coinbase, Squarespace, and SpaceX, and personalized return projections (e.g. $395 presale investment projected to become $2,755 at listing). Victims were directed to send irreversible cryptocurrency payments to six wallets spanning Bitcoin, Ethereum, Solana, TRON, and XRP Ledger. Google has never issued a cryptocurrency; the token, the chatbot persona, and all associated endorsements were entirely fabricated.

An industrialized, automated address poisoning campaign targeting Ethereum users accelerated sharply after the Fusaka protocol upgrade on December 3, 2025 reduced gas fees approximately sixfold, removing the prior economic barrier to mass-scale dust-transaction attacks. Security firm ScamSniffer documented at least $62.25 million in confirmed losses across two high-profile victims in December 2025 and January 2026 alone, while Blockaid flagged over 65.4 million poisoning transactions since January 2025 averaging 160,000 per day. The campaign represents a commercial, industrialized threat infrastructure sold as a service on Telegram rather than a single threat actor, and is ongoing as of the research date.

Arthur Hayes is the co-founder and former CEO of BitMEX, one of the world's largest cryptocurrency derivatives exchanges, who pleaded guilty in 2022 to a Bank Secrecy Act violation and received two years' probation and a $10 million fine, before being granted a full presidential pardon by Donald Trump in March 2025. He now operates as CIO of Maelstrom, his family office and investment fund, which manages a venture portfolio of over 30 crypto projects alongside a $250 million private equity vehicle targeting crypto infrastructure firms. In June 2026, on-chain investigator ZachXBT alleged that Hayes used his large public following as exit liquidity by promoting tokens — including HYPE, ZEC, NEAR, and WLD — and then exiting those positions within days; Hayes denied the characterization but the controversy attracted sustained industry scrutiny.

Detailed analysis of Monad\

MOTHER (ticker: MOTHER) is a Solana-based memecoin launched on May 28, 2024 by Australian rapper Iggy Azalea (legal name Amethyst Amelia Kelly). The token peaked at a market capitalization of approximately $136–200 million in mid-June 2024 before declining roughly 99.5% to approximately $1.3 million by May 2026. On May 5, 2026, plaintiff Kenneth Kolbrak filed a federal class action against Azalea in the U.S. District Court for the Southern District of New York, alleging she misled consumers about the token's real-world utility through promises regarding an online casino (MOTHERLAND), a telecommunications integration (Unreal Mobile), and a luxury marketplace (DreamVault) that allegedly were not delivered as represented; all claims in that suit are allegations and remain unadjudicated.

Flooring Protocol (fp.io) is an Ethereum-based NFT fractionalization platform that converts non-fungible tokens into fungible micro-tokens (μTokens and fpTokens) pegged to collection floor prices. The protocol launched in October 2023, was exploited twice — once in December 2023 (~$1.6M stolen) and again in June 2026 (~$570K in NFTs rescued by a Yuga Labs white-hat team — and entered formal sunset mode in September 2025 after liquidity and organizational failures. At the time of the June 2026 incident, the protocol was effectively defunct with a TVL of approximately $9.51.

Comprehensive guide to offshore crypto exchanges lacking proper regulatory oversight

Bottled water contains significantly more micro- and nanoplastics than previously thought. Each time you screw a plastic bottle cap on and off, it generates 553 microplastic par…

PiggyBank Protocol is a Solana-based DeFi yield platform offering delta-neutral funding-rate arbitrage vaults across USDC, JitoSOL, and tokenized stock (xStocks) assets. On or around June 6, 2026 the protocol disclosed that a mid-cap basis trade involving locked LAB tokens had failed, producing NAV declines of approximately 15%, 12%, and 9% across its three active vaults. On-chain investigator ZachXBT publicly alleged that the protocol had exposed depositor funds to a token he characterized as a scam with over 95% insider-controlled supply, raising serious risk-management and disclosure concerns that remain unresolved as of the investigation date.

Deribit is a crypto options and futures exchange founded in 2016 in the Netherlands by John and Marius Jansen, historically operated through a Panama-registered entity and now licensed under Dubai's VARA framework as Deribit FZE. The exchange suffered a $28 million hot wallet compromise on November 1, 2022, covering the loss entirely from its own balance sheet. Coinbase completed the acquisition of Deribit for approximately $2.9 billion on August 14, 2025, making it a subsidiary of a publicly traded, NASDAQ-listed U.S. company.

Unicoin, Inc. is a New York City-based cryptocurrency company that launched the Unicoin token in February 2022, promoting it as an asset-backed, dividend-paying digital asset tied to the Unicorn Hunters investment television series. On May 20, 2025, the U.S. Securities and Exchange Commission filed a civil fraud complaint against the company and three senior executives in the Southern District of New York, alleging they defrauded more than 5,000 investors through false claims that the token was backed by billions of dollars of real estate and pre-IPO equity interests when those assets were worth a fraction of the stated values. The case remains pending as of mid-2026, with Unicoin having filed a motion to dismiss in August 2025.

Tenderize V2 is a DeFi liquid staking protocol launched on January 29, 2024, enabling users to mint validator-specific liquid staked tokens (tTokens) for assets including MATIC, LPT, and GRT across Ethereum, Arbitrum, and Sei Network. The protocol suffered a protocol logic exploit on April 7, 2025, resulting in a loss of approximately $10,850 via a proxy upgrade skim technique on Ethereum; the incident was relatively small in dollar terms but raised concerns about smart contract integrity. ZachXBT has flagged this entity, and while the protocol holds multiple security audits including a Hacken audit scoring 9.8/10 and a Halborn audit, its current TVL of approximately $495,000 reflects limited adoption relative to the broader liquid staking market.

Alephium is a Swiss-founded Proof-of-Work Layer-1 blockchain launched November 8, 2021, featuring sharded smart contracts and the Proof-of-Less-Work consensus mechanism. On May 29-30, 2026, its TokenBridge was exploited for approximately $815,000 in approximately seven minutes via an off-chain backend vulnerability that allowed forged guardian messages to authorize unauthorized transfers and the minting of 13.76 million unbacked wrapped ALPH tokens. The team took the bridge offline, burned the unauthorized tokens, and committed to full user compensation.

On February 4, 2021, an attacker exploited Yearn Finance's v1 yDAI vault using a multi-protocol flash loan to manipulate exchange rates in Curve Finance's 3pool, causing approximately $11 million in vault losses while the attacker personally profited roughly $2.8 million. Yearn Finance's security team contained the exploit within eleven minutes, preserving $24 million of the vault's $35 million under management. Yearn subsequently reimbursed affected depositors by minting 9.7 million DAI against YFI collateral in a MakerDAO vault, with the intent to repay the debt from ongoing protocol revenue.

XRP is a cryptocurrency native to the XRP Ledger (XRPL), a public blockchain co-designed in 2011–2012 by Jed McCaleb, David Schwartz, and Arthur Britto. Ripple Labs, Inc. is the San Francisco-based company that co-developed the ledger and has historically used XRP sales to finance operations, accumulating approximately 80 billion of the fixed 100 billion token supply at launch. A landmark U.S. Securities and Exchange Commission lawsuit filed in December 2020 — alleging over $1.3 billion in unregistered securities offerings — concluded in August 2025 when both parties dropped their appeals, cementing a $125 million civil penalty and a permanent injunction against further unregistered institutional XRP sales in the U.S.

Superteam is a community-run talent network and grant accelerator operating as the contributor layer of the Solana ecosystem, founded by Tanmay Bhat and Akshay BD and active across 23+ global chapters. The organization has been flagged for investigation by ZachXBT, though no published, verifiable ZachXBT post or report specifically naming Superteam as a fraudulent entity was located during this investigation; the exact nature and basis of that flag remains unconfirmed. Separately, Superteam Earn — the organization's public freelance bounty and job platform — operates within a segment of the Solana ecosystem that regulators, Google Cloud threat intelligence, and on-chain investigators have identified as systematically targeted by DPRK-linked IT workers using false identities.

Fantom is a layer-1 blockchain founded in 2018 by Dr. Ahn Byung-Ik and technically led by Andre Cronje, operating the Opera mainnet using a DAG-based Lachesis consensus mechanism. In 2024 the project rebranded to Sonic Labs and launched a new high-throughput chain (Sonic) with a native S token replacing FTM at a 1:1 ratio. The project has experienced significant controversies including a $122 million loss from the Multichain bridge hack in 2023, a founder-level plagiarism finding in South Korean courts, SEC scrutiny of key leadership, allegations of a stablecoin liquidation scheme, and a 70%+ token price collapse in 2025.

Scallop Lend is a DeFi lending and borrowing protocol deployed on the Sui blockchain, and the first DeFi project to receive an official grant from the Sui Foundation. On April 26, 2026, the protocol suffered a flash-loan exploit that drained approximately 150,000 SUI (roughly $142,000) from a deprecated rewards contract that had remained callable on-chain for approximately 17 months despite no longer being in active use. The protocol covered 100% of user losses from treasury reserves and resumed operations within two hours, though the incident raised questions about legacy contract hygiene and the completeness of prior audits by OtterSec, MoveBit, and Zellic.

Gondi V3 is a decentralized, non-custodial NFT lending and borrowing protocol on Ethereum developed by Florida Street, which launched in July 2023 and raised a $5.35 million seed round from Hack.vc, Dragonfly Capital, and Pantera Capital. On March 9, 2026, the protocol suffered a smart contract exploit in its newly deployed Purchase Bundler component, resulting in the theft of approximately 78 NFTs valued at roughly $230,000 from users who had granted approvals to the vulnerable contract. The team disabled the affected feature, pledged full restitution using protocol fees, and engaged security firm Blockaid for a post-incident review; platform operations for other functions resumed the following day.

Polygon (formerly MATIC) is a Layer-2/sidechain scaling solution for Ethereum that completed its MATIC-to-POL token migration in September 2024. The SEC named MATIC as an alleged unregistered security in the June 2023 Binance lawsuit. Two major vulnerabilities were caught by Immunefi bounty hunters ($850M and $24B at risk respectively). Three of four co-founders departed within 24 months. Three rounds of layoffs occurred between 2023-2026. zkEVM was deprecated in June 2025 citing $1M annual operating loss.

Bitrefill is a Stockholm-based cryptocurrency e-commerce platform founded in 2014 that allows users to purchase digital gift cards, eSIMs, and mobile top-ups using Bitcoin and other cryptocurrencies across more than 100 countries. On March 1, 2026, Bitrefill suffered a significant cyberattack attributed to the North Korea-linked Lazarus Group (Bluenoroff subunit), in which attackers compromised an employee laptop, escalated access via legacy credentials, drained hot wallets, and exposed approximately 18,500 customer purchase records. Bitrefill stated it would cover all financial losses from operational capital and characterized this as the platform's first major security incident in over a decade of operation.

Fusion by IPOR is a modular on-chain vault infrastructure product developed by IPOR Labs AG (Zug, Switzerland), designed to automate DeFi yield strategies across multiple chains without requiring Solidity expertise. On January 6, 2026, a legacy Fusion Optimizer Vault on Arbitrum was exploited for $336,000 USDC via a combination of missing fuse validation in the instantWithdraw method and an EIP-7702 delegation vulnerability on an administrator account. The IPOR DAO committed to fully compensating all affected depositors from treasury reserves, and the incident was flagged by blockchain investigator ZachXBT.

Tinyman is an automated market maker (AMM) and decentralized exchange (DEX) built on the Algorand blockchain, launched on mainnet in October 2021. On January 1, 2022, attackers exploited a logic flaw in the protocol's pool-token burn function to drain approximately $3 million in wrapped Bitcoin and Ethereum assets across 43 pools. Tinyman subsequently patched the contracts, launched a compensation program covering all affected liquidity providers, and released a fully re-audited v2.0 protocol in early 2023.

edgeX is a decentralized perpetual futures exchange incubated by Amber Group and launched on mainnet in August 2024, with its native EDGE token generating at Token Generation Event on March 31, 2026. On June 2, 2026, the EDGE token crashed approximately 77% in under 60 seconds, erasing over $220 million in market value; edgeX attributed the event to an unidentified external party, while on-chain investigator ZachXBT alleged that a small group of insiders controlled the majority of the 1 billion token supply through a thin-float structure. A self-commissioned investigation found no team misconduct, a conclusion ZachXBT publicly derided as self-serving, and the project subsequently faced scrutiny for declining to disclose market-maker agreements or insider token allocations.

Epicentral Labs is an early-stage decentralized autonomous organization (DAO) and LLC incorporated in the US and Canada, building a decentralized options trading platform called OPX on the Solana blockchain. The project is led by a pseudonymous founder known as TheLazySol and governed by holders of its native LABS token, which carries a micro-cap market capitalization of approximately $177,000-$185,000 as of mid-2026. No fraud allegations, regulatory actions, or known exploits have been identified; primary risks relate to the project's pre-mainnet status, lack of a public smart contract audit, small community size, and significant token concentration concerns.

Adam Iza, also known as Ahmed Faiq and self-styled 'The Godfather,' is a 25-year-old California cryptocurrency entrepreneur who operated the trading platform Zort and pleaded guilty to multiple federal felonies across two jurisdictions. He admitted to a $37 million fraud against Meta Platforms, wire fraud, tax evasion, conspiracy to violate civil rights through an LASD deputy bribery scheme, and—in a separate Connecticut federal case—conspiracy to interfere with commerce by robbery in connection with a plot to kidnap a couple whose son had stolen $245 million in Bitcoin. Federal prosecutors are seeking a minimum of 14 years; sentencing in the Connecticut case is scheduled for August 12, 2026.

Nathan Fuller, a resident of Cypress, Texas, operated Privvy Investments LLC and its assumed business name Gateway Digital Investments as a fraudulent cryptocurrency investment scheme from at least October 2022 through mid-2024. Fuller raised approximately $12.3 million from roughly 150 investors by falsely claiming proprietary AI-powered trading bots would execute high-frequency crypto arbitrage and generate guaranteed returns of 40-100% within 21-45 days. The SEC filed a civil complaint against Fuller on May 28, 2026 in the U.S. District Court for the Southern District of Texas (Litigation Release No. 26558); Fuller had previously admitted in a September 2025 bankruptcy proceeding that Privvy Investments was a Ponzi scheme.

Shunda Park was a large-scale cryptocurrency investment fraud compound operated in Min Let Pan, Myanmar (Burma), active from at least January 2025 until its seizure by the Karen National Liberation Army (KNU/KNLA) in November 2025. The compound ran pig-butchering scams targeting victims across 30 or more countries, using trafficked workers held under threat of violence. In April 2026, the U.S. Department of Justice charged two Chinese nationals — Huang Xingshan and Jiang Wen Jie — with wire fraud conspiracy for managing the compound, as part of a coordinated international enforcement action that resulted in 276 arrests, the dismantling of nine scam centers, and the restraint of over $701 million in cryptocurrency.

Dango (ticker: DNG) is a DeFi-native Layer-1 blockchain and perpetual futures exchange that raised $3.6 million in seed funding in November 2024 from Hack VC, Lemniscap, and Delphi Labs. On April 13, 2026, the protocol suffered a logic flaw exploit in its insurance fund donation contract, resulting in $1.9 million USDC being drained; approximately $410,010 was bridged to Ethereum before bridge rate limits halted further outflows. The attacker was identified as a white hat who returned all funds in exchange for a bug bounty, leaving user positions and trading functions unaffected.

Curve LlamaLend (also referred to as the crvUSD lending markets) is a decentralized, permissionless isolated lending protocol built by Curve Finance that allows users to borrow crvUSD against crypto collateral using the LLAMMA soft-liquidation mechanism. The protocol has experienced multiple distinct incidents since launch: a $10 million bad-debt event in June 2024 tied to the founder's oversized leveraged positions, an oracle-manipulation attack on the sDOLA market in March 2026 resulting in approximately $240,000 in borrower losses, an October 2025 market crash that left the CRV-long vault approximately $700,000 underbacked, and a May 2026 third-party exploit (Stake DAO) that forced the sunsetting of an associated Arbitrum LlamaLend market. The protocol's core contracts have not been directly compromised by a code-level hack, but recurring bad-debt events, oracle design flaws in permissionlessly created markets, and governance concentration risks have drawn sustained scrutiny including a flag from on-chain investigator ZachXBT.

TesseraDAO is a BNB Chain project whose governance token TSR was the subject of a severe exploit on June 1, 2026, in which an attacker minted 99 million unauthorized TSR tokens and dumped them for approximately $2.5 million USDT, causing a 99% price collapse within hours. Stolen proceeds were bridged to Ethereum and laundered via Tornado Cash, with 1,285.5 ETH confirmed passed through the mixer. Security analysts noted that minting privileges were controlled exclusively by deployer-related addresses, raising questions about whether the incident constituted an external hack or an insider compromise.

DxSale is a decentralized token launchpad and liquidity-locking platform launched in August 2020, originally on Ethereum and later expanded to BNB Chain and other EVM networks. On May 28, 2026, a hidden backdoor in legacy BNB Chain liquidity locker contracts was exploited to drain approximately $7.3 million from more than 1,400 LP positions locked as far back as 2021. On-chain analysis identified a 269-day pre-exploit ownership transfer chain passing through approximately 80 wallets, with indicators strongly suggesting insider involvement by a current or former team member.

Linea is a zkEVM Layer 2 rollup built by Consensys that launched on Ethereum mainnet in July–August 2023 and uses a proprietary zk-SNARK proving library called gnark. The network is classified as Stage 0 by L2BEAT, operates a single centralized sequencer with no permissionless fallback, and demonstrated this centralization risk in June 2024 when it unilaterally halted block production during the Velocore DEX hack. The LINEA token launched in September 2025 and suffered a 93% price collapse within hours amid a delayed community airdrop contract, sequencer outage, and allegations of treasury wallet selling pressure.

Bitpin (legal name: Nooyan Bitpin, also known as Sana Ayman Mubadala) is an Iranian cryptocurrency exchange founded in 2020 and headquartered in the Anzali Free Zone, Gilan, Iran. On June 2, 2026, the U.S. Treasury's Office of Foreign Assets Control (OFAC) designated Bitpin on the Specially Designated Nationals (SDN) list under Executive Orders 13224 and 13902, citing IRGC-linked transactions, sanctions evasion, and investors with alleged ties to circumventing U.S. restrictions. Bitpin accounted for approximately 10% of Iranian digital asset inflows in 2025 and processed an estimated USD 821 million in volume that year, making it Iran's third-largest exchange by that metric among the four simultaneously designated platforms.

Silo Finance V1 is a non-custodial isolated lending protocol launched on Ethereum mainnet in August 2022, enabling permissionless markets for long-tail crypto assets by confining risk to individual lending pools (Silos). The protocol experienced two security incidents in 2023: a critical interest rate manipulation vulnerability discovered by a white-hat researcher (no user funds lost) and a white-hat drain of approximately $45,000 in SILO incentive tokens due to a separate contract flaw. The deployed production version of V1 diverges from the audited codebase, a risk the team has publicly acknowledged but not fully remediated through re-audit.

Ramzinex (legal name: Mubadala Ramzinex; also registered as Ramzineh Electronic Commerce Innovation Company) is an Iranian cryptocurrency exchange founded in 2018 and headquartered in Tehran. On June 2, 2026, the U.S. Treasury's Office of Foreign Assets Control (OFAC) designated Ramzinex under Executive Order 13902, citing facilitation of transactions linked to the Islamic Revolutionary Guard Corps (IRGC), a government-backed Iranian financial institution, and sanctions evasion. The designation was part of the Trump administration's broader 'Economic Fury' campaign, which simultaneously sanctioned three other major Iranian exchanges: Nobitex, Wallex, and Bitpin.

Superfortune AI is an AI-powered InfoFi platform on BNB Chain, incubated by Manta Labs, that combines Chinese metaphysical traditions with crypto market analytics. Its native token GUA launched on November 27, 2025. On May 27, 2026, approximately 14.98 million GUA tokens intended for an airdrop distribution were redirected to a lookalike attacker-controlled address, resulting in losses of approximately $15.18 million and a roughly 76% token price crash within 24 hours. The root cause remains disputed: the team attributed the incident to a compromised signer private key, while the absence of prior on-chain interaction between the attacker and project wallets has raised unresolved questions about the multisig workflow.

DIMO (Decentralized Infrastructure for Mobility Operations) is a Web3 vehicle data protocol built on Polygon and later migrating to Base, developed by Digital Infrastructure Inc. The protocol allows drivers to connect their vehicles, stream data, and earn $DIMO tokens in exchange. In November 2025, a sophisticated attacker compromised a developer key and withdrew approximately 30 million DIMO tokens (3% of total supply) from a Wormhole bridge contract, causing a price drop of over 57% in 30 days and triggering a CertiK security alert. The project has legitimate venture backing and a publicly identified founding team, but the security incident, centralized key management failure, and ongoing token unlock pressure are material risk factors.

Rathnakishore Giri, also known as 'Ravi' Giri, is a 31-year-old Ohio investment manager convicted of wire fraud for orchestrating a Bitcoin-derivatives Ponzi scheme that raised over $10 million from at least 150 investors between 2019 and 2022. Operating through two entities — NBD Eidetic Capital, LLC and SR Private Equity, LLC — he falsely promised guaranteed, risk-free returns while using new investor funds to repay earlier ones and diverting proceeds to fund a lavish personal lifestyle. On May 18, 2026, he was sentenced to nine years in federal prison after an aggravating factor emerged: following his October 2024 guilty plea, and while on pretrial release, he continued soliciting new cryptocurrency investors, causing additional harm and prompting an amended plea agreement.

Midnight (NIGHT) is a privacy-focused Cardano sidechain developed by Input Output (IO), the company behind Cardano, first unveiled in late 2023. Charles Hoskinson called it 'six years of intellectual and practical effort.' The 'Glacier Drop' airdrop distributed 100% of the 24B token supply to 37M users across 8 blockchains with zero VC allocation — 50%+ to ADA holders. NIGHT launched December 8, 2025 but immediately crashed 60%+ from $0.11 to $0.02 as the massive free distribution flooded exchanges. Over 4.5B airdropped tokens remain in 'thawing' through December 2026 (25% unlocks every 90 days), creating persistent selling pressure. Mainnet is not yet live, meaning token utility is largely theoretical.

Uniblock is a Canadian Web3 infrastructure company founded in 2022 that provides a unified, multi-chain API aggregation platform for blockchain developers, connecting over 300 blockchains and 55 data providers through a single interface with patented auto-routing technology. The company is venture-backed with C$7.5 million in total funding from institutional investors including SBI Ven Capital, AllianceDAO, NGC Ventures, Alchemy, and MoonPay. No regulatory actions, fraud allegations, or significant security incidents have been identified; risk factors are principally commercial and operational rather than conduct-related.

Maestro is a Telegram-based crypto trading bot developed by Gearlay Technologies Inc. (Canada) that enables sniping, copy-trading, and wallet management across 14 blockchains. On October 24, 2023, a critical access-control vulnerability in its MaestroRouter2 smart contract was exploited, draining approximately 280 ETH (~$500,000) from 106 user accounts; the team subsequently refunded all affected users with 610 ETH (~$1.1 million) sourced from its own revenue. The platform operates a partial-custody model in which user private keys are encrypted and stored on Maestro servers, representing a persistent systemic risk.

Curve Finance is a major decentralized exchange (DEX) on Ethereum optimized for stablecoin and pegged-asset trading, operating since January 2020. On July 30, 2023, a latent vulnerability in the Vyper smart-contract compiler (versions 0.2.15, 0.2.16, and 0.3.0) was exploited across multiple Curve liquidity pools, draining approximately $70 million and triggering a near-systemic crisis when the resulting CRV price drop threatened to cascade-liquidate founder Michael Egorov's heavily collateralized on-chain loans. Roughly 73% of stolen funds were ultimately recovered or returned, and in December 2023 the Curve DAO voted to disburse approximately $49 million in compensation to affected liquidity providers.

Inertia Protocol (INRT) is a modular liquid restaking token (LRT) and lending protocol built on the Initia blockchain, launched to mainnet in April 2025. The protocol suffered a confirmed exploit in May 2025 in which approximately $152,000 was drained from five lending markets via a known ERC4626 share-price inflation attack; the protocol states its Insurance Fund restored affected user balances. Team composition, smart contract audit history, and investor backing are not publicly disclosed.

NiceHash is a Slovenian cryptocurrency mining marketplace founded in 2014 that allows users to buy and sell hashing power. In December 2017 the platform suffered one of the largest crypto exchange hacks of that year, with attackers stealing approximately 4,736 BTC (valued at roughly $64 million at the time) after compromising an employee's computer through a spear-phishing attack. The breach was subsequently attributed to North Korea's Lazarus Group, and NiceHash completed a full user repayment program in December 2020 after a three-year effort funded from operational revenue.

CATFI is a Solana-based memecoin launched in early 2025 via the Pump.fun launchpad. South Korean prosecutors charged five individuals, including a ringleader known online as 'Eth Father' (surname Park), with orchestrating a rug pull that inflated the token's price approximately 1,001-fold within 26 hours before draining liquidity and abandoning the project. This case represents South Korea's first criminal prosecution of a decentralized-exchange rug pull under the Virtual Asset User Protection Act.

SwissBorg is a Swiss-based crypto wealth management and exchange aggregator founded in 2017, holding MiCA authorization from France's AMF and VQF membership in Switzerland. In September 2025, the platform suffered a $41.5 million loss when its staking partner Kiln's API was compromised via a GitHub token theft and Kubernetes pod injection, resulting in the unauthorized transfer of 192,600 SOL from SwissBorg's SOL Earn program; the company subsequently pledged full reimbursement from treasury funds. While SwissBorg maintains legitimate regulatory standing and transparency measures including Proof of Liabilities, the third-party supply chain failure exposes material counterparty risk in its Earn product architecture.

Granary Finance was a decentralized, non-custodial lending and borrowing protocol forked from Aave V2, built by Byte Masons and an anonymous developer known as Fantom Menace, launching on Fantom in March 2022 before expanding to eight chains. The protocol raised over $5 million USDC via a community liquidity generation event in March 2023 and introduced the GRAIN governance token, but its TVL collapsed from a peak of approximately $60 million to under $200,000. By early 2025, the team announced the full withdrawal and discontinuation of Granary Finance across all chains, with GRAIN and OATH token holders migrated to the successor platform Cod3x (CDX). No regulatory actions, rug-pull allegations, or direct hacks of Granary contracts were documented; key risks include near-total value decline, deeply pseudonymous founding team, and protocol end-of-life.

Algorand is a Layer-1 blockchain founded in 2017 by Silvio Micali, a Turing Award-winning MIT cryptographer who co-invented zero-knowledge proofs and verifiable random functions. The protocol uses a Pure Proof-of-Stake consensus mechanism with genuine academic credibility, and has attracted institutional partnerships including FIFA and Visa-adjacent integrations. However, ALGO has been named as an alleged unregistered security in SEC complaints against both Bittrex and Binance, the Algorand Foundation conducted a highly criticized 2019 token auction that resulted in a mass refund event, the token trades approximately 96% below its 2021 all-time high, and the Foundation cut 25% of its workforce in 2025 while relocating from Singapore to the United States.

AKT is the native utility token of Akash Network, a decentralized cloud computing marketplace built on the Cosmos SDK and founded in 2015 by Greg Osuri and Adam Bozanich under Overclock Labs. The project operates as a legitimate, open-source DePIN (Decentralized Physical Infrastructure Network) with public governance, audited code, and institutional partnerships including an indirect connection to NVIDIA through the Brev.dev acquisition. No regulatory actions, fraud allegations, or major exploits have been identified, though a responsibly disclosed critical vulnerability was patched in May 2024 and a spam attack disrupted the network briefly in March 2025.

SuperRare is a curated Ethereum-based NFT art marketplace founded in 2018 by John Crain, Charles Crain, and Jonathan Perkins, operating as a high-end platform for 1-of-1 digital artworks with its own governance token RARE. On July 28, 2025, a critical access control vulnerability in the platform's RareStakingV1 staking contract was exploited, resulting in the theft of approximately 11.9 million RARE tokens worth roughly $731,000. SuperRare subsequently reimbursed the 61 affected wallets by August 5, 2025, and the RARE token recovered approximately 41% following the remediation announcement.

Goliath Ventures Inc. was an Orlando, Florida-based cryptocurrency investment firm that, according to U.S. federal prosecutors, operated a Ponzi scheme from January 2023 through January 2026, raising at least $328 million from more than 2,000 investors through false promises of guaranteed monthly returns via cryptocurrency liquidity pools. Its founder and CEO, Christopher Alexander Delgado, was arrested on February 24, 2026 on federal wire fraud and money laundering charges; the company subsequently filed for Chapter 11 bankruptcy and is the subject of multiple civil class-action lawsuits against Delgado, its banking institutions, and its outside law firm.

Gemini is a New York-based cryptocurrency exchange and custodian bank founded in 2015 by Cameron and Tyler Winklevoss, regulated under a NYDFS Limited Purpose Trust Charter. The exchange gained significant notoriety following the collapse of its Gemini Earn lending program in late 2022, which left approximately 340,000 users with roughly $900 million in frozen assets; subsequent SEC and NYDFS enforcement actions were resolved by early 2024 and 2026 respectively with full customer restitution. Gemini went public on the Nasdaq in September 2025 under the ticker GEMI, but its stock has since declined more than 80% amid deepening losses, executive departures, mass layoffs, and a contested post-IPO strategic pivot to prediction markets.

Yelo, known online as @yelotree, is a crypto key opinion leader (KOL) and former professional Fortnite esports player with approximately 180,000 Twitter followers who also operated a luxury car rental business in Miami. As of May 2026, Yelo faces federal criminal charges alleging he laundered funds stolen from cryptocurrency holders through that rental business, with a potential sentence of up to 30 years. Separately, Yelo participated in undisclosed paid promotion of the Sharpei memecoin on Solana in October 2024, which subsequently suffered a documented rug pull that erased 96% of its market value.

On June 1, 2026, Gnosis Pay's Zodiac Delay Module — a third-party smart contract add-on designed to impose mandatory waiting periods on outgoing Safe transactions — was exploited via a signature-verification flaw in the Delay Modifier v1.1.0 and Roles Modifier v2. Blockchain security firm CertiK estimated losses at approximately $265,000 affecting 41 Gnosis Safes, with stolen funds partially bridged to Hyperliquid and converted to Monero. Gnosis co-founder Martin Köppelmann publicly pledged full reimbursement for all affected users, card services were restored for over 99% of users by June 7, and Safe core contracts were confirmed unaffected.

In May 2026, independent security researcher Taylor Hornby discovered a critical soundness vulnerability in the Zcash Orchard shielded pool's zero-knowledge proof circuit that had existed since the pool's launch in May 2022. The flaw — an under-constrained elliptic-curve multiplication gadget in the halo2_gadgets crate — could theoretically have allowed unlimited undetectable counterfeit ZEC creation within the Orchard pool, though it could not inflate total ZEC supply due to the turnstile mechanism. The Zcash Open Development Lab coordinated an emergency two-phase response within 50 hours: a soft fork on June 2 disabling Orchard transactions, followed by the NU6.2 hard fork on June 3 deploying the corrected circuit. No exploitation has been confirmed, though the privacy properties of the Orchard pool make definitive confirmation impossible. ZEC fell approximately 38% on public disclosure on June 5, 2026.

RaveDAO is a Web3 entertainment protocol that markets itself as a community bridging electronic dance music culture with blockchain-based ticketing, governance, and event access. Its native token, RAVE, launched on Binance Alpha in December 2025 and experienced a ~10,800% price surge in April 2026 before collapsing approximately 95% within 48 hours amid substantial on-chain evidence of insider supply control and an alleged coordinated 'bait and liquidate' short-squeeze scheme. Binance, Bitget, and Gate.io opened formal investigations; on-chain investigator ZachXBT publicly accused the project's affiliated insiders of engineering the rally and named RAVE as part of a broader pattern of Bitget-enabled market-maker fraud.

Safe{Wallet}, operated by the Safe Ecosystem Foundation, is the dominant smart-contract multisig platform on Ethereum and EVM-compatible chains, securing approximately $35 billion in assets across 61 million accounts as of Q1 2026. In February 2025, a developer machine compromise by North Korea's Lazarus Group (TraderTraitor) allowed attackers to inject malicious JavaScript into the app.safe.global frontend, enabling the theft of approximately $1.5 billion in ETH from Bybit — the largest cryptocurrency heist in history. The Safe smart contracts themselves were not compromised; the attack was entirely at the infrastructure and frontend layer. Safe has since rebuilt its infrastructure and launched Safenet, a decentralized transaction-security network, as a structural response.

bc1qtkv6qcgq3qhqcdsk88wey50je0wk07s6erjrr9 is a native SegWit (Bech32) Bitcoin address with a small and fully spent transaction history confined to a two-day window in late May 2026. The address received approximately 0.0579 BTC (~5,793,506 satoshis) in a single inbound transaction and forwarded the entire balance outward within roughly 36 hours, exhibiting a classic pass-through or forwarding pattern. No scam reports, law enforcement actions, or regulatory designations were identified for this address at the time of investigation.

MANTRA is a Cosmos SDK-based Layer 1 blockchain focused on real-world asset (RWA) tokenization, co-founded by John Patrick Mullin. Its native OM token collapsed approximately 90% in roughly one hour on April 13, 2025, falling from around $6.30 to under $0.50 and wiping out an estimated $5–6 billion in market capitalization. The causes remain disputed: the project team attributed the crash to reckless forced liquidations by centralized exchanges, while on-chain analysts, OKX, and critics alleged coordinated insider selling, supply manipulation, and artificially inflated liquidity metrics.

Zondacrypto, formerly known as BitBay and Zonda, was once described as Poland's largest cryptocurrency exchange, serving over 1.3 million users across Central and Eastern Europe. Beginning in December 2025, the platform experienced a severe withdrawal freeze that escalated into a full collapse by April 2026, with Polish prosecutors estimating losses of at least 350 million zloty (approximately $96 million USD) affecting an estimated 30,000 or more users. The crisis has prompted criminal investigations in Poland, a partial operating license suspension by Estonian regulators, the resignation of the company's entire supervisory board, and the reported flight of CEO Przemyslaw Kral to Israel, where his dual citizenship complicates extradition.

LayerZero is a major omnichain interoperability protocol operated by LayerZero Labs, deployed across 130+ blockchains and processing over 200 million cross-chain messages as of early 2026. The protocol gained institutional backing from Citadel Securities, ARK Invest, Tether, and Sequoia Capital, and is the infrastructure behind USDT0, which processed over $70 billion in cross-chain USDT transfers. In April 2026, LayerZero's off-chain DVN infrastructure was compromised via a social engineering attack attributed to North Korea's Lazarus Group (TraderTraitor), enabling the $292 million KelpDAO rsETH bridge exploit — the largest DeFi hack of 2026 — and triggering a multi-billion-dollar client exodus to competing bridge providers.

ProBit Global was a South Korea-founded centralized cryptocurrency exchange that operated from 2018 until it permanently terminated all services by April 1, 2026. The shutdown followed an inability or unwillingness to obtain MiCA licensing for EU/EEA users and a stated broader regulatory and restructuring rationale for global operations. The wind-down included a controversial abandoned-funds clause under which assets not withdrawn by April 1, 2026 were deemed permanently lost, as well as a monthly administrative fee of up to 10% of balances during the grace period, raising significant consumer-protection concerns.

VeChain (VET) is an enterprise-focused Layer-1 blockchain founded by Sunny Lu (former CIO of Louis Vuitton China). Launched in 2015 as a subsidiary of Bitse, rebranded and mainnet launched in 2018. The VeChain Foundation's buyback wallet was hacked in December 2019 due to employee negligence, losing 1.1 billion VET (~$6.5M). The Foundation held 27.3% of total token supply as of September 2019. VeChain's official X account was compromised in January 2024 for a scam giveaway. The blockchain has built-in fund freezing capabilities. Enterprise partnerships include Walmart China, BMW, and UFC. VeChain was among the first to proactively comply with MiCAR regulations.

Bit.com was a cryptocurrency derivatives and spot exchange launched in August 2020 by Matrixport, a Singapore-based digital asset firm founded by Bitmain co-founder Jihan Wu. On December 27, 2025, the exchange announced a phased wind-down under the label 'business restructuring,' with spot trading ceasing January 31, 2026, a backup withdrawal-only station active through March 31, 2026, and post-deadline asset recovery requiring individual customer-service requests. No regulatory action, security breach, or insolvency has been publicly reported as the cause; the shutdown appears consistent with a broader strategic consolidation by Matrixport, which rebranded as 'BIT' on March 20, 2026.

Silo V2 is a non-custodial, permissionless isolated lending market protocol operating across Ethereum, Arbitrum, Base, Optimism, and Sonic. On June 25, 2025, an unreleased peripheral leverage contract was exploited for approximately $545,000 (224 ETH) belonging to SiloDAO test funds; the team confirmed that all core markets and user deposits were unaffected. The incident revealed inadequate input validation and absent formal verification on pre-release code that had been deployed to mainnet, and the attacker subsequently laundered the stolen ETH through Tornado Cash.

Virtual Assets LLC, doing business as Crypto Dispensers, is a Chicago-based cash-to-cryptocurrency exchange operator founded in 2017 by Firas Isa. In November 2025, Isa and the company were each charged with one count of federal money laundering conspiracy in the Northern District of Illinois, with prosecutors alleging at least $10 million in proceeds from wire fraud and narcotics offenses were processed through the platform between 2018 and 2025. Both defendants have pleaded not guilty; the case is pending in federal court before U.S. District Judge Elaine E. Bucklo.

Kok An (born Phu Kok An, 1954) is a Sino-Cambodian senator, businessman, and one of Cambodia's wealthiest individuals, whose flagship companies Crown Resorts and Anco Brothers were designated by the U.S. Treasury's Office of Foreign Assets Control (OFAC) on April 23, 2026, along with 28 other individuals and entities, for allegedly operating and protecting a network of scam compounds that coerce human-trafficking victims into perpetrating 'pig butchering' crypto-investment fraud against American citizens. The designations, made under executive orders targeting significant malicious cyber-enabled activities, freeze all U.S.-linked assets and prohibit Americans from transacting with any designated party. Parallel law enforcement actions by Thailand, including a July 2025 Thai Criminal Court arrest warrant and raids seizing assets worth over 1.17 billion baht, and a November 2025 Thai revocation of Kok An's and his three children's fraudulently obtained Thai nationality, reflect a sustained international enforcement campaign against his network.

Ambient Finance (formerly CrocSwap, operated by Crocodile Labs) is a decentralized exchange protocol that runs an entire DEX inside a single smart contract, combining concentrated and ambient liquidity on Ethereum and several L2 networks. On October 17, 2024, the protocol's frontend suffered a DNS hijacking attack deploying Inferno Drainer malware to drain wallets of users who interacted with the compromised site; the underlying smart contracts were unaffected and the team reimbursed all affected users in ETH. ZachXBT has flagged this entity.

Apyx Finance is a DeFi protocol that issues apxUSD, a synthetic dollar stablecoin backed primarily by preferred equity shares of digital asset treasury companies, most notably Strategy's STRC preferred stock, rather than by fiat or crypto-native collateral. On June 4, 2026, apxUSD fell to approximately $0.93 during a Bitcoin drawdown that pushed STRC below its $100 par value, a roughly 7% deviation from peg. The protocol characterized this episode as expected behavior intrinsic to its equity-backed design, a framing that drew skepticism from market participants who noted structural risks including liquidity mismatches between 24/7 crypto markets and exchange-hours equity trading, leverage stacking in downstream DeFi venues, and the protocol's exclusion of US and EU persons from participation.

zkSync Era is an EVM-compatible ZK rollup Layer 2 network on Ethereum, developed by Matter Labs and governed through the ZK Nation framework. The network launched its ZK token in June 2024 to significant community controversy over airdrop eligibility and alleged Sybil-farming failures. In April 2025, an admin private-key compromise allowed an attacker to mint 111 million unclaimed ZK tokens worth approximately $5 million from airdrop contracts, though 90% of funds were later recovered via a bounty agreement.

Mach-O Man is a four-stage macOS malware kit attributed to North Korea's Lazarus Group (Chollima division), publicly disclosed in April 2026 by researchers at Bitso's Quetzal Team and the ANY.RUN sandbox platform. The campaign uses ClickFix social engineering — delivering fake meeting invitations via Telegram — to trick cryptocurrency and fintech executives into executing a terminal command that deploys a modular toolkit capable of stealing macOS Keychain secrets, browser credentials, session cookies, and crypto wallet extension data. Security researchers have linked the same threat actor cluster to over $575 million stolen from Drift Protocol and KelpDAO in April 2026 alone, and Lazarus Group's cumulative cryptocurrency theft since 2017 is estimated to exceed $7.3 billion.

Honeyland is a mobile-first, play-to-earn blockchain strategy game built on Solana by Hexagon Studios (Singapore), where players manage bee colonies to earn the native HXD token. The project raised $4 million prior to its public token launch in March 2023 and was acquired by Montreal-based Bravo Ready Studios in July 2025. No confirmed fraud, hack, or regulatory action has been identified; the primary risk factors are severe token price depreciation (approximately 99.9% from all-time high), low trading liquidity, and the structural sustainability challenges common to play-to-earn game economies.

Chen Zhi (also known as 'Vincent'), age 37, is the founder and chairman of Prince Holding Group, a Cambodia-based multinational conglomerate indicted in October 2025 by a federal grand jury in the Eastern District of New York (EDNY) for operating forced-labor cryptocurrency fraud compounds across Cambodia. The U.S. Department of Justice filed a civil forfeiture action for approximately 127,271 BTC (valued at approximately $15 billion), the largest forfeiture action in DOJ history. Chen Zhi was arrested on January 6, 2026 in Cambodia and extradited to China; his Cambodian citizenship was revoked prior to extradition.

BonkBot is a Solana-focused Telegram trading bot launched in 2023, affiliated with the BONK memecoin community but operated as a legally separate entity. It has grown to become one of the largest Telegram-based trading bots by volume, reporting over $14 billion in lifetime trades and more than 500,000 total users, with all 1% trading fees directed toward purchasing and burning BONK tokens. The platform operated in a custodial manner for most of its history before announcing a non-custodial key management system upgrade in October 2024; a March 2024 incident in which 302 users lost approximately $523,000 in SOL highlighted custody risks common to this class of product, though BonkBot attributed the losses to a compromise at a rival bot (Solareum) rather than its own infrastructure.

Zedcex Exchange Ltd. and Zedxion Exchange Ltd. are two UK-registered cryptocurrency exchanges designated by the U.S. Treasury's Office of Foreign Assets Control (OFAC) on January 30, 2026, in the first-ever U.S. sanctions action specifically targeting digital asset exchanges linked to Iran's Islamic Revolutionary Guard Corps (IRGC). On-chain analysis by TRM Labs identified approximately $1 billion in IRGC-associated flows through the two platforms between 2023 and 2025, routed almost exclusively in USDT on the TRON blockchain. Both entities are connected to Babak Morteza Zanjani, a previously OFAC-sanctioned Iranian financier convicted of embezzling billions from Iran's National Oil Company whose death sentence was commuted in 2024.

Robinhood Crypto, LLC is the cryptocurrency trading subsidiary of publicly-traded Robinhood Markets, Inc. (NASDAQ: HOOD), offering retail crypto trading in the United States and Europe. The entity has accumulated over $170 million in regulatory fines and settlements across multiple U.S. jurisdictions since 2020 related to AML deficiencies, misleading disclosures, customer asset restrictions, and cybersecurity failures, though it remains a licensed and operational platform with growing global ambitions including the $200 million acquisition of Bitstamp completed in June 2025.

The 'graphalgo' campaign is a North Korean state-sponsored software supply-chain operation attributed to the Lazarus Group, active since at least May 2025 and publicly disclosed in February 2026. Threat actors impersonate cryptocurrency-sector recruiters using fabricated companies — most notably 'Veltrix Capital' — to deliver coding-assessment repositories seeded with malicious npm and PyPI packages that install a remote-access trojan (RAT) targeting developer systems and cryptocurrency wallets. By April 2026 the campaign had respawned under new personas including 'Blockmerce' and 'Bridgers Finance', with operatives registering a real U.S. LLC to enhance credibility.

Synthetix is an Ethereum-based decentralized derivatives liquidity protocol originally launched in 2017 as Havven by Australian entrepreneur Kain Warwick, rebranding in 2018 to enable the creation of synthetic assets tracking real-world prices. The protocol reached a peak total value locked during the 2021 DeFi bull market and has been a pioneer in on-chain derivatives, but has faced recurring issues including a critical oracle exploit in 2019, persistent front-running vulnerabilities, a contentious DWF Labs market-maker arrangement, and a prolonged sUSD stablecoin depeg crisis beginning in 2025 triggered by the SIP-420 protocol overhaul.

Tudou Guarantee was a Chinese-language, Telegram-based illicit marketplace that processed over $12 billion in USDT transactions, making it the third-largest such marketplace in recorded history. Operated as an escrow and guarantee service for vendors selling stolen data, money laundering services, scam infrastructure, and AI deepfake tools to pig-butchering and other fraud operators, it emerged as the primary successor to Huione Guarantee following that platform's May 2025 shutdown. Tudou ceased public Telegram transactions in January 2026 following the arrest and extradition of Prince Group chairman Chen Zhi to China.

Bitcoin Cash (BCH) is a proof-of-work cryptocurrency that forked from Bitcoin on August 1, 2017, at block 478,559, increasing the block size limit from 1 MB to 8 MB to enable higher on-chain transaction throughput. It is classified as a commodity by U.S. regulators and ranked approximately #14 by market capitalization (~$8.8B as of May 2026). The project carries meaningful reputational risk tied to its primary promoter Roger Ver, who was indicted for $48 million in tax fraud in 2024 and reached a deferred prosecution settlement; additionally, the network experienced a contentious hash war in 2018 that split the chain, and Bitcoin.com operated a wallet app and website that allegedly misled users into purchasing BCH instead of Bitcoin.

On April 16, 2026, Rhea Finance — the leading DeFi hub on the NEAR blockchain, formed by the March 2025 merger of Ref Finance and Burrow Finance — was exploited for an estimated $18.4 million (initially reported as $7.6 million) via a two-phase attack combining fake token pool seeding with a slippage-protection bypass in its margin trading module. Approximately $9 million in assets was subsequently recovered or frozen, including $3.291 million USDT frozen by Tether, leaving an estimated $8–9 million outstanding as of late April 2026.

Stable (STABLE) is a specialized Layer-1 'Stablechain' blockchain engineered to optimize stablecoin transactions by using USDT as its native gas token for predictable, low-cost settlements. The STABLE token is used for validator staking, governance, and ecosystem alignment. Market cap ~$914M. Limited independent coverage and relatively new project with low confidence in assessment due to sparse verifiable information.

On January 8, 2026, the Truebit Protocol smart contract on Ethereum was exploited via an integer overflow vulnerability in a legacy, unaudited Purchase contract (deployed circa 2021, compiled with Solidity v0.5.3), allowing an attacker to mint TRU tokens at near-zero cost and drain 8,535 ETH (approximately $26.2–26.6 million) from the bonding-curve reserve. The stolen funds were fully laundered through Tornado Cash by January 11, 2026, and no meaningful recovery has been reported. The incident caused TRU token to collapse approximately 99.9% within 24 hours, and the same primary attacker address was linked by PeckShield to a prior Sparkle Protocol exploit approximately 12 days earlier.

Filecoin (FIL) is a decentralized storage network built by Protocol Labs, founded by Juan Benet. Raised a record $257M in a 2017 ICO via SAFT structure. SEC classified FIL as a security in Binance/Kraken lawsuits but later removed FIL from the Binance complaint (July 2024). Miner protests erupted at mainnet launch (October 2020) over economic model requiring heavy collateral. Mining historically concentrated in China. Binance delisted FIL/BNB pairs in October 2024.

Vanilla Drainer is a Drainer-as-a-Service (DaaS) criminal platform first documented in October 2024 that provides phishing kits and malicious smart contract infrastructure to affiliate fraudsters in exchange for a 15-20% commission on stolen proceeds. Blockchain investigator Darkbit attributed at least $5.27 million in cryptocurrency thefts to the service within a three-week window in mid-2025, and the Security Alliance (SEAL) identified Vanilla Drainer as one of the two primary drainer families deployed via Google Ads malvertising campaigns that stole more than $1.27 million between March 13-30, 2026. No operators have been publicly identified and no law enforcement actions against the service have been confirmed as of mid-2026.

Ethena is a synthetic-dollar protocol launched on Ethereum in 2023, issuing USDe — a delta-neutral synthetic dollar backed by crypto spot collateral and offsetting short perpetual futures positions rather than fiat bank deposits. The protocol also issues a governance token (ENA) and a yield-bearing staked variant (sUSDe) marketed as an 'Internet Bond.' While it achieved a peak supply exceeding $14 billion in 2025, it has faced regulatory enforcement in Germany under MiCAR, a localized depeg event on Binance in October 2025, ongoing counterparty and negative-funding-rate risk critiques, and comparisons — contested by the founding team — to the failed Terra/UST model.

A persistent, multi-vector phishing network impersonating Uniswap across fake airdrops, cloned interfaces, and fraudulent Google Search advertisements has operated across multiple campaigns since at least 2022. The most recent and documented wave, active from late 2025 through May 2026, uses drainer-as-a-service tooling — primarily the AngelFerno kit — to trick victims into signing malicious wallet-approval transactions via Google Ads placed above legitimate Uniswap search results. Verified aggregate losses across the discrete 2025–2026 Google Ads campaign episodes reach approximately $1.63 million; broader industry-wide wallet drainer losses in 2024 reached $494 million across all protocols according to Scam Sniffer, but that figure is not attributable to Uniswap impersonation alone.

Hedera is a public distributed ledger technology platform using a patented hashgraph consensus mechanism, launched to mainnet in September 2019. In March 2023, the network suffered a protocol-level exploit in its Smart Contract Service that drained approximately $600,000 in liquidity pool tokens from three decentralized exchanges, requiring a full mainnet proxy shutdown for 41 hours. The platform operates under a council governance model comprising up to 39 global enterprises, which provides institutional stability but draws criticism for centralization relative to permissionless blockchains.

On February 22, 2026, the YieldBlox DAO-managed lending pool on Stellar's Blend V2 protocol was drained of approximately $10.97 million via a thin-liquidity oracle manipulation attack targeting the USTRY/USDC pair on the Stellar DEX. An attacker inflated the Reflector VWAP oracle price of USTRY from approximately $1.05 to $107 with a single low-volume trade costing roughly $5, then used overvalued USTRY collateral to borrow the pool's entire XLM and USDC reserves. Stellar Tier-1 validators froze approximately 48 million XLM (~$7.5 million) before the funds could be fully bridged out; the protocol developer Script3 committed to full depositor compensation and the attacker rejected a 10% white-hat bounty offer.

On March 15, 2026, Venus Protocol's BNB Chain Core Pool was exploited via a donation-attack supply-cap bypass targeting the THENA (THE) token market, resulting in approximately $3.7 to $5.07 million in extracted assets and $2.15 million in residual bad debt. The attacker conducted a nine-month preparation phase funded by 7,447 ETH received through Tornado Cash, and exploited a getCashPrior() vulnerability in Venus's Compound-forked vToken contracts that had been documented in a May 2023 Code4rena audit and previously exploited on Venus's zkSync deployment in February 2025, yet was not patched across all protocol deployments prior to this larger incident.

HyperFund (also marketed as HyperVerse, HyperCapital, HyperNation, and HyperTech) was a cryptocurrency investment scheme that raised approximately $1.89 billion from global investors between June 2020 and November 2022 by promising daily passive returns of 0.5–1% backed by purported large-scale crypto mining operations. The U.S. Department of Justice and the Securities and Exchange Commission both filed charges in January 2024, alleging the scheme had no legitimate mining revenues and operated as a pyramid and Ponzi structure in which new investor deposits funded earlier investors' withdrawals. Co-founder Xue 'Sam' Lee remains at large following a temporary detention in Dubai; co-promoter Rodney 'Bitcoin Rodney' Burton is held without bail with trial scheduled for September 14, 2026; and co-promoter Brenda 'Bitcoin Beautee' Chunga has pleaded guilty and awaits sentencing.

On March 22, 2026, an attacker compromised Resolv Labs' AWS Key Management Service (KMS) infrastructure to steal the SERVICE_ROLE private key controlling the USR minting contract. Using this key, the attacker deposited approximately $100,000-$200,000 in USDC across two transactions and minted approximately 80 million unbacked USR tokens at a 400-500x over-mint ratio, ultimately extracting roughly $23-$25 million in ETH. The exploit crashed USR's dollar peg by approximately 70-80% within 17 minutes, created functional insolvency for the Resolv protocol ($95M assets vs $173M liabilities), and spread cascading losses across at least 15 Morpho vaults and Fluid/Instadapp lending markets. The Resolv Foundation subsequently launched a tiered compensation plan in late May 2026 and reported completing over $77 million in phase-one redemptions by late May 2026.

Zerion is a non-custodial DeFi portfolio tracker and multi-chain wallet founded in 2016, supporting 50+ blockchains including Ethereum and Solana. The platform has experienced multiple security incidents over its history, including a 2026 social engineering attack attributed to North Korean threat actors that resulted in approximately $100,000 in company internal wallet losses, though user funds were unaffected in each incident. Zerion also shut down its ZERO Layer-2 network in May 2026 after 1.5 years due to low adoption, with assets bridgeable until July 31, 2026.

DeXe (DEXE) is a DAO governance infrastructure protocol enabling permissionless DAO creation and management. TVL tripled from ~$500M to ~$1.7B between end of 2024 and early Q2 2026. Over 100 DAOs launched on the platform by end of 2024. However, only ~50,000 holders suggests high concentration risk with capital flows growing faster than user growth. DEXE token remains down ~63% from its March 2021 ATH of $33.54. No major security incidents or regulatory actions found. Limited independent media coverage relative to its TVL. Treasury growth has significantly outpaced token price appreciation.

On June 2, 2026, the U.S. Treasury's Office of Foreign Assets Control (OFAC) added four Iranian cryptocurrency exchanges — Nobitex, Wallex, Bitpin, and Ramzinex — to the Specially Designated Nationals (SDN) list under counterterrorism and Iran financial-sector authorities, representing the Treasury Department's largest single enforcement action to date against Iran's digital asset economy. The four exchanges collectively handled approximately 78 percent of Iran's attributed 2025 crypto volume, totaling roughly $7.78 billion, and were alleged to have facilitated sanctions evasion, terrorist financing for the IRGC, and support for other U.S.-designated entities including Hamas. The action forms the third layer of a five-month OFAC enforcement campaign that began in January 2026 and has frozen nearly $500 million in regime-linked cryptocurrency.

Mantle is a modular Ethereum Layer 2 network launched in July 2023, emerging from a merger of the BitDAO DAO and the Mantle L2 project. The MNT token was converted 1:1 from BitDAO's BIT token following a May 2023 community vote. The protocol holds a treasury of over $6 billion in assets and ranked approximately #43 by market cap as of mid-2026, but carries notable centralization risks including a single sequencer, zero-delay contract upgrade capability, and deep strategic and financial dependence on Bybit, the centralized exchange that held approximately 60% of the initial BIT token supply and suffered a $1.5 billion North Korean hack in February 2025.

A broad category of unauthorized cryptocurrency tokens, fake airdrop campaigns, and wallet-draining sites have emerged exploiting FIFA World Cup 2026 branding ahead of the tournament, which runs June 11 through July 19, 2026. None of these tokens or projects hold any official affiliation with FIFA. Law enforcement agencies including the FBI Internet Crime Complaint Center and the Los Angeles County Sheriff's Department have issued public warnings, while cybersecurity firm Group-IB has attributed a coordinated phishing and payment-theft campaign to a Chinese-speaking threat actor called GHOST STADIUM, estimating potential financial losses in the range of $71 million to $474 million for premium-ticket fraud alone.

On June 8, 2026, an attacker exploited a proof-validation parsing flaw in Syscoin's native UTXO bridge relay, minting approximately 5 billion unauthorized SYS tokens — valued at roughly $10 million at the time — without performing the required corresponding burn transaction on the NEVM side. Syscoin, an established Bitcoin-merged-mining blockchain project founded in 2014, is the victim of this infrastructure incident rather than a fraudulent actor itself. The bridge remains paused as of the reporting date pending a security-reviewed fix, and the unauthorized token supply inflation presents an unresolved dilution risk to SYS holders.

Phantom Wallet is a self-custody, non-custodial cryptocurrency wallet developed by Phantom Technologies, Inc., headquartered in San Francisco. Originally launched in 2021 as a Solana-focused browser extension, it has expanded to support Ethereum, Bitcoin, Polygon, Base, and Sui across browser extensions and mobile apps, with approximately 15 million monthly active users and $25 billion in self-custodied assets as of early 2025. The company is well-funded and has engaged constructively with US regulators, though it faces an active civil lawsuit alleging a browser-extension security flaw, and its users have been materially targeted by phishing impersonators and fake app-store clones.

Three Sheffield teenagers carried out an armed home-invasion robbery on June 18, 2024 at a flat in Hoxton, east London, stealing approximately £3.1 million (reported as $4.3M USD in some outlets) in cryptocurrency from a victim they had located using a misappropriated law-enforcement database. Blockchain investigator ZachXBT publicly identified the ringleader online as 'Faris Ali' in October 2024; Sheffield Crown Court proceedings name the ringleader as Faris Hassan. All three perpetrators pleaded guilty and were sentenced to a combined 16 years in youth detention at Sheffield Crown Court on November 7, 2025, with the stolen cryptocurrency recovered within 72 hours and returned to the victim.

On February 1, 2026, CrossCurve — a cross-chain DEX and bridge protocol operating under the EYWA brand — suffered a critical exploit of its ReceiverAxelar bridge contract via a missing Axelar Gateway validation check. Approximately $1.4 million in liquid assets were confirmed stolen, while the total PortalV2 contract balance drained was approximately $3 million (including largely illiquid EYWA tokens). No funds were recovered as of the investigation date.

A large-scale industrialized campaign of Ethereum address-poisoning attacks surged sharply following the December 3, 2025 Fusaka protocol upgrade, which reduced per-transaction gas fees by approximately 67% and made high-volume dust-transfer campaigns economically viable at unprecedented scale. Two high-profile victims suffered a combined loss of approximately $62.2 million between December 2025 and January 2026, with a single victim losing $49,999,950 in USDT on December 19, 2025. An independent academic study published by Carnegie Mellon University researchers (Tsuchiya et al., presented at USENIX Security 2025) quantified the broader campaign at 270 million on-chain poisoning attempts targeting 17 million wallets across Ethereum and BNB Smart Chain from July 2022 to June 2024, with confirmed losses of at least $83.8 million over that earlier study period.

Spicenet is an early-stage DeFi interoperability protocol founded in 2023 and headquartered in Kingston, Canada, with a technical hub in Bengaluru, India. The project raised $3.4 million in a December 2024 seed round led by Hack VC and Magnus Capital, and is building a cross-chain brokerage network comprising two products — Spice Flow (multi-chain distribution) and Spice Edge (execution layer). As of May 2026, Spicenet remains pre-mainnet; no regulatory actions, fraud allegations, or security breaches have been publicly documented.

Hxro Network is a decentralized derivatives and liquidity primitive built on the Solana blockchain, providing shared exchange, risk management, and settlement infrastructure for on-chain futures, options, and parimutuel betting markets. The project raised $49 million across two token rounds in 2021 from well-regarded institutional investors including Jump Crypto, Blockchain Capital, Susquehanna International Group, and Alameda Research. While the team is publicly identified with traditional finance credentials and multiple third-party security audits have been completed, the HXRO token has experienced a severe decline from its all-time high, and the network has struggled to achieve meaningful adoption relative to competing Solana derivatives protocols.

Cega (cega.fi) was a decentralized exotic options and structured products protocol that operated from June 2022 through late 2024 on Solana, Ethereum, and Arbitrum. Founded by Arisa Toyosaki, a named former derivatives trader, and backed by Dragonfly Capital, Pantera Capital, and Coinbase Ventures, the protocol processed over $500 million in cumulative transaction volume without a reported user fund loss. In November 2024 Cega was acquired by an undisclosed party and wound down its public-facing product suite, urging remaining depositors to withdraw.

Socket Protocol (also marketed as Bungee Exchange) is a cross-chain interoperability and liquidity-routing protocol founded in 2021 by Vaibhav Chellani and Rishabh Khurana. On January 16, 2024, a newly deployed route module containing an unvalidated calldata vulnerability was exploited, draining approximately $3.3 million from approximately 230 wallets that had granted infinite token approvals to the SocketGateway contract. In an unusual outcome for a DeFi exploit, Socket negotiated the return of 1,032 ETH (~$2.3 million) from the attacker and covered the remaining ~$1.1 million shortfall itself, making all affected users whole.

Claynosaurz is a Solana-native NFT collection and web3 animation studio launched in November 2022, comprising 10,222 animated 3D dinosaur characters. Founded by Montreal-based animation professionals with verifiable film industry credits, the project has delivered multiple product milestones including physical merchandise, a Solana Phone exclusive NFT drop, cross-chain expansion to Sui, and a forthcoming Gameloft mobile game. No fraud, rug pull, or regulatory actions have been identified; the primary risk factors relate to NFT market depreciation, complex multi-token ecosystem mechanics, and the inherent execution risk of an early-stage gaming and entertainment IP.

Ondo Finance is a real-world asset (RWA) tokenization protocol founded in 2021 by former Goldman Sachs executives Nathan Allman and Justin Schmidt. The platform offers tokenized exposure to U.S. Treasury securities (OUSG, USDY) and, since September 2025, a broader set of tokenized equities via Ondo Global Markets. The protocol held over $1.8 billion in TVL as of late 2025 and received formal notice in November 2025 that a two-year SEC investigation had been closed without charges.

Clockwork was a Solana-based smart-contract automation protocol that allowed developers to schedule transactions and build event-driven on-chain programs without relying on centralized cloud infrastructure. Founded in 2021 as Cronos and rebranded in 2022, the project raised $4 million in seed funding from Multicoin Capital, Asymmetric, and Solana Ventures before its founder announced an orderly shutdown effective October 31, 2023, citing limited commercial upside. No fraud, security exploits, or regulatory actions have been identified; the shutdown is assessed as a voluntary wind-down of a legitimate infrastructure project.

Flash Trade (flash.trade) is a non-custodial, asset-backed perpetuals and spot exchange built on Solana, founded in early 2023 by Anas Khader and Zoheb Shahzan (previously of the Investin project). The protocol is bootstrapped, has undergone multiple third-party security audits, publishes an open-source reference implementation, and has processed over $20 billion in cumulative trading volume. No exploits, regulatory actions, or fraud allegations have been identified; primary risk factors are a modest TVL (~$10.7M), a low-cap governance token (FAF, ~$3.7M market cap), oracle dependency on Pyth Network, and limited public background on the founding team.

Cropper Finance is a permissionless automated market maker (AMM) and yield farming protocol built on the Solana blockchain, launched in mid-2021. The platform raised approximately $1.1–1.5 million across seed and public rounds and underwent security audits by Halborn Security, but operates with a pseudonymous-to-anonymous founding team and has experienced severe TVL and token value decline since its 2021 peak. As of 2025–2026 the protocol shows minimal trading activity, negligible TVL, and near-zero community engagement, raising questions about long-term viability.

Crossmint is a New York-based web3 infrastructure company founded in 2022 by Alfonso Gómez-Jordana Mañas and Rodrigo Fernández Touza. It provides APIs and no-code tools for embedded wallets, NFT minting, stablecoin orchestration, and AI-agent payments, reporting over 40,000 enterprise and developer customers. The company raised $23.6 million in March 2025 led by Ribbit Capital, holds SOC 2 Type II certification, a VASP license, and received MiCA authorization in Spain in December 2025.

Sky (formerly MakerDAO) is a DeFi lending protocol founded by Rune Christensen that governs the DAI/USDS stablecoin system. Rebranded in August 2024 with USDS and SKY token migration. Key risks include the March 2020 Black Thursday oracle failure ($8.32M in losses, $28M class action dismissed), governance centralization (top 3 holders controlled 78%+ of votes per academic research), DAI depeg events, and USDS freeze function controversy. No SEC/CFTC enforcement actions exist. USDS supply grew ~86% to ~$9.86B through 2025.

Fragmetric (fragmetric.xyz) is a Solana-native liquid restaking protocol that issues fragSOL, fragJTO, and fragBTC as Liquid Restaking Tokens (LRTs) built on Jito's restaking infrastructure. The protocol raised $12 million across seed and strategic rounds from recognized institutional backers including Hashed, Finality Capital, and RockawayX, and has undergone multiple independent security audits by Certora and Quantstamp. Material risks include smart-contract complexity inherent to restaking, slashing exposure through Node Consensus Networks (NCNs), partial team pseudonymity, and significant FRAG token price depreciation following the July 2025 listing.

Aptos is a Layer-1 proof-of-stake blockchain founded in 2021 by Mo Shaikh and Avery Ching, former employees of Meta's Diem (Libra) project, using the Move programming language originally developed for Diem. The project raised $350 million across two rounds in 2022 from investors including a16z, FTX Ventures, Jump Crypto, and Three Arrows Capital, launching its mainnet in October 2022 amid significant criticism over opaque tokenomics, low initial throughput, and heavy insider allocations. While Aptos has since grown its DeFi TVL above $1 billion, attracted institutional partnerships with BlackRock, Microsoft, and Brevan Howard, and received digital commodity classification from the SEC and CFTC in 2026, early controversies around token distribution, FTX investor exposure, a 5-hour network outage in October 2023, and the departure of co-founder CEO Mo Shaikh in December 2024 remain part of the project's documented record.

Jupiter Perps is a perpetual-futures decentralized exchange (DEX) built on Solana, operated by Jupiter Exchange, offering up to 250x leveraged trading on SOL, ETH, and wBTC against a shared liquidity pool called JLP (Jupiter Liquidity Pool). The protocol has grown to become the dominant perps venue on Solana with a JLP TVL that surpassed $2 billion in September 2025 and over $100 billion in cumulative trading volume as of 2024. The platform has undergone multiple independent smart contract audits with no critical exploits against its own contracts reported, though JLP token holdings in third-party vaults were implicated as stolen assets in the April 2026 Drift Protocol breach.

Euler Finance is an Ethereum-based non-custodial lending protocol founded in 2020 by Michael Bentley (PhD, Oxford) that pioneered permissionless lending for long-tail ERC-20 assets. On March 13, 2023, the protocol suffered a ~$197 million flash loan exploit — the largest DeFi hack of 2023 — caused by a missing health check in the donateToReserves() function. In an unusual outcome, the attacker, who communicated under the alias 'Jacob,' returned approximately $240 million in assets (including ETH price appreciation) over three weeks following on-chain negotiations, enabling full user restitution. The protocol relaunched as Euler V2 in September 2024 with a modular architecture, 45+ security audits, and subsequently grew TVL to over $1.5 billion by early 2025.

Lifinity was a proactive market maker and oracle-based decentralized exchange built on Solana, operating from February 2022 until it voluntarily shut down in December 2025 after processing approximately $150 billion in lifetime trading volume. The protocol was notable for its use of Pyth oracle pricing instead of traditional AMM mechanics, a no-VC community-funded launch via a veIDO, and a transparent wind-down that distributed roughly $43.4 million in treasury assets to LFNTY token holders. Risk factors include an anonymous pseudonymous founder operating as 'Durden' or 'durdenwannabe,' a $699,090 pool drainage incident in December 2023 caused by a protocol-level bug, and structural dependence on the Pyth oracle as a single external pricing dependency.

Flare (FLR) is a Layer-1 blockchain founded by Hugo Philion focused on cross-chain data oracles (FTSO) and interoperability, with deep roots in the XRP ecosystem. The FLR token airdrop to XRP holders was delayed two years (snapshot Dec 2020, distribution Jan 2023), crashing 83-87% on launch day. Critics noted the airdrop delivered only 15% upfront rather than the expected 1:1 ratio. Protos reported the network attracted just 80 new users per day despite its billion-dollar valuation. A Flare 2.0 upgrade targeting TEE-based confidential compute is planned for Q3 2026. Current metrics show ~860K active addresses, ~500K daily transactions, and ~$200M TVL.

Sei Network is a Layer 1 blockchain developed by Sei Labs, co-founded in 2021 by Jayendra Jog and Jeff Feng, designed to optimize high-throughput trading and DeFi with a parallelized EVM architecture. The project raised $35 million across seed and Series A rounds from prominent crypto VCs, launched its mainnet in August 2023, and has grown to over $600 million in TVL as of mid-2025. While no regulatory enforcement actions have been brought against Sei Labs or the Sei Foundation directly, the project faced community backlash over its 2023 airdrop distribution and carries structural risk concerns related to token unlock schedules, insider allocation concentration, and a low validator decentralization score.

Light Protocol is a Solana-native ZK compression infrastructure layer developed by Luminous Labs Lda, a Portugal-based company co-founded in 2021 by Swen Schäferjohann. The protocol reduces on-chain state storage costs by up to 99% using zero-knowledge proofs and has undergone multiple independent security audits including formal circuit verification. No fraud allegations, regulatory actions, or fund-loss incidents have been identified; primary risk signals are inherent ZK/smart-contract complexity, partially unaudited SDK tooling, and infrastructure scaling concerns raised by Solana node operators.

Lulo (lulo.fi), formerly known as Flexlend, is a Solana-based DeFi lending aggregator that automatically routes stablecoin deposits to the highest-yielding protocols on the network, including Kamino, Drift, Marginfi, Morpho, Maple, and Pendle. Founded in 2022 and formally launched in early 2024, the protocol has grown to over $86 million in TVL and surpassed $100 million in cumulative deposits, supported by five independent security audits and backing from Circle Ventures and Solana Ventures. The platform's primary risk profile is composability-layer exposure: deposits are routed across multiple third-party protocols, meaning a failure at any underlying venue could affect user funds, although Lulo's 'Protected' tier includes automated on-chain coverage for such events.

Starknet is a permissionless ZK-rollup Layer 2 network on Ethereum, developed by Israeli cryptography firm StarkWare Industries. It uses STARK-based validity proofs and the Cairo programming language to scale Ethereum throughput. The project launched its STRK token in February 2024 and reached L2Beat Stage 1 decentralization in May 2025, but has faced significant community criticism over its airdrop eligibility criteria and an early, aggressive token unlock schedule for investors and early contributors.

On March 15, 2022, Agave (an Aave fork on Gnosis Chain) and Hundred Finance (a Compound fork deployed on Gnosis Chain) were simultaneously exploited via a reentrancy attack that abused post-transfer callback hooks in Gnosis Chain's non-standard ERC-677 bridged tokens, resulting in combined losses of approximately $11.7 million. Hundred Finance suffered a second major exploit in April 2023 on Optimism ($7.4 million), after which the protocol voted to shut down permanently in August 2023. Agave continued operating in diminished capacity before its DAO formally wound down in early 2024.

StablR is a Malta-based, MiCA-regulated stablecoin issuer holding an Electronic Money Institution license from the Malta Financial Services Authority (MFSA), backed by strategic investors including Tether and Kraken. On May 24, 2026, an attacker compromised a single private key on the issuer's 1-of-3 minting multisig, gaining full administrative control and minting approximately 8.35 million USDR and 4.5 million EURR (~$13.5 million face value in unbacked tokens). The attacker extracted an estimated $2.8 million net profit after selling into thin DEX liquidity, causing both stablecoins to depeg by more than 20%; StablR subsequently froze minting and redemption, acknowledged the breach caused a MiCA-mandated 1:1 reserve shortfall, and engaged law enforcement and external cybersecurity firms.

A fraudulent mobile application impersonating Hyperliquid, the decentralized perpetuals exchange, was identified on the Google Play Store in November 2025 by on-chain investigator ZachXBT. The app, published under the developer name 'Tvtion Inc.', replicated Hyperliquid's branding and interface to harvest users' seed phrases, transmitting them to an external server. An Ethereum address linked to the operation has been associated with thefts exceeding $281,000; Hyperliquid has never released an official mobile application, making any such listing inherently fraudulent.

Crypto.com is a Singapore-headquartered centralized cryptocurrency exchange founded in 2016 (originally as Monaco) by Kris Marszalek, Bobby Bao, Gary Or, and Rafael Melo. The platform has been subject to multiple serious security incidents, including a confirmed January 2022 hack in which $34 million was stolen via a 2FA bypass and laundered through Tornado Cash, and an alleged 2023 data breach linked to the Scattered Spider hacking group that the company did not publicly disclose to affected users. Blockchain investigator ZachXBT has publicly accused Crypto.com of governance manipulation and tokenomics fraud, citing the March 2025 reissuance of 70 billion CRO tokens that had been permanently burned in 2021, and the company's controversial 2020 forced swap from its original MCO token to CRO at unfavorable rates.

MEXC is a centralized cryptocurrency exchange founded in 2018, incorporated in Seychelles, that has accumulated a significant regulatory record across multiple jurisdictions including warnings or cease orders from authorities in Hong Kong, Germany, Belgium, Japan, Estonia, and South Korea. The exchange gained widespread notoriety in late 2025 after on-chain investigator ZachXBT amplified user reports of frozen funds, including a high-profile case in which a trader known as 'The White Whale' had approximately $3 million frozen without adequate explanation, eventually prompting a public apology from the exchange's Chief Strategy Officer. MEXC's parent entity MEXC Global Ltd was struck off by the Seychelles registry in August 2023, dissolved in December 2024, and never obtained a license under the Seychelles VASP Act 2024, leaving its current operational and legal standing opaque.

Vitalik Buterin is the legitimate co-founder of Ethereum and is not himself a scam actor. However, his name, likeness, and social media presence constitute one of the most heavily weaponized impersonation surfaces in crypto. Documented threats include a September 2023 SIM-swap of his X account (linked to Pink Drainer, resulting in ~$691K stolen from followers), persistent fake giveaway livestreams on YouTube, thousands of fraudulent Instagram accounts, and an escalating campaign of AI-generated deepfake videos distributing wallet-drainer phishing links.

KelpDAO is a liquid restaking protocol built on EigenLayer, founded in 2023, that issues rsETH as a yield-bearing liquid restaking token. On April 18, 2026, attackers attributed to North Korea's Lazarus Group (TraderTraitor / UNC4899) exploited a single-point-of-failure DVN configuration on KelpDAO's LayerZero bridge to drain 116,500 rsETH worth approximately $292 million — the largest single DeFi exploit of 2026. The attack triggered $13.21 billion in DeFi TVL outflows within 48 hours and precipitated an industry-wide bailout coalition called DeFi United, which ultimately restored rsETH to full backing by May 25, 2026.

No verifiable information about an entity named 'Burgeleth' was found across any indexed web source as of May 2026. Exhaustive searches across news outlets, blockchain explorers, social media platforms, regulatory databases, domain registries, and crypto-specific intelligence sources (ZachXBT, Chainalysis, Scam Sniffer) returned zero results matching this name in a crypto or financial context. The slug may refer to an extremely obscure or newly created entity, an alternate spelling of a different entity, or a name that has not yet generated any publicly indexed presence.

Sui is a Layer 1 blockchain developed by Mysten Labs, launched in May 2023 and built on the Move programming language. The network suffered one of the largest DeFi exploits of 2025 when Cetus Protocol — its primary DEX — was drained of approximately $223 million in May 2025, triggering a controversial emergency validator vote to freeze and reclaim stolen funds that exposed deep centralization concerns. Separately, ZachXBT investigated a $29 million SUI token theft in late 2024 involving Tornado Cash laundering and subsequently announced in July 2025 that he would no longer take Sui ecosystem cases due to inadequate incident-response infrastructure and lack of support from the ecosystem.

Coinbase (NASDAQ: COIN) is the largest publicly listed cryptocurrency exchange in the United States, founded in 2012 and regulated across multiple jurisdictions. Despite its regulated status, the platform has been the subject of significant documented concerns: a May 2025 insider-enabled data breach affecting approximately 70,000 users with estimated remediation costs of $180–400 million, ongoing documented losses exceeding $300 million per year from social engineering scams targeting Coinbase users (as reported by blockchain investigator ZachXBT), a $100 million AML compliance settlement with the NYDFS in 2023, and controversies surrounding its Base Layer-2 blockchain including a disputed token launch and a contentious departure from the Optimism OP Stack ecosystem.

Porkbun LLC is a legitimate ICANN-accredited domain registrar founded circa 2014-2015, headquartered in Sherwood, Oregon, and managing over 3.45 million domains. While the company is not itself a scam operation, it has attracted scrutiny from the crypto security community — including on-chain investigator ZachXBT — for hosting phishing infrastructure linked to Angel Drainer and Inferno Drainer wallet-draining services, including fake Ledger sites. Third-party tracking platforms document hundreds of flagged phishing domains registered through Porkbun and allege that the company's abuse-response enforcement has been inadequate, with a majority of reported domains remaining active after formal abuse reports.

Pendle is a permissionless yield-trading protocol on Ethereum, launched in 2021 by TN Lee and Vu Nguyen, that allows users to separate and trade the principal and yield components of yield-bearing assets. In September 2024, Penpie — an independent yield optimizer built on top of Pendle — suffered a $27 million reentrancy exploit that was made possible in part by Pendle's permissionless market creation design. Although Pendle's own contracts were not directly exploited, the protocol's architecture contributed to the attack surface, and all 11,261 ETH in stolen funds were subsequently laundered through Tornado Cash.

Bittensor is a decentralized blockchain protocol functioning as a peer-to-peer marketplace for machine intelligence, using the TAO token to reward AI model contributors. In July 2024, the protocol was the target of a supply chain attack via a malicious version of its official PyPI package, resulting in the theft of approximately $28 million in TAO tokens from 32 wallets. A civil lawsuit filed in January 2025 alleges that former Opentensor Foundation employees orchestrated the attack, and on-chain investigator ZachXBT identified a key suspect through NFT wash-trade analysis and Railgun de-mixing.

Ledger SAS is a Paris-based hardware cryptocurrency wallet manufacturer founded in 2014, producing the Nano S and Nano X devices used by millions worldwide. Despite its status as a legitimate and established company, Ledger has been involved in two major security incidents: a 2020 customer database breach exposing over 1 million email addresses and 272,000 physical addresses, and a December 2023 supply chain attack on its @ledgerhq/connect-kit npm package that drained approximately $600,000–$850,000 from users of multiple DeFi protocols via the Angel Drainer malware-as-a-service. A third-party data breach via payment processor Global-e was disclosed in January 2026.

Transak is a fiat-to-crypto on-ramp infrastructure provider founded in 2019 and serving over 8 million users across 160+ countries, with integrations into major platforms including MetaMask, Phantom, and Uniswap. In October 2024, a phishing attack on an employee's laptop led to unauthorized access to a third-party KYC vendor's dashboard, exposing the personal identity documents of approximately 92,554 users globally, including names, dates of birth, government-issued IDs, and selfie photos. The breach resulted in a $601,000 class action settlement covering U.S.-based affected users, and the Stormous ransomware group claimed responsibility, alleging extraction of over 300GB of data.

TON (The Open Network) is a layer-1 blockchain originally developed by Telegram, abandoned in 2020 following an SEC enforcement action that compelled a $18.5 million penalty and $1.22 billion investor return, and subsequently revived by an independent TON Foundation. By 2024, rapid ecosystem growth attracted a significant wave of phishing campaigns, wallet drainer toolkits, pyramid schemes, and rug pull activity, with over 1,200 fraud cases reported in H1 2024 alone. In May 2026, Pavel Durov announced Telegram would reassume control as the network's largest validator, reintroducing centralization risk to a network already under scrutiny for facilitating illicit marketplaces.

Compound Finance is an Ethereum-based decentralized lending protocol founded in 2017 by Robert Leshner and Geoffrey Hayes that allows users to lend and borrow cryptocurrencies algorithmically. The protocol has been subject to multiple significant security and governance incidents, including a 2021 smart contract bug that placed up to ~280,000 COMP tokens (approximately $80–90 million) at risk, a 2024 alleged governance takeover by a whale known as 'Humpy,' and a July 2024 front-end DNS hijacking attack tied to the Squarespace registrar migration. Despite these incidents, the core smart contract protocol has not been exploited; the recurring issues have primarily affected token distribution, governance integrity, and front-end infrastructure.

Cardano (ADA) holders face a persistent and multi-vector threat landscape that includes deepfake giveaway scams impersonating founder Charles Hoskinson, social media account hijackings used to promote fraudulent tokens, phishing campaigns distributing credential-stealing malware disguised as wallet software, and NFT-based wallet drainers. The Cardano Foundation's own X account was compromised in December 2024, resulting in the promotion of a fake token and false regulatory claims. State-sponsored actors including the North Korean Lazarus Group have also targeted ADA holders through the Atomic Wallet supply chain attack.