Avoid your next
big mistake

Blend Pools V2 is a modular, permissionless lending protocol built on the Stellar blockchain by Script3, launched as an upgrade to Blend V1 with additions including flash loans and a reduced backstop threshold. In February 2026, a community-managed pool built on top of the protocol (YieldBlox DAO Pool) suffered a $10.8 million oracle manipulation exploit; Script3 stated the core V2 contracts were not at fault, attributing the incident to pool-operator misconfiguration of the Reflector VWAP oracle.

BALD was a memecoin launched on Coinbase's Base Layer 2 network on July 29, 2023, allegedly named as a reference to Coinbase CEO Brian Armstrong's appearance. After attracting over $66 million in ETH to its liquidity pool through aggressive liquidity additions and a price surge of approximately 4,000,000% within 24 hours, the anonymous deployer removed approximately $25.6 million in liquidity on July 31, 2023, causing the token price to collapse by roughly 90%. On-chain investigators linked the deployer's wallet to addresses with documented interactions with Alameda Research, with Wintermute's head of research publicly identifying former Alameda co-CEO Sam Trabucco as the most likely suspect — though no conclusive proof of identity was ever established.

Blizz Finance was a decentralized lending protocol on Avalanche, forked from Aave v2, that launched in November 2021 and was rendered insolvent in May 2022 when the Terra LUNA collapse triggered a Chainlink oracle circuit breaker that froze the LUNA price at $0.10 while the token's actual market price fell to near zero. Attackers exploited the stale price feed to borrow approximately $8.3 million in protocol assets using nearly worthless LUNA as collateral, draining the protocol entirely. The team announced permanent shutdown shortly after, recovering and distributing only approximately $1.5 million to affected users.

AlphaPo is a cryptocurrency payment processor incorporated in Panama and operating primarily in the online gambling sector, serving clients such as HypeDrop, Bovada, and Ignition. On July 22, 2023, attackers drained approximately $60 million in ETH, BTC, and TRX from its hot wallets via a private key compromise, disrupting withdrawals across multiple dependent platforms. On-chain investigator ZachXBT and subsequently the FBI attributed the attack to the DPRK-affiliated Lazarus Group (also designated TraderTraitor and APT38), placing the incident within a broader 2023 North Korean cryptocurrency theft campaign that totaled over $200 million.

GMX V1 was a decentralized perpetual exchange on Arbitrum and Avalanche that operated from September 2021 until July 2025, when a reentrancy exploit drained approximately $42 million from its GLP liquidity pool. The protocol has since disabled all V1 trading and GLP minting; it is no longer an active product, with users directed to GMX V2, which was unaffected by the exploit.

Team Finance is a DeFi token-locking and vesting platform operated by TrustSwap Inc. that suffered a critical $14.5 million exploit on October 27, 2022, when an attacker abused a validation flaw in its Uniswap V2-to-V3 migration function. The attacker ultimately returned approximately $7 million, retaining roughly 10% as a self-declared bug bounty; Team Finance subsequently switched auditors to CertiK and reported full user reimbursement by June 2023.

Radiant Capital is a decentralized cross-chain lending protocol built on LayerZero that suffered two significant security incidents in 2024: a $4.5 million flash loan exploit in January 2024 and a far more devastating $50 million multisig compromise in October 2024. The October hack, attributed by Mandiant with high confidence to North Korean state-sponsored group UNC4736 (Citrine Sleet / AppleJeus), involved a months-long social engineering campaign, macOS malware deployment on developer devices, and manipulation of hardware wallet signing interfaces to drain funds across BNB Chain and Arbitrum.

Furucombo is an Ethereum-based DeFi composability protocol launched in March 2020 that enables users to batch complex multi-protocol transactions via a drag-and-drop interface. On February 27, 2021, the protocol suffered a critical 'evil contract' exploit in which an attacker spoofed a new Aave v2 implementation via Furucombo's proxy, draining approximately $14–15 million in ETH and ERC-20 tokens from 22 users who had granted standing token approvals to the platform. The team responded with a compensation plan issuing iouCOMBO tokens subject to a 360-day vesting schedule, but the incident exposed fundamental risks in delegatecall-based proxy architectures and broad token approval models.

Huobi, rebranded to HTX in September 2023, is a major centralized cryptocurrency exchange founded in 2013 that came under the de facto control of Tron founder Justin Sun in late 2022. The exchange has suffered three significant security incidents since September 2023, faces extensive regulatory non-compliance across multiple jurisdictions, and its proof-of-reserves methodology has been subject to credible allegations of double-counting and asset manipulation by investigative outlets.

Beanstalk is an Ethereum-based algorithmic stablecoin protocol that on April 17, 2022 suffered one of DeFi's largest governance exploits, losing approximately $182 million after an attacker used flash loans to acquire a supermajority vote and pass a malicious proposal draining the protocol's treasury. The protocol relaunched in August 2022 following a community fundraiser called the Barn Raise, but its BEAN stablecoin has never recovered its peg and total value locked remains a fraction of pre-exploit levels.

Heco Bridge was the official cross-chain bridge connecting the HECO Chain (HTX Eco Chain) to Ethereum, operated by HTX (formerly Huobi) and associated with Justin Sun. On November 22, 2023, the bridge operator's private key was compromised, resulting in the theft of approximately $86.6 million in crypto assets; combined with a simultaneous HTX hot wallet breach, total losses reached approximately $99 million. Blockchain analytics firm Elliptic attributed the attack to North Korea's Lazarus Group, which subsequently laundered over $100 million of the proceeds through Tornado Cash. The HECO Network was permanently shut down on January 15, 2025.

FixedFloat (ff.io) is a non-custodial, no-KYC cryptocurrency swap exchange launched in 2018 that suffered two confirmed security breaches in 2024 totaling approximately $28.9 million in stolen assets. Both attacks were attributed to the same threat actor exploiting vulnerabilities in FixedFloat's third-party hosting provider, Time4VPS, and stolen funds were routed through the eXch mixer — a service subsequently shut down by German authorities for laundering proceeds from major crypto thefts. The platform resumed operations after a two-month suspension but has faced ongoing scrutiny for its anonymity-first model, opaque team structure, and inadequate incident disclosure.

Bitget is a Seychelles-incorporated centralized cryptocurrency exchange founded in 2018, offering spot, futures, and copy trading to a claimed user base exceeding 150 million. While the exchange has never suffered a direct hack of user funds and publishes monthly proof-of-reserves attestations, it faces a pattern of serious regulatory actions across multiple jurisdictions — including blacklisting by France's AMF, warnings from Australia's ASIC and Japan's FSA, and a ban by the Philippines SEC — and has attracted allegations from blockchain investigator ZachXBT that it knowingly enabled supply-control market manipulation schemes targeting retail traders in 2026.

Elephant Money is a Binance Smart Chain DeFi protocol offering the ELEPHANT reward token and TRUNK stablecoin that suffered a $22.2 million flash loan price-manipulation exploit in April 2022, with stolen funds laundered through Tornado Cash. Independent analysts have additionally alleged that the protocol's yield mechanics constitute a structurally unsustainable Ponzi scheme dependent on continuous new capital inflows.

Pando Rings is an algorithmic lending and borrowing protocol built on the Mixin Network by Fox One, modeled on Compound Finance. On November 5, 2022, an attacker exploited a price oracle vulnerability tied to the sBTC-WBTC LP token on 4swap to drain approximately $21.9 million in ETH, BTC, and EOS from the protocol; an additional ~$50 million remained frozen in the attacker's wallets. The protocol subsequently suffered further losses in the September 2023 Mixin Network infrastructure breach, and as of late 2023 remained in a limited operational state with interest accrual and liquidations suspended.

DogWifTools is a Solana-based memecoin tooling platform that markets features explicitly designed to simulate artificial trading volume, conceal supply concentration across hundreds of wallets, and inflate engagement metrics on pump.fun — capabilities that security researchers and blockchain analysts characterize as enabling wash trading and coordinated pump-and-dump schemes. In January 2025, the platform suffered a supply-chain attack in which threat actors trojaned versions 1.6.3 through 1.6.6 with a Remote Access Trojan, draining an estimated $10 million from users' wallets; the attacker group framed the theft as vigilante justice against scammers. No known regulatory action has been taken against DogWifTools operators, who remain anonymous.

Resolv is a DeFi protocol issuing USR, a delta-neutral stablecoin backed by ETH with perpetual futures hedging, developed by Resolv Labs. On March 22, 2026, the protocol suffered a critical exploit in which an attacker compromised Resolv's AWS key management infrastructure to mint 80 million unbacked USR tokens, extracting approximately $23–25 million in ETH and triggering a severe stablecoin depeg. The protocol remains paused as of May 2026 while recovery and infrastructure remediation are underway.

Rhea Lend is the lending arm of Rhea Finance, a DeFi protocol on NEAR Protocol formed in early 2025 through the merger of Ref Finance and Burrow Finance. In April 2026, Rhea Lend suffered a major exploit in which an attacker drained approximately $18.4 million by exploiting a flaw in the protocol's slippage protection mechanism via a fake-token pool manipulation scheme. Partial recovery of approximately $9–13 million was achieved through voluntary returns and asset freezes, but the incident represents a critical security failure on an audited protocol.

Curio (CurioDAO) is a multi-chain real-world asset (RWA) DeFi protocol that suffered a critical smart contract exploit on March 23, 2024, resulting in approximately $16 million in losses after an attacker exploited a voting-power privilege escalation vulnerability to mint approximately 1 billion unauthorized CGT governance tokens. The protocol had no known third-party security audits prior to the exploit and relied on internal reviews. Curio announced a recovery plan including a new CGT 2.0 token and a phased compensation program, though independent verification of full compensation delivery remains limited.

Upbit is South Korea's largest cryptocurrency exchange by trading volume, operated by Dunamu and commanding approximately 70–80% of the domestic market. The exchange has suffered two significant security breaches — a $49M ETH theft in 2019 and a $36M Solana breach in November 2025, both attributed to North Korea's Lazarus Group — and has faced substantial regulatory sanctions including a $25M AML/KYC fine and a court-contested three-month partial business suspension. While Upbit has consistently reimbursed users from its own assets after security incidents and retains official VASP registration, its pattern of compliance failures, market dominance concerns, and repeated hacks present elevated risk.

Abracadabra.money is a multi-chain DeFi lending protocol that allows users to mint the MIM (Magic Internet Money) USD-pegged stablecoin using interest-bearing tokens as collateral. The protocol has been compromised three times since January 2024, losing a combined total of over $21 million, and its founding ecosystem was shaken in January 2022 when co-founder Daniele Sestagalli's associate — Wonderland's pseudonymous treasury manager known as 0xSifu — was publicly identified as Michael Patryn, a convicted felon and co-founder of the fraudulent exchange QuadrigaCX. The SPELL token has declined approximately 99.5% from its November 2021 all-time high, and the protocol's total value locked has collapsed from over $776 million to under $30 million.

Grinex is a Kyrgyzstan-registered cryptocurrency exchange widely assessed by blockchain intelligence firms and U.S. regulators as a direct successor to Garantex, a sanctioned Russian exchange seized in March 2025. Grinex was formally sanctioned by OFAC in August 2025 for facilitating billions in cryptocurrency transactions linked to ransomware groups, darknet markets, and Russian sanctions evasion. In April 2026, the exchange suspended operations following a reported $13.7 million hack it attributed to Western intelligence agencies — a claim for which no technical evidence was presented and which analysts have suggested may mask an internal exit scam.

Kelp (also known as Kelp DAO) is a liquid restaking protocol built on Ethereum and EigenLayer that issues rsETH, a liquid restaked token. In April 2026 the protocol suffered the largest DeFi exploit of 2026 to date when attackers, attributed to North Korea's Lazarus Group, drained approximately $292 million in rsETH through a compromised LayerZero cross-chain bridge configuration. The protocol and an industry coalition dubbed DeFi United are actively working to restore collateral and resume operations as of May 2026.

Step Finance was a Solana-based DeFi portfolio management and analytics platform founded by George Harrap that operated from 2021 until February 2026. On January 31, 2026, attackers compromised executive team devices and drained approximately $40 million in treasury assets, representing a catastrophic operational security failure. The platform was unable to secure financing or an acquisition to continue operating and formally shut down on February 23, 2026, along with affiliated projects SolanaFloor and Remora Markets.

Cashio was a Solana-based algorithmic stablecoin protocol that issued the CASH token, collateralized by Saber LP tokens. On March 23, 2022, an attacker exploited a critical missing validation flaw in the smart contract to mint approximately 2 billion CASH tokens backed by worthless fake collateral, draining roughly $52 million in real assets and permanently destroying the token's USD peg. The protocol was unaudited, never compensated victims in full, and its pseudonymous creator later admitted the code was rushed and insecure.

Cod3x (CDX) is a rebranded DeFi and AI-agent platform launched in February 2025, consolidating several prior protocols built by the Byte Masons development collective — including Reaper Farm, Granary Finance, and the OATH Foundation — under a unified 'DeFAI' vision. The team has operated continuously since 2021, is publicly identified under founder Justin Bebis, and previously managed billions in TVL across Fantom and Optimism. The project carries material historical risk: Reaper Farm suffered a $1.7 million access-control exploit in August 2022, and the Ironclad protocol — a remaining Byte Masons-adjacent lending market — was affected by the February 2025 Ionic Money exploit contagion. CDX launched at an all-time high of approximately $0.25 in February 2025 and had fallen over 80% to an all-time low near $0.017 by May 2025, as of the time of this investigation.

Pokemon itself is a legitimate intellectual property owned by The Pokemon Company International, Nintendo, and Game Freak. However, the brand has been extensively exploited in various scam operations including fraudulent NFT projects, trading card fraud schemes, counterfeit merchandise sales, and cryptocurrency investment scams that have collectively resulted in millions of dollars in losses.

Dogecoin (DOGE) is a cryptocurrency created in December 2013 by Billy Markus and Jackson Palmer as a deliberate parody of Bitcoin. It has grown to a top-10 cryptocurrency by market cap (~$17B). While the protocol itself has no documented exploits, Dogecoin carries risks from Elon Musk's outsized price influence (an $258B class action was filed and dismissed), significant whale concentration (149 wallets hold ~108.5B DOGE), and documented illicit use including PlusToken seizures and darknet market acceptance.

Mad Lads is a Solana-based NFT collection launched in April 2023 by Coral, the development company behind Backpack wallet. Created by former Alameda Research and FTX employees Armani Ferrante and Tristan Yver, the project gained significant attention for its innovative mint process that used honeypot tactics to deter bots and for being the first major xNFT collection.

Amazon Web Services is a leading cloud computing platform that controls 38% of the cloud infrastructure market. While generally reliable and secure, AWS has experienced multiple significant outages and faces ongoing privacy lawsuits, though no major regulatory sanctions have been identified in recent searches.

Tesla, Inc. is a publicly traded electric vehicle and clean energy company led by CEO Elon Musk. While the company has achieved significant market success and technological advances, it faces ongoing regulatory scrutiny regarding securities disclosures, workplace safety allegations, and autonomous driving claims.

Amazon is a major e-commerce and technology company that has faced significant regulatory challenges and consumer protection issues. While not itself a scam, Amazon's scale has made it a frequent target for impersonation scams and has led to multiple regulatory actions including a $2.5 billion FTC settlement for deceptive Prime subscription practices.

Ethereum (ETH) is the second-largest cryptocurrency by market capitalization (~$278 billion as of May 2026) and the leading smart-contract platform, hosting the majority of decentralized finance (DeFi) and NFT activity. The protocol has a documented history of governance controversy stemming from the 2016 DAO hack hard fork, ongoing centralization concerns around liquid staking and MEV infrastructure, and persistent smart-contract and phishing-based fraud targeting end users, though Ethereum itself has not been the subject of any regulatory enforcement action and its spot ETFs have received SEC approval.

Kaspa is a proof-of-work cryptocurrency launched in November 2021 that implements the GHOSTDAG blockDAG protocol, developed from academic research by Yonatan Sompolinsky at the Hebrew University of Jerusalem. The project claims a fair launch with no premine, no ICO, and no venture capital allocation to insiders, though pre-launch R&D was funded by Polychain Capital through the now-dissolved DAGLabs entity. Kaspa has a credible technical foundation and transparent governance, but faces centralization concerns from institutional ASIC miners and carries unresolved questions about the erasure of early transaction history following a genesis reset in November 2021.

Chainlink is a decentralized blockchain oracle network founded in 2017 by Sergey Nazarov and Steve Ellis, with Cornell University professor Ari Juels co-authoring the whitepaper. The protocol provides smart contracts with tamper-resistant access to off-chain data and computation, holding an estimated 69–70% share of the oracle market and enabling over $26 trillion in cumulative transaction value as of 2025. No regulatory actions have been filed against Chainlink or its parent entity, Chainlink Labs; the primary documented concerns center on token-supply centralization and a 2020 campaign by an anonymous entity publishing unverified fraud allegations that were subsequently discredited.

Canton Network (CC) is an enterprise-grade Layer-1 blockchain developed by Digital Asset Holdings, designed for tokenizing real-world assets with configurable privacy features and institutional-grade compliance. Ranked approximately #18 by market cap at roughly $5.9 billion as of May 2026, the network has attracted major institutional validators including DTCC, Goldman Sachs, Visa, and Euroclear, and its parent company Digital Asset is pursuing a reported $300 million fundraise at a $2 billion valuation led by a16z crypto. The network faces documented criticism from crypto-native observers over centralization trade-offs, data mutability departing from traditional blockchain immutability norms, and concentrated influence held by co-founder DRW Trading Group.

Uniswap is a decentralized exchange (DEX) protocol built on Ethereum, founded in November 2018 by Hayden Adams and operated commercially by Uniswap Labs. It is the largest DEX by trading volume globally, using an automated market maker (AMM) model. The protocol has faced significant regulatory scrutiny — including an SEC Wells notice in April 2024 (closed without action in February 2025), a CFTC settlement resulting in a $175,000 penalty in September 2024, and a multi-year scam-token class action dismissed with prejudice in March 2026 — while remaining operationally active and technologically mature through its v4 release.

BCAP is the world's first tokenized venture capital fund interest, issued in April 2017 as a Regulation D security token. It represents a non-voting economic interest in Blockchain Capital's Fund III. The firm manages $2B+ AUM with portfolio companies including Coinbase, Kraken, and Circle. Key risks include a $6.3M SIM-swap attack on co-founder Bart Stephens, Brock Pierce founding controversy, Epstein/Coinbase periphery connections, and effectively zero secondary market liquidity despite the token wrapper. No SEC enforcement actions exist.

Quant Network (QNT) is a UK-incorporated enterprise blockchain interoperability platform built on proprietary Overledger technology. Founded by Gilbert Verdian, the company has verified partnerships with major UK banks (Barclays, HSBC, Lloyds, NatWest) through the UK Regulated Liability Network, and completed Project Rosalind with the Bank of England and BIS. No SEC enforcement actions exist. Key concerns include closed-source code limiting auditability, centralized governance, a pay-to-play developer licensing model, and some partnership announcements with limited verifiable follow-through.

Bitcoin (BTC) is the world's first decentralized cryptocurrency, introduced in a 2008 whitepaper by the pseudonymous Satoshi Nakamoto and launched in January 2009. As of May 2026, it is the largest cryptocurrency by market capitalization (~$1.6T), classified as a digital commodity by U.S. regulators, and backed by institutional infrastructure including 11 SEC-approved spot ETFs. Bitcoin's established protocol and regulatory clarity distinguish it from most crypto assets, though it carries material risks including market volatility, mining centralization, illicit-use association, and exchange counterparty exposure.

Render Network (RENDER) is a decentralized GPU rendering network for AI and 3D graphics founded by Jules Urbach (OTOY CEO, 70+ patents). $30M raised in December 2021 from Multicoin Capital, Solana Foundation, and Alameda Research. Migrated from Ethereum to Solana in November 2023. No protocol-level exploits recorded. Key concerns include Alameda Research co-investment, OTOY's 5% perpetual fee and dual governance role, ~50% treasury/escrow token concentration, and 86% decline from ATH. OctaneX featured in Apple M4 keynote.

Stellar (XLM) is a payments-focused blockchain co-founded by Jed McCaleb in 2014, ranked #22 by market cap (~$5.4B). The Stellar Development Foundation (SDF) is a non-profit with active institutional adoption including Franklin Templeton's BENJI fund ($1.98B AUM) and MoneyGram integration. No regulatory enforcement actions exist. Key risks include McCaleb's prior associations (Mt. Gox, eDonkey), SDF centralization (~30B XLM retained), a 35-day undetected Soroban Protocol 23 bug in October 2025, and third-party wallet/phishing incidents.

XDC Network is an enterprise-grade, EVM-compatible Layer-1 blockchain co-founded in 2017 by Atul Khekade and Ritesh Kakkad through XinFin, focused on trade finance, payments, and RWA tokenization. The mainnet has been operational since 2019 with 801M+ transactions processed and 178K+ smart contracts deployed. XDC 2.0 upgrade (Q4 2024) introduced Byzantine fault tolerance security. ISO 20022-aligned for institutional interoperability. Co-founders operate a $125M XVC Tech investment fund. No major security incidents or regulatory actions found. Limited independent media coverage and relatively low public scrutiny for its market cap.

Zcash (ZEC) is a privacy-focused proof-of-work cryptocurrency launched on October 28, 2016, notable as one of the first large-scale deployments of zero-knowledge proofs (zk-SNARKs) outside academia. The project has a transparent organizational history, credentialed academic founders, and a resolved SEC investigation, but has faced significant controversies including a critical counterfeiting vulnerability disclosed in 2019, ongoing governance disputes that caused the entire Electric Coin Company development team to resign in January 2026, and regulatory pressure in multiple jurisdictions resulting in exchange delistings.

PaintSwap is a decentralized NFT marketplace and DeFi protocol originally launched on the Fantom Opera blockchain in May 2021, which migrated to the Sonic chain (formerly Fantom) in late 2024. The platform operates an open NFT marketplace, an AMM DEX, yield farming, and an on-chain idle MMORPG called Estfor Kingdom, all powered by its native BRUSH token. No confirmed rug pull, hack, or regulatory action has been identified; the primary documented incident is a domain hijacking by a third-party registrar in October 2025.

Arbitrum is an Ethereum Layer-2 optimistic rollup developed by Offchain Labs, co-founded in 2018 by Princeton academics Steven Goldfeder, Ed Felten (former U.S. Deputy Chief Technology Officer), and Harry Kalodner. It is the largest Layer-2 by total value locked and has achieved L2BEAT Stage 1 decentralization through its BoLD permissionless validation protocol launched in early 2025. The protocol has faced significant governance controversies since its March 2023 ARB token launch, including the AIP-1 pre-ratification scandal, a Gaming Catalyst Program funding dispute, vote-buying incidents, and a high-profile April 2026 Security Council emergency freeze of $71M in ETH linked to North Korean hackers that reignited centralization debates.

Avalanche (AVAX) is a Layer-1 proof-of-stake blockchain launched in September 2020 by Ava Labs, a company co-founded by Cornell University computer scientist Emin Gün Sirer alongside Maofan 'Ted' Yin and Kevin Sekniqi. The network is distinguished by its tri-chain architecture (X-Chain, P-Chain, C-Chain) and the Avalanche Consensus Protocol, which targets sub-second transaction finality. While the project has accumulated significant institutional backing, ETF filings, and a March 2026 CFTC/SEC commodity classification, it has also faced a significant 2022 whistleblower scandal alleging weaponization of litigation against competitors, multiple DeFi exploits on its ecosystem, and two disclosed critical infrastructure vulnerabilities.

Ondo Finance is a real-world asset (RWA) tokenization protocol founded in 2021 by former Goldman Sachs executives Nathan Allman and Justin Schmidt. The platform offers tokenized exposure to U.S. Treasury securities (OUSG, USDY) and, since September 2025, a broader set of tokenized equities via Ondo Global Markets. The protocol held over $1.8 billion in TVL as of late 2025 and received formal notice in November 2025 that a two-year SEC investigation had been closed without charges.

Sky (formerly MakerDAO) is a DeFi lending protocol founded by Rune Christensen that governs the DAI/USDS stablecoin system. Rebranded in August 2024 with USDS and SKY token migration. Key risks include the March 2020 Black Thursday oracle failure ($8.32M in losses, $28M class action dismissed), governance centralization (top 3 holders controlled 78%+ of votes per academic research), DAI depeg events, and USDS freeze function controversy. No SEC/CFTC enforcement actions exist. USDS supply grew ~86% to ~$9.86B through 2025.

Aptos is a Layer-1 proof-of-stake blockchain founded in 2021 by Mo Shaikh and Avery Ching, former employees of Meta's Diem (Libra) project, using the Move programming language originally developed for Diem. The project raised $350 million across two rounds in 2022 from investors including a16z, FTX Ventures, Jump Crypto, and Three Arrows Capital, launching its mainnet in October 2022 amid significant criticism over opaque tokenomics, low initial throughput, and heavy insider allocations. While Aptos has since grown its DeFi TVL above $1 billion, attracted institutional partnerships with BlackRock, Microsoft, and Brevan Howard, and received digital commodity classification from the SEC and CFTC in 2026, early controversies around token distribution, FTX investor exposure, a 5-hour network outage in October 2023, and the departure of co-founder CEO Mo Shaikh in December 2024 remain part of the project's documented record.

NEAR Protocol is a sharded, proof-of-stake layer-1 blockchain founded in 2017 by Illia Polosukhin (a co-author of the landmark 'Attention Is All You Need' transformer paper) and Alexander Skidanov, with mainnet launching in April 2020. The protocol has raised approximately $542 million from investors including a16z, Tiger Global, and Coinbase Ventures, and as of early 2026 holds a market capitalization near $2.1 billion. Key documented concerns include a 2025 governance controversy in which a protocol inflation cut was implemented despite a failed community vote, a 2022 undercollateralized stablecoin (USN) requiring a $40 million foundation backstop, connections to now-collapsed investors FTX Ventures and Three Arrows Capital, and a relatively low validator Nakamoto coefficient raising decentralization questions.

Flare (FLR) is a Layer-1 blockchain founded by Hugo Philion focused on cross-chain data oracles (FTSO) and interoperability, with deep roots in the XRP ecosystem. The FLR token airdrop to XRP holders was delayed two years (snapshot Dec 2020, distribution Jan 2023), crashing 83-87% on launch day. Critics noted the airdrop delivered only 15% upfront rather than the expected 1:1 ratio. Protos reported the network attracted just 80 new users per day despite its billion-dollar valuation. A Flare 2.0 upgrade targeting TEE-based confidential compute is planned for Q3 2026. Current metrics show ~860K active addresses, ~500K daily transactions, and ~$200M TVL.

Stable (STABLE) is a specialized Layer-1 'Stablechain' blockchain engineered to optimize stablecoin transactions by using USDT as its native gas token for predictable, low-cost settlements. The STABLE token is used for validator staking, governance, and ecosystem alignment. Market cap ~$914M. Limited independent coverage and relatively new project with low confidence in assessment due to sparse verifiable information.

Filecoin (FIL) is a decentralized storage network built by Protocol Labs, founded by Juan Benet. Raised a record $257M in a 2017 ICO via SAFT structure. SEC classified FIL as a security in Binance/Kraken lawsuits but later removed FIL from the Binance complaint (July 2024). Miner protests erupted at mainnet launch (October 2020) over economic model requiring heavy collateral. Mining historically concentrated in China. Binance delisted FIL/BNB pairs in October 2024.

DeXe (DEXE) is a DAO governance infrastructure protocol enabling permissionless DAO creation and management. TVL tripled from ~$500M to ~$1.7B between end of 2024 and early Q2 2026. Over 100 DAOs launched on the platform by end of 2024. However, only ~50,000 holders suggests high concentration risk with capital flows growing faster than user growth. DEXE token remains down ~63% from its March 2021 ATH of $33.54. No major security incidents or regulatory actions found. Limited independent media coverage relative to its TVL. Treasury growth has significantly outpaced token price appreciation.

Mantle is a modular Ethereum Layer 2 network launched in July 2023, emerging from a merger of the BitDAO DAO and the Mantle L2 project. The MNT token was converted 1:1 from BitDAO's BIT token following a May 2023 community vote. The protocol holds a treasury of over $6 billion in assets and ranked approximately #43 by market cap as of mid-2026, but carries notable centralization risks including a single sequencer, zero-delay contract upgrade capability, and deep strategic and financial dependence on Bybit, the centralized exchange that held approximately 60% of the initial BIT token supply and suffered a $1.5 billion North Korean hack in February 2025.

Bitcoin Cash (BCH) is a proof-of-work cryptocurrency that forked from Bitcoin on August 1, 2017, at block 478,559, increasing the block size limit from 1 MB to 8 MB to enable higher on-chain transaction throughput. It is classified as a commodity by U.S. regulators and ranked approximately #14 by market capitalization (~$8.8B as of May 2026). The project carries meaningful reputational risk tied to its primary promoter Roger Ver, who was indicted for $48 million in tax fraud in 2024 and reached a deferred prosecution settlement; additionally, the network experienced a contentious hash war in 2018 that split the chain, and Bitcoin.com operated a wallet app and website that allegedly misled users into purchasing BCH instead of Bitcoin.

Midnight (NIGHT) is a privacy-focused Cardano sidechain developed by Input Output (IO), the company behind Cardano, first unveiled in late 2023. Charles Hoskinson called it 'six years of intellectual and practical effort.' The 'Glacier Drop' airdrop distributed 100% of the 24B token supply to 37M users across 8 blockchains with zero VC allocation — 50%+ to ADA holders. NIGHT launched December 8, 2025 but immediately crashed 60%+ from $0.11 to $0.02 as the massive free distribution flooded exchanges. Over 4.5B airdropped tokens remain in 'thawing' through December 2026 (25% unlocks every 90 days), creating persistent selling pressure. Mainnet is not yet live, meaning token utility is largely theoretical.

VeChain (VET) is an enterprise-focused Layer-1 blockchain founded by Sunny Lu (former CIO of Louis Vuitton China). Launched in 2015 as a subsidiary of Bitse, rebranded and mainnet launched in 2018. The VeChain Foundation's buyback wallet was hacked in December 2019 due to employee negligence, losing 1.1 billion VET (~$6.5M). The Foundation held 27.3% of total token supply as of September 2019. VeChain's official X account was compromised in January 2024 for a scam giveaway. The blockchain has built-in fund freezing capabilities. Enterprise partnerships include Walmart China, BMW, and UFC. VeChain was among the first to proactively comply with MiCAR regulations.

Polygon (formerly MATIC) is a Layer-2/sidechain scaling solution for Ethereum that completed its MATIC-to-POL token migration in September 2024. The SEC named MATIC as an alleged unregistered security in the June 2023 Binance lawsuit. Two major vulnerabilities were caught by Immunefi bounty hunters ($850M and $24B at risk respectively). Three of four co-founders departed within 24 months. Three rounds of layoffs occurred between 2023-2026. zkEVM was deprecated in June 2025 citing $1M annual operating loss.

Algorand is a Layer-1 blockchain founded in 2017 by Silvio Micali, a Turing Award-winning MIT cryptographer who co-invented zero-knowledge proofs and verifiable random functions. The protocol uses a Pure Proof-of-Stake consensus mechanism with genuine academic credibility, and has attracted institutional partnerships including FIFA and Visa-adjacent integrations. However, ALGO has been named as an alleged unregistered security in SEC complaints against both Bittrex and Binance, the Algorand Foundation conducted a highly criticized 2019 token auction that resulted in a mass refund event, the token trades approximately 96% below its 2021 all-time high, and the Foundation cut 25% of its workforce in 2025 while relocating from Singapore to the United States.

Fantom is a layer-1 blockchain founded in 2018 by Dr. Ahn Byung-Ik and technically led by Andre Cronje, operating the Opera mainnet using a DAG-based Lachesis consensus mechanism. In 2024 the project rebranded to Sonic Labs and launched a new high-throughput chain (Sonic) with a native S token replacing FTM at a 1:1 ratio. The project has experienced significant controversies including a $122 million loss from the Multichain bridge hack in 2023, a founder-level plagiarism finding in South Korean courts, SEC scrutiny of key leadership, allegations of a stablecoin liquidation scheme, and a 70%+ token price collapse in 2025.

Railgun is a zero-knowledge (ZK) privacy protocol deployed on Ethereum and multiple EVM-compatible chains that allows users to interact with DeFi applications privately. The protocol gained significant notoriety in January 2023 when the FBI alleged that North Korea's Lazarus Group used it to launder over $60 million stolen from the Harmony Horizon Bridge, though Railgun disputed these claims. The project distinguishes itself from sanctioned mixer Tornado Cash through a compliance feature called Private Proofs of Innocence, has received public endorsements from Ethereum co-founder Vitalik Buterin, and has accumulated over $4 billion in total transaction volume as of 2025.

Polkadot (DOT) is a multi-chain protocol founded by Gavin Wood, ranked #41 by market cap (~$2.3B). The project faces significant headwinds: a $133M treasury overspending crisis (projected 2-year depletion), the 2017 Parity wallet freeze that locked ~$98M of ICO proceeds, an April 2026 Hyperbridge exploit minting $1B in fake bridged DOT (losses ~$2.5M), and steep ecosystem decline with active parachains dropping from 200+ to ~30. No SEC enforcement actions exist, and ETF applications are under review.

Tether is the issuer of USDT, the world's largest stablecoin by market capitalization. The company has faced ongoing regulatory scrutiny, transparency concerns, and legal challenges regarding its reserves and business practices, though it continues to operate as a major cryptocurrency infrastructure provider.

Bonk (BONK) is a Solana-based dog-themed meme coin launched Christmas Day 2022 by an anonymous team of 22 Solana community members as a post-FTX community revival initiative. 50% of total supply was airdropped to Solana NFT holders, developers, and artists. Developers burned all team tokens (5T BONK, 5% of supply) in January 2023. BONK surged 2,000%+ in its first week. NASDAQ-listed Safety Shot acquired 228B BONK ($55M) for its treasury in September 2025. No protocol-level exploits recorded. Key risks: anonymous team, meme coin volatility, no fundamental utility beyond community engagement.

Dash (DASH) is a privacy-focused cryptocurrency launched January 2014 by Evan Duffield as a Litecoin fork (originally XCoin, then Darkcoin). The 'instamine' controversy is central to Dash's history: ~1.9M DASH (~10% of max supply) were mined in the first 48 hours due to a low difficulty adjustment bug inherited from Litecoin. Duffield called it accidental but chose to continue rather than relaunch. Masternode concentration concerns persist. Privacy coin regulatory pressure is mounting: Gate.io removed DASH end of 2024, Bybit deleted DASH/USDT early 2025. EU AML Regulation (effective July 2027) bans privacy coins from regulated platforms. Dash's opt-in PrivateSend model provides some regulatory flexibility vs. mandatory privacy coins.

Circle Internet Group (NYSE: CRCL) is the issuer of USDC, the second-largest stablecoin by market capitalization at approximately $78 billion in circulation as of May 2026. Circle operates under a strict court-order-only freeze policy that drew intense scrutiny following the April 2026 Drift Protocol hack, in which $232 million in USDC was bridged via Circle's own Cross-Chain Transfer Protocol (CCTP) over six hours without intervention, despite Circle being alerted within an hour. The resulting McCollum v. Circle class action, Drift's subsequent switch to USDT, on-chain analyst ZachXBT's documentation of $420 million in alleged prior missed freezes, and an AMLBot report showing Tether freezes assets at roughly 30 times Circle's rate have placed Circle's compliance posture at the center of a significant policy debate.

Cosmos Hub (ATOM) is the flagship chain of the Cosmos ecosystem, built on Tendermint/CometBFT with IBC protocol. Founded by Jae Kwon and Ethan Buchman, the project has endured severe governance crises: ATOM 2.0 rejected (37.4% NoWithVeto), Jae Kwon's AtomOne fork, a no-confidence vote against ICF leadership, and North Korean-linked developers contributing to the Liquid Staking Module. ATOM was named a security in SEC lawsuits against Binance and Kraken (both dropped without adjudication). Three critical IBC vulnerabilities were disclosed but patched without exploitation. Ecosystem health is declining with key projects departing.

FIGR_HELOC is the ~$18B market-cap tokenized HELOC pool on Provenance Blockchain originated by Figure Lending LLC (NASDAQ: FIGR). It sits at #9 among all cryptos by market cap as of May 2026. The issuer faces two active federal class actions, a credible short-seller report from Morpheus Research alleging blockchain misrepresentation backed by Figure's own SEC filings, rising delinquency rates, Provenance blockchain centralization concerns, and a 2026 data breach affecting ~967,000 users.

Monero (XMR) is a legitimate, open-source, community-funded privacy cryptocurrency launched in 2014 with no premine and a clean protocol-level security track record. However, it carries significant third-party risk: Archetyp Market ($267M, Monero-exclusive) was dismantled by DOJ/Europol in June 2025; $330M+ in stolen BTC was laundered via XMR in 2025; Binance, Kraken EEA, OKX, and 60+ exchanges have delisted it; and the EU AMLR bans CASP handling of privacy coins by July 2027. Former lead maintainer Riccardo Spagni faces 378 fraud/forgery charges in South Africa (pre-dating Monero).

Pudgy Penguins (PENGU) is an NFT brand turned crypto token. Original founders (Cole Villemain et al.) were ousted in January 2022 after accusations of cash-grabbing and draining the treasury. Luca Netz purchased the project for 750 ETH in April 2022 and rebuilt it into a consumer brand. PENGU token launched December 2024 on Solana but dropped 86% from peak by April 2025. Abstract L2 network launch disappointed holders expecting airdrops. Canary Capital filed a PENGU ETF (SEC acknowledged July 2025). Partnerships with VanEck (NFC collectibles) and Visa (Pengu Card debit card) announced April 2026.

Houdini Swap (also known as HoudiniSwap) is a non-custodial, privacy-focused cross-chain swap aggregator founded in 2022 by Louis Goldberg and incorporated as HoudiniSwap LLC, with reported headquarters in the Caribbean (Saint Vincent or Saint Kitts and Nevis). The platform processes swaps across 100+ blockchains without taking custody of funds, routing transactions through intermediary partners to obscure on-chain trails, and reported approximately $13 million in revenue and $2.5 billion in cumulative volume as of 2025. As of May 2026, the company is pending acquisition by publicly-traded SOL Strategies Inc. for $18 million, subject to Canadian Securities Exchange approval.

Ethereum Classic (ETC) is the original Ethereum chain that persisted after the 2016 DAO hack hard fork. It has suffered three documented 51% attacks totaling over $7M in double-spend losses (2019 and 2020), has minimal DeFi ecosystem depth (~$150K TVL), and faces unresolved governance controversy over the Olympia treasury proposal. Post-Merge hashrate improvements have raised the cost of attack substantially. Grayscale's ETCG trust is SEC-filed with ~$283M NAV. No explicit SEC/CFTC classification exists for ETC.

Beldex (BDX) is a privacy-focused blockchain offering a suite of decentralized privacy tools including BChat (messaging), BelNet (VPN), and a privacy browser. Uses mandatory privacy by default, which increases regulatory friction compared to optional privacy coins. Facing exchange delistings: Gate.io removed BDX end of 2024, Bybit deleted DASH/USDT pair early 2025. EU Anti-Money Laundering Regulation (effective July 2027) bans privacy coins from regulated platforms. BSC bridge permanently closed June 2025. Low staking participation raises network security concerns. No transparent, auditable adoption data for its privacy tools.

WhiteBIT Coin (WBT) is the native token of WhiteBIT, a cryptocurrency exchange founded in 2018 and headquartered in Lithuania, claiming to be Europe's largest CEX by traffic. As of May 2026, WBT ranks approximately 11th by market capitalization at around $12.6 billion with a maximum supply of 400 million tokens. The exchange and its token face serious, ongoing allegations including disputed ownership linked to pro-Russian political figures, money laundering claims from multiple jurisdictions, and a Ukrainian law enforcement investigation into alleged drug cartel fund flows, all of which WhiteBIT formally denies.

Shiba Inu (SHIB) is an Ethereum-based ERC-20 meme token launched in August 2020 by an anonymous founder operating under the pseudonym 'Ryoshi.' It has grown into a broader ecosystem encompassing ShibaSwap (a decentralized exchange), Shibarium (an Ethereum Layer 2 network), and a multi-token system (SHIB, LEASH, BONE, TREAT). The project is ranked approximately #31 by market cap (~$3.8B as of May 2026) but carries material risks including both founders' anonymity, a history of infrastructure failures and a confirmed bridge hack, significant whale concentration, internal community fraud allegations against its current lead developer, and its fundamentally speculative meme-driven value proposition.

Binance is the world's largest cryptocurrency exchange by trading volume, founded in 2017 by Changpeng Zhao (CZ). In November 2023, Binance and CZ pleaded guilty to U.S. federal charges and agreed to pay $4.3 billion in combined penalties for Bank Secrecy Act violations, unlicensed money transmission, and sanctions evasion — the largest financial penalty ever imposed on a cryptocurrency company. CZ resigned as CEO, served a four-month prison sentence in 2024, and was controversially pardoned by President Trump in October 2025. Under CEO Richard Teng, Binance has pursued an aggressive global licensing strategy while remaining subject to ongoing compliance monitoring and new civil litigation tied to terrorist financing allegations.

UNUS SED LEO (LEO) is the utility token of the iFinex ecosystem (Bitfinex exchange, Tether). Created in May 2019 as a $1B token sale to recapitalize after an $850M loss when payment processor Crypto Capital Corp had funds seized by multiple governments. The NYAG alleged iFinex covered the $850M shortfall using Tether reserves. Bitfinex and Tether settled with the NYAG in February 2021 for $18.5M, admitting no wrongdoing. The LEO smart contract was alleged by Cointelligence to contain deliberate flaws enabling fraud. iFinex commits 27% of monthly revenue to LEO buybacks/burns. Following the 2016 Bitfinex hack recovery (94,643 BTC), 80% of recovered funds must be used for LEO buybacks per the whitepaper. LEO surged past $10, entering top 10 by market cap (~$9.3B).

Wormhole is a cross-chain messaging and token bridge protocol enabling interoperability across more than 30 blockchain networks, originally developed by Certus One and later backed by Jump Crypto. On February 2, 2022, Wormhole suffered a $326 million exploit — the largest hack in Solana ecosystem history at the time — when an attacker exploited a deprecated Solana function to forge guardian signatures and mint 120,000 wETH without locking any collateral. Jump Crypto immediately replenished the stolen funds to keep users whole, and the project subsequently raised $225 million at a $2.5 billion valuation, separated from Jump Trading as an independent entity, and launched the W governance token in April 2024; as of 2026, the stolen funds remain substantially unrecovered despite a partial $140 million counter-exploit via English court order.

Worldcoin/World (WLD) is Sam Altman's biometric identity and cryptocurrency project using iris-scanning Orb devices. Founded in 2019 by Altman, Alex Blania, and Max Novendstern via Tools for Humanity. Regulatory enforcement or investigation in 10+ jurisdictions: Kenya High Court ruled operations illegal, Spain and Portugal banned operations, Germany issued binding GDPR order. MIT Technology Review documented deceptive recruitment practices. Token distribution has 23.3% insider allocation with major unlock expected July 2026. Rebranded to World in October 2024.

JUST (JST) is a DeFi protocol on the TRON blockchain encompassing JustLend (lending), JustStable (USDJ stablecoin), and governance. Heavily tied to Justin Sun, who faces SEC fraud charges (Rainberry/TRON settled for $10M in March 2026), congressional scrutiny over Trump conflicts of interest, and a lawsuit against World Liberty Financial over $700M in frozen tokens. Sun called JST a 'next 100x token.' A $1.25M rug pull incident affected the JUST ecosystem in October 2022.

Venice Token (VVV) is the governance token for Venice AI, a privacy-focused AI platform founded by Erik Voorhees (ShapeShift founder). Launched January 2025 on Base (Ethereum L2). Insiders dumped $10.2M worth of VVV immediately post-launch from 16 wallets funded by a team multi-sig holding 23% of supply, crashing the price 63% from $19.38 to $2.44 within days. Aerodrome Finance suspended two contributors for insider trading during the launch. Tokenomics backlash grew over the dual-token model (VVV + DIEM). Governance is fully centralized with no token-holder voting. Privacy model is not trustless — Venice runs its own GPUs.

TD Bank is a major North American financial institution formed in 1955 from the merger of two Canadian banks. In October 2024, the bank faced historic penalties totaling over $3 billion after pleading guilty to money laundering conspiracy charges, resulting in severe business restrictions and regulatory oversight.

TRON (TRX) is a blockchain platform founded by Justin Sun, ranked #8 by market cap (~$33B). The SEC filed securities fraud, market manipulation, and illegal celebrity promotion charges in March 2023, settled in March 2026 for $10 million. TRON hosted over $26 billion of $45 billion in global illicit crypto volumes in 2024 (58%). Sun's $75M investment in Trump's WLFI raised conflict-of-interest concerns, with the SEC case halted shortly after Trump's inauguration. Sun-affiliated exchanges Poloniex and HTX suffered $215M+ in combined hacks in November 2023.

Internet Computer (ICP) is a layer-1 blockchain protocol developed by the DFINITY Foundation, designed to host decentralized applications and web services natively on a distributed compute network. The protocol launched publicly in May 2021 and attracted significant controversy after its token lost approximately 95% of its value within weeks of listing, coinciding with on-chain evidence of large-scale token transfers from addresses linked to project insiders and the foundation treasury. Multiple class-action lawsuits alleging unregistered securities sales and market manipulation were subsequently dismissed on procedural grounds rather than their merits. The protocol remains operational with ongoing development activity, a 2026 tokenomics reform (Mission 70), and a ~$1.7 billion market capitalization as of May 2026.

OKB is the native utility token of OKX, one of the world's largest centralized cryptocurrency exchanges, founded in 2017 by Star Xu (Mingxing Xu). In February 2025, OKX's Seychelles-based affiliate Aux Cayes FinTech Co. Ltd. pleaded guilty to operating an unlicensed money transmitting business in the United States and agreed to pay over $504 million in penalties and forfeitures, following DOJ findings that the platform processed more than $1 trillion in U.S. customer transactions and facilitated over $5 billion in suspicious transactions. Despite its post-settlement compliance commitments, OKX has faced concurrent regulatory actions in Malta and the EU, alleged exploitation of its DEX aggregator by North Korea's Lazarus Group to launder Bybit hack proceeds, and an ICIJ investigation finding continued flows from sanctioned entities after the guilty plea.

Polymarket is a cryptocurrency-based prediction market platform that allows users to bet on real-world events. Despite being the world's largest prediction market with accurate election forecasting, the platform faces significant concerns including regulatory violations, market manipulation allegations, and insider trading issues.

Altria Group, one of the largest tobacco companies in the U.S., faces significant legal and regulatory challenges primarily related to its $12.8 billion investment in Juul Labs and alleged conspiracy to target youth with vaping products. The company has been subject to multiple securities fraud class actions, antitrust litigation, and regulatory violations totaling over $1.2 billion in penalties since 2000.

"Zombies" in cryptocurrency refers to a broad classification of dormant or abandoned blockchain projects rather than a specific single entity. The term encompasses thousands of tokens that maintain blockchain presence and trading activity despite ceased development, minimal utility, or failed missions.

Carrot Protocol (also known as DeFi Carrot) was a Solana-based DeFi yield hub offering leveraged yield farming, managed leverage tokens, and a yield-bearing stablecoin receipt token (CRT). On April 30, 2026, the protocol announced a permanent shutdown after its total value locked collapsed 93% — from approximately $28 million to under $2 million — as a downstream casualty of the $285 million Drift Protocol exploit on April 1, 2026. Carrot was not directly hacked; its failure resulted from deep liquidity dependencies on Drift's infrastructure, making it the first confirmed DeFi protocol to shut down as a result of the Drift exploit contagion.

Aster (ticker: ASTER) is a multi-chain decentralized perpetuals exchange that emerged from the merger of Astherus, a yield protocol, and APX Finance, a decentralized perpetuals platform, completed in late 2024 and rebranded in March 2025. The project is notable for its association with YZi Labs (the family office of former Binance CEO Changpeng Zhao) and for offering extreme leverage up to 1001x. Aster is unrelated to Astar Network (ASTR), a Polkadot parachain — the similar names have caused public confusion. As of May 2026, ASTER trades near $0.67 with a circulating market cap of approximately $1.7 billion, ranked approximately #54 by market cap. Aster was delisted and then relisted by DeFiLlama in October 2025 following suspected wash trading of its reported $100 billion in perpetuals volume, a controversy that remained unresolved as of the relisting.

MemeCore (M) is a self-described Layer 1 blockchain and meme-economy platform launched in 2024, with its native token listing on multiple major centralized exchanges in July 2025 at a market capitalization that reached approximately $4.2-6 billion by early 2026. On-chain investigator ZachXBT publicly challenged the project in April 2026, alleging that insiders hold over 90% of the token supply against a reported circulating float, and flagged $7.9 million in suspicious post-listing outflows from Kraken to 18 newly created wallet addresses. MemeCore has not provided a verifiable on-chain rebuttal to these allegations as of May 2026, and CertiK's audit data independently confirms that approximately 87.4% of the top two holders' combined ratio represents significant supply concentration.

PEPE is an anonymous-team ERC-20 meme coin launched in April 2023 on Ethereum, inspired by the Pepe the Frog internet character. It reached a market cap of $1.6 billion within three weeks of launch and hit an all-time high of $11 billion in December 2024. The project has been marked by a significant insider theft of approximately $15.7 million in August 2023, an SEC Wells Notice issued to a named developer, alleged insider trading by former team members, and unresolved intellectual property exposure stemming from the use of Matt Furie's copyrighted character.

BUILDon (B) is a BNB Chain meme coin launched April 2025 via the Four.meme launchpad, positioned as the 'AI mascot' of BNB Chain and primary trading pair for USD1 (Trump-backed WLFI stablecoin). World Liberty Financial's $25K purchase of B tokens caused a 1,340% price surge. Allegations of a coordinated pump-and-dump scheme linking Trump family, CZ/Binance, and USD1. On-chain analysis shows ~20% of supply concentrated in related wallets with patterns of coordinated trading. No transparent team. Product delivery uncertain. Narrative entirely dependent on political connections and WLFI endorsement.

<cite index="11-3,27-15">Axiom Exchange is a crypto trading platform founded in 2024 by Henry Zhang (Mist) and Preston Ellis (Cal), backed by Y Combinator</cite>. <cite index="11-1,21-3">In February 2026, blockchain investigator ZachXBT alleged that senior employees misused internal access controls to conduct insider trading using sensitive user wallet data</cite>. <cite index="11-5,27-17">Despite generating over $390 million in revenue to date, the platform now faces serious allegations of internal data abuse and trading misconduct</cite>.

Pi Network is a mobile-first Layer 1 cryptocurrency project launched in March 2019 by Stanford-affiliated academics Dr. Nicolas Kokkalis and Dr. Chengdiao Fan. It attracted a reported 60–100 million users by enabling smartphone-based 'mining' through an app, but spent nearly six years in a restricted testnet before launching its Open Network on February 20, 2025. The project carries significant risk flags: a $10 million federal lawsuit filed in October 2025 alleging unauthorized token transfers and secret insider sales, a 2021 alleged KYC data breach affecting ~10,000 Vietnamese users, documented pyramid-scheme warnings from Chinese, Malaysian, and Vietnamese regulators, public labeling as a scam by the Bybit CEO, allegations of undisclosed insider token dumps, and structural centralization contradicting its decentralized blockchain claims.

"Waygu" is a misspelling commonly used to search for one or more crypto entities operating under the name "Wagyu." The namespace encompasses at least five distinct, unrelated blockchain projects: WAYGU CASH (a Solana memecoin down ~93% from its all-time high with an anonymous team and coordinated promotional patterns); WagyuSwap (a near-defunct DEX on the Velas network down ~99.98% from its all-time high); Wagyu Protocol (an anonymous Ethereum/Base token-launch bot with no disclosed audit); wagyu.xyz (a Monero-to-Hyperliquid private bridge with centralization complaints and alleged fund losses); and Wagyu Finance (an abandoned BSC yield-farm token). Active phishing domains impersonating wagyu-branded services were confirmed by security researchers in early 2026. No regulatory actions were identified against any entity. The overall risk profile across the cluster is high due to pervasive team anonymity, absent audits, and active brand impersonation.

World Liberty Financial (WLFI) is a Trump family-backed decentralized finance protocol founded in September 2024, operating as a fork of Aave V3 on Ethereum. The Trump family entity holds 60% of the company and receives 75% of net token-sale proceeds, having realized approximately $1 billion in profits by December 2025 while holding $3 billion in unsold tokens. The project faces active congressional probes, a pending federal lawsuit from early investor Justin Sun alleging fraudulent token freezes, constitutional emoluments-clause concerns over a secret $500 million UAE royal-family stake, and allegations that WLFI tokens may constitute unregistered securities.

MEV bot scams represent a sophisticated category of cryptocurrency fraud that exploits legitimate blockchain concepts to steal millions from users. While legitimate MEV (Maximum Extractable Value) bots are automated trading programs that extract value through transaction ordering on blockchains, scammers create fake MEV bot tutorials and investment schemes that promise guaranteed returns but actually drain victims' wallets.

Wallet drainers are malicious phishing tools specifically designed for the Web3 ecosystem that trick users into authorizing fraudulent transactions that empty their cryptocurrency wallets. These sophisticated scam-as-a-service operations have stolen over $500 million in 2024 alone from hundreds of thousands of victims through fake websites masquerading as legitimate crypto projects.

Alameda Research was a cryptocurrency trading firm co-founded by Sam Bankman-Fried in 2017 that became central to one of the largest financial frauds in US history. The firm secretly used billions in [[ftx|FTX]] customer funds for trading and investments, leading to both companies filing for bankruptcy in November 2022.

The feeling that everyone else is making money, having fun, or finding meaning — and you're being left behind. In crypto, it's the most expensive emotion you'll ever feel.

Celsius Network was a crypto lending and yield platform founded in 2017 by Alex Mashinsky that promised depositors interest rates as high as 18.6% APY under the slogan 'Unbank Yourself.' On June 12, 2022, Celsius froze all withdrawals without warning, trapping approximately $4.7 billion in customer funds; it filed for Chapter 11 bankruptcy on July 13, 2022, revealing a $1.2 billion hole in its balance sheet. Mashinsky was arrested on federal fraud charges in July 2023, pleaded guilty to commodities fraud and token price manipulation in December 2024, and was sentenced to 12 years in federal prison on May 8, 2025.

A fraudulent mobile application impersonating Hyperliquid, the decentralized perpetuals exchange, was identified on the Google Play Store in November 2025 by on-chain investigator ZachXBT. The app, published under the developer name 'Tvtion Inc.', replicated Hyperliquid's branding and interface to harvest users' seed phrases, transmitting them to an external server. An Ethereum address linked to the operation has been associated with thefts exceeding $281,000; Hyperliquid has never released an official mobile application, making any such listing inherently fraudulent.

The Blockchain Bandit is an unidentified threat actor or group that systematically exploited Ethereum wallets holding cryptographically weak private keys between approximately 2015 and 2018, accumulating more than 45,000 ETH (worth over $54 million at peak 2018 valuations) through a technique researchers later termed 'Ethercombing.' The actor compromised 732 private keys across 49,060 transactions, draining wallets in near-real-time using automated blockchain monitoring. Dormant since 2018, the actor re-emerged in January 2023 and again in December 2024, consolidating approximately 51,000 ETH (valued at roughly $172 million) into a single multisig wallet, as tracked by on-chain investigator ZachXBT.

Inferno Drainer is a scam-as-a-service (drainer-as-a-service) platform that provided phishing infrastructure and malicious wallet-draining scripts to criminal affiliates in exchange for a percentage of stolen funds. Active from November 2022 through at least early 2025, it is attributed to stealing over $80 million from approximately 137,000 victims during its initial operational phase, with operators claiming a cumulative total exceeding $250 million across all periods including a covert post-shutdown phase. It operates by luring victims to phishing websites impersonating legitimate crypto brands, tricking users into signing malicious transactions that drain wallets across multiple EVM-compatible blockchains.

The Democratic People's Republic of Korea (DPRK), operating primarily through state-sponsored hacking units designated as the Lazarus Group, TraderTraitor, and APT38, has stolen an estimated $6.75 billion in cryptocurrency since 2016 across dozens of major exploits. These operations are attributed by the FBI, OFAC, CISA, and allied governments to North Korea's Reconnaissance General Bureau and are conducted to fund the regime's weapons of mass destruction and ballistic missile programs in circumvention of international sanctions. DPRK-linked hackers are responsible for the largest single crypto theft in history — the $1.5 billion Bybit hack in February 2025 — and continue to operate at unprecedented scale and sophistication.

Malone Lam Yu Xuan (born July 19, 2004), a Singaporean national residing in Miami and Los Angeles, is the alleged ringleader of a crypto theft and money laundering enterprise responsible for stealing over $263 million across multiple victims between 2023 and 2025. He was arrested by the FBI on September 18, 2024, and faces RICO conspiracy charges in what prosecutors describe as the first Bitcoin-related RICO prosecution in U.S. history. As of early 2026, he remains in pretrial detention while negotiating a plea deal.

BlackSuit is a ransomware-as-a-service (RaaS) operation that emerged in May 2023 as a rebranding of the Royal ransomware gang, itself a successor to the Conti cybercrime syndicate believed to be operated by Russian-speaking threat actors. The group employed double-extortion tactics across critical infrastructure sectors including healthcare, automotive, education, and government, compromising over 450 U.S. victims and demanding more than $500 million in ransom, primarily in Bitcoin, before international law enforcement dismantled its infrastructure in July 2025 under Operation Checkmate.

An unidentified threat actor or group breached LastPass in August–November 2022, exfiltrating encrypted customer password vaults containing cryptocurrency seed phrases and private keys stored by an estimated 25–30 million users. Beginning in late 2022 and continuing at least through late 2025, the actors allegedly cracked weak master passwords offline and drained cryptocurrency wallets in coordinated waves, with documented losses exceeding $250 million across hundreds of victims and a single high-profile $150 million XRP theft attributed to Ripple co-founder Chris Larsen. TRM Labs on-chain analysis and law enforcement investigations link the laundering activity to Russian cybercriminal infrastructure, including OFAC-sanctioned exchange Cryptex.

Chris Larsen is the co-founder and Executive Chairman of Ripple, one of the most prominent figures in the XRP ecosystem. On January 30, 2024, attackers drained an estimated 213–283 million XRP (valued at $112.5–$150 million) from his personal cryptocurrency accounts — not Ripple corporate wallets — in what became the largest individual crypto theft of 2024. A U.S. government forfeiture complaint filed in March 2025 linked the breach to the 2022 LastPass password manager hack, alleging that private keys had been stored in an online vault subsequently compromised by attackers.

Fake Ledger Live apps are malicious wallet impersonation applications distributed through official app stores — including the Microsoft Store and Apple App Store — that harvest cryptocurrency seed phrases to drain victims' wallets. Two major documented incidents have resulted in confirmed losses of at least $10.3 million: approximately $768,000 via the Microsoft Store in November 2023, and approximately $9.5 million via the Apple App Store in April 2026. Parallel macOS malware campaigns distributing trojanized DMG installers have been active since at least August 2024, with four concurrent active campaigns identified by security researchers.

Compound Finance is an Ethereum-based decentralized lending protocol founded in 2017 by Robert Leshner and Geoffrey Hayes that allows users to lend and borrow cryptocurrencies algorithmically. The protocol has been subject to multiple significant security and governance incidents, including a 2021 smart contract bug that placed up to ~280,000 COMP tokens (approximately $80–90 million) at risk, a 2024 alleged governance takeover by a whale known as 'Humpy,' and a July 2024 front-end DNS hijacking attack tied to the Squarespace registrar migration. Despite these incidents, the core smart contract protocol has not been exploited; the recurring issues have primarily affected token distribution, governance integrity, and front-end infrastructure.

Velodrome Finance is an automated market maker (AMM) and decentralized exchange (DEX) launched on June 2, 2022, on the Optimism Layer 2 network. It is a fork and improvement of Andre Cronje's Solidly Exchange, implementing a ve(3,3) governance and liquidity incentive model. The protocol has experienced three documented security incidents: an insider theft of $350,000 by a team member in August 2022, a DNS/frontend social-engineering attack in November–December 2023 resulting in approximately $250,000 in user losses, and a second DNS hijacking in November 2025 attributed to a NameSilo registrar insider, resulting in estimated losses of $700,000–$1,000,000. Smart contracts have not been directly exploited; all monetary losses have stemmed from front-end and operational security failures.

Ledger SAS is a Paris-based hardware cryptocurrency wallet manufacturer founded in 2014, producing the Nano S and Nano X devices used by millions worldwide. Despite its status as a legitimate and established company, Ledger has been involved in two major security incidents: a 2020 customer database breach exposing over 1 million email addresses and 272,000 physical addresses, and a December 2023 supply chain attack on its @ledgerhq/connect-kit npm package that drained approximately $600,000–$850,000 from users of multiple DeFi protocols via the Angel Drainer malware-as-a-service. A third-party data breach via payment processor Global-e was disclosed in January 2026.

Pink Drainer was a Drainer-as-a-Service (DaaS) phishing toolkit that operated from approximately July 2023 to May 2024, facilitating the theft of over $85.3 million in cryptocurrency from more than 21,000 victims across Ethereum and other networks. The operators ran the service by licensing a sophisticated wallet-draining script to affiliate phishers for a 20-30% cut of stolen proceeds, then announced a voluntary shutdown on May 17, 2024, citing their goal as 'accomplished.'

WazirX is an Indian cryptocurrency exchange co-founded in 2018 by Nischal Shetty, Sameer Mhatre, and Siddharth Menon that suffered the largest crypto hack in Indian history on July 18, 2024, when approximately $234.9 million in user assets were stolen from a Gnosis Safe multisig wallet via a sophisticated supply-chain-style attack attributed by Elliptic, ZachXBT, and a joint US-Japan-South Korea government statement to North Korea's Lazarus Group. The hack triggered suspension of all withdrawals, a Singapore court-supervised restructuring process in which users are expected to recover approximately 55% of their assets, and ongoing regulatory and law enforcement scrutiny in India.

Glori Finance was an alleged DeFi lending protocol deployed on the Arbitrum network in early 2024, operating as a Compound V2 fork with approximately $1.4 million in total value locked (TVL) at the time of its exposure. On April 14, 2024, blockchain investigator ZachXBT identified that the top GLORI token holders had seeded liquidity using funds stolen from prior scams — specifically the Crolend, Hash DAO, and HellHoundFi frauds — linking Glori Finance to a serial scam ring responsible for over $20 million in cumulative losses. Following ZachXBT's public disclosure, the Glori Finance X account was deactivated and the protocol's website went offline, consistent with an exit scam.

Magnate Finance was a DeFi lending and borrowing protocol deployed on Coinbase's Base Layer 2 network that executed an exit scam on August 25, 2023, stealing approximately $6.4–6.5 million in user funds by manipulating its price oracle. On-chain investigator ZachXBT issued a public warning hours before the rug pull, having traced the deployer address to at least two prior exit scams: Solfire ($4.8M, January 2022) and Kokomo Finance ($5.5M, March 2023), establishing this as the work of a repeat-offender scam ring responsible for over $16.7 million in total losses.

eXch (exch.cx) was a no-KYC instant cryptocurrency swap service operating from 2014 until its forced shutdown in May 2025. Registered in Belize under the name Private Project Facilitators LTD, the platform processed an estimated $1.9 billion in total volume, deliberately advertising its absence of anti-money laundering controls on criminal underground forums. German federal law enforcement seized approximately $38 million in cryptocurrency assets and 8 terabytes of data from the platform in April 2025, following evidence linking eXch to laundering roughly $200 million of funds stolen in the $1.46 billion Bybit hack carried out by North Korea's Lazarus Group.

Vkevin is a pseudonymous threat actor known for operating fake Safeguard Telegram bot phishing campaigns that have allegedly drained seven figures from victims' cryptocurrency wallets. On January 23, 2025, blockchain investigator ZachXBT published a 31-minute video exposing Vkevin in the act of running these scams from what was described as a New York school, and confirmed the individual had been doxxed. Vkevin is additionally alleged to have conducted a 2022 Discord attack against DigikongNFT using a spoofed MEE6 bot, resulting in over $300,000 in NFT losses.

Aqua (also known as AquaBot) was a Solana-based Telegram trading bot that conducted a presale in September 2025, raising approximately 21,770 SOL ($4.65 million) from retail investors before executing an apparent exit scam. On-chain investigator ZachXBT flagged the project after presale funds were split into four tranches, routed through intermediary wallets, and sent to instant exchanges hours before the scheduled token generation event. The project had secured endorsements from multiple established Solana ecosystem participants — including Meteora, Helius, Dialect, SYMMIO — and had received a near-perfect audit score from QuillAudits just days before the alleged rug pull.

Veer Chetal, known online as 'Wiz,' is a 19-year-old from Danbury, Connecticut who pleaded guilty in November 2024 to conspiracy to commit wire fraud and conspiracy to launder monetary instruments in connection with a $243–245 million Bitcoin theft targeting a single Genesis creditor via social engineering. He was identified and exposed by blockchain investigator ZachXBT, who traced stolen funds on-chain and publicly named the perpetrators before law enforcement arrests were made. Chetal was re-arrested in early 2025 after committing additional crypto thefts while released on bond and faces a federal sentencing guideline range of 19–24 years imprisonment.

On November 3, 2024, unidentified scammers compromised the X (Twitter) account of rapper Wiz Khalifa (35.7 million followers) and used it to promote two fraudulent Solana meme coins — $WIZ and $WIZZLE — launched on pump.fun. The $WIZ token reached a peak market cap of approximately $2.5 million within 15 minutes before collapsing over 95% in under one hour, with at least two insider wallets extracting a combined $160,000 in profit. Blockchain investigator ZachXBT linked the incident to a broader campaign of celebrity account takeovers that allegedly stole over $3.5 million in total, and subsequently accused a former professional Fortnite player known as 'Serpent' of involvement in the coordinated scheme.

NFTMachine is the online alias of Tyler Gaye, a Denver, Colorado resident who allegedly orchestrated a presale fraud in early 2021 by raising approximately $500,000 (reportedly 277 ETH from 130+ investors) for a promised NFT marketplace called opeNFT (also stylized ONFT), which was never launched. A Denver District Court judge entered a default judgment of $275,000 against Gaye in November 2022, classifying the conduct as civil theft. On-chain investigator ZachXBT has subsequently alleged Gaye continued launching new crypto projects — including Arcade DAO and Gamegear — under the alias 'scaredofboobs' without satisfying the court-ordered judgment.

Bitforex was a cryptocurrency exchange founded in 2017, registered in Seychelles and operating under a Hong Kong address, which collapsed in February 2024 after approximately $56.5 million was drained from its hot wallets across Ethereum, Tron, and Bitcoin in a controlled fund extraction widely characterized as an exit scam. The exchange had a documented history of wash trading allegations dating to 2018, a prior unexplained withdrawal freeze in 2022, regulatory warnings from Japan's FSA and Hong Kong's SFC, and operated without a license in the jurisdictions it claimed as home. Following the collapse, team members were allegedly detained by Jiangsu Province police in China, and the exchange briefly reopened for KYC-verified withdrawals in July 2024 before announcing permanent closure.

TradeOgre was an unregistered, no-KYC cryptocurrency exchange founded around 2018 and known for listing privacy coins including Monero (XMR) and Pirate Chain. On September 18, 2025, the RCMP executed Canada's largest-ever cryptocurrency seizure, dismantling the platform and seizing over CAD $56 million (approximately USD $40 million) in digital assets. Investigators determined that the majority of funds transacted on the platform came from criminal sources, including ransomware proceeds, darknet market activity, hacking exploits, and fraud schemes.

Friend.tech was a SocialFi application launched on Coinbase's Base L2 in August 2023 that allowed users to buy and sell tokenized 'keys' (shares) of social media influencers. The platform suffered a wave of SIM-swap attacks draining at least 343 ETH from users, exposed wallet addresses of 101,000 users via an API data breach, launched its FRIEND token in May 2024 which collapsed 98% within months, and was ultimately abandoned by its pseudonymous founders in September 2024 after they extracted approximately $44 million in protocol fees.

JELLY (JellyJelly / JELLYJELLY) is a Solana memecoin launched in January 2025 by Venmo co-founder Iqram Magdon-Ismail that became the center of a major market manipulation incident on Hyperliquid on March 26, 2025. A coordinated trader used a self-liquidation strategy — opening large opposing long and short positions — to force Hyperliquid's HLP liquidity vault to absorb a toxic short, causing up to $13.5 million in unrealized losses before validators emergency-delisted the token and force-settled all positions at a fixed price. The incident triggered widespread criticism of Hyperliquid's decentralization claims and raised systemic questions about perpetuals DEX risk management.

Avalanche C-Chain address 0x327a81d0d128db8886d265be73c9fdda97194f30 was flagged by on-chain investigator ZachXBT in June 2024 as the primary launderer for the BTCTurk exchange hack, having transferred approximately 1.96 million AVAX (valued at ~$54.2 million) to Coinbase, Binance, Gate.io, and THORChain. ZachXBT's timing analysis linked subsequent BTC withdrawals of approximately $45.96 million to the same threat actor, who was also allegedly responsible for a concurrent $2.9 million theft from Sportsbet. The address currently holds negligible funds, consistent with successful laundering of proceeds.

The 'WallStreetBets' brand has been exploited in at least two distinct crypto fraud incidents: a 2021 Telegram pre-mine scam using a fake 'WallStreetBets – Crypto Pumps' channel that stole over $2.1 million in BNB and ETH, and a 2023 Ethereum meme token (WSB Coin) that surged to a $50 million market cap before insiders allegedly dumped $635,000 worth of tokens within days of launch, collapsing the price by over 90%. Neither token was authorized by Reddit or the r/WallStreetBets subreddit, and ZachXBT publicly identified the alleged perpetrators in the 2023 incident.

GANA Payment was a BNB Smart Chain payment-focused DeFi project (BEP-20 token) that launched on November 11, 2025 and was exploited nine days later on November 20, 2025, resulting in losses exceeding $3.1 million. On-chain investigator ZachXBT confirmed the attack, which involved a compromised deployer private key combined with abuse of EIP-7702 to drain the project's staking contract; stolen funds were subsequently laundered through Tornado Cash on both BSC and Ethereum. The GANA token lost over 90% of its value within 24 hours of the exploit.

Nobitex is Iran's largest cryptocurrency exchange, founded in 2017, claiming over 11 million users and handling approximately 70% of Iran's on-chain crypto volume. A March 2025 Reuters investigation identified its founders as brothers Ali and Mohammad Kharrazi — members of a family with documented ties to Iran's Supreme Leaders and the founding of the Islamic Revolutionary Guard Corps — who operated the exchange under an alternative surname. Blockchain analytics firms including Elliptic, Chainalysis, and TRM Labs have documented billions of dollars in flows through Nobitex connected to sanctioned Iranian state entities including the Central Bank of Iran and the IRGC, making the platform a critical node in Iran's sanctions evasion infrastructure.

Sportsbet.io is a cryptocurrency gambling and sports betting platform operated by mBet Solutions N.V. under the Yolo Group umbrella, licensed in Curaçao. On June 22, 2024, blockchain investigator ZachXBT publicly identified that the platform's hot wallets were drained of approximately $3.5 million in USDT and TRX, attributing the attack to the same threat actor who hours later stole an estimated $55 million from Turkish exchange BtcTurk, with stolen funds allegedly commingled between both hacks. The platform has drawn ongoing scrutiny for operating in regulatory grey markets, serving users in jurisdictions where it holds no local license, and for systemic user complaints involving account closures and fund seizures following wins. Yolo Group founder Tim Heath confirmed in 2025 that the brand is being wound down in favor of fully regulated markets.

TON (The Open Network) is a layer-1 blockchain originally developed by Telegram, abandoned in 2020 following an SEC enforcement action that compelled a $18.5 million penalty and $1.22 billion investor return, and subsequently revived by an independent TON Foundation. By 2024, rapid ecosystem growth attracted a significant wave of phishing campaigns, wallet drainer toolkits, pyramid schemes, and rug pull activity, with over 1,200 fraud cases reported in H1 2024 alone. In May 2026, Pavel Durov announced Telegram would reassume control as the network's largest validator, reintroducing centralization risk to a network already under scrutiny for facilitating illicit marketplaces.

pump.fun (operated by Baton Corporation Ltd., also listed on AVOID.NET as 'pumpdotfun') is a Solana-based meme token launchpad that launched in January 2024 and rapidly became one of the most-used token creation platforms in crypto, generating over $800 million in cumulative revenue and more than 11.9 million tokens. The platform is subject to an active RICO class action lawsuit in the SDNY alleging up to $5.5 billion in retail losses, a UK FCA regulatory ban, a $1.9 million insider flash loan exploit, documented use by North Korea's Lazarus Group for money laundering, and independent research classifying 98.6% of its tokens as rug pulls or fraud.

pump.fun (operated by Baton Corporation Ltd., also listed on AVOID.NET as 'pumpdotfun') is a Solana-based meme token launchpad that launched in January 2024 and rapidly became one of the most-used token creation platforms in crypto, generating over $800 million in cumulative revenue and more than 11.9 million tokens. The platform is subject to an active RICO class action lawsuit in the SDNY alleging up to $5.5 billion in retail losses, a UK FCA regulatory ban, a $1.9 million insider flash loan exploit, documented use by North Korea's Lazarus Group for money laundering, and independent research classifying 98.6% of its tokens as rug pulls or fraud.

Wallex is an Iranian cryptocurrency exchange founded in 2018 in Tehran by graduates of Sharif University of Technology, serving approximately 1 million users as of 2022 and operating as a major domestic crypto-to-rial on/off-ramp. On March 25, 2026, blockchain investigator ZachXBT flagged suspicious fund consolidation activity, prompting both Tether (USDT) and Circle (USDC) to simultaneously blacklist Wallex-linked wallet addresses, leaving approximately $2.49 million stranded on-chain. Wallex operates in a jurisdiction under comprehensive U.S. OFAC sanctions, has been linked by Chainalysis to transactions with a U.S.-sanctioned individual, and suffered a confirmed data breach in 2021 that exposed user credentials.

C&M Software (also styled CMSW) is a Brazilian financial technology company authorized by the Banco Central do Brasil to provide connectivity between smaller financial institutions and Brazil's national payment infrastructure, including the PIX instant-payment system. On June 30, 2025, hackers exploited credentials sold by an insider employee to drain approximately R$800 million (roughly USD 140–148 million) from reserve accounts of at least six financial institutions, in what became Brazil's largest recorded banking cyberattack. A portion of the stolen funds—estimated at USD 30–40 million—was subsequently laundered through Latin American OTC desks and crypto exchanges using Bitcoin, Ethereum, and Tether USDT, with on-chain investigator ZachXBT playing a central role in tracing and partially freezing the laundered assets.

Masa (also known as Masa Finance, later rebranded as Gopher) is a Web3 data and identity protocol that launched a soulbound token standard on Ethereum in 2023 before pivoting to a decentralized AI data network. The MASA token, sold via CoinList in March 2024 at $0.079 and hitting an all-time high of approximately $0.4697 on its April 11, 2024 listing date, subsequently collapsed by over 99.9% to trade near $0.00002 by mid-2026. ZachXBT publicly accused the project of concealing a six-figure security exploit in September 2024, which the team later confirmed only after the allegation was made public.

LastPass is a widely used password manager that suffered a catastrophic two-stage data breach in 2022, resulting in the theft of encrypted customer password vaults containing cryptocurrency seed phrases and private keys. Threat actors subsequently cracked these vaults offline over the following years, draining crypto wallets in waves totaling more than $438 million across hundreds of victims by late 2025. The breach has led to a £1.2 million UK ICO regulatory fine, a $24.45 million US class action settlement, US federal seizures, and on-chain attribution by TRM Labs and blockchain researcher ZachXBT to Russian cybercriminal infrastructure.

Tapioca DAO is an omnichain DeFi money market built on LayerZero, offering a CDP stablecoin (USDO) and isolated lending markets (Singularity/Big Bang) across Arbitrum and BNB Chain. On October 18, 2024, the protocol suffered a critical security breach when a team member was targeted by a social engineering attack attributed to North Korea's Contagious Interview campaign, resulting in private key compromise, drainage of TAP token vesting contracts, and the minting of 5 quintillion USDO. Approximately $4.4–4.7 million was stolen before a partial counter-exploit recovered roughly 996 ETH (~$2.7 million), leaving the protocol treasury down approximately 45% and the TAP token price collapsed over 95%.

Garden Finance is a cross-chain Bitcoin bridge protocol launched in 2023 by former Ren Protocol developers, using Hash Time Locked Contracts (HTLCs) and an intents-based solver network to enable atomic swaps across Ethereum, Solana, Arbitrum, Base, and other chains. On October 30–31, 2025, one of its largest solver operators was compromised via a leaked private key, resulting in approximately $11.4 million in stolen assets that were subsequently laundered through Tornado Cash. Prior to the exploit, blockchain investigator ZachXBT alleged that over 80% of the protocol's recent fee revenue was derived from laundering funds stolen in the February 2025 Bybit hack, which the Lazarus Group (DPRK) perpetrated for approximately $1.4 billion.

Bitcoin Depot was once the largest Bitcoin ATM operator in North America, operating more than 9,000 kiosks before filing for Chapter 11 bankruptcy on May 18, 2026. The company faces lawsuits from the attorneys general of Iowa and Massachusetts alleging it knowingly facilitated crypto scams, with one state finding that more than 80% of high-value transactions at its kiosks were linked to fraud. Multiple data breaches, a $3.6 million wallet theft, regulatory enforcement in California, and on-chain evidence flagged by ZachXBT further document systemic compliance and security failures.

HyperCycle (HYPC) is an Ethereum ERC-20 token marketed as infrastructure for decentralized AI-to-AI transactions, co-founded by SingularityNET's Ben Goertzel and TODA inventor Toufi Saliba. The token has lost approximately 99% of its value from its all-time high of $1.29, and its smart contract contains a PAUSER_ROLE that allows a designated admin to halt all token transfers at will. No independent smart contract security audit has been publicly submitted, and the tokenomics structure — which allocates 20% to team, advisors, and partners with a relatively short vesting cliff — has been cited by multiple analysts as generating sustained selling pressure that disadvantages retail participants. ZachXBT has broadly flagged AI-narrative token projects as high-risk.

Wasabi Protocol is a decentralized perpetual futures and leveraged trading platform for memecoins and long-tail assets, deployed on Ethereum, Base, Berachain, and Blast. On April 30, 2026, the protocol suffered a critical multi-chain exploit in which a compromised admin deployer key was used to execute malicious UUPS proxy upgrades across core contracts, draining over $5 million in user funds. Security firm BlockSec reported that the attacker's wallets had been funded via Tornado Cash, and on-chain investigator ZachXBT publicly criticized the protocol for single-EOA admin control, absence of a timelock or multisig, and alleged misappropriation of project funds on influencer marketing.

Noones is a peer-to-peer cryptocurrency trading platform targeting Africa and the Global South, founded and initially led by Ray Youssef, co-founder of the now-defunct Paxful. In January 2025, the platform suffered an $8 million hot-wallet exploit that was concealed for nearly three weeks before on-chain investigator ZachXBT publicly exposed the breach. Compounding platform risk, Youssef was subsequently indicted by the DOJ in early 2026 on federal AML charges stemming from his leadership of Paxful, and stepped down as Noones CEO shortly thereafter.

MEXC is a centralized cryptocurrency exchange founded in 2018, incorporated in Seychelles, that has accumulated a significant regulatory record across multiple jurisdictions including warnings or cease orders from authorities in Hong Kong, Germany, Belgium, Japan, Estonia, and South Korea. The exchange gained widespread notoriety in late 2025 after on-chain investigator ZachXBT amplified user reports of frozen funds, including a high-profile case in which a trader known as 'The White Whale' had approximately $3 million frozen without adequate explanation, eventually prompting a public apology from the exchange's Chief Strategy Officer. MEXC's parent entity MEXC Global Ltd was struck off by the Seychelles registry in August 2023, dissolved in December 2024, and never obtained a license under the Seychelles VASP Act 2024, leaving its current operational and legal standing opaque.

Kroll Restructuring Administration LLC served as the court-appointed claims and noticing agent for the FTX, BlockFi, and Genesis bankruptcy proceedings. On August 19, 2023, a threat actor executed a SIM swap attack against a Kroll employee's T-Mobile account, gaining unauthorized access to files containing the personal data of tens of thousands of crypto bankruptcy claimants. The exposed data was subsequently exploited in large-scale phishing and social engineering campaigns, with blockchain investigator ZachXBT estimating total losses attributable to the breach at eight to nine figures, and at least one alleged perpetrator — Danish Zulfiqar, also known as 'Danny' — was arrested in Dubai in late 2025 on RICO charges related to a broader $263 million social engineering conspiracy.

1EU2pMence1UfifCco2UHJCdoqorAtpT7 is a legacy P2PKH Bitcoin address holding approximately 9,999.99 BTC that has never had any outgoing transactions, marking it as a dormant high-value wallet. The address has been publicly circulated in attacker-community repositories as a brute-force cracking target, appearing in GitHub issue lists of 'rich wallet addresses for BTC crack' alongside automated key-collision tools. No verifiable private-key compromise or confirmed theft has been documented as of the investigation date; however, the address's inclusion in brute-force tooling databases and its indexing on privatekeys.pw elevates its risk profile considerably.

Renzo Protocol is an Ethereum liquid restaking protocol that issues ezETH, serving as an interface to the EigenLayer ecosystem. In April 2024, ezETH suffered a severe depeg event — dropping as low as $700 in under one hour — triggered by an unpopular REZ tokenomics announcement that concentrated approximately 65% of supply with insiders and investors. The event caused over $56 million in DeFi liquidations affecting more than 250 users, and the REZ token has since lost approximately 97% of its all-time high value.

Metawin is an offshore crypto casino and gaming platform licensed under the Anjouan (Comoros) gaming authority, operated by Asobi N.V. from Curacao, and founded by Richard 'Skel' Skelhorn. On November 3, 2024, the platform suffered a significant hot wallet exploit across Ethereum and Solana blockchains resulting in approximately $4 million in stolen funds, with blockchain investigator ZachXBT tracing the stolen assets to KuCoin and a nested HitBTC service across more than 115 attacker-linked addresses. The CEO subsequently claimed to have personally covered the losses, restoring withdrawals for approximately 95% of affected users, though the platform's offshore jurisdictional status and the underlying security vulnerability raise ongoing concerns.

Spartans Bet (spartans.com) is a crypto betting and casino platform launched in 2025, operated by Nexus International Entertainment Ltd, a company registered in Belize and licensed under the disputed Anjouan (Comoros) gaming authority. On-chain investigator ZachXBT alleged in 2025 that the platform's suspected co-founder, Gurhan Kiziloz, is also the hidden operator behind BlockDAG Network, a project ZachXBT claims raised over $300 million from retail investors through deceptive social media advertising and misappropriated presale funds via Middle Eastern OTC channels. Spartans makes prominent 'provably fair' claims that lack independently verifiable third-party audit documentation, and the platform carries a below-average safety index of 6.4/10 from casino.guru, with user complaints citing refused withdrawals and unfair bonus terms.

Mixin Network is a Hong Kong-based cross-chain Layer 2 protocol that suffered one of the largest cryptocurrency hacks of 2023, losing approximately $200 million when its cloud service provider's database was compromised on September 23, 2023. The hack exposed a fundamental contradiction in Mixin's self-described decentralized architecture: the majority of user funds were held in hot wallets backed by a centralized cloud database. As of early 2026, the majority of stolen assets remain unrecovered, with the attacker beginning to launder funds through Tornado Cash.

PAAL AI is an Ethereum ERC20 token launched in July 2023, marketed as an AI-powered chatbot and automation ecosystem for crypto communities. In September 2023, blockchain investigator ZachXBT published on-chain evidence and leaked Telegram messages alleging that four prominent crypto influencers — TraderSZ, TraderNJ1, PetaByte, and Trader_XO — received undisclosed token allocations from the PAAL AI team and engaged in a coordinated pump-and-dump scheme, collectively dumping hundreds of thousands of dollars in PAAL tokens on retail buyers. The token subsequently declined approximately 98.7% from its March 2024 all-time high of $0.8653 to below $0.013 by mid-2026, while the PAAL brand has also been exploited by third-party wallet-draining scams impersonating its staking platform.

Act I: The AI Prophecy (ACT) is a Solana-based AI-narrative memecoin launched via Pump.fun in October 2024 with no verified product utility. The token reached an all-time high of approximately $0.92 in November 2024 before declining over 98% to roughly $0.013 by mid-2026. It has been subject to a documented co-founder token dump, a suspicious 49% flash crash on Binance in April 2025 attributed to large coordinated sell orders, and broad sector criticism from on-chain investigator ZachXBT who labeled 99% of AI agent tokens as scams.

Token 2049 is one of the world's largest crypto conferences, held annually in Singapore and Dubai by Hong Kong-based BOB Group. The event has faced repeated criticism for insufficient sponsor vetting, most notably when OFAC- and UK-sanctioned Russia-linked stablecoin A7A5 was listed as a platinum sponsor and given a speaking slot at the October 2025 Singapore edition. Separately, in March 2025, on-chain investigator ZachXBT publicly flagged multiple Token 2049 sponsors — including DWF Labs, Bitunix, JuCoin, WEEX, and Spacecoin — for fraud, wash trading, and regulatory non-compliance, warning that conference sponsorship carries no implied credibility.

ANDY is a meme token launched on the Base (Ethereum L2) network in 2024, built around the 'boy's club' internet meme character. Blockchain investigator ZachXBT documented a theft of approximately $2 million in ANDY tokens from a victim's wallet in June 2024, with the perpetrator converting roughly half the stolen funds to Ethereum. CertiK's Skynet platform assigned the token a score of 2.7 out of 100, indicating serious security and governance deficiencies. Allegations that individuals associated with the token conducted SIM-swap attacks targeting Korean-American crypto holders have been attributed to ZachXBT's flagging but remain unconfirmed by independently verifiable Tier 1 or Tier 2 sources.

Netmind AI (netmind.ai) is a London-based decentralized GPU compute network that issues the NMT token on both Ethereum (ERC20) and BNB Smart Chain (BEP20) via upgradeable proxy contracts. In March 2024, 440,000 NMT tokens were sold in a sudden dump that caused a 76% price crash — attributed by the team to a compromised early miner wallet, though the mechanism remains disputed. The NMT contract is an upgradeable transparent proxy that grants the owner unilateral ability to disable sells, change fees, mint, or transfer tokens, representing a material centralization and rug-risk vector flagged by security tools and, according to AVOID.NET source tagging, by ZachXBT.

JRNY Crypto (real name allegedly Tony Spark) is a pseudonymous cryptocurrency and NFT influencer operating since 2017, with over 760,000 followers on X and 590,000 YouTube subscribers at peak activity. ZachXBT flagged the account in November 2024 after approximately $4 million in crypto assets were drained from associated wallets in a suspected private key compromise; JRNY did not publicly acknowledge the incident. Separate community-sourced allegations include undisclosed paid promotions, a paid strategic advisory role at BSC launchpad Seedify that critics allege was not consistently disclosed to audiences, and criticism over the JRNY Club and Planet Xolo NFT projects failing to meet roadmap commitments.

SBI Crypto is a cryptocurrency mining subsidiary of Japan's SBI Holdings, operating one of the top Bitcoin mining pools globally and offering related infrastructure services. On September 24, 2025, addresses linked to the company saw approximately $21–24 million in suspicious outflows across five cryptocurrencies; blockchain investigator ZachXBT and security firm Cyvers identified laundering patterns consistent with DPRK-affiliated Lazarus Group operations. SBI Group did not proactively disclose the breach and provided only minimal confirmation after independent researchers surfaced the incident publicly.

Truflation is a blockchain-based inflation data oracle protocol that provides real-time economic indices to DeFi applications via its Truflation Stream Network (TSN) and TRUF token. In September 2024, the project suffered a confirmed malware attack that compromised private keys across its treasury multisig and personal wallets, resulting in losses estimated between $4.6 million and $5.2 million — predominantly in TRUF tokens, ETH, and DAI. On-chain investigator ZachXBT was among the first to publicly identify and report the incident; the project subsequently initiated a full TRUF token migration as a remediation measure.

Crypto.com is a Singapore-headquartered centralized cryptocurrency exchange founded in 2016 (originally as Monaco) by Kris Marszalek, Bobby Bao, Gary Or, and Rafael Melo. The platform has been subject to multiple serious security incidents, including a confirmed January 2022 hack in which $34 million was stolen via a 2FA bypass and laundered through Tornado Cash, and an alleged 2023 data breach linked to the Scattered Spider hacking group that the company did not publicly disclose to affected users. Blockchain investigator ZachXBT has publicly accused Crypto.com of governance manipulation and tokenomics fraud, citing the March 2025 reissuance of 70 billion CRO tokens that had been permanently burned in 2021, and the company's controversial 2020 forced swap from its original MCO token to CRO at unfavorable rates.

BtcTurk is Turkey's oldest and largest centralized cryptocurrency exchange, founded in 2013 in Istanbul. The exchange has suffered two major hot wallet breaches in 14 months — approximately $55 million stolen in June 2024 and approximately $48–$49 million in August 2025 — both attributed to private key compromise, establishing a pattern of repeated critical security failures. Despite operating under Turkish regulatory frameworks (CMB and MASAK) and maintaining cold wallet protections, the exchange's inability to prevent a second near-identical attack within a year raises serious concerns about the adequacy of its security controls.

Renzo Protocol is an EigenLayer liquid restaking protocol that issues ezETH, a liquid restaking token (LRT) representing restaked ETH. In April 2024, ezETH suffered a severe depeg — falling from ~$3,100 to as low as $688 on Uniswap — triggered by a controversial REZ tokenomics announcement that allocated only 5% of tokens to the community airdrop while reserving over 60% for team, investors, and advisors, causing cascading liquidations exceeding $56 million across DeFi platforms. Eight high-severity vulnerabilities were identified in a concurrent Code4rena security audit, and the incident exposed structural risks including withdrawal restrictions that prevented users from redeeming ezETH directly for ETH.

Nexera (formerly AllianceBlock) is a blockchain infrastructure protocol focused on compliant real-world asset tokenization, operating primarily on Ethereum. In August 2024, a threat actor later attributed to North Korea's Lazarus Group used social engineering and BeaverTail malware to steal smart contract management credentials, enabling unauthorized transfer of 47.24 million NXRA tokens valued at approximately $1.9 million. The team mitigated further losses by zeroing out and subsequently burning the 32.5 million tokens that remained in the attacker's wallet, limiting confirmed liquidated losses to roughly $449,000.

Serenity Shield is a blockchain-based data storage and crypto inheritance protocol built on BNB Smart Chain, operating a product called StrongBox. On February 27, 2024, a team MetaMask wallet was compromised and 6.9 million SERSH tokens valued at approximately $5.6 million were stolen, causing the token price to collapse by over 95% within 24 hours. On-chain investigator ZachXBT linked the attacker to a serial hacker responsible for multiple private-key compromise incidents across at least six other protocols in late 2023 and early 2024.

CoinEx is a centralized cryptocurrency exchange that suffered a major hot wallet breach on September 12, 2023, with losses estimated between $54 million and $70 million across multiple blockchains. On-chain investigators ZachXBT and Elliptic attributed the attack to the Lazarus Group (TraderTraitor), a North Korean state-sponsored threat actor, based on wallet address overlap with the contemporaneous Stake.com hack. Stolen proceeds were subsequently laundered in part through the Sinbad Bitcoin mixer, which was sanctioned by the U.S. Treasury's OFAC on November 29, 2023.

Trust Wallet is a widely-used non-custodial mobile and browser cryptocurrency wallet, originally acquired by Binance in 2018 and later divested as an independent entity. It has been the subject of multiple documented security incidents spanning 2022–2025, including a critical WebAssembly entropy vulnerability (CVE-2024-23660), a supply-chain compromise of its Chrome extension in December 2025 that resulted in approximately $8.5 million in user losses, and a historical low-entropy key generation flaw exploited in 2023. Blockchain investigator ZachXBT flagged the December 2025 browser extension incident and documented hundreds of victims.

EigenLayer is a legitimate Ethereum restaking protocol operated by Eigen Labs that became a high-value target for phishing campaigns, wallet drainer attacks, and social engineering in 2024 following the launch of its EIGEN token. In October 2024 alone, the protocol's official X account was compromised to promote a fake airdrop resulting in at least $800,000 lost by one victim, and a separate email-based social engineering attack redirected approximately $5.7 million in locked investor tokens to an attacker's wallet. EIGEN holders and restakers face an elevated and persistent threat surface from impersonation sites, fake airdrop claims, and token-approval drainer schemes that exploit the protocol's name and brand recognition.

Cardano (ADA) holders face a persistent and multi-vector threat landscape that includes deepfake giveaway scams impersonating founder Charles Hoskinson, social media account hijackings used to promote fraudulent tokens, phishing campaigns distributing credential-stealing malware disguised as wallet software, and NFT-based wallet drainers. The Cardano Foundation's own X account was compromised in December 2024, resulting in the promotion of a fake token and false regulatory claims. State-sponsored actors including the North Korean Lazarus Group have also targeted ADA holders through the Atomic Wallet supply chain attack.

Andy Ayrey is a New Zealand-based AI researcher and self-described performance artist who created Truth Terminal, an autonomous AI chatbot that became closely associated with the Goatseus Maximus (GOAT) memecoin, which briefly reached a $900M–$1B market cap in late 2024. Ayrey disclosed holding 1.25 million GOAT tokens gifted to him and pledged not to trade on insider knowledge, later establishing a non-profit foundation (Truth Collective) to manage the AI's holdings. ZachXBT's involvement concerns the October 2024 SIM-swap hack of Ayrey's X account — which third-party hackers exploited to deploy scam memecoins netting over $1.5M — rather than direct fraud allegations against Ayrey himself; however, broader ethical concerns persist around the gray-area ecosystem of AI-agent-driven memecoin promotion that Truth Terminal helped legitimize.

Kiln is an institutional-grade, non-custodial staking infrastructure provider that manages over $14 billion in staked assets across 50+ proof-of-stake networks, including approximately 6% of the entire Ethereum validator set. In September 2025, Kiln suffered a sophisticated supply chain attack in which a threat actor compromised a GitHub access token belonging to a Kiln infrastructure engineer, injected malicious code into the Kiln Connect API, and caused the theft of approximately 192,600 SOL (~$41 million) from enterprise customer SwissBorg. The incident prompted Kiln to exit all 1.6 million ETH worth of its Ethereum validators as a precautionary measure, triggering the longest Ethereum exit queue backlog in the network's history.

Vitalik Buterin is the legitimate co-founder of Ethereum and is not himself a scam actor. However, his name, likeness, and social media presence constitute one of the most heavily weaponized impersonation surfaces in crypto. Documented threats include a September 2023 SIM-swap of his X account (linked to Pink Drainer, resulting in ~$691K stolen from followers), persistent fake giveaway livestreams on YouTube, thousands of fraudulent Instagram accounts, and an escalating campaign of AI-generated deepfake videos distributing wallet-drainer phishing links.

BONAD.fun is a permissionless meme token launchpad operating on the Monad blockchain, positioned as BONK's community-driven expansion from Solana into the EVM ecosystem via Monad. The platform is an independent community project not officially endorsed or vetted by the BONK Foundation, and no public smart contract audit has been documented. The platform shares brand identity and fee-recycling mechanics with Bonk.fun, the Solana-based predecessor that suffered a domain hijacking and wallet-drainer attack in March 2026 — a front-end attack vector that is directly relevant to BONAD.fun's risk surface as a structurally similar deployment.

Thunder Terminal is a Solana-based on-chain trading terminal that suffered a $240,000 exploit on December 27, 2023, when an attacker leveraged compromised MongoDB credentials to steal session tokens and drain 86.5 ETH and 439 SOL from 114 user wallets in under nine minutes. The attacker subsequently routed the stolen ETH through the Railgun privacy protocol and demanded a 50 ETH ransom for deletion of alleged user data, directly contradicting Thunder Terminal's public claim that no user data or private keys were compromised. Thunder Terminal pledged full reimbursement of stolen funds, engaged the FBI, and implemented additional security controls, though no public confirmation of completed reimbursements has been verified.

MustStopMurad is the X handle of Murad Mahmudov, a Princeton-educated former Goldman Sachs analyst and co-founder of the now-defunct Adaptive Capital hedge fund, who rose to prominence in 2024 as the primary advocate of the 'memecoin supercycle' thesis following a widely-circulated speech at TOKEN2049 Singapore. On-chain investigator ZachXBT published what he alleged to be 11 wallets linked to Mahmudov in October 2024, holding approximately $24 million in memecoins, raising concerns about undisclosed large holdings in tokens he publicly promotes to hundreds of thousands of followers. No regulatory action has been filed; the core allegations of supply control, potential front-running, and undisclosed conflicts of interest remain contested and unproven in any legal forum.

BitoPro is a Taiwanese centralized cryptocurrency exchange operated by BitoGroup, serving over 800,000 users with TWD (New Taiwan Dollar) fiat on/off-ramps. On May 8, 2025, the exchange suffered an approximately $11.5 million hot wallet theft attributed to North Korea's Lazarus Group via a social-engineering and AWS-token-hijacking attack. The exchange did not publicly disclose the breach for approximately 25 days, only confirming the incident after on-chain investigator ZachXBT flagged suspicious outflows on June 2, 2025.

Rain (rain.com / Rain Financial) is a Bahrain-headquartered cryptocurrency exchange founded in 2017, holding licenses from the Central Bank of Bahrain and the Abu Dhabi Global Market's Financial Services Regulatory Authority. In April 2024, the exchange suffered a confirmed security breach of approximately $14.8 million in BTC, ETH, SOL, and XRP, which went undisclosed for approximately two weeks until blockchain investigator ZachXBT publicly exposed it. Rain subsequently confirmed the incident and stated that all customer funds were covered from company reserves.

Sui is a Layer 1 blockchain developed by Mysten Labs, launched in May 2023 and built on the Move programming language. The network suffered one of the largest DeFi exploits of 2025 when Cetus Protocol — its primary DEX — was drained of approximately $223 million in May 2025, triggering a controversial emergency validator vote to freeze and reclaim stolen funds that exposed deep centralization concerns. Separately, ZachXBT investigated a $29 million SUI token theft in late 2024 involving Tornado Cash laundering and subsequently announced in July 2025 that he would no longer take Sui ecosystem cases due to inadequate incident-response infrastructure and lack of support from the ecosystem.

Ethena is a DeFi protocol founded in 2023 by Guy Young that issues USDe, a synthetic dollar stablecoin backed by delta-neutral perpetual futures hedges on centralized exchanges. The protocol reached $14 billion in supply at its 2025 peak before contracting sharply to approximately $5.9 billion following a flash crash in October 2025 and BaFin's enforcement action that forced Ethena GmbH to cease EU operations. Multiple concerns have been raised including: a German regulatory shutdown citing MiCA breaches and alleged unregistered securities offerings via sUSDe; insider airdrop farming allegations involving 180 million foundation-controlled ENA tokens; two separate security incidents (Discord hack July 2024 and domain registrar compromise September 2024); and structural risks tied to funding rate volatility, exchange counterparty exposure, and an undersized reserve fund relative to protocol TVL.

CoinDCX is one of India's largest cryptocurrency exchanges, founded in 2018 and valued at $2.45 billion following Coinbase investment. In July 2025, the exchange suffered a $44.2 million security breach attributed by cybersecurity firm Cyvers to North Korea's Lazarus Group, which was first publicly identified by blockchain investigator ZachXBT before official disclosure. While customer funds were not directly affected and the exchange covered losses from treasury, the incident compounded existing concerns including co-founder arrests over alleged fraud in March 2026 and ongoing user withdrawal complaints.

SafePal is a hardware and software cryptocurrency wallet founded in 2018 by Veronica Wong and incubated by Binance Labs, with over 10 million claimed users. The platform has been surrounded by multiple serious security incidents including a malicious Firefox extension that impersonated the wallet for seven months in 2021, a Binance-backed Launchpad token (SFP), hardware vulnerabilities disclosed by Kraken Security Labs, and a $6.5–7 million theft linked to a tampered hardware wallet sold via the Chinese platform Douyin (TikTok China). SafePal itself has not been hacked directly, but its brand has been repeatedly exploited by third-party threat actors, and ZachXBT has documented its wallets appearing in fund-laundering flows.

Across Protocol is a cross-chain bridge protocol built on UMA's optimistic oracle, founded by Hart Lambur and the UMA/Risk Labs team and launched in 2021. In June 2025, pseudonymous investigator Ogle alleged that protocol insiders used undisclosed wallets to push through two governance proposals transferring approximately 150 million ACX tokens ($23 million) from the DAO treasury to Risk Labs, the team's own organization, constituting alleged self-dealing and DAO manipulation. Separate allegations from LayerZero founder Bryan Pellegrino claimed insider trading preceded a surprise Binance listing of ACX in December 2024, with the protocol subsequently proposing in early 2026 to dissolve its DAO entirely and convert to a U.S. C-corporation.

CoinsPaid is an Estonia-based cryptocurrency payment processor founded by Max Krupyshev that was targeted in two major security breaches: a $37.3 million hack in July 2023 attributed by the company and the FBI to North Korea's Lazarus Group (achieved via a sophisticated social engineering campaign using fake job offers), and a second breach in January 2024 resulting in approximately $7.5 million in losses. Despite the company's stated transparency and rapid operational recovery, the consecutive incidents raise significant concerns about its security posture and its status as a repeated high-value target for state-sponsored threat actors.

KAITO is the native token of Kaito AI, an AI-powered 'InfoFi' (information finance) platform built on Base blockchain, founded by former Citadel quantitative trader Yu Hu and launched in February 2025. On March 15, 2025, both the official Kaito AI X account and Yu Hu's personal account were compromised by hackers who spread false claims of wallet breaches while simultaneously holding short positions on KAITO, netting an estimated $1 million in profit from the manufactured price panic. The platform faced additional scrutiny from blockchain investigator ZachXBT over alleged AI bot spam incentivized by its Yaps reward system, which was ultimately sunset in January 2026 after X revoked API access to all InfoFi applications.

Hypurr NFTs are a 4,600-piece cat-themed NFT collection airdropped by the Hyper Foundation on September 28, 2025, to early Hyperliquid users who participated in the November 2024 Genesis Event. On the day of launch, blockchain investigator ZachXBT flagged the theft of eight Hypurr NFTs from compromised HyperEVM wallets, yielding approximately $400,000 in profit for the attacker. The collection itself is a legitimate product of the Hyper Foundation, but the incident exposed wallet security vulnerabilities in the HyperEVM ecosystem and coincided with a broader pattern of exploits across Hyperliquid-based protocols in late September 2025.

Strike (operated by Zap Solutions, Inc.) is a Bitcoin and Lightning Network payments application founded by Jack Mallers. The platform has faced scrutiny over a 2023 data breach it initially denied, the use of Tether (USDT) as a backing for purported USD cash balances for non-US users, and a 2026 proposed merger with Twenty One Capital (XXI) that raises serious conflict-of-interest concerns given Mallers serves as CEO of both entities.

Coinbase (NASDAQ: COIN) is the largest publicly listed cryptocurrency exchange in the United States, founded in 2012 and regulated across multiple jurisdictions. Despite its regulated status, the platform has been the subject of significant documented concerns: a May 2025 insider-enabled data breach affecting approximately 70,000 users with estimated remediation costs of $180–400 million, ongoing documented losses exceeding $300 million per year from social engineering scams targeting Coinbase users (as reported by blockchain investigator ZachXBT), a $100 million AML compliance settlement with the NYDFS in 2023, and controversies surrounding its Base Layer-2 blockchain including a disputed token launch and a contentious departure from the Optimism OP Stack ecosystem.

Cointelegraph is a major legitimate cryptocurrency news outlet that has been a victim of two distinct infrastructure compromises. In January 2024, attackers breached its email service provider MailerLite and sent phishing emails to subscribers using Angel Drainer malware, resulting in estimated losses of $580,000 to over $700,000 across affected platforms. In June 2025, attackers separately compromised Cointelegraph's banner advertising system to serve Inferno Drainer-linked pop-ups promoting a fake CTG token airdrop to site visitors.

Circle Internet Group is the issuer of USDC, the second-largest USD-pegged stablecoin by market capitalization. Circle has faced sustained criticism from blockchain investigator ZachXBT and others for its policy of refusing to freeze USDC linked to hacks or scams without a formal court order or law enforcement mandate, which critics allege has allowed over $420 million in illicit funds to flow freely since 2022. The company went public on the NYSE in June 2025 under the ticker CRCL and received conditional OCC approval for a national trust bank charter in December 2025.

Rapper Nelly (Cornell Iral Haynes Jr.) is flagged here not as a perpetrator of crypto fraud, but as a victim of an account compromise. In October 2023, an X (formerly Twitter) account associated with Nelly — handle @NellioETH — was hacked by an unknown third party who then used it to run a social engineering phishing campaign against crypto users. Blockchain investigator ZachXBT first identified and publicized the incident; specific amounts stolen from victims and detailed on-chain forensics have not been publicly confirmed.

M2 is a UAE-based cryptocurrency exchange licensed by the Abu Dhabi Global Market (ADGM) Financial Services Regulatory Authority, operating as a regulated Multilateral Trading Facility and custodian since late 2023. On October 31, 2024, the exchange suffered a $13.7 million hot wallet breach attributed to an access control vulnerability across the Bitcoin, Ethereum, and Solana networks. M2 subsequently reimbursed all affected customers from its own assets and stated it had engaged law enforcement and regulatory authorities.

Bittensor is a decentralized blockchain protocol functioning as a peer-to-peer marketplace for machine intelligence, using the TAO token to reward AI model contributors. In July 2024, the protocol was the target of a supply chain attack via a malicious version of its official PyPI package, resulting in the theft of approximately $28 million in TAO tokens from 32 wallets. A civil lawsuit filed in January 2025 alleges that former Opentensor Foundation employees orchestrated the attack, and on-chain investigator ZachXBT identified a key suspect through NFT wash-trade analysis and Railgun de-mixing.

Porkbun LLC is a legitimate ICANN-accredited domain registrar founded circa 2014-2015, headquartered in Sherwood, Oregon, and managing over 3.45 million domains. While the company is not itself a scam operation, it has attracted scrutiny from the crypto security community — including on-chain investigator ZachXBT — for hosting phishing infrastructure linked to Angel Drainer and Inferno Drainer wallet-draining services, including fake Ledger sites. Third-party tracking platforms document hundreds of flagged phishing domains registered through Porkbun and allege that the company's abuse-response enforcement has been inadequate, with a majority of reported domains remaining active after formal abuse reports.

Transak is a fiat-to-crypto on-ramp infrastructure provider founded in 2019 and serving over 8 million users across 160+ countries, with integrations into major platforms including MetaMask, Phantom, and Uniswap. In October 2024, a phishing attack on an employee's laptop led to unauthorized access to a third-party KYC vendor's dashboard, exposing the personal identity documents of approximately 92,554 users globally, including names, dates of birth, government-issued IDs, and selfie photos. The breach resulted in a $601,000 class action settlement covering U.S.-based affected users, and the Stormous ransomware group claimed responsibility, alleging extraction of over 300GB of data.

Pendle is a permissionless yield-trading protocol on Ethereum, launched in 2021 by TN Lee and Vu Nguyen, that allows users to separate and trade the principal and yield components of yield-bearing assets. In September 2024, Penpie — an independent yield optimizer built on top of Pendle — suffered a $27 million reentrancy exploit that was made possible in part by Pendle's permissionless market creation design. Although Pendle's own contracts were not directly exploited, the protocol's architecture contributed to the attack surface, and all 11,261 ETH in stolen funds were subsequently laundered through Tornado Cash.

Trezor is a legitimate Prague-based hardware wallet manufacturer (SatoshiLabs) and one of the oldest in the industry, but it has accumulated a significant threat ecosystem around its brand. A January 2024 breach of its third-party support portal exposed contact data for approximately 66,000 users, which subsequently fueled targeted phishing campaigns delivered via email, physical mail, and fake apps. Trezor hardware devices have also been subject to disclosed physical attack vectors, including an alleged unpatchable flaw in the STM32 microcontroller used in the Trezor T model.

CoinSpot is an Australian cryptocurrency exchange founded in 2013 by Russell Wilson and headquartered in Melbourne. It is registered with AUSTRAC as a Digital Currency Exchange (since May 2018) and holds ISO 27001 certification. On November 8, 2023, the platform suffered a suspected private key compromise resulting in the loss of approximately 1,283 ETH (~$2.4 million USD), with stolen funds bridged to Bitcoin via THORChain and Wan Bridge. No customer funds were reported lost in the incident.