Avoid your next
big mistake

A multi-firm criminal enterprise spanning four crypto market-making companies — Gotbit, Vortex, Contrarian, and Antier Solutions — was dismantled through a coordinated FBI and IRS-Criminal Investigation undercover operation known as Operation Token Mirrors. Ten executives and employees across the four firms were indicted between March and September 2025 in the Northern District of California on charges of wire fraud and wire fraud conspiracy for orchestrating wash-trading and pump-and-dump schemes against retail investors. Gotbit founder Aleksei Andriunin was separately convicted in the District of Massachusetts, sentenced to eight months in prison, and his firm was ordered to forfeit $23 million in cryptocurrency; as of mid-2026 additional defendants remain in active criminal proceedings.

Axiom is a Solana-based crypto trading platform founded in 2024 by Henry Zhang ('Mist') and Preston Ellis ('Cal'), which completed Y Combinator's Winter 2025 batch and generated over $390 million in cumulative revenue. In February 2026, blockchain investigator ZachXBT published a documented investigation revealing that a senior business development employee, Broox Bauer, along with colleagues, systematically abused internal dashboard tools with insufficient access controls to access private user wallet data and conduct insider trading for over 10 months beginning in early 2025. Axiom confirmed the breach, removed access to the implicated tools, and pledged an internal investigation, but no formal legal charges had been publicly filed as of the date of reporting.

A coordinated international law enforcement operation conducted in April–May 2026 by the FBI, Dubai Police, Chinese Ministry of Public Security, and Royal Thai Police resulted in at least 276 arrests and the dismantlement of at least nine cryptocurrency investment fraud centers operating in Southeast Asia and the UAE. The operation targeted three named scam organizations — Ko Thet Company, Sanduo Group, and Giant Company — charged in the Southern District of California, alongside a parallel Scam Center Strike Force action on April 23, 2026, that seized 503 fraudulent domains, charged two Chinese nationals for managing Myanmar's Shunda Park compound, sanctioned Cambodian Senator Kok An and 28 associates, and restrained $701.96 million in cryptocurrency. A $10 million State Department reward was simultaneously announced for information on the Tai Chang scam centers in Burma's Karen State.

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has designated multiple Ethereum wallet addresses linked to the Sinaloa Cartel's fentanyl trafficking and cryptocurrency money laundering operations. The most recent action, on May 20, 2026, added six Ethereum addresses and 11 individuals to the Specially Designated Nationals (SDN) list, marking the eighth Sinaloa Cartel designation linked to cryptocurrency since September 2023. All designated addresses are subject to strict-liability blocking obligations for U.S. persons and entities.

On June 18, 2025, the U.S. Attorney's Office for the District of Columbia filed a civil forfeiture complaint seeking $225,364,961 in USDT linked to a sophisticated cryptocurrency investment fraud and money laundering network, marking the largest cryptocurrency seizure in U.S. Secret Service history. The funds were traced via blockchain analysis to pig-butchering scam operations allegedly run from compounds in the Philippines and Vietnam, affecting over 430 suspected victims globally. The action is part of a broader 2025-2026 federal crackdown that includes the D.C. Scam Center Strike Force, Operation Level Up, and a coordinated international sweep resulting in 276 arrests and $701 million in restrained assets.

ATM Token is an obscure BEP-20 token deployed on BNB Smart Chain that suffered a confirmed exploit on June 4, 2026, resulting in approximately $243,500 in losses. The attack was made possible by a flawed custom transferFrom() function that automatically swapped 20% of each token transfer into BSC-USD, which an attacker abused repeatedly within a single transaction. The project has no verified security audit, no public whitepaper or website, and issued no statement following the incident.

In March 2026, on-chain investigator ZachXBT exposed a coordinated network of at least 11 X accounts that manufactured fake geopolitical panic — primarily around the Iran war and Cuban humanitarian crises — to funnel followers into pump-and-dump cryptocurrency schemes. The network used purchased aged accounts, AI-generated fake personas, and mass cross-reposting to artificially inflate reach, culminating in the coordinated promotion of the $ORAMAMA token on Solana's PumpSwap on February 22, 2026, generating alleged six-figure on-chain profits. X suspended all 16 identified accounts by the evening of March 23, 2026.

Fluid, formerly known as Instadapp, is a DeFi lending, borrowing, and trading protocol founded in 2018 by brothers Samyak and Sowmay Jain. The protocol rebranded from Instadapp to Fluid in December 2024 following the launch of its DEX product. As of mid-2026, Fluid operates with approximately $720 million in TVL across multiple chains and has been subject to two notable security incidents: a March 2026 bad-debt event stemming from a third-party hack of the Resolv protocol (~$19.3 million absorbed), and a May 2026 off-chain key compromise of its Merkle rewards distribution infrastructure that drained approximately 125,000 FLUID and 51,900 GHO.

Sweat Economy is a move-to-earn protocol on NEAR Protocol that rewards users with SWEAT tokens for physical activity, built on top of the Sweatcoin app which has over 120 million registered users. On April 29, 2026, the SWEAT token contract on NEAR was exploited via a Rust smart contract vulnerability, allowing an attacker to drain approximately 13.71 billion SWEAT tokens — roughly 65% of total supply — valued at approximately $3.5 million, within 30 seconds. The Sweat Foundation coordinated with MEXC exchange and Rhea Finance to freeze attacker funds and ultimately restored all external user balances, with a patched contract subsequently deployed.

Nathan Fuller, a Cypress, Texas resident, is the subject of a May 28, 2026 SEC civil complaint alleging he raised approximately $12.3 million from roughly 150 investors across nine U.S. states and two foreign countries through fabricated AI-powered crypto trading bots operated under Privvy Investments LLC and Gateway Digital Investments. The SEC alleges Fuller misappropriated at least $6.2 million for personal expenses and used approximately $5.5 million for Ponzi-like payments to earlier investors, while deploying only about $380,000 (3%) in actual cryptocurrency purchases. In a related proceeding, a Texas bankruptcy court denied Fuller a discharge of over $12.5 million in debt on August 1, 2025, after Fuller admitted to operating a Ponzi scheme and fabricating documents.

Dritan Kapllani Jr. is an 18-year-old US resident publicly identified by on-chain investigator ZachXBT on May 12, 2026 as allegedly connected to approximately $19 million in social engineering cryptocurrency thefts, including a 185 BTC theft on March 14, 2026 worth roughly $13 million. Federal prosecutors named him as 'Co-Conspirator 1' in a criminal complaint unsealed May 11, 2026 against charged co-defendant Trenton Johnston; as of mid-June 2026 Kapllani himself has not been formally charged. Following public exposure, on-chain analysts observed him moving approximately $2.59 million in funds through new wallet hops, raising concerns about potential asset concealment.

Operation Atlantic was a week-long multinational law enforcement operation conducted in late March and early April 2026, co-hosted by the U.S. Secret Service, the UK National Crime Agency, the Ontario Provincial Police, and the Ontario Securities Commission. The operation targeted cryptocurrency approval phishing fraud networks spanning more than 30 countries, resulting in $12 million in stolen funds frozen, over 20,000 compromised wallet addresses identified, 120 scam domains disrupted, and $45 million in total fraud identified. No criminal arrests or indictments were publicly announced as part of this operation; its primary mandate was disruption, victim outreach, and asset freezing.

Robert Dunlap, 55, of Houston, Texas, operated Meta-1 Coin Trust from 2018 to 2023, raising more than $20 million from nearly 1,000 investors by falsely claiming a digital asset called 'Meta-1 Coin' was backed by $44 billion in gold and $1 billion in artwork. Dunlap fabricated audit documents and manipulated trading prices using automated bots. He was convicted by a federal jury in November 2025 on two counts of mail fraud and sentenced on April 17, 2026, to 23 years in federal prison by U.S. District Judge LaShonda A. Hunt in the Northern District of Illinois.

Bernard L. Madoff (1938–2021) was an American financier and former NASDAQ chairman who operated the largest Ponzi scheme in recorded history through his firm Bernard L. Madoff Investment Securities LLC (BLMIS), defrauding approximately 4,800 client accounts of an estimated $64.8 billion over several decades before his arrest in December 2008. Madoff pleaded guilty to 11 federal felonies in 2009 and died in federal prison in 2021 while serving a 150-year sentence. His name is widely invoked in the cryptocurrency industry as the archetypal benchmark for large-scale Ponzi fraud, with figures including Sam Bankman-Fried, Do Kwon, and Ruja Ignatova frequently compared to Madoff by regulators, prosecutors, and commentators.

BitClub Network was a fraudulent cryptocurrency mining investment scheme that operated from April 2014 through December 2019, raising at least $722 million from investors worldwide by falsely promising returns from shared bitcoin mining pools. Five individuals were indicted by a US federal grand jury in December 2019; multiple co-defendants have pleaded guilty while principal operator Matthew Brent Goettsche rejected a plea deal and awaits trial as of mid-2026.

Centra Tech was a Miami-based cryptocurrency startup that conducted a fraudulent initial coin offering (ICO) in mid-2017, raising over $32 million from thousands of investors through an extensive web of fabricated executives, fake partnerships with Visa and Mastercard, and undisclosed celebrity endorsements from Floyd Mayweather Jr. and DJ Khaled. All three co-founders — Sohrab Sharma, Robert Farkas, and Raymond Trapani — pleaded guilty to federal securities fraud, wire fraud, and mail fraud charges; Sharma was sentenced to eight years in federal prison. The case remains one of the most significant ICO enforcement actions in U.S. history.

Shai-Hulud is a self-replicating supply chain worm attributed to the financially motivated threat group TeamPCP (also tracked as DeadCatx3, PCPcat, ShellForce, CipherForce, and UNC6780 by Google's Threat Intelligence Group). Active since September 2025, the campaign has compromised hundreds of npm and PyPI packages by harvesting CI/CD credentials through malicious preinstall lifecycle hooks, directly enabling the Trust Wallet Chrome extension hack of December 2025 in which approximately $8.5 million was stolen from 2,520 wallets. As of June 2026, the campaign remains active through copycat variants following TeamPCP's public open-sourcing of the worm's source code on May 12–13, 2026.

A coordinated phishing campaign active in late May 2026 impersonated MetaMask by sending fake 'mandatory 2026 system upgrade' notifications via email and push alerts, directing victims to pixel-accurate clone sites that solicited a single Permit/token-approval signature draining wallets within seconds. On-chain investigator ZachXBT placed total losses at more than $9 million across 400+ addresses on Ethereum, Polygon, Arbitrum, and Base as of May 30, 2026. The campaign is part of a sustained multi-variant operation against MetaMask users that began at least as early as January 2026; MetaMask itself is an impersonation victim and is not at fault.

AudiA6 was a professional cryptocurrency mixing and laundering service that operated from 2021 until its dismantlement on June 10, 2026, in a coordinated international law enforcement operation. The service processed approximately 10,333 Bitcoin — valued at roughly $389 million at the time of transactions — for ransomware groups, darknet market operators, and other cybercriminals, charging commissions of 3–10%. Two alleged operators, Ruslan Igorevich Tkachuk (Ukrainian, 37) and Alexander Vladimirovich Ledenev (Russian, 25), were arrested in Batumi, Georgia, and face U.S. federal charges in the Eastern District of Pennsylvania carrying up to 20 years in prison each.

UNK_DeadDrop is a suspected North Korea-aligned threat actor campaign disclosed by Proofpoint on June 8, 2026, in which attackers sent more than 250 phishing emails to software developers at approximately 100 organizations — with a heavy focus on cryptocurrency firms — over a six-week period in April and May 2026. Victims were directed to actor-controlled GitHub and GitLab repositories disguised as coding assignments or code-review projects; opening these repositories silently deployed cross-platform malware including the Go-based Overlord remote-access framework and malicious VS Code extensions (VSIX) capable of stealing browser credentials, cryptocurrency wallets, and API tokens. Proofpoint tracks UNK_DeadDrop as a distinct cluster from the previously documented Contagious Interview / Lazarus campaigns, noting industrialized repository creation and an email-first delivery model as differentiating characteristics.

PT Digi Global Konsultan is an Indonesian company used as a front for an international pig-butchering cryptocurrency fraud syndicate dismantled by Central Java Police in May 2026. The operation ran from July 2025 to May 2026 out of Sukoharjo District, Central Java, defrauding at least 133 victims — predominantly US citizens — of approximately $2.33 million USD (Rp41.1 billion). Thirty-nine suspects were arrested, including foreign nationals from Nepal and Myanmar, and Indonesian authorities are collaborating with the FBI.

UNK_DeadDrop is a threat cluster designation assigned by Proofpoint Threat Research to a likely North Korea-aligned cyber threat actor that conducted a sustained phishing campaign targeting software developers between April and May 2026. The campaign used fake job offers and code-review requests linked to malicious GitHub and GitLab repositories to deliver cross-platform malware designed to steal cryptocurrency wallets and developer credentials. The actor is tracked as a distinct cluster from the previously documented Contagious Interview operation, though significant tactical and objective overlap is noted.

The Verus-Ethereum Bridge is a cross-chain infrastructure component enabling asset transfers between the Verus (VRSC) network and Ethereum. On May 18, 2026, the bridge was exploited for approximately $11.58 million through a business-logic validation flaw that allowed an attacker to withdraw far more value on the Ethereum side than was deposited on the Verus side. Following negotiations, the attacker returned approximately 75% of the stolen funds (4,052 ETH) in exchange for a 1,350 ETH bounty and an agreement to halt investigations.

Star Credit Holdings is an alleged fraudulent cryptocurrency investment firm operated by Misam M. Abidi, 47, of Nolensville, Tennessee. Federal prosecutors indicted Abidi on June 12, 2026, on an 11-count indictment covering wire fraud, money laundering, unlicensed money transmission, and tax offenses. The scheme allegedly ran from 2020 to 2024 and diverted over $1.9 million in investor funds to Abidi and his family members.

Ambient Finance (formerly CrocSwap, operated by Crocodile Labs) is a decentralized exchange protocol running its entire DEX inside a single smart contract, deployed on Ethereum and several Layer 2 networks. The project raised $6.5 million in a seed round in July 2023 from credible institutional investors including BlockTower Capital, Jane Street, and Circle Ventures. It has experienced two notable security incidents: a DNS hijacking attack in October 2024 that compromised its frontend, and an on-chain smart contract exploit in June 2026 that resulted in approximately $110,600 in losses.

Basis Markets was a UK-based project that raised approximately $28 million from retail investors in late 2021 through NFT membership sales and a BASIS token offering, marketing itself as a decentralized algorithmic hedge fund offering delta-neutral arbitrage returns. The UK Serious Fraud Office (SFO) opened a formal investigation and, on 20 November 2025, arrested two men on suspicion of fraud and money laundering in what the SFO described as its first major cryptocurrency case. The project shut down in June 2022 citing proposed US regulatory changes, and on-chain analysis by independent researchers alleged that investor funds were routed directly to founders' personal wallets rather than a project treasury.

Privvy Investments LLC was a Texas-based cryptocurrency investment company operated by Nathan Fuller of Cypress, Texas, that the SEC alleges raised approximately $12.3 million from roughly 150 investors between October 2022 and mid-2024 using false claims about proprietary AI-powered trading bots. Fuller admitted in September 2025 Texas bankruptcy proceedings that the scheme was a Ponzi operation, and the SEC filed a civil complaint against him on May 28, 2026, in the U.S. District Court for the Southern District of Texas, alleging misappropriation of at least $6.2 million for personal use and $5.5 million in Ponzi-style payouts to earlier investors.

Broox Bauer, a senior business development employee at Axiom Exchange, was publicly identified in February 2026 by on-chain investigator ZachXBT as the alleged orchestrator of an insider trading scheme running from early 2025. Bauer allegedly abused internal access to Axiom's customer support dashboard to extract private wallet data belonging to users and key opinion leaders, sharing that data with a small group to front-run trades. Axiom, a Y Combinator-backed Solana trading terminal that generated over $390 million in cumulative revenue, acknowledged the misconduct, terminated access to the relevant tools, and stated it would investigate and hold the responsible parties accountable.

Volo Protocol is a liquid staking and DeFi vaults platform built on the Sui blockchain, offering voloSUI (vSUI) as a liquid staking token and multi-asset yield vaults. In January 2024, it was acquired by NAVI Protocol, a leading Sui lending protocol. On April 22, 2026, Volo suffered a $3.5 million exploit targeting three isolated vaults holding WBTC, XAUm, and USDC; the team pledged to absorb all user losses and approximately $500,000 was frozen on-chain, while the root cause — attributed by security researchers to a compromised privileged operator key rather than a smart contract flaw — remained under investigation at time of writing.

Tether is the issuer of USDT, the world's largest stablecoin by market capitalization. The company has faced ongoing regulatory scrutiny, transparency concerns, and legal challenges regarding its reserves and business practices, though it continues to operate as a major cryptocurrency infrastructure provider.

Binance is the world's largest cryptocurrency exchange by trading volume, founded in 2017 by Changpeng Zhao (CZ). In November 2023, Binance and CZ pleaded guilty to U.S. federal charges and agreed to pay $4.3 billion in combined penalties for Bank Secrecy Act violations, unlicensed money transmission, and sanctions evasion — the largest financial penalty ever imposed on a cryptocurrency company. CZ resigned as CEO, served a four-month prison sentence in 2024, and was controversially pardoned by President Trump in October 2025. Under CEO Richard Teng, Binance has pursued an aggressive global licensing strategy while remaining subject to ongoing compliance monitoring and new civil litigation tied to terrorist financing allegations.

OKX (formerly OKEx) is one of the world's largest centralized cryptocurrency exchanges by trading volume, founded in 2017 by Mingxing 'Star' Xu and operated by Aux Cayes Fintech Co. Ltd, incorporated in the Seychelles. In February 2025 its Seychelles operating entity pleaded guilty in U.S. federal court to operating an unlicensed money transmitting business for over seven years, agreeing to pay more than $504 million in fines and forfeitures. The exchange carries a moderate-to-elevated risk profile due to this criminal conviction, a pattern of AML failures across multiple jurisdictions, and historical incidents including a 42-day withdrawal freeze in 2020; it has taken substantive remediation steps including monthly proof-of-reserves publication since 2022, a MiCA license in the EU, and a US relaunch in April 2025 under new regional leadership.

Balancer is a decentralized automated market maker (AMM) protocol on Ethereum, founded in 2018 by Fernando Martinelli and Mike McDonald, that allows multi-token liquidity pools with customizable weighting. The protocol has suffered six documented security incidents between 2020 and 2025, resulting in cumulative losses exceeding $140 million, including a catastrophic $128 million exploit in November 2025 caused by an arithmetic precision flaw in Composable Stable Pool contracts. Despite multiple audits by major firms including Trail of Bits, OpenZeppelin, and Certora, systemic smart contract vulnerabilities and a highly complex protocol architecture have repeatedly exposed user funds to loss.

Huobi, rebranded to HTX in September 2023, is a major centralized cryptocurrency exchange founded in 2013 that came under the de facto control of Tron founder Justin Sun in late 2022. The exchange has suffered three significant security incidents since September 2023, faces extensive regulatory non-compliance across multiple jurisdictions, and its proof-of-reserves methodology has been subject to credible allegations of double-counting and asset manipulation by investigative outlets.

TRON (TRX) is a blockchain platform founded by Justin Sun, ranked #8 by market cap (~$33B). The SEC filed securities fraud, market manipulation, and illegal celebrity promotion charges in March 2023, settled in March 2026 for $10 million. TRON hosted over $26 billion of $45 billion in global illicit crypto volumes in 2024 (58%). Sun's $75M investment in Trump's WLFI raised conflict-of-interest concerns, with the SEC case halted shortly after Trump's inauguration. Sun-affiliated exchanges Poloniex and HTX suffered $215M+ in combined hacks in November 2023.

Synthetix is an Ethereum-based decentralized derivatives liquidity protocol originally launched in 2017 as Havven by Australian entrepreneur Kain Warwick, rebranding in 2018 to enable the creation of synthetic assets tracking real-world prices. The protocol reached a peak total value locked during the 2021 DeFi bull market and has been a pioneer in on-chain derivatives, but has faced recurring issues including a critical oracle exploit in 2019, persistent front-running vulnerabilities, a contentious DWF Labs market-maker arrangement, and a prolonged sUSD stablecoin depeg crisis beginning in 2025 triggered by the SIP-420 protocol overhaul.

Mantle is a modular Ethereum Layer 2 network launched in July 2023, emerging from a merger of the BitDAO DAO and the Mantle L2 project. The MNT token was converted 1:1 from BitDAO's BIT token following a May 2023 community vote. The protocol holds a treasury of over $6 billion in assets and ranked approximately #43 by market cap as of mid-2026, but carries notable centralization risks including a single sequencer, zero-delay contract upgrade capability, and deep strategic and financial dependence on Bybit, the centralized exchange that held approximately 60% of the initial BIT token supply and suffered a $1.5 billion North Korean hack in February 2025.

Berachain is an EVM-identical Layer 1 blockchain launched on February 6, 2025, built around a novel 'Proof of Liquidity' (PoL) consensus mechanism designed to align validators, applications, and users around on-chain economic activity. The project raised $142 million across two funding rounds, achieved a peak TVL of over $3.3 billion at mainnet launch, and distributed approximately 79 million BERA tokens via airdrop. Since launch, the project has faced significant controversies including alleged insider token selling by a co-founder, a preferential refund arrangement for institutional investor Brevan Howard, a $12.8 million BEX exploit requiring an emergency hard fork in November 2025, and a prolonged token price decline of over 97% from its all-time high.

Token of Power (TOP) is an Ethereum-based ERC-20 governance token created in March 2021 as a financial art experiment built around fractionalized ownership of a MetaMask-themed NFT, with liquidity and governance managed through a Balancer V1 pool and an Aragon DAO. On June 9, 2026, the project suffered a catastrophic governance-takeover exploit in which an attacker acquired a majority of the token's 16,384-token supply, used the Aragon DAO's absence of timelock protections to create, vote on, and execute a malicious proposal in a single transaction, minted 10 billion new TOP tokens, and drained 944.2 WETH (approximately $1.58 million) from the Balancer V1 liquidity pool. Stolen funds were laundered through Tornado Cash and no official project response had been issued as of June 10, 2026.

LayerZero is a major omnichain interoperability protocol operated by LayerZero Labs, deployed across 130+ blockchains and processing over 200 million cross-chain messages as of early 2026. The protocol gained institutional backing from Citadel Securities, ARK Invest, Tether, and Sequoia Capital, and is the infrastructure behind USDT0, which processed over $70 billion in cross-chain USDT transfers. In April 2026, LayerZero's off-chain DVN infrastructure was compromised via a social engineering attack attributed to North Korea's Lazarus Group (TraderTraitor), enabling the $292 million KelpDAO rsETH bridge exploit — the largest DeFi hack of 2026 — and triggering a multi-billion-dollar client exodus to competing bridge providers.

Gala Games is a blockchain gaming platform founded in 2019 by Eric Schiermeyer (co-founder of Zynga) and Wright Thurston, issuing the GALA utility and governance token. The company has been beset by a high-profile inter-founder legal dispute alleging $130 million in token theft, a May 2024 smart contract exploit in which 5 billion GALA tokens worth approximately $200–240 million were minted by a compromised admin wallet, and co-founder Wright Thurston's prior SEC lawsuit over an unrelated $18 million unregistered securities offering. These compounding governance failures, security incidents, and legal controversies place the platform among the more heavily scrutinized projects in the blockchain gaming sector.

Gate.io (formerly Bter.com) is a centralized cryptocurrency exchange founded in 2013 by Han Lin, serving over 30 million users across 224 countries. The exchange has been flagged by on-chain investigator ZachXBT for allegedly concealing a $230 million hack attributed to North Korean state-sponsored hackers (Lazarus Group) that occurred in April 2018 and was never publicly disclosed to users. Additional concerns include a manipulated futures price feed incident causing millions in user losses in 2025, an AML-based ban by India's Financial Intelligence Unit in 2024, persistent user complaints about frozen withdrawals, and alleged wash trading activity inflating reported volumes.

Balancer V2 is a decentralized automated market maker (AMM) protocol launched in 2021 on Ethereum and multiple chains that separates AMM logic from token custody via a central Vault architecture. The protocol has experienced at least four documented security incidents across its V1 and V2 deployments, including a November 2025 exploit that drained approximately $128 million and directly led to the dissolution of Balancer Labs, the corporate entity behind the protocol, announced in March 2026.

Meteora is a Solana-based decentralized exchange and liquidity protocol, originally founded as Mercurial Finance before rebranding in 2023. Its co-founder Benjamin Chow resigned in February 2025 amid allegations that the platform's infrastructure was used to orchestrate coordinated pump-and-dump schemes across at least 15 tokens including LIBRA, MELANIA, M3M3, ENRON, and TRUST, causing an estimated $69 million or more in retail investor losses. Multiple class-action lawsuits are active in the Southern District of New York asserting fraud, RICO violations, and market manipulation; the protocol also issued a $4.2 million MET token airdrop to wallets linked to the Trump team hours after the amended complaint was filed, with all tokens immediately sent to OKX.

THORChain is a decentralized cross-chain liquidity protocol that enables native asset swaps across blockchains without wrapped tokens, using its RUNE token as settlement collateral. Since its mainnet launch, the protocol has suffered three significant exploit events totaling over $25 million in losses, became the primary laundering conduit for North Korea's Lazarus Group following the 2025 Bybit hack ($1.2 billion routed through the network), and its THORFi lending product collapsed in January 2025 with approximately $200 million in user funds frozen. The protocol faces ongoing legal action from creditors, has lost key developers over ethical disputes about blocking illicit transactions, and experienced a further $10.8 million vault breach in May 2026.

Linea is a zkEVM Layer 2 rollup built by Consensys that launched on Ethereum mainnet in July–August 2023 and uses a proprietary zk-SNARK proving library called gnark. The network is classified as Stage 0 by L2BEAT, operates a single centralized sequencer with no permissionless fallback, and demonstrated this centralization risk in June 2024 when it unilaterally halted block production during the Velocore DEX hack. The LINEA token launched in September 2025 and suffered a 93% price collapse within hours amid a delayed community airdrop contract, sequencer outage, and allegations of treasury wallet selling pressure.

Gemini is a New York-based cryptocurrency exchange and custodian bank founded in 2015 by Cameron and Tyler Winklevoss, regulated under a NYDFS Limited Purpose Trust Charter. The exchange gained significant notoriety following the collapse of its Gemini Earn lending program in late 2022, which left approximately 340,000 users with roughly $900 million in frozen assets; subsequent SEC and NYDFS enforcement actions were resolved by early 2024 and 2026 respectively with full customer restitution. Gemini went public on the Nasdaq in September 2025 under the ticker GEMI, but its stock has since declined more than 80% amid deepening losses, executive departures, mass layoffs, and a contested post-IPO strategic pivot to prediction markets.

Bitget is a Seychelles-incorporated centralized cryptocurrency exchange founded in 2018, offering spot, futures, and copy trading to a claimed user base exceeding 150 million. While the exchange has never suffered a direct hack of user funds and publishes monthly proof-of-reserves attestations, it faces a pattern of serious regulatory actions across multiple jurisdictions — including blacklisting by France's AMF, warnings from Australia's ASIC and Japan's FSA, and a ban by the Philippines SEC — and has attracted allegations from blockchain investigator ZachXBT that it knowingly enabled supply-control market manipulation schemes targeting retail traders in 2026.

LayerZero is an omnichain messaging protocol developed by LayerZero Labs that enables cross-chain communication across 90+ blockchains. On April 18, 2026, a $292 million exploit of the KelpDAO rsETH bridge — the largest DeFi hack of 2026 — exposed a critical single-point-of-failure in the protocol's Decentralized Verifier Network (DVN) configuration, attributed by LayerZero to North Korea's TraderTraitor (Lazarus Group). LayerZero initially blamed KelpDAO for the configuration before reversing course in May 2026 and admitting fault, triggering a mass client exodus exceeding $1 billion in migrated assets.

Axiom (axiom.trade) is a Y Combinator-backed Solana trading terminal launched in January 2025 by co-founders Henry Zhang and Preston Ellis. The platform grew rapidly to become the dominant Solana memecoin trading interface, generating over $300 million in fees within 263 days. In February 2026, crypto investigator ZachXBT published an exposé alleging that multiple Axiom employees abused internal 'admin dashboard' access controls to surveil private user wallet data and conduct insider trading over a period of approximately 13 months.

KuCoin is a global cryptocurrency exchange founded in 2017 that has accumulated one of the most serious regulatory and security records in the industry. The exchange suffered a $285 million hot-wallet hack in September 2020 attributed to North Korea's Lazarus Group, and in January 2025 pleaded guilty to operating an unlicensed money transmitting business in the United States, agreeing to pay over $297 million in fines and forfeitures and exit the US market for at least two years. On-chain investigator ZachXBT has publicly alleged that KuCoin continues to enable illicit fund flows by ignoring victim and law enforcement requests.

Polkadot (DOT) is a multi-chain protocol founded by Gavin Wood, ranked #41 by market cap (~$2.3B). The project faces significant headwinds: a $133M treasury overspending crisis (projected 2-year depletion), the 2017 Parity wallet freeze that locked ~$98M of ICO proceeds, an April 2026 Hyperbridge exploit minting $1B in fake bridged DOT (losses ~$2.5M), and steep ecosystem decline with active parachains dropping from 200+ to ~30. No SEC enforcement actions exist, and ETF applications are under review.

Raydium is an automated market maker (AMM) and decentralized exchange built on the Solana blockchain, launched in February 2021 and widely regarded as Solana's primary liquidity hub. On December 16, 2022, the protocol suffered a major security incident in which an attacker compromised an admin private key — suspected to be via a trojan on a team virtual machine — and drained approximately $4.4 million from eight constant product liquidity pools. Raydium responded with a patched program, a community-approved compensation plan funded by team-held RAY tokens, and has since migrated authority to a Squads multisig with hardware wallet and timelock protections.

Scroll is an Ethereum Layer 2 ZK rollup that launched its mainnet in October 2023, offering bytecode-level EVM compatibility via zero-knowledge proofs. The project raised $83 million in venture funding and launched its SCR governance token in October 2024, but faced significant community backlash over airdrop distribution mechanics, concentrated whale allocations, and a 32% same-day price decline. By early 2026, Scroll's TVL had collapsed approximately 96% from its peak and the project triggered further controversy by proposing to dissolve its Security Council and reduce DAO contributor roles.

Cosmos Hub (ATOM) is the flagship chain of the Cosmos ecosystem, built on Tendermint/CometBFT with IBC protocol. Founded by Jae Kwon and Ethan Buchman, the project has endured severe governance crises: ATOM 2.0 rejected (37.4% NoWithVeto), Jae Kwon's AtomOne fork, a no-confidence vote against ICF leadership, and North Korean-linked developers contributing to the Liquid Staking Module. ATOM was named a security in SEC lawsuits against Binance and Kraken (both dropped without adjudication). Three critical IBC vulnerabilities were disclosed but patched without exploitation. Ecosystem health is declining with key projects departing.

Phantom Wallet is a self-custody, non-custodial cryptocurrency wallet developed by Phantom Technologies, Inc., headquartered in San Francisco. Originally launched in 2021 as a Solana-focused browser extension, it has expanded to support Ethereum, Bitcoin, Polygon, Base, and Sui across browser extensions and mobile apps, with approximately 15 million monthly active users and $25 billion in self-custodied assets as of early 2025. The company is well-funded and has engaged constructively with US regulators, though it faces an active civil lawsuit alleging a browser-extension security flaw, and its users have been materially targeted by phishing impersonators and fake app-store clones.

Ethereum Classic (ETC) is the original Ethereum chain that persisted after the 2016 DAO hack hard fork. It has suffered three documented 51% attacks totaling over $7M in double-spend losses (2019 and 2020), has minimal DeFi ecosystem depth (~$150K TVL), and faces unresolved governance controversy over the Olympia treasury proposal. Post-Merge hashrate improvements have raised the cost of attack substantially. Grayscale's ETCG trust is SEC-filed with ~$283M NAV. No explicit SEC/CFTC classification exists for ETC.

Monero (XMR) is a legitimate, open-source, community-funded privacy cryptocurrency launched in 2014 with no premine and a clean protocol-level security track record. However, it carries significant third-party risk: Archetyp Market ($267M, Monero-exclusive) was dismantled by DOJ/Europol in June 2025; $330M+ in stolen BTC was laundered via XMR in 2025; Binance, Kraken EEA, OKX, and 60+ exchanges have delisted it; and the EU AMLR bans CASP handling of privacy coins by July 2027. Former lead maintainer Riccardo Spagni faces 378 fraud/forgery charges in South Africa (pre-dating Monero).

Upbit is South Korea's largest cryptocurrency exchange by trading volume, operated by Dunamu and commanding approximately 70–80% of the domestic market. The exchange has suffered two significant security breaches — a $49M ETH theft in 2019 and a $36M Solana breach in November 2025, both attributed to North Korea's Lazarus Group — and has faced substantial regulatory sanctions including a $25M AML/KYC fine and a court-contested three-month partial business suspension. While Upbit has consistently reimbursed users from its own assets after security incidents and retains official VASP registration, its pattern of compliance failures, market dominance concerns, and repeated hacks present elevated risk.

On April 9, 2023, SushiSwap's RouteProcessor2 contract — deployed just one day earlier across 14 blockchain networks — was exploited due to a failure to validate user-supplied pool addresses, allowing an attacker to redirect token transfers from wallets that had approved the contract. Approximately $3.3 million (roughly 1,800 WETH) was drained, with a single high-profile victim (@0xsifu) accounting for the majority of losses. Whitehat security teams front-ran further exploitation and recovered over $750,000, while SushiSwap committed to making all affected users whole through a two-tier compensation process.

HTX, formerly Huobi Global, is one of the world's largest centralized cryptocurrency exchanges by trading volume, rebranded in September 2023 under the influence of TRON founder Justin Sun. On May 26, 2026, the UK Foreign, Commonwealth and Development Office designated Huobi Global S.A. — the Panama-registered legal entity behind the exchange — under Regulation 17A of the Russia (Sanctions) (EU Exit) Regulations 2019, making HTX the first major global crypto exchange to receive banking-style sanctions from UK authorities. Blockchain analytics firms TRM Labs and Elliptic documented over $4.9 billion in direct flows from HTX to sanctioned Russia-linked entities since 2021, and UK authorities allege the platform channeled over $1.5 billion to Russia through connections to previously sanctioned entities Garantex and the A7 payments network.

Starknet is a permissionless ZK-rollup Layer 2 network on Ethereum, developed by Israeli cryptography firm StarkWare Industries. It uses STARK-based validity proofs and the Cairo programming language to scale Ethereum throughput. The project launched its STRK token in February 2024 and reached L2Beat Stage 1 decentralization in May 2025, but has faced significant community criticism over its airdrop eligibility criteria and an early, aggressive token unlock schedule for investors and early contributors.

Blast is an Ethereum Layer 2 optimistic rollup that launched in November 2023, distinguished by its 'native yield' mechanism routing bridged ETH and stablecoins through Lido and MakerDAO respectively. Founded by Tieshun Roquerre ('Pacman'), the creator of the Blur NFT marketplace, Blast raised $20 million from Paradigm and others, attracted over $2 billion in TVL before its February 2024 mainnet launch, and airdropped the BLAST token in June 2024. The network has since experienced a dramatic decline, losing approximately 97% of its peak TVL and facing persistent criticism over centralization, lack of fraud proofs, a controversial airdrop distribution, and multiple high-profile exploits on ecosystem applications.

Raydium is a leading Solana-based automated market maker (AMM) and decentralized exchange (DEX) launched in February 2021 by a pseudonymous team. On December 16, 2022, a compromise of the protocol's admin private key enabled an attacker to drain approximately $4.4 million from eight liquidity pools; the stolen funds were subsequently laundered through Tornado Cash in January 2023. The team implemented a phased compensation plan and post-incident security upgrades, including migration of admin authority to a Squads multisig, but the incident exposed significant centralization risks that were not apparent prior to the exploit.

KyberSwap is a multi-chain decentralized exchange aggregator and concentrated liquidity protocol operated by Kyber Network. On November 22, 2023, its Elastic liquidity pool contracts were exploited via a sophisticated tick-manipulation and liquidity double-counting attack, resulting in approximately $48.8 million in losses across 13 chains. The alleged attacker, Canadian national Andean Medjedovic, subsequently attempted to extort full corporate and governance control of Kyber Network in exchange for returning 50% of stolen funds; he was indicted by the U.S. Department of Justice in February 2025 and remains a fugitive.

Gala Games is a blockchain gaming platform founded in 2019 by Eric Schiermeyer and Wright Thurston whose GALA token has been at the center of two major controversies: a 2023 civil lawsuit alleging Thurston stole 8.6 billion GALA tokens (~$130M) from company wallets, and a separate May 2024 smart contract exploit in which an unauthorized minter minted 5 billion tokens worth approximately $200M. Both co-founders have filed competing civil suits alleging misappropriation of hundreds of millions of dollars, while Thurston also faces an unrelated SEC fraud action over a separate crypto mining venture.

Celestia is a modular blockchain network that provides a dedicated data availability (DA) and consensus layer for rollups and application-specific chains, using data availability sampling to allow light nodes to verify block data without downloading full blocks. Developed by Celestia Labs and launched on mainnet on October 31, 2023, the project raised $155 million from prominent venture capital firms including Bain Capital Crypto and Polychain Capital. The project has faced significant controversy over its tokenomics, alleged insider token selling, and a 95%+ decline in the TIA token from its June 2024 all-time high of approximately $20.91.

Helium Mobile is a Mobile Virtual Network Operator (MVNO) launched by Nova Labs, Inc. in 2023, marketed as the world's first crypto-powered consumer cellular service. It provides coverage primarily via T-Mobile's wholesale 5G network, supplemented by a community-built Wi-Fi hotspot layer, and issues MOBILE token rewards to subscribers and hotspot operators. Parent company Nova Labs settled a $200,000 SEC fraud charge in April 2025 over misrepresentations made to investors about enterprise partnerships, while the MOBILE token has been deprecated in favor of HNT under community governance proposal HIP 138.

BitMEX (Bitcoin Mercantile Exchange) is a cryptocurrency derivatives exchange founded in 2014 by Arthur Hayes, Ben Delo, and Samuel Reed that pioneered the perpetual swap contract and at its peak was one of the largest crypto derivatives platforms in the world. In October 2020, the CFTC and DOJ charged the exchange and its co-founders with operating an unregistered trading platform and willfully failing to implement anti-money laundering and know-your-customer programs in violation of the Bank Secrecy Act. All three co-founders subsequently pleaded guilty, the exchange paid a $100 million civil settlement, and in March 2025 the founders and the corporate entity received presidential pardons from Donald Trump.

On February 4, 2021, an attacker exploited Yearn Finance's v1 yDAI vault using a multi-protocol flash loan to manipulate exchange rates in Curve Finance's 3pool, causing approximately $11 million in vault losses while the attacker personally profited roughly $2.8 million. Yearn Finance's security team contained the exploit within eleven minutes, preserving $24 million of the vault's $35 million under management. Yearn subsequently reimbursed affected depositors by minting 9.7 million DAI against YFI collateral in a MakerDAO vault, with the intent to repay the debt from ongoing protocol revenue.

Curve Finance is a major decentralized exchange (DEX) on Ethereum optimized for stablecoin and pegged-asset trading, operating since January 2020. On July 30, 2023, a latent vulnerability in the Vyper smart-contract compiler (versions 0.2.15, 0.2.16, and 0.3.0) was exploited across multiple Curve liquidity pools, draining approximately $70 million and triggering a near-systemic crisis when the resulting CRV price drop threatened to cascade-liquidate founder Michael Egorov's heavily collateralized on-chain loans. Roughly 73% of stolen funds were ultimately recovered or returned, and in December 2023 the Curve DAO voted to disburse approximately $49 million in compensation to affected liquidity providers.

Circle Internet Group (NYSE: CRCL) is the issuer of USDC, the second-largest stablecoin by market capitalization at approximately $78 billion in circulation as of May 2026. Circle operates under a strict court-order-only freeze policy that drew intense scrutiny following the April 2026 Drift Protocol hack, in which $232 million in USDC was bridged via Circle's own Cross-Chain Transfer Protocol (CCTP) over six hours without intervention, despite Circle being alerted within an hour. The resulting McCollum v. Circle class action, Drift's subsequent switch to USDT, on-chain analyst ZachXBT's documentation of $420 million in alleged prior missed freezes, and an AMLBot report showing Tether freezes assets at roughly 30 times Circle's rate have placed Circle's compliance posture at the center of a significant policy debate.

ZKsync is an Ethereum Layer 2 scaling protocol built on zero-knowledge rollup technology, developed by Matter Labs, which has raised approximately $458 million in venture capital. The protocol has faced multiple significant controversies including a $5 million airdrop contract exploit in April 2025, a contentious 2024 token airdrop marred by sybil attack failures and community backlash, a South Korean regulatory probe into alleged price manipulation, compromised social media accounts spreading false SEC investigation claims, and an intellectual property theft lawsuit filed against Matter Labs by defunct firm BANKEX. User funds in the core protocol have not been directly compromised, but the pattern of incidents has substantially eroded community trust.

Ankr is a Web3 infrastructure and liquid staking protocol founded in 2017, providing RPC endpoints for over 75 blockchains and BNB Chain-based liquid staking products. In December 2022, a former employee executed a supply chain attack that compromised Ankr's private deployer key, enabling unlimited minting of aBNBc tokens and resulting in approximately $5 million in direct losses, with cascading secondary losses of roughly $19 million through Helio Protocol's HAY stablecoin depeg. Ankr subsequently compensated affected users, implemented multi-signature controls, and continues to operate, though questions persist over the completeness of user reimbursement.

SushiSwap is a decentralized exchange (DEX) and DeFi protocol launched in August 2020 as a fork of Uniswap, offering an automated market maker (AMM), governance token (SUSHI), and multi-chain liquidity pools. The protocol has endured a series of serious controversies spanning its entire history: a founding exit-scam attempt by anonymous creator Chef Nomi, early operational control handed to convicted fraudster Sam Bankman-Fried, an SEC subpoena issued to the protocol and its CEO in 2023, a $3.3 million smart contract exploit the same year, allegations that North Korean IT workers were embedded in its developer team, disputed DAO treasury centralization in 2024, and a governance process in late 2025 where a single wallet controlled 99.9% of a vote. TVL has declined approximately 98.7% from its 2022 peak of over $8 billion to roughly $100 million as of late 2025.

Wormhole Bridge is a cross-chain messaging and token bridge protocol originally developed by Certus One, later owned by Jump Crypto, enabling asset transfers between Solana, Ethereum, and other blockchains. On February 2, 2022, an attacker exploited a signature verification flaw in the Solana-side smart contract to fraudulently mint 120,000 wrapped ETH (wETH) worth approximately $320–326 million without posting collateral, making it the second-largest DeFi exploit in history at the time. Jump Crypto replenished the stolen ETH within 24 hours to prevent ecosystem collapse, and a court-authorized counter-exploit in February 2023 recovered approximately $140 million of the remaining stolen funds.

Loopring is an Ethereum Layer-2 zkRollup-based decentralized exchange protocol founded in 2017 by Daniel Wang. The protocol suffered a critical June 2024 security breach in which an attacker compromised the Official Guardian two-factor authentication server, draining approximately $5 million from 58 smart wallet accounts. Subsequent to the hack, Loopring wound down its consumer wallet product, shut down DeFi services, lost listings on major exchanges including Binance, Upbit, and Bithumb, and saw its CEO resign in August 2025, leaving the project's long-term viability in serious question.

TD Bank is a major North American financial institution formed in 1955 from the merger of two Canadian banks. In October 2024, the bank faced historic penalties totaling over $3 billion after pleading guilty to money laundering conspiracy charges, resulting in severe business restrictions and regulatory oversight.

VeChain (VET) is an enterprise-focused Layer-1 blockchain founded by Sunny Lu (former CIO of Louis Vuitton China). Launched in 2015 as a subsidiary of Bitse, rebranded and mainnet launched in 2018. The VeChain Foundation's buyback wallet was hacked in December 2019 due to employee negligence, losing 1.1 billion VET (~$6.5M). The Foundation held 27.3% of total token supply as of September 2019. VeChain's official X account was compromised in January 2024 for a scam giveaway. The blockchain has built-in fund freezing capabilities. Enterprise partnerships include Walmart China, BMW, and UFC. VeChain was among the first to proactively comply with MiCAR regulations.

Ondo Finance is a real-world asset (RWA) tokenization protocol founded in 2021 by former Goldman Sachs executives Nathan Allman and Justin Schmidt. The platform offers tokenized exposure to U.S. Treasury securities (OUSG, USDY) and, since September 2025, a broader set of tokenized equities via Ondo Global Markets. The protocol held over $1.8 billion in TVL as of late 2025 and received formal notice in November 2025 that a two-year SEC investigation had been closed without charges.

1inch is a decentralized exchange (DEX) aggregator and liquidity protocol founded in 2019 by Sergej Kunz and Anton Bukov, operating across Ethereum and multiple EVM-compatible chains. The platform has experienced a series of security incidents between late 2024 and mid-2025, including a front-end supply chain attack, a private key compromise, a $5 million Fusion v1 resolver exploit, and a separate $5.87 million attack on a partner resolver — raising questions about operational security and smart contract lifecycle management. Additional concerns include alleged connections between co-founder Anton Bukov and the Russian FSS Academy, governance centralization risks, and sustained token value erosion since the 2021 peak.

HTX (formerly Huobi Global) is one of the world's largest cryptocurrency exchanges, rebranded in September 2023 following the de facto acquisition of Huobi by interests linked to Justin Sun in late 2022. The exchange has suffered at least three significant security incidents totaling over $130 million in losses since September 2023, and in May 2026 was sanctioned by the UK government for alleged facilitation of Russian sanctions evasion — the first such crypto-exchange designation under the UK Russia sanctions framework. HTX also faces FCA legal proceedings over illegal financial promotions to UK consumers, has withdrawn its Hong Kong licensing applications twice, and has been publicly criticized for opaque reserve practices.

Deribit is a crypto options and futures exchange founded in 2016 in the Netherlands by John and Marius Jansen, historically operated through a Panama-registered entity and now licensed under Dubai's VARA framework as Deribit FZE. The exchange suffered a $28 million hot wallet compromise on November 1, 2022, covering the loss entirely from its own balance sheet. Coinbase completed the acquisition of Deribit for approximately $2.9 billion on August 14, 2025, making it a subsidiary of a publicly traded, NASDAQ-listed U.S. company.

Flow is a layer-1 proof-of-stake blockchain created by Dapper Labs, the company behind NBA Top Shot and CryptoKitties, with FLOW as its native token. The project has faced a serious 2025 protocol-level exploit ($3.9M stolen), a controversial rollback proposal that drew community backlash, multiple rounds of company layoffs, a $4M securities class-action settlement, a separate $7.05M privacy lawsuit settlement, SEC investigation, and delisting from major South Korean exchanges following the breach. The FLOW token has lost over 99% of value from its April 2021 all-time high of $46.16, trading near $0.033 as of mid-2026.

Internet Computer (ICP) is a layer-1 blockchain protocol developed by the DFINITY Foundation, designed to host decentralized applications and web services natively on a distributed compute network. The protocol launched publicly in May 2021 and attracted significant controversy after its token lost approximately 95% of its value within weeks of listing, coinciding with on-chain evidence of large-scale token transfers from addresses linked to project insiders and the foundation treasury. Multiple class-action lawsuits alleging unregistered securities sales and market manipulation were subsequently dismissed on procedural grounds rather than their merits. The protocol remains operational with ongoing development activity, a 2026 tokenomics reform (Mission 70), and a ~$1.7 billion market capitalization as of May 2026.

Audius is a decentralized music streaming protocol and its native AUDIO token, launched in 2020 on Ethereum and subsequently migrated to Solana. On July 23, 2022, an attacker exploited a critical re-initialization vulnerability in Audius governance smart contracts, draining 18.56 million AUDIO tokens (valued at approximately $6 million at the time) from the community treasury before swapping them for approximately $1.08 million in ETH via Uniswap and routing funds through Tornado Cash. The platform has continued to operate since the exploit, deploying patched contracts and expanding user and artist partnerships, but the AUDIO token has declined approximately 99.6% from its all-time high and the exploit raised serious questions about audit quality.

Gate.io (rebranded to Gate.com in May 2025) is a major global cryptocurrency exchange founded in 2013 as Bter.com by Lin Han, currently incorporated in the Cayman Islands and serving over 52 million users across more than 4,600 assets. The exchange has faced significant scrutiny including an alleged undisclosed $230 million hack in 2018 attributed to North Korean state actors, a 2025 public notice from the Cayman Islands Monetary Authority (CIMA) confirming it has never been licensed in its ostensible home jurisdiction, and a pattern of user complaints regarding account freezes, withdrawal blocks, and a disputed $LA futures incident in 2025. The exchange publishes monthly proof-of-reserves reports audited by Hacken and holds licenses in several jurisdictions including Malta (MiCA), Dubai (VARA), Cyprus (CySEC), and Australia (AUSTRAC).

Solana is a high-performance blockchain platform that has experienced significant technical instability, ecosystem fraud, and regulatory challenges since its 2020 launch. While positioned as an "Ethereum killer," the network has suffered from multiple outages, massive meme coin scams, and legal scrutiny regarding its centralization and potential securities classification.

Bottled water contains significantly more micro- and nanoplastics than previously thought. Each time you screw a plastic bottle cap on and off, it generates 553 microplastic par…

Wormhole is a cross-chain messaging and token bridge protocol enabling interoperability across more than 30 blockchain networks, originally developed by Certus One and later backed by Jump Crypto. On February 2, 2022, Wormhole suffered a $326 million exploit — the largest hack in Solana ecosystem history at the time — when an attacker exploited a deprecated Solana function to forge guardian signatures and mint 120,000 wETH without locking any collateral. Jump Crypto immediately replenished the stolen funds to keep users whole, and the project subsequently raised $225 million at a $2.5 billion valuation, separated from Jump Trading as an independent entity, and launched the W governance token in April 2024; as of 2026, the stolen funds remain substantially unrecovered despite a partial $140 million counter-exploit via English court order.

Superteam is a community-run talent network and grant accelerator operating as the contributor layer of the Solana ecosystem, founded by Tanmay Bhat and Akshay BD and active across 23+ global chapters. The organization has been flagged for investigation by ZachXBT, though no published, verifiable ZachXBT post or report specifically naming Superteam as a fraudulent entity was located during this investigation; the exact nature and basis of that flag remains unconfirmed. Separately, Superteam Earn — the organization's public freelance bounty and job platform — operates within a segment of the Solana ecosystem that regulators, Google Cloud threat intelligence, and on-chain investigators have identified as systematically targeted by DPRK-linked IT workers using false identities.

THORChain is a decentralized cross-chain liquidity protocol built on the Cosmos SDK that enables native asset swaps across major blockchains without wrapped tokens. The protocol has suffered at least six significant security incidents since 2021, including a May 15, 2026 exploit in which a malicious validator node exploited a GG20 threshold signature scheme vulnerability to drain approximately $10.7–10.8 million across nine chains. THORChain has also faced documented use by the North Korean Lazarus Group as a primary money laundering channel, a $200 million insolvency crisis in early 2025 requiring a debt-to-equity restructuring, and ongoing questions about its permissionless design and unwillingness to block illicit flows.

Yearn Ether (yETH) is a liquid staking token aggregation vault developed by Yearn Finance, launched under YIP-72 as a self-governed, permissionless product. On November 30, 2025, the yETH weighted stableswap pool was exploited via an arithmetic underflow and stale cache vulnerability, resulting in approximately $9 million in losses — the third major security incident involving a Yearn product since 2021. Approximately $2.4 million was partially recovered; roughly $6.6 million remains unrecovered, with a significant portion laundered through Tornado Cash.

Drift Protocol is a decentralized perpetual futures exchange built on the Solana blockchain, founded in 2021 by Cindy Leow, David Lu, and co-founders. The protocol has experienced two significant security incidents: a $14.5 million PnL accounting bug in May 2022 triggered by the LUNA collapse (fully reimbursed), and a catastrophic $285–286 million exploit on April 1, 2026, attributed with medium-high confidence to the North Korean state-sponsored threat actor UNC4736 (also tracked as Lazarus Group, AppleJeus, and Citrine Sleet), which constituted the largest DeFi hack of 2026. A $295 million recovery plan involving Tether-led financing and user-issued recovery tokens was announced in May 2026; a class action lawsuit was simultaneously filed against Circle Internet Financial.

Hyperliquid suffered a documented ecosystem incident with reported losses of $37K on Arbitrum. This page tracks DeFiLlama's record of the event.

Curve Finance is a major decentralized exchange and automated market maker (AMM) on Ethereum, optimized for low-slippage swaps of pegged assets such as stablecoins. On July 30, 2023, several of its liquidity pools were drained of approximately $70 million due to a reentrancy vulnerability in the Vyper smart contract compiler (versions 0.2.15, 0.2.16, and 0.3.0), one of the largest DeFi exploits of 2023. Separately, founder Michael Egorov's practice of using large CRV holdings as loan collateral across multiple DeFi protocols created systemic risk that culminated in a $140 million liquidation event in June 2024, generating over $10 million in bad debt across connected protocols.

Yearn Finance is a decentralized yield aggregator on Ethereum that routes user deposits into lending protocols to maximize returns. Founded by Andre Cronje in 2020, the protocol has suffered at least four documented security exploits between 2021 and 2025, with aggregate losses exceeding $20 million, and its founder departed in 2022 citing sustained pressure from an SEC investigation. Governance concerns, an interconnected web of affiliated DeFi protocols implicated in their own major hacks, and repeated failures to deprecate vulnerable legacy code compound the protocol's risk profile.

LetsBonk.fun, later rebranded as Bonk.fun, is a Solana-based memecoin launchpad launched on April 25, 2025 by the BONK community in partnership with Raydium Protocol. The platform rose to capture over 78% of Solana launchpad market share at its mid-2025 peak before experiencing steep decline, and suffered a domain hijack and wallet-drainer attack in March 2026. The platform's permissionless token creation model, built-in multi-wallet bundler tooling, and community reports alleging the platform hosted 'KOL-backed bundled scams' present elevated risk for retail investors.

AFI Protocol (Artificial Financial Intelligence) is a DeFi infrastructure project building Proof-of-Reserve systems for Real-World Assets (RWAs) on Ethereum, offering yield-bearing ERC-4626 vaults backed by tokenized off-chain collateral. The protocol reported over $225 million in total value locked as of mid-2026 and maintains institutional partnerships with Multipli, Pendle, Morpho, and others. On May 30, 2026, the protocol suffered a $480,000 exploit targeting its afiUSD vault, with stolen funds partially laundered through Tornado Cash; recovery efforts were ongoing as of June 2026.

Faris Ali (legal name reported as Faris Hassan in court proceedings) is a UK teenager from Sheffield who, at age 16, orchestrated a violent home-invasion robbery in Hoxton, East London on June 17, 2024, in which three masked attackers posing as Amazon delivery couriers forced a victim at knifepoint to transfer over $4.3 million in cryptocurrency. Blockchain investigator ZachXBT publicly exposed Ali in October 2024 through on-chain forensics and leaked Telegram chat logs; the Metropolitan Police recovered nearly all stolen funds within 72 hours. Ali and two accomplices were sentenced to a combined 16 years in youth detention at Sheffield Crown Court in November 2025.

Meteora is a Solana-based decentralized exchange and liquidity protocol that originated from Mercurial Finance in early 2023. Its co-founder Benjamin Chow resigned in February 2025 amid allegations of insider manipulation across at least 15 token launches, including M3M3, LIBRA, MELANIA, ENRON, and TRUST. Two separate federal class-action lawsuits filed in the Southern District of New York allege that Chow, Meteora, and co-defendants Kelsier Labs LLC collectively orchestrated pump-and-dump schemes causing at least $69 million in investor losses.

LAB is a Dubai-based AI trading terminal project whose native token surged over 350% in 72 hours to a $6 billion fully diluted valuation in May 2026 before collapsing 77% on June 2, 2026, erasing roughly $6 billion in market value. On-chain investigator ZachXBT published findings in May 2026 alleging that insiders — including founder Vova Sadkov (Vladimir Sadkov) and co-founder Mark X — controlled over 95% of the token's circulating supply through opaque OTC loans, unilateral vesting changes, and coordination with Bitget exchange infrastructure. No formal regulatory action has been confirmed as of June 2026; Sadkov and the LAB team did not issue a public rebuttal to the allegations.

ApeMars (APRZ) was an ERC-20 meme token that raised $532,969.34 from 1,884 presale investors across 23 stages before listing on Uniswap on June 6, 2026. On June 7, 2026, the APRZ/WETH price collapsed 99.95% — from $0.00580 to $0.00000032 — in minutes across only 11 trades as ETH was removed from the Uniswap liquidity pool, consistent with a coordinated liquidity drain. The project's official X account was suspended simultaneously, no team statement has been issued as of the investigation date, and approximately $532K in raised presale funds remain unaccounted for.

Syscoin Bridge is the cross-chain bridge infrastructure connecting Syscoin's UTXO chain and its Network Enhanced Virtual Machine (NEVM) EVM-compatible layer. In June 2026, an attacker exploited a proof-validation parsing flaw in the bridge relay, minting approximately 5 billion unauthorized SYS tokens valued at roughly $10 million and inflating the circulating supply by an estimated 568 percent. The bridge was paused immediately and the attacker subsequently returned the funds following private whitehat negotiations, though the incident raised serious questions about audit coverage of the relay component.

PlusToken was a cryptocurrency Ponzi scheme that defrauded an estimated 3 million investors of between $2 billion and $3 billion in digital assets.

Bitget is a centralized cryptocurrency exchange founded in 2018 and registered in the Seychelles, serving a self-reported user base in the tens of millions and recording $8.17 trillion in derivatives trading volume in 2025. Since April 2026, on-chain investigator ZachXBT has publicly alleged that Bitget functions as a node in a 'Chinese CEX cartel,' enabling a pattern of insider token supply manipulation across at least four named tokens (RAVE, RIVER, SIREN, and LAB) while naming Bitget's non-public-facing founder Shawn Liu as the alleged operative behind the schemes. No regulatory enforcement action had been filed as of June 2026, and neither Bitget nor Liu had publicly responded to the allegations.

On January 31, 2026, Step Finance, a Solana-based portfolio tracking and DeFi analytics platform, suffered a treasury theft in which an attacker drained approximately 261,854 SOL (valued at roughly $27.3 million at the time) after compromising executive team devices and seizing staking authority over protocol wallets. The incident led to a 93% collapse in the STEP governance token price and ultimately forced the permanent shutdown of Step Finance and its affiliated projects SolanaFloor and Remora Markets by February 24, 2026.

Shunda Park was an industrial-scale pig-butchering fraud compound located in Min Let Pan, Karen State, Myanmar, operated by Chinese criminal networks and employing over 3,500 workers from nearly 30 nations. The compound ran fraudulent cryptocurrency investment schemes targeting Americans and other international victims from at least early 2024 until its seizure by the Karen National Liberation Army in November 2025. The U.S. Department of Justice charged two Chinese national managers with wire fraud conspiracy in April 2026 and restrained over $701 million in related cryptocurrency.

Xinbi Marketplace (also known as Xinbi Guarantee) is a Chinese-language, Telegram-based illicit crypto marketplace that has processed an estimated $24.2 billion in total transaction volume since 2022, making it one of the largest known illicit online marketplaces ever tracked. Operating as an informal escrow provider and vendor platform primarily serving pig-butchering scam networks in Southeast Asia, it was sanctioned by the UK Foreign, Commonwealth and Development Office on 26 March 2026 — the first country-level sanction against the platform — under the Global Human Rights sanctions regime. The operator is formally incorporated as 'Xinbi Co., Ltd' in Colorado, USA, though its actual operations are believed to be based in the Golden Triangle region of Southeast Asia.

On June 5, 2026, Shielded Labs publicly disclosed a critical soundness bug in the Zcash Orchard shielded pool's zero-knowledge proof circuit that had existed undetected since Orchard's activation in May 2022. The flaw — an under-constrained element in the halo2_gadgets elliptic-curve multiplication gadget — could have allowed an attacker to mint unlimited counterfeit ZEC inside the shielded pool with no on-chain trace. An emergency hard fork (NU6.2) was deployed on June 3, 2026, patching the circuit before public disclosure, though Zcash's privacy architecture structurally prevents retrospective confirmation that no exploitation occurred during the four-year exposure window.

LAB is a multi-chain AI trading terminal token that launched its TGE in October 2025 and surged over 350% to a $6 billion fully diluted valuation in early May 2026 before crashing more than 65%. On-chain investigator ZachXBT published findings alleging that insiders control approximately 95% of the token supply, that 100 million LAB tokens worth roughly $480 million were withdrawn from Bitget to 10 freshly created wallets within a 12-hour window, and that the team orchestrated a coordinated retail extraction scheme involving OTC discount deals, unilateral vesting extensions, unpaid marketing obligations, and coercive KOL agreements. No public denial or response has been issued by the project's founders.

Rain Protocol (RAIN) is a decentralized prediction market infrastructure protocol built on Arbitrum that reached approximately $8.8–9 billion in fully diluted valuation by early June 2026, positioning it briefly among the top 15 cryptocurrencies globally. On June 5, 2026, on-chain investigator ZachXBT published findings alleging that addresses linked to the RAIN team share transaction trails with wallets connected to the failed Data Ownership Protocol (DOP) and TOMI projects, both previously linked to Israeli entrepreneur Moshe Hogeg, who faces criminal fraud charges in Israel. ZachXBT characterized the token as a likely insider-controlled pump with 99.97% of circulating supply held by 81 wallets and offered a $100,000 bounty for documentation of centralized exchange market manipulation; Rain Protocol had not issued a public response as of the date of these reports.

Humanity Protocol is a blockchain-based decentralized identity platform founded by Terence Kwok that uses palm-vein biometrics and zero-knowledge proofs to verify unique personhood. The project raised $50 million at a $1.1 billion valuation from institutional investors including Pantera Capital and Jump Crypto, and launched its $H token in June 2025. In June 2026, attackers drained approximately $32–36 million from the project via a compromised employee laptop holding multiple multisig private keys; on-chain investigator ZachXBT alleged the incident may have been staged, claims the team has not publicly rebutted with independent verification.

Morocoin Tech Corp., Berge Blockchain Technology Co. Ltd., Cirkor Inc., AI Wealth Inc., Lane Wealth Inc., AI Investment Education Foundation Ltd., and Zenith Asset Tech Foundation are seven entities charged by the SEC on December 22, 2025 (Case No. 1:25-cv-04102, D. Colo.) with defrauding at least $14 million from U.S. retail investors in a coordinated pig-butchering and AI-themed investment confidence scheme operating from January 2024 through January 2025. The scheme used WhatsApp-based fake investment clubs, deepfake social media advertisements, fabricated AI-generated trading signals, and counterfeit trading platforms that conducted no actual trading, followed by advance fee demands to further extract funds from victims attempting withdrawals.

Amnokgang Technology Development Company is a North Korean state-controlled IT firm established in 1982 and headquartered in Pyongyang. The U.S. Treasury's Office of Foreign Assets Control (OFAC) sanctioned it on March 12, 2026, for managing overseas DPRK IT worker delegations that allegedly generated nearly $800 million in illicit revenue in 2024 to fund North Korea's weapons of mass destruction programs. Seven cryptocurrency addresses across Ethereum and Tron networks were designated, with TRM Labs reporting over $12 million in tracked on-chain transactions through those addresses.

Cheil Credit Bank, also known as First Credit Bank and formerly as Kyongyong Credit Bank, is a North Korean state-controlled financial institution headquartered in Pyongyang with representative offices in Beijing, Shenyang, and Shanghai. First designated by OFAC in September 2017 under Executive Order 13810 for operating in North Korea's financial services sector, the bank was dramatically re-expanded on November 4, 2025, when OFAC added 53 cryptocurrency addresses to its Specially Designated Nationals listing, linking it to over $12.7 million in USDT-TRC20 flows between June 2023 and May 2025 — funds attributed primarily to DPRK overseas IT workers and cybercrime proceeds destined for the regime's weapons programs.

TraderTraitor (also tracked as UNC4899, Jade Sleet, Slow Pisces, and PUKCHONG) is a North Korean state-sponsored cyber threat cluster operating under the Reconnaissance General Bureau (RGB), formally designated by the FBI, CISA, and U.S. Treasury as responsible for stealing billions of dollars in cryptocurrency from blockchain companies, exchanges, and developers since at least 2020. The cluster is most prominently attributed to the February 2025 Bybit heist — the largest cryptocurrency theft in history at approximately $1.5 billion — as well as the May 2024 DMM Bitcoin theft ($308 million), the July 2023 JumpCloud supply chain attack, and the April 2022 Ronin Network compromise ($620 million). Chainalysis estimates North Korean actors, dominated by TraderTraitor operations, stole $2.02 billion in 2025 alone, pushing their all-time attributed total to approximately $6.75 billion since 2017.

Citrine Sleet (also tracked as AppleJeus, Gleaming Pisces, UNC4736, and Labyrinth Chollima) is a North Korean state-sponsored threat cluster attributed to Bureau 121 of the Reconnaissance General Bureau (RGB), active since at least 2018. The group specializes in financially motivated cyberattacks against cryptocurrency exchanges, DeFi protocols, and developer toolchains, deploying trojanized trading applications, supply chain compromises, and zero-day exploits to steal digital assets. Chainalysis estimates DPRK-linked actors have stolen at least $6.75 billion in cryptocurrency since 2016, with Citrine Sleet/UNC4736 operations accounting for multiple hundred-million-dollar individual incidents including the April 2026 Drift Protocol exploit ($285 million) and the October 2024 Radiant Capital breach ($50 million).

The DPRK IT Worker Network is a state-directed, multi-year operation run by the North Korean government that places thousands of fraudulently credentialed software developers inside U.S. and global technology and crypto companies using stolen identities, fake personas, and U.S.-based facilitators. Workers generate hundreds of millions of dollars annually in illicit wages funneled back to Pyongyang to fund weapons of mass destruction and ballistic missile programs, and have escalated to data theft and extortion. The operation has drawn DOJ indictments of dozens of individuals across multiple enforcement waves (2024–2026), OFAC sanctions designating front companies and facilitators in China, Vietnam, Laos, Russia, and Spain, and FBI warnings to private industry.

Beginning approximately January 2, 2026, blockchain investigator ZachXBT flagged an active, automated campaign draining hundreds of wallets across at least a dozen EVM-compatible chains, with over $107,000 stolen in mostly sub-$2,000 increments consolidated into a single aggregation address (0xAc2e5153170278e24667a580baEa056ad8Bf9bFB). The root cause was not confirmed at the time of ZachXBT's initial disclosure; suspected vectors included token-approval abuse, malicious signature exploits, a fake-MetaMask phishing email campaign, and possible spillover from the Trust Wallet browser-extension supply-chain compromise of December 2025. This entry serves as a consumer-protection warning and on-chain address flag.

OKX NFT Aggregator is the NFT marketplace and aggregation layer of OKX, one of the world's largest crypto exchanges, supporting over 21 blockchains and 32 aggregated markets. The product has been implicated in a smart contract storage-collision exploit (June 2024), operates within an exchange that pleaded guilty to U.S. AML violations and agreed to a $504 million DOJ settlement (February 2025), and saw its parent DEX aggregator suspended in March 2025 after North Korea's Lazarus Group used the broader OKX Web3 infrastructure to launder approximately $100 million from the Bybit hack. ZachXBT has flagged the entity in the context of these broader OKX platform concerns.

Jump Trading is a Chicago-based proprietary trading firm founded in 1999, operating one of the largest high-frequency trading operations globally across futures, equities, fixed income, FX, and cryptocurrency markets. Its crypto division, Jump Crypto, became a major force in DeFi infrastructure between 2021 and 2023, co-developing Wormhole, Pyth Network, and the Firedancer Solana validator client. The firm has faced significant regulatory and legal exposure: its subsidiary Tai Mo Shan settled with the SEC in December 2024 for $123 million over TerraUSD manipulation, the Terraform bankruptcy administrator filed a $4 billion civil lawsuit in December 2025 naming Jump and individual executives, and a separate CFTC investigation was reported in 2024 with no public resolution as of mid-2026.

DAO Maker is a crypto fundraising and launchpad platform founded in 2018 by Christoph Zaknun and Giorgio Marciano, known for its Strong Holder Offering (SHO) and Dynamic Coin Offering (DYCO) mechanisms. The platform suffered two confirmed exploits in August and September 2021 totaling approximately $11 million in losses, affecting over 5,200 users. A promised multi-phase compensation plan was subsequently undermined by an alleged governance vote manipulation, leaving a significant portion of hack victims unreimbursed as of 2024.

On September 25, 2020, the KuCoin cryptocurrency exchange suffered a major security breach in which hackers obtained the private keys to the exchange's hot wallets and stole approximately $281 million in Bitcoin, Ethereum, ERC-20 tokens, and other assets — the largest exchange hack of 2020. KuCoin subsequently recovered approximately 84% of stolen funds through on-chain tracking, project-team token swaps, and law enforcement cooperation, with the remaining 16% covered by the exchange's insurance fund. The hack was attributed to North Korea's Lazarus Group by blockchain analytics firm Chainalysis; separately, in March 2024 the U.S. Department of Justice criminally charged KuCoin and two of its founders for operating an unlicensed money transmitting business and Bank Secrecy Act violations, resulting in a $297.4 million guilty plea settlement in January 2025.

dYdX V3 was a decentralized perpetual futures exchange built on Ethereum using StarkWare's StarkEx Layer-2 technology, operated by dYdX Trading Inc. The platform suffered a $9 million insurance fund drain in November 2023 due to an alleged coordinated market manipulation attack targeting YFI and SUSHI markets, a DNS hijacking attack in July 2024, and a software supply chain compromise in September 2022. The V3 product was formally sunset on October 28, 2024, with trading migrated to the dYdX Chain (V4) on Cosmos.

Compound V2 is a legacy Ethereum-based decentralized lending protocol launched in May 2019 and formally deprecated in December 2025 in favor of Compound V3 (Comet). The protocol has experienced a series of material incidents including a ~$80M COMP token distribution bug in October 2021, a $89M oracle-driven liquidation cascade in November 2020, a confirmed website hijack flagged by ZachXBT in July 2024, a social media phishing hack in 2023 that resulted in $4.4M in losses, and an alleged governance attack in July 2024 in which a whale coordinated the passage of a $24M treasury transfer. V2 is now in wind-down mode with new borrows and mints paused.

OKX DEX is the decentralized exchange aggregator operated by OKX (Aux Cayes FinTech Co. Ltd.), one of the world's largest centralized crypto exchanges. In December 2023, the DEX suffered a ~$2.7 million exploit caused by a suspected private key leak and a centralized proxy upgrade mechanism with no multi-signature protection. The broader OKX entity has faced severe regulatory sanctions including a $504 million U.S. DOJ settlement in February 2025 for operating an unlicensed money-transmitting business and facilitating over $5 billion in suspicious transactions, a €1.1 million Malta AML fine, and repeated scrutiny over its DEX aggregator being used by North Korea's Lazarus Group to launder stolen funds from the $1.5 billion Bybit hack in early 2025.

The BSC Token Hub, BNB Chain's cross-chain bridge connecting BNB Beacon Chain and BNB Smart Chain, was exploited on October 6, 2022 via a forged IAVL Merkle proof that allowed an attacker to mint approximately 2 million BNB valued at roughly $566–570 million. Rapid validator coordination halted the chain and froze most funds on BSC, limiting the attacker's realized gain to an estimated $137 million, though the incident exposed deep structural centralization concerns about BNB Smart Chain's 21-validator Proof of Staked Authority model.

Bitfinex is a cryptocurrency exchange and Tether (USDT) is the world's largest stablecoin by market capitalization, both operated under the parent company iFinex Inc., incorporated in the British Virgin Islands. The two entities have faced multiple significant regulatory actions, including an $18.5 million settlement with the New York Attorney General over alleged concealment of an $850 million loss, a $42.5 million CFTC fine for misrepresenting USDT reserve backing, and an ongoing DOJ bank-fraud investigation. Tether's USDT reached approximately $188 billion in circulation as of May 2026, and the company engaged KPMG for its first full reserve audit in March 2026.

Bitcoin Mission is an entity that has been flagged by on-chain investigator ZachXBT, though the specific nature, founding, and full scope of the entity could not be independently verified through publicly available Tier 1 or Tier 2 sources at the time of this investigation. Multiple unrelated legitimate entities share the name 'Bitcoin Mission' (including a Christian-focused Bitcoin podcast and a GitHub organization), making disambiguation difficult. The trust score of 25 reflects the ZachXBT flag combined with the absence of verifiable public transparency about the entity.

DAO Maker Vesting refers to the smart contract infrastructure operated by DAO Maker, a crypto launchpad platform, that was compromised in two separate exploits in 2021 resulting in combined losses of approximately $11 million. The August 2021 incident drained $7 million in USDC from 5,251 user accounts via a compromised admin private key, and a second exploit in September 2021 extracted approximately $4 million from vesting contracts via an unauthenticated init() function vulnerability. Victims allege that DAO Maker has failed to honor its full compensation commitments over three years after the hacks, with governance manipulation alleged to have been used to cancel the USDR reimbursement program.

Aguilar v. Baton Corporation Ltd. (Case No. 1:25-cv-00880, S.D.N.Y.) is an active federal class action alleging that Pump.fun, Solana Labs, the Solana Foundation, and named executives operated a coordinated racketeering enterprise — referred to as the 'Solana-Pump.Fun Racketeering Enterprise' — that rigged its memecoin launchpad to benefit insiders while marketing it as a fair platform to retail investors. Plaintiffs allege aggregate retail losses between $4 billion and $5.5 billion, while the platform collected an alleged $722 million in fees. As of early 2026, defendants have filed motions to dismiss the Second Amended Complaint; no ruling on those motions has been publicly reported as of June 2026.

Changpeng Zhao (CZ), born February 10, 1977, is the founder and former CEO of Binance, the world's largest cryptocurrency exchange by trading volume. On November 21, 2023, Zhao pleaded guilty to a federal charge of failing to implement an effective anti-money laundering (AML) program under the Bank Secrecy Act, as part of a landmark $4.3 billion resolution between Binance and U.S. federal regulators. He was sentenced to four months in federal prison in April 2024, served that term, and was subsequently pardoned by President Donald Trump in October 2025.

Terra 2.0 (LUNA) is a replacement blockchain launched in May 2022 by Terraform Labs following the catastrophic collapse of the original Terra network and its algorithmic stablecoin TerraUSD (UST), which erased approximately $40–60 billion in market value in one week. The project's founder, Do Kwon, was arrested in March 2023, found liable for securities fraud in a U.S. civil trial in April 2024, pleaded guilty to wire fraud and conspiracy in August 2025, and was sentenced to 15 years in federal prison in December 2025. Terraform Labs itself filed for Chapter 11 bankruptcy in January 2024 and received court approval to wind down operations by September 2024, leaving Terra 2.0 as a severely diminished chain with minimal developer activity and an approximately 79% year-over-year decline in token value.

Justin Sun is the founder of the TRON blockchain and TRX token, and the controlling figure behind HTX (formerly Huobi) and Poloniex exchanges. In March 2023, the U.S. Securities and Exchange Commission charged Sun and three of his companies with fraud, market manipulation through wash trading, unregistered securities offerings, and orchestrating an undisclosed celebrity promotion scheme; the case partially settled in March 2026 with Rainberry Inc. paying a $10 million penalty while claims against Sun personally were dismissed. Sun has faced additional scrutiny including a reported FBI/DOJ criminal investigation, UK sanctions against an HTX entity over alleged Russia-linked transactions, a $114 million hot-wallet hack at Poloniex in November 2023, and disputed claims of diplomatic immunity through a Grenada WTO ambassadorship he held until mid-2022.

Solana MEV sandwich bots are automated programs that exploit Solana's transaction ordering mechanisms to front-run and back-run retail user trades, extracting an estimated $370 million to $500 million from users between January 2024 and May 2025. The practice has drawn enforcement responses from the Solana Foundation, Jito Labs, and Marinade Finance, and is the subject of an active federal class-action lawsuit in the Southern District of New York naming Pump.fun, Solana Labs, and related entities. While coordinated countermeasures reduced attack profitability by an estimated 60-70% in 2025, attacks continue and disproportionately harm memecoin traders using high slippage settings on Raydium and Pump.fun.

An industrial-scale pattern of fraud on the Solana blockchain exploits the Token-2022 Permanent Delegate extension, a legitimate feature that grants a mint-level authority the unconditional ability to burn or transfer any holder's tokens without their signature. First publicly documented in September 2024 by a Jupiter Core Working Group member, the exploit has since scaled into an automated rug pull factory pattern where scammers burn victim tokens seconds after purchase. RugCheck.xyz identifies the Permanent Delegate extension as a significant risk indicator on a substantial fraction of newly launched Solana tokens.

Bitcoin Latinum (LTNM) is a cryptocurrency token launched in 2020 by Donald G. Basile through his companies GIBF GP, Inc. and Monsoon Blockchain Corporation. In April 2026, the U.S. Securities and Exchange Commission charged Basile with orchestrating a $16 million investor fraud scheme, alleging he raised funds through Simple Agreements for Future Tokens (SAFTs) using fabricated insurance coverage claims and nonexistent asset-backing structures, then diverted millions to personal expenses. The token, which peaked near $9,336 in December 2021, has since collapsed to near zero, and multiple civil lawsuits from defrauded investors preceded the SEC action.

Blur Finance (ticker: BLR) was a yield aggregator DeFi protocol that operated on BNB Chain and Polygon in mid-2022. In August 2022, developers allegedly executed a textbook rug pull, withdrawing approximately $600,000 from user-deposited funds before deleting all social media channels and abandoning the project. The BLR token collapsed 99%, and the protocol's smart contracts on both chains have since been formally flagged on BscScan and PolygonScan as rug pull addresses.

Donald G. Basile, founder of Bitcoin Latinum (LTNM) and CEO of Monsoon Blockchain Corporation, was charged by the SEC on April 17, 2026 with defrauding hundreds of U.S. investors of approximately $16 million through a SAFT offering that relied on fabricated insurance claims, a phantom asset-backed trust, and misrepresentations about how investor funds would be used. The token launched on overseas exchanges in October 2021 and subsequently collapsed by more than 90%, and the SEC alleges Basile diverted investor proceeds to personal real estate, credit card expenses, and a $160,000 horse while no underlying fund was ever created.

A family of increasingly sophisticated wallet-drainer toolkits targeting the Solana ecosystem that weaponize legitimate Solana protocol features — Blinks (blockchain action links), durable nonces, and the system 'assign' instruction — to bypass the transaction-simulation safety layer that most Solana wallets rely on as their primary defense. Documented in detail by security researchers from February 2024 onward and materially escalated in late 2025 and early 2026, these kits are distributed as scam-as-a-service products supporting 90+ wallet types; losses attributable to Solana phishing reached approximately $90 million in H1 2025 alone, before the simulation-bypass generation was widely deployed. A state-level durable-nonce attack on Drift Protocol (April 2026) demonstrated that the same primitive can scale to $285 million in a single operation.

In February 2026, Malwarebytes researcher Stefan Dasic documented a live fraudulent cryptocurrency presale site promoting a non-existent token called 'Google Coin.' The operation deployed a custom AI chatbot impersonating Google's Gemini assistant — using its sparkle icon, green 'Online' indicator, and name — to deliver scripted investment pitches, fabricated institutional endorsements from OpenAI, Binance, Coinbase, Squarespace, and SpaceX, and personalized return projections (e.g. $395 presale investment projected to become $2,755 at listing). Victims were directed to send irreversible cryptocurrency payments to six wallets spanning Bitcoin, Ethereum, Solana, TRON, and XRP Ledger. Google has never issued a cryptocurrency; the token, the chatbot persona, and all associated endorsements were entirely fabricated.

An industrialized, automated address poisoning campaign targeting Ethereum users accelerated sharply after the Fusaka protocol upgrade on December 3, 2025 reduced gas fees approximately sixfold, removing the prior economic barrier to mass-scale dust-transaction attacks. Security firm ScamSniffer documented at least $62.25 million in confirmed losses across two high-profile victims in December 2025 and January 2026 alone, while Blockaid flagged over 65.4 million poisoning transactions since January 2025 averaging 160,000 per day. The campaign represents a commercial, industrialized threat infrastructure sold as a service on Telegram rather than a single threat actor, and is ongoing as of the research date.

Arthur Hayes is the co-founder and former CEO of BitMEX, one of the world's largest cryptocurrency derivatives exchanges, who pleaded guilty in 2022 to a Bank Secrecy Act violation and received two years' probation and a $10 million fine, before being granted a full presidential pardon by Donald Trump in March 2025. He now operates as CIO of Maelstrom, his family office and investment fund, which manages a venture portfolio of over 30 crypto projects alongside a $250 million private equity vehicle targeting crypto infrastructure firms. In June 2026, on-chain investigator ZachXBT alleged that Hayes used his large public following as exit liquidity by promoting tokens — including HYPE, ZEC, NEAR, and WLD — and then exiting those positions within days; Hayes denied the characterization but the controversy attracted sustained industry scrutiny.

Detailed analysis of Monad\

MOTHER (ticker: MOTHER) is a Solana-based memecoin launched on May 28, 2024 by Australian rapper Iggy Azalea (legal name Amethyst Amelia Kelly). The token peaked at a market capitalization of approximately $136–200 million in mid-June 2024 before declining roughly 99.5% to approximately $1.3 million by May 2026. On May 5, 2026, plaintiff Kenneth Kolbrak filed a federal class action against Azalea in the U.S. District Court for the Southern District of New York, alleging she misled consumers about the token's real-world utility through promises regarding an online casino (MOTHERLAND), a telecommunications integration (Unreal Mobile), and a luxury marketplace (DreamVault) that allegedly were not delivered as represented; all claims in that suit are allegations and remain unadjudicated.

Flooring Protocol (fp.io) is an Ethereum-based NFT fractionalization platform that converts non-fungible tokens into fungible micro-tokens (μTokens and fpTokens) pegged to collection floor prices. The protocol launched in October 2023, was exploited twice — once in December 2023 (~$1.6M stolen) and again in June 2026 (~$570K in NFTs rescued by a Yuga Labs white-hat team — and entered formal sunset mode in September 2025 after liquidity and organizational failures. At the time of the June 2026 incident, the protocol was effectively defunct with a TVL of approximately $9.51.

Comprehensive guide to offshore crypto exchanges lacking proper regulatory oversight

PiggyBank Protocol is a Solana-based DeFi yield platform offering delta-neutral funding-rate arbitrage vaults across USDC, JitoSOL, and tokenized stock (xStocks) assets. On or around June 6, 2026 the protocol disclosed that a mid-cap basis trade involving locked LAB tokens had failed, producing NAV declines of approximately 15%, 12%, and 9% across its three active vaults. On-chain investigator ZachXBT publicly alleged that the protocol had exposed depositor funds to a token he characterized as a scam with over 95% insider-controlled supply, raising serious risk-management and disclosure concerns that remain unresolved as of the investigation date.

Unicoin, Inc. is a New York City-based cryptocurrency company that launched the Unicoin token in February 2022, promoting it as an asset-backed, dividend-paying digital asset tied to the Unicorn Hunters investment television series. On May 20, 2025, the U.S. Securities and Exchange Commission filed a civil fraud complaint against the company and three senior executives in the Southern District of New York, alleging they defrauded more than 5,000 investors through false claims that the token was backed by billions of dollars of real estate and pre-IPO equity interests when those assets were worth a fraction of the stated values. The case remains pending as of mid-2026, with Unicoin having filed a motion to dismiss in August 2025.

Tenderize V2 is a DeFi liquid staking protocol launched on January 29, 2024, enabling users to mint validator-specific liquid staked tokens (tTokens) for assets including MATIC, LPT, and GRT across Ethereum, Arbitrum, and Sei Network. The protocol suffered a protocol logic exploit on April 7, 2025, resulting in a loss of approximately $10,850 via a proxy upgrade skim technique on Ethereum; the incident was relatively small in dollar terms but raised concerns about smart contract integrity. ZachXBT has flagged this entity, and while the protocol holds multiple security audits including a Hacken audit scoring 9.8/10 and a Halborn audit, its current TVL of approximately $495,000 reflects limited adoption relative to the broader liquid staking market.

Alephium is a Swiss-founded Proof-of-Work Layer-1 blockchain launched November 8, 2021, featuring sharded smart contracts and the Proof-of-Less-Work consensus mechanism. On May 29-30, 2026, its TokenBridge was exploited for approximately $815,000 in approximately seven minutes via an off-chain backend vulnerability that allowed forged guardian messages to authorize unauthorized transfers and the minting of 13.76 million unbacked wrapped ALPH tokens. The team took the bridge offline, burned the unauthorized tokens, and committed to full user compensation.

XRP is a cryptocurrency native to the XRP Ledger (XRPL), a public blockchain co-designed in 2011–2012 by Jed McCaleb, David Schwartz, and Arthur Britto. Ripple Labs, Inc. is the San Francisco-based company that co-developed the ledger and has historically used XRP sales to finance operations, accumulating approximately 80 billion of the fixed 100 billion token supply at launch. A landmark U.S. Securities and Exchange Commission lawsuit filed in December 2020 — alleging over $1.3 billion in unregistered securities offerings — concluded in August 2025 when both parties dropped their appeals, cementing a $125 million civil penalty and a permanent injunction against further unregistered institutional XRP sales in the U.S.

Fantom is a layer-1 blockchain founded in 2018 by Dr. Ahn Byung-Ik and technically led by Andre Cronje, operating the Opera mainnet using a DAG-based Lachesis consensus mechanism. In 2024 the project rebranded to Sonic Labs and launched a new high-throughput chain (Sonic) with a native S token replacing FTM at a 1:1 ratio. The project has experienced significant controversies including a $122 million loss from the Multichain bridge hack in 2023, a founder-level plagiarism finding in South Korean courts, SEC scrutiny of key leadership, allegations of a stablecoin liquidation scheme, and a 70%+ token price collapse in 2025.

Scallop Lend is a DeFi lending and borrowing protocol deployed on the Sui blockchain, and the first DeFi project to receive an official grant from the Sui Foundation. On April 26, 2026, the protocol suffered a flash-loan exploit that drained approximately 150,000 SUI (roughly $142,000) from a deprecated rewards contract that had remained callable on-chain for approximately 17 months despite no longer being in active use. The protocol covered 100% of user losses from treasury reserves and resumed operations within two hours, though the incident raised questions about legacy contract hygiene and the completeness of prior audits by OtterSec, MoveBit, and Zellic.

Gondi V3 is a decentralized, non-custodial NFT lending and borrowing protocol on Ethereum developed by Florida Street, which launched in July 2023 and raised a $5.35 million seed round from Hack.vc, Dragonfly Capital, and Pantera Capital. On March 9, 2026, the protocol suffered a smart contract exploit in its newly deployed Purchase Bundler component, resulting in the theft of approximately 78 NFTs valued at roughly $230,000 from users who had granted approvals to the vulnerable contract. The team disabled the affected feature, pledged full restitution using protocol fees, and engaged security firm Blockaid for a post-incident review; platform operations for other functions resumed the following day.

Polygon (formerly MATIC) is a Layer-2/sidechain scaling solution for Ethereum that completed its MATIC-to-POL token migration in September 2024. The SEC named MATIC as an alleged unregistered security in the June 2023 Binance lawsuit. Two major vulnerabilities were caught by Immunefi bounty hunters ($850M and $24B at risk respectively). Three of four co-founders departed within 24 months. Three rounds of layoffs occurred between 2023-2026. zkEVM was deprecated in June 2025 citing $1M annual operating loss.

Bitrefill is a Stockholm-based cryptocurrency e-commerce platform founded in 2014 that allows users to purchase digital gift cards, eSIMs, and mobile top-ups using Bitcoin and other cryptocurrencies across more than 100 countries. On March 1, 2026, Bitrefill suffered a significant cyberattack attributed to the North Korea-linked Lazarus Group (Bluenoroff subunit), in which attackers compromised an employee laptop, escalated access via legacy credentials, drained hot wallets, and exposed approximately 18,500 customer purchase records. Bitrefill stated it would cover all financial losses from operational capital and characterized this as the platform's first major security incident in over a decade of operation.

Fusion by IPOR is a modular on-chain vault infrastructure product developed by IPOR Labs AG (Zug, Switzerland), designed to automate DeFi yield strategies across multiple chains without requiring Solidity expertise. On January 6, 2026, a legacy Fusion Optimizer Vault on Arbitrum was exploited for $336,000 USDC via a combination of missing fuse validation in the instantWithdraw method and an EIP-7702 delegation vulnerability on an administrator account. The IPOR DAO committed to fully compensating all affected depositors from treasury reserves, and the incident was flagged by blockchain investigator ZachXBT.

Tinyman is an automated market maker (AMM) and decentralized exchange (DEX) built on the Algorand blockchain, launched on mainnet in October 2021. On January 1, 2022, attackers exploited a logic flaw in the protocol's pool-token burn function to drain approximately $3 million in wrapped Bitcoin and Ethereum assets across 43 pools. Tinyman subsequently patched the contracts, launched a compensation program covering all affected liquidity providers, and released a fully re-audited v2.0 protocol in early 2023.

edgeX is a decentralized perpetual futures exchange incubated by Amber Group and launched on mainnet in August 2024, with its native EDGE token generating at Token Generation Event on March 31, 2026. On June 2, 2026, the EDGE token crashed approximately 77% in under 60 seconds, erasing over $220 million in market value; edgeX attributed the event to an unidentified external party, while on-chain investigator ZachXBT alleged that a small group of insiders controlled the majority of the 1 billion token supply through a thin-float structure. A self-commissioned investigation found no team misconduct, a conclusion ZachXBT publicly derided as self-serving, and the project subsequently faced scrutiny for declining to disclose market-maker agreements or insider token allocations.

Epicentral Labs is an early-stage decentralized autonomous organization (DAO) and LLC incorporated in the US and Canada, building a decentralized options trading platform called OPX on the Solana blockchain. The project is led by a pseudonymous founder known as TheLazySol and governed by holders of its native LABS token, which carries a micro-cap market capitalization of approximately $177,000-$185,000 as of mid-2026. No fraud allegations, regulatory actions, or known exploits have been identified; primary risks relate to the project's pre-mainnet status, lack of a public smart contract audit, small community size, and significant token concentration concerns.

Adam Iza, also known as Ahmed Faiq and self-styled 'The Godfather,' is a 25-year-old California cryptocurrency entrepreneur who operated the trading platform Zort and pleaded guilty to multiple federal felonies across two jurisdictions. He admitted to a $37 million fraud against Meta Platforms, wire fraud, tax evasion, conspiracy to violate civil rights through an LASD deputy bribery scheme, and—in a separate Connecticut federal case—conspiracy to interfere with commerce by robbery in connection with a plot to kidnap a couple whose son had stolen $245 million in Bitcoin. Federal prosecutors are seeking a minimum of 14 years; sentencing in the Connecticut case is scheduled for August 12, 2026.

Shunda Park was a large-scale cryptocurrency investment fraud compound operated in Min Let Pan, Myanmar (Burma), active from at least January 2025 until its seizure by the Karen National Liberation Army (KNU/KNLA) in November 2025. The compound ran pig-butchering scams targeting victims across 30 or more countries, using trafficked workers held under threat of violence. In April 2026, the U.S. Department of Justice charged two Chinese nationals — Huang Xingshan and Jiang Wen Jie — with wire fraud conspiracy for managing the compound, as part of a coordinated international enforcement action that resulted in 276 arrests, the dismantling of nine scam centers, and the restraint of over $701 million in cryptocurrency.

Dango (ticker: DNG) is a DeFi-native Layer-1 blockchain and perpetual futures exchange that raised $3.6 million in seed funding in November 2024 from Hack VC, Lemniscap, and Delphi Labs. On April 13, 2026, the protocol suffered a logic flaw exploit in its insurance fund donation contract, resulting in $1.9 million USDC being drained; approximately $410,010 was bridged to Ethereum before bridge rate limits halted further outflows. The attacker was identified as a white hat who returned all funds in exchange for a bug bounty, leaving user positions and trading functions unaffected.

Curve LlamaLend (also referred to as the crvUSD lending markets) is a decentralized, permissionless isolated lending protocol built by Curve Finance that allows users to borrow crvUSD against crypto collateral using the LLAMMA soft-liquidation mechanism. The protocol has experienced multiple distinct incidents since launch: a $10 million bad-debt event in June 2024 tied to the founder's oversized leveraged positions, an oracle-manipulation attack on the sDOLA market in March 2026 resulting in approximately $240,000 in borrower losses, an October 2025 market crash that left the CRV-long vault approximately $700,000 underbacked, and a May 2026 third-party exploit (Stake DAO) that forced the sunsetting of an associated Arbitrum LlamaLend market. The protocol's core contracts have not been directly compromised by a code-level hack, but recurring bad-debt events, oracle design flaws in permissionlessly created markets, and governance concentration risks have drawn sustained scrutiny including a flag from on-chain investigator ZachXBT.

TesseraDAO is a BNB Chain project whose governance token TSR was the subject of a severe exploit on June 1, 2026, in which an attacker minted 99 million unauthorized TSR tokens and dumped them for approximately $2.5 million USDT, causing a 99% price collapse within hours. Stolen proceeds were bridged to Ethereum and laundered via Tornado Cash, with 1,285.5 ETH confirmed passed through the mixer. Security analysts noted that minting privileges were controlled exclusively by deployer-related addresses, raising questions about whether the incident constituted an external hack or an insider compromise.

DxSale is a decentralized token launchpad and liquidity-locking platform launched in August 2020, originally on Ethereum and later expanded to BNB Chain and other EVM networks. On May 28, 2026, a hidden backdoor in legacy BNB Chain liquidity locker contracts was exploited to drain approximately $7.3 million from more than 1,400 LP positions locked as far back as 2021. On-chain analysis identified a 269-day pre-exploit ownership transfer chain passing through approximately 80 wallets, with indicators strongly suggesting insider involvement by a current or former team member.

Bitpin (legal name: Nooyan Bitpin, also known as Sana Ayman Mubadala) is an Iranian cryptocurrency exchange founded in 2020 and headquartered in the Anzali Free Zone, Gilan, Iran. On June 2, 2026, the U.S. Treasury's Office of Foreign Assets Control (OFAC) designated Bitpin on the Specially Designated Nationals (SDN) list under Executive Orders 13224 and 13902, citing IRGC-linked transactions, sanctions evasion, and investors with alleged ties to circumventing U.S. restrictions. Bitpin accounted for approximately 10% of Iranian digital asset inflows in 2025 and processed an estimated USD 821 million in volume that year, making it Iran's third-largest exchange by that metric among the four simultaneously designated platforms.

Silo Finance V1 is a non-custodial isolated lending protocol launched on Ethereum mainnet in August 2022, enabling permissionless markets for long-tail crypto assets by confining risk to individual lending pools (Silos). The protocol experienced two security incidents in 2023: a critical interest rate manipulation vulnerability discovered by a white-hat researcher (no user funds lost) and a white-hat drain of approximately $45,000 in SILO incentive tokens due to a separate contract flaw. The deployed production version of V1 diverges from the audited codebase, a risk the team has publicly acknowledged but not fully remediated through re-audit.

Ramzinex (legal name: Mubadala Ramzinex; also registered as Ramzineh Electronic Commerce Innovation Company) is an Iranian cryptocurrency exchange founded in 2018 and headquartered in Tehran. On June 2, 2026, the U.S. Treasury's Office of Foreign Assets Control (OFAC) designated Ramzinex under Executive Order 13902, citing facilitation of transactions linked to the Islamic Revolutionary Guard Corps (IRGC), a government-backed Iranian financial institution, and sanctions evasion. The designation was part of the Trump administration's broader 'Economic Fury' campaign, which simultaneously sanctioned three other major Iranian exchanges: Nobitex, Wallex, and Bitpin.

Superfortune AI is an AI-powered InfoFi platform on BNB Chain, incubated by Manta Labs, that combines Chinese metaphysical traditions with crypto market analytics. Its native token GUA launched on November 27, 2025. On May 27, 2026, approximately 14.98 million GUA tokens intended for an airdrop distribution were redirected to a lookalike attacker-controlled address, resulting in losses of approximately $15.18 million and a roughly 76% token price crash within 24 hours. The root cause remains disputed: the team attributed the incident to a compromised signer private key, while the absence of prior on-chain interaction between the attacker and project wallets has raised unresolved questions about the multisig workflow.

DIMO (Decentralized Infrastructure for Mobility Operations) is a Web3 vehicle data protocol built on Polygon and later migrating to Base, developed by Digital Infrastructure Inc. The protocol allows drivers to connect their vehicles, stream data, and earn $DIMO tokens in exchange. In November 2025, a sophisticated attacker compromised a developer key and withdrew approximately 30 million DIMO tokens (3% of total supply) from a Wormhole bridge contract, causing a price drop of over 57% in 30 days and triggering a CertiK security alert. The project has legitimate venture backing and a publicly identified founding team, but the security incident, centralized key management failure, and ongoing token unlock pressure are material risk factors.

Rathnakishore Giri, also known as 'Ravi' Giri, is a 31-year-old Ohio investment manager convicted of wire fraud for orchestrating a Bitcoin-derivatives Ponzi scheme that raised over $10 million from at least 150 investors between 2019 and 2022. Operating through two entities — NBD Eidetic Capital, LLC and SR Private Equity, LLC — he falsely promised guaranteed, risk-free returns while using new investor funds to repay earlier ones and diverting proceeds to fund a lavish personal lifestyle. On May 18, 2026, he was sentenced to nine years in federal prison after an aggravating factor emerged: following his October 2024 guilty plea, and while on pretrial release, he continued soliciting new cryptocurrency investors, causing additional harm and prompting an amended plea agreement.

Midnight (NIGHT) is a privacy-focused Cardano sidechain developed by Input Output (IO), the company behind Cardano, first unveiled in late 2023. Charles Hoskinson called it 'six years of intellectual and practical effort.' The 'Glacier Drop' airdrop distributed 100% of the 24B token supply to 37M users across 8 blockchains with zero VC allocation — 50%+ to ADA holders. NIGHT launched December 8, 2025 but immediately crashed 60%+ from $0.11 to $0.02 as the massive free distribution flooded exchanges. Over 4.5B airdropped tokens remain in 'thawing' through December 2026 (25% unlocks every 90 days), creating persistent selling pressure. Mainnet is not yet live, meaning token utility is largely theoretical.

Uniblock is a Canadian Web3 infrastructure company founded in 2022 that provides a unified, multi-chain API aggregation platform for blockchain developers, connecting over 300 blockchains and 55 data providers through a single interface with patented auto-routing technology. The company is venture-backed with C$7.5 million in total funding from institutional investors including SBI Ven Capital, AllianceDAO, NGC Ventures, Alchemy, and MoonPay. No regulatory actions, fraud allegations, or significant security incidents have been identified; risk factors are principally commercial and operational rather than conduct-related.

Maestro is a Telegram-based crypto trading bot developed by Gearlay Technologies Inc. (Canada) that enables sniping, copy-trading, and wallet management across 14 blockchains. On October 24, 2023, a critical access-control vulnerability in its MaestroRouter2 smart contract was exploited, draining approximately 280 ETH (~$500,000) from 106 user accounts; the team subsequently refunded all affected users with 610 ETH (~$1.1 million) sourced from its own revenue. The platform operates a partial-custody model in which user private keys are encrypted and stored on Maestro servers, representing a persistent systemic risk.

Inertia Protocol (INRT) is a modular liquid restaking token (LRT) and lending protocol built on the Initia blockchain, launched to mainnet in April 2025. The protocol suffered a confirmed exploit in May 2025 in which approximately $152,000 was drained from five lending markets via a known ERC4626 share-price inflation attack; the protocol states its Insurance Fund restored affected user balances. Team composition, smart contract audit history, and investor backing are not publicly disclosed.

NiceHash is a Slovenian cryptocurrency mining marketplace founded in 2014 that allows users to buy and sell hashing power. In December 2017 the platform suffered one of the largest crypto exchange hacks of that year, with attackers stealing approximately 4,736 BTC (valued at roughly $64 million at the time) after compromising an employee's computer through a spear-phishing attack. The breach was subsequently attributed to North Korea's Lazarus Group, and NiceHash completed a full user repayment program in December 2020 after a three-year effort funded from operational revenue.

CATFI is a Solana-based memecoin launched in early 2025 via the Pump.fun launchpad. South Korean prosecutors charged five individuals, including a ringleader known online as 'Eth Father' (surname Park), with orchestrating a rug pull that inflated the token's price approximately 1,001-fold within 26 hours before draining liquidity and abandoning the project. This case represents South Korea's first criminal prosecution of a decentralized-exchange rug pull under the Virtual Asset User Protection Act.

SwissBorg is a Swiss-based crypto wealth management and exchange aggregator founded in 2017, holding MiCA authorization from France's AMF and VQF membership in Switzerland. In September 2025, the platform suffered a $41.5 million loss when its staking partner Kiln's API was compromised via a GitHub token theft and Kubernetes pod injection, resulting in the unauthorized transfer of 192,600 SOL from SwissBorg's SOL Earn program; the company subsequently pledged full reimbursement from treasury funds. While SwissBorg maintains legitimate regulatory standing and transparency measures including Proof of Liabilities, the third-party supply chain failure exposes material counterparty risk in its Earn product architecture.

Granary Finance was a decentralized, non-custodial lending and borrowing protocol forked from Aave V2, built by Byte Masons and an anonymous developer known as Fantom Menace, launching on Fantom in March 2022 before expanding to eight chains. The protocol raised over $5 million USDC via a community liquidity generation event in March 2023 and introduced the GRAIN governance token, but its TVL collapsed from a peak of approximately $60 million to under $200,000. By early 2025, the team announced the full withdrawal and discontinuation of Granary Finance across all chains, with GRAIN and OATH token holders migrated to the successor platform Cod3x (CDX). No regulatory actions, rug-pull allegations, or direct hacks of Granary contracts were documented; key risks include near-total value decline, deeply pseudonymous founding team, and protocol end-of-life.

Algorand is a Layer-1 blockchain founded in 2017 by Silvio Micali, a Turing Award-winning MIT cryptographer who co-invented zero-knowledge proofs and verifiable random functions. The protocol uses a Pure Proof-of-Stake consensus mechanism with genuine academic credibility, and has attracted institutional partnerships including FIFA and Visa-adjacent integrations. However, ALGO has been named as an alleged unregistered security in SEC complaints against both Bittrex and Binance, the Algorand Foundation conducted a highly criticized 2019 token auction that resulted in a mass refund event, the token trades approximately 96% below its 2021 all-time high, and the Foundation cut 25% of its workforce in 2025 while relocating from Singapore to the United States.

AKT is the native utility token of Akash Network, a decentralized cloud computing marketplace built on the Cosmos SDK and founded in 2015 by Greg Osuri and Adam Bozanich under Overclock Labs. The project operates as a legitimate, open-source DePIN (Decentralized Physical Infrastructure Network) with public governance, audited code, and institutional partnerships including an indirect connection to NVIDIA through the Brev.dev acquisition. No regulatory actions, fraud allegations, or major exploits have been identified, though a responsibly disclosed critical vulnerability was patched in May 2024 and a spam attack disrupted the network briefly in March 2025.

A fraudulent mobile application impersonating Hyperliquid, the decentralized perpetuals exchange, was identified on the Google Play Store in November 2025 by on-chain investigator ZachXBT. The app, published under the developer name 'Tvtion Inc.', replicated Hyperliquid's branding and interface to harvest users' seed phrases, transmitting them to an external server. An Ethereum address linked to the operation has been associated with thefts exceeding $281,000; Hyperliquid has never released an official mobile application, making any such listing inherently fraudulent.

Vitalik Buterin is the legitimate co-founder of Ethereum and is not himself a scam actor. However, his name, likeness, and social media presence constitute one of the most heavily weaponized impersonation surfaces in crypto. Documented threats include a September 2023 SIM-swap of his X account (linked to Pink Drainer, resulting in ~$691K stolen from followers), persistent fake giveaway livestreams on YouTube, thousands of fraudulent Instagram accounts, and an escalating campaign of AI-generated deepfake videos distributing wallet-drainer phishing links.

MEXC is a centralized cryptocurrency exchange founded in 2018, incorporated in Seychelles, that has accumulated a significant regulatory record across multiple jurisdictions including warnings or cease orders from authorities in Hong Kong, Germany, Belgium, Japan, Estonia, and South Korea. The exchange gained widespread notoriety in late 2025 after on-chain investigator ZachXBT amplified user reports of frozen funds, including a high-profile case in which a trader known as 'The White Whale' had approximately $3 million frozen without adequate explanation, eventually prompting a public apology from the exchange's Chief Strategy Officer. MEXC's parent entity MEXC Global Ltd was struck off by the Seychelles registry in August 2023, dissolved in December 2024, and never obtained a license under the Seychelles VASP Act 2024, leaving its current operational and legal standing opaque.

KelpDAO is a liquid restaking protocol built on EigenLayer, founded in 2023, that issues rsETH as a yield-bearing liquid restaking token. On April 18, 2026, attackers attributed to North Korea's Lazarus Group (TraderTraitor / UNC4899) exploited a single-point-of-failure DVN configuration on KelpDAO's LayerZero bridge to drain 116,500 rsETH worth approximately $292 million — the largest single DeFi exploit of 2026. The attack triggered $13.21 billion in DeFi TVL outflows within 48 hours and precipitated an industry-wide bailout coalition called DeFi United, which ultimately restored rsETH to full backing by May 25, 2026.

No verifiable information about an entity named 'Burgeleth' was found across any indexed web source as of May 2026. Exhaustive searches across news outlets, blockchain explorers, social media platforms, regulatory databases, domain registries, and crypto-specific intelligence sources (ZachXBT, Chainalysis, Scam Sniffer) returned zero results matching this name in a crypto or financial context. The slug may refer to an extremely obscure or newly created entity, an alternate spelling of a different entity, or a name that has not yet generated any publicly indexed presence.

Bittensor is a decentralized blockchain protocol functioning as a peer-to-peer marketplace for machine intelligence, using the TAO token to reward AI model contributors. In July 2024, the protocol was the target of a supply chain attack via a malicious version of its official PyPI package, resulting in the theft of approximately $28 million in TAO tokens from 32 wallets. A civil lawsuit filed in January 2025 alleges that former Opentensor Foundation employees orchestrated the attack, and on-chain investigator ZachXBT identified a key suspect through NFT wash-trade analysis and Railgun de-mixing.

Trust Wallet is a widely-used non-custodial mobile and browser cryptocurrency wallet, originally acquired by Binance in 2018 and later divested as an independent entity. It has been the subject of multiple documented security incidents spanning 2022–2025, including a critical WebAssembly entropy vulnerability (CVE-2024-23660), a supply-chain compromise of its Chrome extension in December 2025 that resulted in approximately $8.5 million in user losses, and a historical low-entropy key generation flaw exploited in 2023. Blockchain investigator ZachXBT flagged the December 2025 browser extension incident and documented hundreds of victims.

Sui is a Layer 1 blockchain developed by Mysten Labs, launched in May 2023 and built on the Move programming language. The network suffered one of the largest DeFi exploits of 2025 when Cetus Protocol — its primary DEX — was drained of approximately $223 million in May 2025, triggering a controversial emergency validator vote to freeze and reclaim stolen funds that exposed deep centralization concerns. Separately, ZachXBT investigated a $29 million SUI token theft in late 2024 involving Tornado Cash laundering and subsequently announced in July 2025 that he would no longer take Sui ecosystem cases due to inadequate incident-response infrastructure and lack of support from the ecosystem.

Ethena is a DeFi protocol founded in 2023 by Guy Young that issues USDe, a synthetic dollar stablecoin backed by delta-neutral perpetual futures hedges on centralized exchanges. The protocol reached $14 billion in supply at its 2025 peak before contracting sharply to approximately $5.9 billion following a flash crash in October 2025 and BaFin's enforcement action that forced Ethena GmbH to cease EU operations. Multiple concerns have been raised including: a German regulatory shutdown citing MiCA breaches and alleged unregistered securities offerings via sUSDe; insider airdrop farming allegations involving 180 million foundation-controlled ENA tokens; two separate security incidents (Discord hack July 2024 and domain registrar compromise September 2024); and structural risks tied to funding rate volatility, exchange counterparty exposure, and an undersized reserve fund relative to protocol TVL.

EigenLayer is a legitimate Ethereum restaking protocol operated by Eigen Labs that became a high-value target for phishing campaigns, wallet drainer attacks, and social engineering in 2024 following the launch of its EIGEN token. In October 2024 alone, the protocol's official X account was compromised to promote a fake airdrop resulting in at least $800,000 lost by one victim, and a separate email-based social engineering attack redirected approximately $5.7 million in locked investor tokens to an attacker's wallet. EIGEN holders and restakers face an elevated and persistent threat surface from impersonation sites, fake airdrop claims, and token-approval drainer schemes that exploit the protocol's name and brand recognition.

Crypto.com is a Singapore-headquartered centralized cryptocurrency exchange founded in 2016 (originally as Monaco) by Kris Marszalek, Bobby Bao, Gary Or, and Rafael Melo. The platform has been subject to multiple serious security incidents, including a confirmed January 2022 hack in which $34 million was stolen via a 2FA bypass and laundered through Tornado Cash, and an alleged 2023 data breach linked to the Scattered Spider hacking group that the company did not publicly disclose to affected users. Blockchain investigator ZachXBT has publicly accused Crypto.com of governance manipulation and tokenomics fraud, citing the March 2025 reissuance of 70 billion CRO tokens that had been permanently burned in 2021, and the company's controversial 2020 forced swap from its original MCO token to CRO at unfavorable rates.

Circle Internet Group is the issuer of USDC, the second-largest USD-pegged stablecoin by market capitalization. Circle has faced sustained criticism from blockchain investigator ZachXBT and others for its policy of refusing to freeze USDC linked to hacks or scams without a formal court order or law enforcement mandate, which critics allege has allowed over $420 million in illicit funds to flow freely since 2022. The company went public on the NYSE in June 2025 under the ticker CRCL and received conditional OCC approval for a national trust bank charter in December 2025.

Cointelegraph is a major legitimate cryptocurrency news outlet that has been a victim of two distinct infrastructure compromises. In January 2024, attackers breached its email service provider MailerLite and sent phishing emails to subscribers using Angel Drainer malware, resulting in estimated losses of $580,000 to over $700,000 across affected platforms. In June 2025, attackers separately compromised Cointelegraph's banner advertising system to serve Inferno Drainer-linked pop-ups promoting a fake CTG token airdrop to site visitors.

Porkbun LLC is a legitimate ICANN-accredited domain registrar founded circa 2014-2015, headquartered in Sherwood, Oregon, and managing over 3.45 million domains. While the company is not itself a scam operation, it has attracted scrutiny from the crypto security community — including on-chain investigator ZachXBT — for hosting phishing infrastructure linked to Angel Drainer and Inferno Drainer wallet-draining services, including fake Ledger sites. Third-party tracking platforms document hundreds of flagged phishing domains registered through Porkbun and allege that the company's abuse-response enforcement has been inadequate, with a majority of reported domains remaining active after formal abuse reports.

Coinbase (NASDAQ: COIN) is the largest publicly listed cryptocurrency exchange in the United States, founded in 2012 and regulated across multiple jurisdictions. Despite its regulated status, the platform has been the subject of significant documented concerns: a May 2025 insider-enabled data breach affecting approximately 70,000 users with estimated remediation costs of $180–400 million, ongoing documented losses exceeding $300 million per year from social engineering scams targeting Coinbase users (as reported by blockchain investigator ZachXBT), a $100 million AML compliance settlement with the NYDFS in 2023, and controversies surrounding its Base Layer-2 blockchain including a disputed token launch and a contentious departure from the Optimism OP Stack ecosystem.

Cardano (ADA) holders face a persistent and multi-vector threat landscape that includes deepfake giveaway scams impersonating founder Charles Hoskinson, social media account hijackings used to promote fraudulent tokens, phishing campaigns distributing credential-stealing malware disguised as wallet software, and NFT-based wallet drainers. The Cardano Foundation's own X account was compromised in December 2024, resulting in the promotion of a fake token and false regulatory claims. State-sponsored actors including the North Korean Lazarus Group have also targeted ADA holders through the Atomic Wallet supply chain attack.