Avoid your next
big mistake

Cream Finance (C.R.E.A.M.) is a decentralized lending protocol built on Ethereum, launched in August 2020 as a fork of Compound and Balancer. The protocol suffered three separate security breaches in 2021 totaling an estimated $185–195 million in losses, culminating in an October 27, 2021 flash loan attack on Cream v1 markets that drained approximately $130 million through oracle price manipulation of its yUSDVault integration with Yearn Finance. The serial nature of these incidents — involving flash loan exploits, reentrancy bugs, and oracle vulnerabilities across distinct attack vectors — established Cream Finance as one of the most frequently exploited DeFi protocols in the 2021 cycle.

Loopscale is a Solana-based DeFi lending protocol (formerly Bridgesplit) launched on April 10, 2025, backed by Coinbase Ventures, Solana Labs, and CoinFund. On April 26, 2025 — just 16 days after launch — the protocol suffered a $5.8 million oracle pricing exploit affecting its Genesis Vaults, an attack vector that had been flagged in its pre-launch OShield security audit but was allegedly inadequately remediated. All stolen funds were ultimately recovered via negotiation with the exploiter, and user deposits suffered no permanent loss.

Radiant Capital is a cross-chain lending protocol that suffered two exploits in 2024 totaling approximately $54.5 million. The critical October 2024 attack ($50M) compromised 3 of 11 multisig signers via InletDrift macOS malware delivered through Telegram social engineering, and was attributed by Mandiant with high confidence to UNC4736, a North Korean state-sponsored threat actor also tracked as AppleJeus and Citrine Sleet. The same group subsequently attacked Drift Protocol for $285 million in April 2026. No funds have been recovered; RDNT token has declined approximately 99.7% and was delisted from major exchanges.

[MERGED] Consolidated into the canonical 'drift' investigation on 2026-05-30. This page's richer content was ported to /drift; full pre-merge content preserved in investigation_logs.

WAYGU CASH (ticker: WAYGU) is an anonymous, micro-cap Solana memecoin that self-describes as a 'memetic movement' targeting the vegan market. The project has no disclosed team, no verified audit, operates at an extremely low market capitalization with minimal liquidity, and has declined approximately 93% from its all-time high — patterns consistent with speculative pump-and-dump dynamics common to low-grade Solana memecoins.

Thodex was a Turkish cryptocurrency exchange founded in 2017 (originally as Koineks) by Faruk Fatih Özer that collapsed in April 2021 when the platform abruptly halted trading and its founder fled to Albania, leaving approximately 391,000 users unable to access funds estimated at $2 billion to $2.6 billion. Özer was arrested in Albania in August 2022, extradited to Turkey in April 2023, convicted in September 2023 and sentenced to 11,196 years in prison alongside his two siblings, and died in a Turkish high-security prison on November 1, 2025, in circumstances that prompted a formal investigation.

Genesis Global Capital, LLC was the crypto lending arm of Digital Currency Group (DCG), founded in 2013 as the first institutional OTC bitcoin trading desk. Following catastrophic loan exposures to Three Arrows Capital and FTX in 2022, Genesis suspended customer withdrawals in November 2022 and filed for Chapter 11 bankruptcy in January 2023, owing approximately $3.4 billion to creditors. The company subsequently settled with the SEC for $21 million and with the New York Attorney General for $2 billion, completed a $4 billion restructuring distribution in August 2024, and in May 2025 its post-bankruptcy Litigation Oversight Committee filed dual lawsuits totaling $3.3 billion against parent DCG and CEO Barry Silbert alleging fraud and concealment of insolvency.

Nexo is a crypto lending and yield platform founded in 2018 by Antoni Trenchev and Kosta Kantchev, incorporated in the Cayman Islands, that grew to over $11 billion in assets under management. The company paid a $45 million settlement to the SEC and a multistate coalition of regulators in January 2023 over the unregistered offer and sale of its Earn Interest Product, and exited the US market in late 2022. A Bulgarian criminal investigation launched simultaneously was closed in December 2023 for lack of evidence, after which Nexo filed a $3 billion ICSID arbitration claim against Bulgaria; Nexo formally reentered the US market in February 2026 in partnership with Bakkt.

Ripple Labs is a San Francisco-based financial technology company founded in 2012 that developed the XRP Ledger and issues the XRP token for cross-border payments. The company was the subject of a landmark five-year SEC enforcement action alleging a $1.3 billion unregistered securities offering, which concluded in August 2025 via joint dismissal of appeals following a 2024 court-imposed $125 million civil penalty. A 2023 federal court split ruling established that institutional XRP sales constituted unregistered securities while secondary market sales did not, making the case the first significant federal court ruling to distinguish token sale contexts under securities law.

Wirecard AG was a German payment processor and financial services company headquartered in Munich that collapsed in June 2020 after revealing that approximately €1.9 billion in cash held in purported escrow accounts in the Philippines almost certainly did not exist. The scandal, described as the largest corporate fraud in postwar German history, implicated the company's senior leadership, exposed systemic failures by auditor Ernst & Young and German financial regulator BaFin, and revealed intelligence connections through fugitive COO Jan Marsalek, who is alleged to have been a Russian intelligence asset. Criminal proceedings against former CEO Markus Braun and co-defendants were ongoing in Munich as of early 2026, with no verdict yet reached.

On August 2, 2016, the Hong Kong-based cryptocurrency exchange Bitfinex was breached by Ilya Lichtenstein, who fraudulently authorized more than 2,000 transactions to steal 119,756 BTC valued at approximately $72 million at the time. The exchange socialized losses across all customers and issued BFX recovery tokens, redeeming them fully by April 2017. In February 2022, the U.S. Department of Justice arrested Lichtenstein and his wife Heather Morgan, seizing over $3.6 billion in Bitcoin in what was then the largest financial seizure in DOJ history; both pleaded guilty in August 2023 and were sentenced in November 2024.

Celsius Network was a centralized crypto lending platform founded in 2017 that attracted over 1.7 million users and $20 billion in assets under management by offering yields of up to 18% on deposited cryptocurrency. In June 2022 the platform froze all withdrawals, subsequently filed for Chapter 11 bankruptcy in July 2022, and exposed a $1.2 billion balance sheet deficit. Founder and CEO Alex Mashinsky was arrested in July 2023, pleaded guilty to commodities fraud and securities fraud in December 2024, and was sentenced to 12 years in federal prison in May 2025.

Terraform Labs Pte. Ltd. was a Singapore-based blockchain company founded in 2018 by Do Kwon and Daniel Shin, best known for developing the Terra blockchain, the algorithmic stablecoin TerraUSD (UST), and the associated LUNA cryptocurrency. In May 2022, UST lost its dollar peg, triggering a collapse that wiped out approximately $40–45 billion in market capitalization within days. Following SEC civil fraud proceedings, a unanimous jury verdict in April 2024, and a $4.47 billion settlement, the company filed for Chapter 11 bankruptcy in January 2024 and received court approval to wind down operations in September 2024. Co-founder Do Kwon was sentenced to 15 years in federal prison in December 2025.

Alexander Mashinsky is the founder and former CEO of Celsius Network, a cryptocurrency lending platform that collapsed in July 2022 after freezing approximately $4.7 billion in customer assets. In December 2024, Mashinsky pleaded guilty to commodities fraud and a scheme to manipulate the price of Celsius's CEL token; he was sentenced to 12 years in federal prison in May 2025. Regulatory actions were brought by the DOJ, SEC, CFTC, and FTC.

QuadrigaCX was a Canadian cryptocurrency exchange founded in 2013 that collapsed in early 2019 following the death of its CEO Gerald Cotten in India in December 2018. The Ontario Securities Commission concluded in June 2020 that the exchange had operated as a fraud and Ponzi scheme, with Cotten using fictitious balances and customer funds for personal enrichment, causing losses of at least C$169 million across approximately 76,000 affected users.

Voyager Digital was a US-based cryptocurrency brokerage and lending platform founded in 2018 that grew to 3.5 million users and $5.9 billion in assets before filing for Chapter 11 bankruptcy on July 5, 2022, following a $650 million loan default by Three Arrows Capital. The company's collapse resulted in customers losing access to funds, multiple federal regulatory actions against the firm and its CEO Stephen Ehrlich, and the failure of two successive acquisition deals by FTX and Binance.US. After a court-approved liquidation plan in May 2023, creditors received partial distributions estimated at approximately 70% of claims across multiple tranches through 2024.

BlockFi was a cryptocurrency lending platform founded in 2017 by Zac Prince and Flori Marquez, once valued at $3 billion. The company faced a $100 million SEC and state regulator settlement in February 2022 for offering unregistered securities, then collapsed in November 2022 following the implosion of FTX, which had extended BlockFi a $400 million credit facility. After filing Chapter 11 bankruptcy, BlockFi achieved a notable outcome: all creditors received 100% recovery of allowed claims, funded largely by a $874.5 million settlement with FTX/Alameda Research.

Three Arrows Capital (3AC) was a Singapore-based cryptocurrency hedge fund founded in 2012 by Su Zhu and Kyle Davies that, at its peak in early 2022, managed an estimated $10 billion in assets. Severe losses from the Terra/LUNA ecosystem collapse in May 2022 triggered cascading margin calls and a liquidity crisis that led to court-ordered liquidation in the British Virgin Islands on June 27, 2022, leaving more than $3.5 billion in creditor claims. The founders subsequently faced arrest warrants, prison sentences for non-cooperation with liquidators, a nine-year regulatory ban by Singapore's Monetary Authority, and fines from Dubai's virtual asset regulator over a failed post-collapse exchange venture.

Do Hyeong Kwon (born 1991) is a South Korean software engineer and former CEO of Terraform Labs, the company behind the Terra blockchain ecosystem, including the TerraUSD (UST) algorithmic stablecoin and the LUNA cryptocurrency. In May 2022, the Terra ecosystem collapsed, wiping out an estimated $40–45 billion in market capitalization within a week. Kwon was subsequently charged with fraud by U.S. federal prosecutors and the SEC, arrested in Montenegro in March 2023, extradited to the United States in December 2024, pleaded guilty in August 2025, and was sentenced to 15 years in federal prison in December 2025.

Sam Bankman-Fried (SBF) is the co-founder and former CEO of FTX, a now-bankrupt cryptocurrency exchange, and Alameda Research, a crypto trading firm. In November 2022, FTX collapsed after it was revealed that approximately $8 billion in customer funds had been misappropriated and transferred to Alameda Research without customer consent. Bankman-Fried was convicted on all seven criminal counts on November 2, 2023, and sentenced to 25 years in federal prison on March 28, 2024.

Mt. Gox was a Tokyo-based Bitcoin exchange that, at its peak in 2013–2014, handled approximately 70% of all global Bitcoin transactions. In February 2014 it suspended trading and filed for bankruptcy after disclosing the loss of approximately 850,000 BTC — later revised to approximately 650,000 BTC net — due to theft that investigators determined began as early as late 2011. Creditor repayment proceedings under civil rehabilitation law have been ongoing since 2018, with partial distributions commencing in July 2024 and a current deadline of October 31, 2026.

Aave is a decentralized, non-custodial liquidity protocol built on Ethereum and multiple other blockchains, enabling users to supply assets to earn interest or borrow against overcollateralized positions. Founded in 2017 as ETHLend by Finnish lawyer Stani Kulechov, it rebranded to Aave in 2020 and grew into the largest DeFi lending platform by total value locked, reporting over $40 billion in net deposits as of early 2025. The protocol has faced notable security incidents, a multi-year SEC investigation that closed without enforcement in December 2025, ongoing governance tensions between token holders and Aave Labs, and significant indirect exposure to a $292 million exploit in April 2026 attributed to North Korea's Lazarus Group.

Terra was a blockchain protocol developed by Terraform Labs that operated an algorithmic stablecoin (TerraUSD/UST) pegged to the US dollar via a mint-and-burn mechanism with its native token LUNA. In May 2022, UST lost its dollar peg and entered a catastrophic death spiral that wiped out approximately $40-45 billion in market capitalization within days, triggering cascading bankruptcies across the crypto industry. Founder Do Kwon was subsequently charged with fraud by the SEC and DOJ, found liable at trial, and sentenced to 15 years in federal prison in December 2025 — with Terraform Labs agreeing to a $4.47 billion SEC settlement, the largest in SEC crypto enforcement history at the time.

Axiom (axiom.trade) is a Y Combinator-backed Solana trading terminal launched in January 2025 by co-founders Henry Zhang and Preston Ellis. The platform grew rapidly to become the dominant Solana memecoin trading interface, generating over $300 million in fees within 263 days. In February 2026, crypto investigator ZachXBT published an exposé alleging that multiple Axiom employees abused internal 'admin dashboard' access controls to surveil private user wallet data and conduct insider trading over a period of approximately 13 months.

Alameda Research LLC was a quantitative cryptocurrency trading firm founded in November 2017 by Sam Bankman-Fried that served as the primary vehicle for one of the largest financial frauds in U.S. history. Alongside FTX, which Bankman-Fried founded in 2019, Alameda secretly borrowed and misappropriated approximately $8 billion in FTX customer deposits, using the funds for risky trading, venture investments, real estate, and political donations. The collapse of FTX and Alameda in November 2022 triggered criminal convictions for multiple executives, a 25-year prison sentence for Bankman-Fried, and a $12.7 billion CFTC judgment.

Pump.fun (operated by Baton Corporation Ltd.) is a Solana-based memecoin launchpad that launched on January 19, 2024, enabling users to create and trade tokens within seconds for a fraction of a cent. Despite generating over $1 billion in cumulative platform revenue by late 2025, the platform faces a consolidated federal class-action lawsuit alleging operation of an unregistered securities exchange, insider exploitation of MEV infrastructure, and a whistleblower-sourced cache of 5,000+ internal messages alleged to show coordinated market manipulation. Third-party research classifies 98.6% of tokens launched on the platform as rug pulls or pump-and-dump schemes, and North Korea's Lazarus Group has been linked by on-chain investigator ZachXBT to laundering attempts through the platform using fake memecoins after the February 2025 Bybit hack.

SafeMoon was a BNB Chain-based DeFi token launched in March 2021 that rapidly attracted retail investors through celebrity endorsements and social media hype, reaching a peak market capitalization of approximately $17 billion. Federal prosecutors and the SEC charged the project's founders and executives in November 2023 with securities fraud, wire fraud, and money laundering, alleging they secretly misappropriated over $200 million from the liquidity pool for personal enrichment. CEO Braden John Karony was convicted on all counts in May 2025 and sentenced to 100 months in prison in February 2026; CTO Thomas Smith pleaded guilty in February 2025; founder Kyle Nagy remained a fugitive as of early 2026.

[MERGED] This page has been consolidated into the canonical 'drift' investigation. Original content preserved in investigation_logs. Merged on 2026-05-10.

Analysis of the Monad airdrop controversy, including eligibility issues, allocation opacity, and community backlash.

Plastic cutting boards are a major overlooked source of microplastic contamination in the kitchen. One study estimated that a polyethylene board releases between 7.4-50.7g (0.26…

Monad is a high-performance Layer-1 blockchain with disputed tokenomics and airdrop distribution. $269M raised, 230,000+ airdrop recipients.

A single plastic-containing tea bag can release approximately 11.6 billion pieces of microplastic and 3.1 billion pieces of nanoplastic into your cup of tea. This makes tea bags…

Detailed analysis of Monad\

Ultra-processed foods are foods that have undergone multiple industrial processing steps. They have significantly higher microplastic contamination than fresh, whole foods. Rese…

Bottled water contains significantly more micro- and nanoplastics than previously thought. Each time you screw a plastic bottle cap on and off, it generates 553 microplastic par…

PlusToken was a cryptocurrency Ponzi scheme that defrauded an estimated 3 million investors of between $2 billion and $3 billion in digital assets.

OneCoin was a fraudulent cryptocurrency scheme founded in 2014 by Ruja Ignatova ('Cryptoqueen') and Karl Sebastian Greenwood, which defrauded approximately 3.5 million investors worldwide of over $4 billion. The scheme operated through a fake private blockchain and multilevel marketing network before collapsing in 2017. Greenwood was sentenced to 20 years in prison in 2023; Ignatova remains a fugitive on the FBI Ten Most Wanted list with a $5 million reward for information leading to her arrest.

Comprehensive guide to offshore crypto exchanges lacking proper regulatory oversight

Detailed warning about KCEX exchange and documented cases of fund confiscation

Fomo (fomo.family) is a consumer social crypto trading app developed by FOMO Labs, Inc. of San Francisco, co-founded by former dYdX employees Paul Erlanger and Se Yong Park. Launched in May 2025 and backed by $19 million in funding led by Benchmark Capital, the platform operates on Solana, Base, and BNB Chain with a non-custodial wallet architecture. The platform is explicitly unregulated, has no publicly disclosed security audits, charges flat per-trade fees that disadvantage small traders, and has spawned at least one active phishing/wallet-drainer scam site impersonating its brand.

Drift Protocol is a decentralized perpetual futures exchange built on the Solana blockchain, founded in 2021 by Cindy Leow, David Lu, and co-founders. The protocol has experienced two significant security incidents: a $14.5 million PnL accounting bug in May 2022 triggered by the LUNA collapse (fully reimbursed), and a catastrophic $285–286 million exploit on April 1, 2026, attributed with medium-high confidence to the North Korean state-sponsored threat actor UNC4736 (also tracked as Lazarus Group, AppleJeus, and Citrine Sleet), which constituted the largest DeFi hack of 2026. A $295 million recovery plan involving Tether-led financing and user-issued recovery tokens was announced in May 2026; a class action lawsuit was simultaneously filed against Circle Internet Financial.

Solana is a high-performance blockchain platform that has experienced significant technical instability, ecosystem fraud, and regulatory challenges since its 2020 launch. While positioned as an "Ethereum killer," the network has suffered from multiple outages, massive meme coin scams, and legal scrutiny regarding its centralization and potential securities classification.

<cite index="4-7,1-2">Terra was a blockchain protocol created in 2018 that collapsed in May 2022, wiping out almost $45 billion in market capitalization within one week</cite>. <cite index="11-1,13-5,15-15">The project was founded by Do Kwon, who was charged with securities fraud by the SEC in February 2023, found liable for defrauding investors in April 2024, and sentenced to 15 years in prison in December 2025</cite>. <cite index="3-1,7-1">At its peak, Terra was the third largest cryptocurrency ecosystem after Bitcoin and Ethereum before collapsing in three days in May 2022</cite>.

Chads (chads.wtf) is a Solana-based PFP/avatar NFT collection of 5,565 algorithmically generated pixel-art characters that minted on April 20, 2023 via the Elixir launchpad. The project positioned itself as a meme-culture social club with utility promises including ChadOS tooling, a YesDAO community treasury, and a YES token reward system. No formal fraud or rug pull allegations have been found in credible sources, but the collection has experienced a significant value decline of approximately 97.5% from its December 2023 all-time high, several roadmap deliverables remain unverified as shipped, and the founding team has not publicly doxxed their identities.

Kraken (operated by Payward, Inc.) is one of the largest and longest-running cryptocurrency exchanges in the world, founded in 2011 and publicly launched in 2013 in San Francisco. The exchange holds a Wyoming special purpose depository institution bank charter and serves approximately 15 million users across 190+ countries. While Kraken is a legitimate, operating business and has not been the subject of exit-scam or market-manipulation allegations, it has accumulated a substantial regulatory enforcement record across multiple jurisdictions, experienced a zero-day security exploit in 2024, and faced an active extortion attempt in April 2026 tied to insider-related data access incidents.

Phantom Wallet is a self-custody, non-custodial cryptocurrency wallet developed by Phantom Technologies, Inc., headquartered in San Francisco. Originally launched in 2021 as a Solana-focused browser extension, it has expanded to support Ethereum, Bitcoin, Polygon, Base, and Sui across browser extensions and mobile apps, with approximately 15 million monthly active users and $25 billion in self-custodied assets as of early 2025. The company is well-funded and has engaged constructively with US regulators, though it faces an active civil lawsuit alleging a browser-extension security flaw, and its users have been materially targeted by phishing impersonators and fake app-store clones.

Jupiter Exchange (jup.ag) is the dominant DEX aggregator on Solana, founded in October 2021 by pseudonymous co-founder Meow and Siong Ong. It handles an estimated 95% of Solana aggregator volume and has expanded into perpetuals trading, lending, liquid staking, and a native stablecoin, positioning itself as a 'DeFi superapp.' While the platform is legitimate and widely used with over $2.2 trillion in cumulative swap volume, it has accumulated a series of documented controversies including a co-founder racial slur incident, misleading lending risk disclosures, a governance crisis over team voting power, an X account hack that caused user losses, and community concerns about ecosystem monopolization through acquisitions.

Titan Exchange is a Solana-based meta-DEX aggregator founded in 2024 that routes swaps across multiple aggregators, including its own proprietary routing engine, to deliver competitive pricing. The platform raised $10.5M in venture funding and publicly launched in September 2025, positioning itself as the primary competitor to Jupiter, the dominant Solana DEX aggregator. While no verified fraud or regulatory action has been found against Titan itself, the investigation surfaces several concerns: self-reported and inconsistent performance benchmarks, an unconfirmed token/airdrop creating speculative user activity, an API-blocking dispute with major incumbent aggregators, and the context of Titan capitalizing on a reputational controversy surrounding Jupiter's founder.

ZachXBT (legal name Zachary Wolk, revealed through 2023 court filings) is a pseudonymous American blockchain investigator and OSINT researcher who has operated since 2021, publishing forensic investigations into cryptocurrency fraud, scams, and large-scale thefts. He is widely regarded as one of the most consequential independent crypto investigators, credited with helping recover over $350 million in stolen assets and contributing evidence that has led to multiple arrests across several countries. He maintains strict anonymity and has no formal law enforcement affiliation, though he joined Paradigm as an incident response advisor in February 2025.

Genesis Global Trading, Inc. and its affiliated lending entity Genesis Global Capital, LLC were major crypto OTC trading and institutional lending businesses operating as subsidiaries of Digital Currency Group (DCG), founded by Barry Silbert. Cascading losses from Three Arrows Capital's June 2022 default and further exposure to FTX's November 2022 collapse caused Genesis to suspend customer withdrawals on November 16, 2022, and to file for Chapter 11 bankruptcy on January 19, 2023. The bankruptcy involved over $3 billion in creditor claims, regulatory action by the SEC and New York Attorney General, and ongoing litigation alleging fraud by DCG and its executives.

Axie Infinity is a blockchain-based play-to-earn NFT game developed by Vietnam-based Sky Mavis in which players collect, breed, and battle digital creatures called Axies on the Ronin sidechain. In March 2022 the game's underlying Ronin bridge was exploited for 173,600 ETH and 25.5 million USDC — approximately $625 million at the time — in what the US Treasury and FBI attributed to North Korea's Lazarus Group, making it the largest DeFi hack in history at that point. Sky Mavis subsequently raised $150 million to compensate affected users, hardened the Ronin validator set, and pivoted the game toward a land-based expansion called Homeland, though token prices and player counts have not recovered to 2021 peak levels.

Visor Finance was an Ethereum-based DeFi protocol offering active liquidity management for Uniswap v3 concentrated liquidity positions via smart-contract vaults called Hypervisors. The protocol suffered three separate security incidents in 2021 — an admin-key compromise in June ($500K), a price-manipulation attack in November (alleged $773K), and a critical reentrancy exploit in December that drained approximately $8.2M in VISR tokens from the vVISR staking contract. Following the December exploit, Visor merged with co-funded research arm Gamma Strategies in January 2022 and rebranded entirely, migrating token holders to the GAMMA token.

Frosties was an 8,888-piece Ethereum-based NFT collection themed around animated ice cream characters that launched on January 9, 2022, raising approximately $1.1 million before its creators executed a premeditated rug pull within hours of mint sellout. Ethan Nguyen (pseudonym 'Frostie') and Andre Llacuna (pseudonym 'heyandre'), both then 20 years old, were arrested in Los Angeles in March 2022 and charged with conspiracy to commit wire fraud and conspiracy to commit money laundering in the Southern District of New York, marking the first U.S. federal criminal prosecution of an NFT rug pull. Llacuna subsequently pleaded guilty and testified as a government witness in the Roman Storm Tornado Cash trial, while the case established that existing federal wire fraud statutes apply to NFT fraud schemes.

Warp Finance was an Ethereum-based DeFi lending protocol that allowed users to borrow stablecoins against Uniswap liquidity provider (LP) tokens as collateral. On December 17–18, 2020, roughly one week after launch, an attacker exploited a manipulable AMM-based price oracle to artificially inflate LP token collateral values using flash loans, draining approximately $7.76 million in DAI and USDC. Approximately $5.85 million (roughly 75%) was subsequently recovered from the attacker's locked collateral with assistance from the white-hat community; the protocol relaunched in February 2021 with Chainlink price feeds replacing the vulnerable Uniswap oracle.

Tinyman is an automated market maker (AMM) and decentralized exchange (DEX) built on the Algorand blockchain, launched on mainnet in October 2021. On January 1, 2022, attackers exploited a logic flaw in the protocol's pool-token burn function to drain approximately $3 million in wrapped Bitcoin and Ethereum assets across 43 pools. Tinyman subsequently patched the contracts, launched a compensation program covering all affected liquidity providers, and released a fully re-audited v2.0 protocol in early 2023.

Kevin Rose is an American internet entrepreneur, venture investor, and co-founder of the PROOF Collective and Moonbirds NFT project. On January 25, 2023, Rose was the victim of a sophisticated spear-phishing attack in which he was socially engineered into signing a malicious transaction, resulting in the theft of approximately 40 NFTs valued at an estimated $1.09–$1.5 million USD from his personal krovault.eth wallet. Rose is categorized as a victim of crypto fraud, not a perpetrator; the incident is notable for illustrating signature-based approval risks in NFT marketplaces.

Torque Trading Systems (trading as Torque Group Holdings Limited) was a Singapore-founded, British Virgin Islands-incorporated cryptocurrency trading platform that operated from 2019 until its collapse in February 2021. The platform promised daily returns of 0.15–0.45% through alleged AI-driven algorithmic trading and operated a multi-level marketing referral structure, characteristics widely identified by analysts as consistent with a Ponzi scheme. At collapse, creditor claims totalled approximately US$325 million while liquidators could recover only around US$9.1 million in assets; founder Bernard Ong Hock Fong was subsequently sued by liquidators in Singapore's High Court for allegedly misappropriating US$25.3 million in Bitcoin.

Bilaxy is a centralized cryptocurrency exchange founded in 2018 and registered in the Seychelles. On August 28, 2021, the exchange suffered a hot wallet compromise in which an attacker transferred approximately 295–297 ERC-20 tokens valued at roughly $21–30 million to a single external address. The exchange suspended all services, later claimed to have reimbursed most affected users using platform funds, but drew sustained user complaints about exorbitant post-hack withdrawal fees and withheld balances.

Zipmex was a Southeast Asian cryptocurrency exchange founded in 2018 and licensed to operate in Thailand, Singapore, Indonesia, and Australia. In July 2022, the exchange suspended customer withdrawals after disclosing $53 million in losses stemming from exposure to collapsed crypto lenders Babel Finance and Celsius Network. Multiple rescue deals failed, the Singapore entity entered voluntary liquidation in May 2024, Thai regulators revoked its operating licenses, and the former CEO of Zipmex Thailand was charged with fraud and deception by the Thai Securities and Exchange Commission.

Liquid Global (operating under its parent entity Quoine Pte. Ltd.) was a Japanese-headquartered cryptocurrency exchange founded in 2014 and rebranded from QUOINE to Liquid in 2018. In August 2021, the exchange suffered one of the largest exchange hacks of that year — approximately $97 million in Bitcoin, Ethereum, XRP, TRON, and other tokens stolen — with the attack subsequently attributed by Chainalysis to actors working on behalf of the DPRK, consistent with Lazarus Group tradecraft. FTX provided a $120 million emergency loan days after the breach, then acquired Liquid outright in April 2022; when FTX itself filed for Chapter 11 bankruptcy in November 2022, Liquid halted all withdrawals and customer funds were caught in the subsequent restructuring proceedings.

Babel Finance was a Hong Kong-based crypto lending and asset management firm that raised $80 million at a $2 billion valuation in May 2022, only to suspend all withdrawals the following month citing 'unusual liquidity pressures.' Internal restructuring documents later revealed that co-founder Wang Li had directed the firm's proprietary trading desk using customer funds with no risk controls, resulting in losses ultimately totaling $766 million and triggering insolvency proceedings in Singapore.

PlayDapp is a South Korean blockchain gaming platform and NFT marketplace founded in 2017 and operating on Ethereum and Polygon. In February 2024, an attacker who had obtained PlayDapp's contract deployer private key via a phishing email added themselves as an authorized minter and minted 1.79 billion PLA tokens across two events, representing a nominal loss of approximately $290 million. The platform subsequently suspended the PLA smart contract and executed a 1:1 migration to a new token (PDA) to remediate the illegitimate token supply.

NiceHash is a Slovenian cryptocurrency mining marketplace founded in 2014 that allows users to buy and sell hashing power. In December 2017 the platform suffered one of the largest crypto exchange hacks of that year, with attackers stealing approximately 4,736 BTC (valued at roughly $64 million at the time) after compromising an employee's computer through a spear-phishing attack. The breach was subsequently attributed to North Korea's Lazarus Group, and NiceHash completed a full user repayment program in December 2020 after a three-year effort funded from operational revenue.

Mirror Trading International (MTI) was a South African cryptocurrency trading company operated by Johann Steynberg that collected approximately $1.7 billion in Bitcoin from roughly 300,000 investors worldwide between 2018 and 2020, falsely claiming a proprietary artificial intelligence trading bot would generate consistent monthly returns. The scheme was a classic Ponzi structure in which new investor deposits were used to pay earlier participants while no substantive trading occurred. MTI collapsed in December 2020 when Steynberg fled to Brazil; the company was subsequently placed into liquidation, and both the South African and U.S. courts have formally declared it a fraudulent pyramid and Ponzi scheme.

BTC-e was a cryptocurrency exchange founded in 2011 that operated without KYC or AML controls and processed over $9 billion in transactions for more than one million users worldwide before U.S. law enforcement shut it down in July 2017. The exchange became a primary laundering venue for proceeds from the Mt. Gox hack, ransomware campaigns, dark-web drug markets, and other criminal schemes. Its principal operator, Alexander Vinnik, was arrested in Greece in 2017, convicted in France, extradited to the United States, and ultimately released in a February 2025 prisoner exchange with Russia.

Coinrail was a small South Korean cryptocurrency exchange that suffered a major security breach on June 10, 2018, resulting in the theft of approximately $40 million worth of ERC-20 tokens including NPXS (Pundi X), ATX (Aston X), DENT, and others. The incident triggered a broader cryptocurrency market sell-off, contributing to a loss of over $40 billion in total crypto market capitalization. Following the hack, Coinrail suspended trading operations and cooperated with South Korean law enforcement; the exchange subsequently transitioned to an offline platform and never fully resumed normal operations.

Pincoin was an ERC-20 token issued by Modern Tech Joint-Stock Company, a Ho Chi Minh City-based firm that operated a dual-token multi-level marketing Ponzi scheme alongside a companion token called iFan. Between 2017 and early 2018, Modern Tech allegedly raised approximately $660 million USD (15 trillion Vietnamese dong) from around 32,000 investors in Vietnam by promising monthly returns of 40–48 percent and recruitment commissions. In April 2018, the company ceased all cash payments, began issuing worthless iFan tokens in lieu of returns, and then vacated its offices; eight named founders fled Vietnam and have not been extradited.

GAW Miners and its CEO Homero Joshua Garza operated a large-scale cryptocurrency fraud between mid-2014 and early 2015, selling cloud-mining contracts (Hashlets) backed by computing power that did not exist and subsequently launching a cryptocurrency called Paycoin (XPY) with fabricated promises of a $20 price floor guaranteed by a nonexistent $100 million reserve fund. The scheme defrauded more than 10,000 investors of approximately $9.2 million in one of the earliest major crypto enforcement actions in the United States. Garza pleaded guilty to wire fraud in July 2017 and was sentenced to 21 months in federal prison in September 2018; the SEC obtained parallel civil judgments totaling over $22 million against Garza and the two corporate entities.

Haru Invest was a South Korean crypto yield platform operated by BlockCrafters that abruptly suspended all deposits and withdrawals on June 13, 2023, freezing an estimated $1 billion in user funds across approximately 80,000 investors in 140 countries. The platform initially attributed the crisis to alleged fraud by a consignment partner, B&S Holdings, but South Korean prosecutors subsequently charged three company executives — including CEO Hugo Hyungsoo Lee — with embezzling approximately 1.1 trillion won ($828 million) from users. CEO Lee was acquitted of fraud charges by the Seoul Southern District Court in mid-2025, while the platform was declared bankrupt in November 2024 and user recovery proceedings remain ongoing.

YAM Finance was an experimental DeFi rebase protocol launched on August 11, 2020 after only ten days of development and without a formal security audit. A single missing division operator in the rebase function caused the protocol to mint an astronomical surplus of YAM tokens to its treasury, rendering on-chain governance permanently inoperable within roughly 35 hours of launch; a community rescue attempt failed and approximately $750,000 in yCRV tokens were permanently locked. The protocol was subsequently relaunched as YAMv2 and YAMv3 following a PeckShield audit, but never recovered its initial market position or community trust.

Mirror Protocol was a decentralized synthetic-asset protocol built on the Terra blockchain, launched by Terraform Labs in December 2020, that allowed users worldwide to mint and trade mAssets tracking the prices of real-world equities and other assets. The protocol suffered two separate exploits totaling over $92 million — a $90 million lock-contract vulnerability in October 2021 that went undetected for seven months, and a $2 million oracle-pricing exploit in May 2022 coinciding with the catastrophic collapse of the Terra/Luna ecosystem. The U.S. Securities and Exchange Commission subsequently charged Terraform Labs and CEO Do Kwon with securities fraud in February 2023, with MIR governance tokens and other Terra assets named as unregistered securities; Terraform and Kwon agreed to pay $4.47 billion to settle those charges in June 2024. Mirror Protocol has been dormant since August 26, 2022.

Hodlnaut was a Singapore-based cryptocurrency lending platform founded in 2019 by Zhu Juntao and Simon Lee that suspended all withdrawals in August 2022 after suffering an estimated $189.7 million in losses tied to undisclosed exposure to the Terra/UST ecosystem. Company directors allegedly misled regulators and users about the extent of their Terra exposure in the weeks following the May 2022 collapse, and over 1,000 financial documents were deleted to obstruct judicial managers. The Singapore High Court ordered the platform wound up in November 2023, and former CEO Zhu Juntao was charged with six counts of fraud by false representation in May 2026.

OlympusDAO is a decentralized reserve currency protocol launched in March 2021 on Ethereum, issuing the OHM token backed by a treasury of on-chain assets. It attracted billions in TVL during 2021 through ultra-high staking APYs exceeding 7,000% and a viral '(3,3)' game-theory meme, before OHM collapsed more than 99% from its all-time high. The protocol remains operational but is a shadow of its peak, having transitioned toward sustainable lending products while continuing to face unresolved legal claims and a documented smart contract exploit.

Iron Finance was a multi-chain algorithmic stablecoin protocol deployed on Polygon and Binance Smart Chain in early 2021, best known for its IRON stablecoin partially collateralized by the protocol's native TITAN token. In June 2021, large token holders began liquidating their TITAN positions, triggering a negative feedback loop that drove TITAN from approximately $65 to near zero in a matter of hours and is widely cited as the first large-scale bank run in DeFi history. Estimated user losses reached approximately $2 billion, and the incident prompted prominent investor Mark Cuban — who publicly held positions in the protocol — to call for stablecoin regulation.

bZx Protocol was an Ethereum-based decentralized margin trading and lending protocol founded in 2017 by Tom Bean and Kyle Kistner. The protocol suffered four separate security incidents between 2020 and 2021, culminating in a ~$55 million hack attributed to a phishing-induced private key compromise. Following a transfer of control to a DAO structure, the successor Ooki DAO was sued by the CFTC for operating an unregistered derivatives exchange, ultimately receiving a default judgment, trading bans, and a court-ordered shutdown in June 2023.

HashFlare was an Estonian cloud mining service founded by Sergei Potapenko and Ivan Turogin under their company HashCoins OU. Operating from 2015 to 2019, the platform allegedly sold fraudulent cryptocurrency mining contracts backed by virtually no real mining infrastructure, defrauding over 440,000 customers worldwide of approximately $577 million. Both founders were arrested in Tallinn in November 2022, extradited to the United States, and pleaded guilty in February 2025 to conspiracy to commit wire fraud; they were sentenced in August 2025 to time served (16 months).

Fei Protocol was an algorithmic stablecoin project that launched in April 2021 with the largest DeFi genesis event in history at the time, raising approximately $1.3 billion in ETH, but whose novel 'direct incentive' peg mechanism immediately failed and trapped early participants with severe withdrawal penalties. After merging with Rari Capital to form Tribe DAO in December 2021, the combined protocol suffered an $80 million reentrancy exploit in April 2022 that precipitated a contentious governance crisis and the eventual dissolution of the DAO. Fei Labs and Rari Capital separately faced legal and regulatory consequences, including a class action securities settlement of $17.85 million and SEC charges against Rari Capital and its founders.

BitGrail was a Florence-based Italian cryptocurrency exchange operated by Francesco Firano (online alias 'The Bomber') that collapsed in February 2018 following the alleged theft of approximately 17 million Nano (XRB) tokens then valued at roughly $170 million. Evidence gathered by Italian investigators and the Italian Bankruptcy Court indicated that Firano was aware of unauthorized withdrawals as early as mid-2017 yet continued to attract new users without disclosure, and that he transferred 230 Bitcoin to a personal account three days before publicly announcing the loss. Both the exchange and Firano personally were declared bankrupt by an Italian court in January 2019; Italian Postal Police subsequently charged Firano with computer fraud, fraudulent bankruptcy, and money laundering in December 2020.

Evolved Apes was a 10,000-piece Ethereum NFT collection that launched in late September 2021 with promises of an accompanying blockchain fighting game. Within one week of mint, the anonymous developer known as 'Evil Ape' disappeared with approximately 798 ETH (~$2.7 million USD), taking down the project's website and Twitter account. In June 2024, the U.S. Department of Justice charged three UK nationals — Mohamed-Amin Atcha, Mohamed Rilaz Waleedh, and Daood Hassan — with conspiracy to commit wire fraud and conspiracy to commit money laundering in connection with the scheme.

Vauld was a Singapore-headquartered crypto lending and exchange platform founded in 2018 by Darshan Bathija and Sanju Kurian, backed by Coinbase Ventures, Valar Ventures (Peter Thiel), and Pantera Capital. On July 4, 2022, Vauld suspended all withdrawals, deposits, and trading after disclosing a $70 million asset deficit, freezing approximately $330 million in customer funds belonging to roughly 150,000 retail creditors. Following the collapse of an attempted acquisition by Nexo, Vauld's Singapore parent entity DeFi Payments Pte Ltd successfully completed a court-sanctioned Scheme of Arrangement in August 2023 projecting recoveries of up to 93% on unsecured creditor claims.

Wonderland Finance was an OlympusDAO-style reserve currency protocol launched in September 2021 on Avalanche by Daniele Sestagalli, offering rebase staking yields of up to 80,000% APY with its TIME and wMEMO tokens. In January 2022, on-chain investigator ZachXBT revealed that the protocol's anonymous treasury manager, known as '0xSifu', was Michael Patryn — a convicted felon and co-founder of the fraudulent Canadian exchange QuadrigaCX — triggering an immediate collapse in token prices and a governance crisis that effectively ended the protocol. Sestagalli later acknowledged he had known Patryn's identity for weeks before the public disclosure.

Anchor Protocol was a decentralized money market built on the Terra blockchain that offered a near-fixed 20% APY on deposits of the algorithmic stablecoin UST. The advertised yield was structurally unsustainable, requiring repeated multi-hundred-million-dollar cash injections from Terraform Labs to prevent reserve depletion. When UST depegged in May 2022, a bank run on Anchor drained over $14 billion in TVL within days and accelerated the complete collapse of the Terra/Luna ecosystem, destroying an estimated $40 billion in market value.

Cryptopia was a New Zealand-based cryptocurrency exchange founded in 2014 in Christchurch that grew to over 1.4 million users before suffering a critical security breach in January 2019 in which approximately NZ$24 million (roughly USD $16 million) in Ethereum and ERC-20 tokens was stolen. The hack rendered the company insolvent, leading to its placement into liquidation in May 2019 under Grant Thornton New Zealand as appointed liquidators. The resulting legal proceedings produced a landmark 2020 High Court ruling — Ruscoe v Cryptopia Limited (In Liquidation) [2020] NZHC 728 — establishing that cryptocurrencies are intangible property capable of being held on trust under common law.

CryptoZoo was a blockchain-based NFT game co-founded by YouTuber Logan Paul, launched in September 2021 with promises of a playable play-to-earn game involving exotic animal NFTs and a native ZOO token; the game never launched as described. A December 2022 three-part investigative series by YouTuber Coffeezilla alleged the project was a scam, exposing alleged mismanagement, insider token dumping, and a lead developer who allegedly fabricated his credentials and held the game code hostage. Logan Paul offered a partial refund program, was cleared of fraud charges when a class-action lawsuit was dismissed in October 2025 on 'puffery' grounds, but faces a separate ongoing defamation trial over his suit against Coffeezilla.

Stefan He Qin is an Australian national who founded and operated two cryptocurrency hedge funds — Virgil Sigma Fund LP and VQR Multistrategy Fund LP — between 2016 and 2020, fraudulently raising approximately $90 million from over 100 investors by fabricating returns and misrepresenting fund strategy. He siphoned investor assets for personal use, attempted to raid a second fund to cover losses, and was arrested after SEC intervention in December 2020. Qin pleaded guilty to federal securities fraud in February 2021 and was sentenced to 90 months in prison in September 2021, making his case one of the largest individual crypto fraud prosecutions prior to the FTX collapse.

Pixelmon is a Pokemon-inspired NFT game project that raised approximately $70 million in a February 2022 Dutch-auction mint before revealing artwork widely described as comically low quality, causing an immediate collapse in floor price of roughly 88%. The project's original founder, identified as Martin van Blerk (online handle 'Syber'), was accused of misrepresentation and had a documented history of unfulfilled crowdfunding campaigns; treasury funds were observed being spent on third-party NFTs rather than development. The project was subsequently acquired by Web3 venture studio LiquidX, which relaunched it with new leadership, revised artwork, and a native MON token, though the original mint episode remains one of the most publicized cases of NFT overpromising in the 2021-2022 cycle.

KuCoin is a global cryptocurrency exchange founded in 2017 that has accumulated one of the most serious regulatory and security records in the industry. The exchange suffered a $285 million hot-wallet hack in September 2020 attributed to North Korea's Lazarus Group, and in January 2025 pleaded guilty to operating an unlicensed money transmitting business in the United States, agreeing to pay over $297 million in fines and forfeitures and exit the US market for at least two years. On-chain investigator ZachXBT has publicly alleged that KuCoin continues to enable illicit fund flows by ignoring victim and law enforcement requests.

Meteora is a Solana-based decentralized exchange and liquidity protocol, originally founded as Mercurial Finance before rebranding in 2023. Its co-founder Benjamin Chow resigned in February 2025 amid allegations that the platform's infrastructure was used to orchestrate coordinated pump-and-dump schemes across at least 15 tokens including LIBRA, MELANIA, M3M3, ENRON, and TRUST, causing an estimated $69 million or more in retail investor losses. Multiple class-action lawsuits are active in the Southern District of New York asserting fraud, RICO violations, and market manipulation; the protocol also issued a $4.2 million MET token airdrop to wallets linked to the Trump team hours after the amended complaint was filed, with all tokens immediately sent to OKX.

Bitget is a Seychelles-incorporated centralized cryptocurrency exchange founded in 2018, offering spot, futures, and copy trading to a claimed user base exceeding 150 million. While the exchange has never suffered a direct hack of user funds and publishes monthly proof-of-reserves attestations, it faces a pattern of serious regulatory actions across multiple jurisdictions — including blacklisting by France's AMF, warnings from Australia's ASIC and Japan's FSA, and a ban by the Philippines SEC — and has attracted allegations from blockchain investigator ZachXBT that it knowingly enabled supply-control market manipulation schemes targeting retail traders in 2026.

JUDAO is a deflationary BEP-20 token deployed on BNB Smart Chain and trading primarily on PancakeSwap, with a self-described 'T3 JUDAO' iteration launched in January 2026 and a separate 'JUDAO 3.0' variant announced as part of the JuCoin ecosystem via NordCore Labs. On April 28, 2026, the token's liquidity pool was drained of approximately $228,000 through a flash loan exploit that exploited a double-reserve-sync vulnerability in its custom transfer logic. The project's parent exchange JuCoin was independently flagged by on-chain investigator ZachXBT as 'sketchy' in March 2025, and JUDAO 3.0 has no verifiable audit, no identified founding team, and no smart contract security review on record.

Singularity Finance (SFI) is an EVM-compatible Layer 2 blockchain protocol that emerged in late 2024 from a three-way token merger involving SingularityDAO, Cogito Finance, and SelfKey, positioning itself as a DeFAI (decentralized finance plus AI) platform within the Artificial Superintelligence Alliance ecosystem. The SFI token launched at an ICO price of approximately $0.123 in February 2025, reached an all-time high near $0.20 on launch day, and had declined approximately 97-98% to around $0.004 by May 2026. On-chain investigator ZachXBT has flagged Singularity Finance as a concern; independently verifiable risk indicators include a catastrophic post-ICO price collapse, an undelivered Q1 2025 mainnet promise, an unaudited smart contract, a reported CertiK Skynet score of 3.6 out of 10, and significant token supply overhang with only 31% of the 500 million maximum supply in circulation.

ZetaChain is a San Francisco-based omnichain Layer 1 blockchain that enables native cross-chain smart contracts connecting Bitcoin, Ethereum, and other networks. The protocol has been flagged by community investigators and crypto-security observers following a premeditated $334,000 exploit of its GatewayEVM smart contract in April 2026, which the team's own earlier bug-bounty review had dismissed as intended behavior. Additional concerns include a controversial airdrop policy that rewarded sybil actors, persistent token unlock sell pressure, and structural centralization risks inherent to its Threshold Signature Scheme validator design.

Local Traders (localtraders.finance) is a peer-to-peer cryptocurrency exchange and native token (LCT) project launched in 2021, headquartered in Chile and targeting Latin American and African markets. On May 23, 2023, the platform's smart contract was exploited due to a missing access-control check, resulting in approximately 379 BNB (~$119,000) stolen from its liquidity pool. The LCT token has since declined approximately 99.9% from its all-time high, the platform has shown limited trading volume, unverified team credentials, and a lack of regulatory registration, and the project was flagged by on-chain investigator ZachXBT.

Superteam is a community-run talent network and grant accelerator operating as the contributor layer of the Solana ecosystem, founded by Tanmay Bhat and Akshay BD and active across 23+ global chapters. The organization has been flagged for investigation by ZachXBT, though no published, verifiable ZachXBT post or report specifically naming Superteam as a fraudulent entity was located during this investigation; the exact nature and basis of that flag remains unconfirmed. Separately, Superteam Earn — the organization's public freelance bounty and job platform — operates within a segment of the Solana ecosystem that regulators, Google Cloud threat intelligence, and on-chain investigators have identified as systematically targeted by DPRK-linked IT workers using false identities.

Amun refers to two related but distinct entities: Amun AG, a Swiss ETP issuer that rebranded to 21Shares in 2020 and lists regulated crypto exchange-traded products on the SIX Swiss Exchange; and Amun Ltd / Amun DeFi Tokens, a separate DeFi arm that issued leveraged tokens and on-chain index products on Ethereum and Polygon. The DeFi arm experienced a critical smart contract exploit on December 26, 2022 resulting in approximately $300,000 in losses, followed by the termination of multiple product lines. On-chain investigator ZachXBT has been cited in connection with flagging Amun, though a specific, verifiable public post could not be independently confirmed at the time of this investigation.

ARA Finance is an Avalanche-based DeFi project that launched in December 2021, combining a yield farm (Goose/Masterchef fork) with a decentralized reserve currency protocol modeled on Olympus DAO (OHM). The project underwent a failed v1 launch, published a postmortem acknowledging market collapse, and pivoted to a v2 with minimal transparency. As of 2026, the protocol is effectively defunct with a TVL of approximately $1,500, a token classified as a dead coin, and an anonymous team that ceased meaningful communication.

Scallop Lend is a DeFi lending and borrowing protocol deployed on the Sui blockchain, and the first DeFi project to receive an official grant from the Sui Foundation. On April 26, 2026, the protocol suffered a flash-loan exploit that drained approximately 150,000 SUI (roughly $142,000) from a deprecated rewards contract that had remained callable on-chain for approximately 17 months despite no longer being in active use. The protocol covered 100% of user losses from treasury reserves and resumed operations within two hours, though the incident raised questions about legacy contract hygiene and the completeness of prior audits by OtterSec, MoveBit, and Zellic.

LAB is the native token of an AI-powered multi-chain trading terminal that launched via a Binance Wallet exclusive Token Generation Event in October 2025. In May 2026, on-chain investigator ZachXBT published two investigations alleging that insiders controlled more than 95% of the token supply, coordinated a pump to a $6 billion fully diluted valuation, and withdrew approximately 100 million LAB tokens worth $480 million through 10 freshly created wallets before the price crashed more than 65%. The alleged scheme involved a BVI-registered shell company, predatory OTC loan agreements, unilateral vesting changes, and on-chain links to a broader pattern of exchange-facilitated supply-control manipulation attributed to an unknown market maker operating primarily through Bitget.

NEAR Protocol is a layer-1 proof-of-stake blockchain launched in 2020, founded by Illia Polosukhin (co-author of the transformer architecture paper 'Attention Is All You Need') and Alexander Skidanov (formerly of MemSQL and Google). The core protocol has not been exploited, and its security posture includes an active HackenProof bug bounty program that paid out $1.8 million to ethical researchers. Key risk factors include: the NEAR token being named as an unregistered security in SEC lawsuits against Coinbase and Kraken (2023); a significant DeFi protocol in its ecosystem (Rhea Finance) losing $7.6–18.4 million in an oracle-manipulation exploit (April 2026); and on-chain investigator ZachXBT publicly flagging a privacy design flaw in the Zashi wallet's NEAR Intents cross-chain integration (October 2025).

Zircon Gamma was a Moonriver-deployed automated market maker (AMM) built by Zircon Labs that pioneered single-sided liquidity provision via its Pylon risk-tranching mechanism. On March 18, 2023, an attacker exploited a vulnerability in the protocol's modified Uniswap V2 core across both its Moonriver and BNB Chain deployments, draining approximately $350,000 in user funds. Following the exploit, the ZRG token lost essentially all market value, development activity ceased by mid-2023, and the promised relaunch and debt-repayment plan have not been publicly demonstrated as fulfilled.

Palmswap was a decentralized perpetual futures exchange built on BNB Chain (Binance Smart Chain), launched in 2022 and offering up to 50x leverage trading via its PALM governance token and PLP liquidity provider token. On July 24–25, 2023, the protocol suffered a flash loan price manipulation exploit that drained approximately $901,455 USDT from its liquidity vault due to a critical smart contract logic flaw in the PlpManager contract. The exploiter ultimately returned $721,450 of the stolen funds after bounty negotiations, but the protocol's liquidity partner Gotbit was subsequently indicted and convicted by US federal prosecutors for market manipulation and wire fraud, raising additional integrity concerns about the project's ecosystem.

Bond Protocol is a permissionless bonds-as-a-service platform for DeFi, spun out of OlympusDAO's Olympus Pro product via a governance vote in mid-2022. In October 2022 — just weeks after its public launch — the protocol's Fixed-Expiry Teller smart contract was exploited for approximately $300,000 in OHM tokens due to a missing input validation vulnerability that had evaded three prior independent audits. The attacker ultimately returned all funds, the team underwent re-auditing with Zellic and Sherlock, and the protocol raised $2.5M in seed funding, though its TVL has since declined to minimal levels.

Keep3r Network (KP3R) is a decentralized keeper-job matching protocol launched in October 2020 by Andre Cronje, the creator of Yearn Finance. The protocol has experienced multiple security incidents including a $211k exploit in June 2023, a latent two-year-old vulnerability in its GaugeProxyV2 contract discovered in September 2022, and its oracle was implicated in the $15.6M Inverse Finance hack of April 2022. ZachXBT has flagged the protocol in the context of broader DeFi security concerns, and the project has been surrounded by scam forks, impersonator accounts, and fraudulent staking services operated by unaffiliated parties.

ArbiSwap was a decentralized exchange (DEX) launched on the Arbitrum network in February 2023 that executed a rug pull on March 2, 2023, approximately six days after launch, stealing roughly 84 ETH (over $100,000) from users and moving the proceeds through Tornado Cash. The anonymous developer exploited a hidden 'recoverToken' function in a swapped smart contract to drain liquidity pools while the ARBI governance token collapsed more than 99% in value. The project attracted $4.4 million in total value locked by advertising unsustainable yields above 1,000% APY before abandoning the protocol and going silent.

Allbridge Core is a cross-chain stablecoin bridge protocol operating across EVM-compatible chains, Solana, Tron, and Stellar. On April 1-2, 2023, the protocol suffered a flash loan price-manipulation exploit on BNB Chain that drained approximately $570,000 from its BUSD and USDT liquidity pools. The attacker was subsequently identified via on-chain analysis by BNB Chain and AvengerDAO, and ultimately returned roughly $465,000 of the stolen funds after Allbridge offered a white hat bounty with immunity from legal action.

Merlin DEX was a decentralized exchange built on zkSync Era that was drained of approximately $1.82 million on April 26, 2023, during its public MAGE token liquidity generation event. Security investigators, including auditor CertiK, concluded the incident was an insider rug pull executed by the protocol's own back-end development team, who had embedded a backdoor granting themselves unlimited withdrawal rights over all liquidity pools. The rogue developers, allegedly a group of Serbian nationals, have never been publicly identified or prosecuted, and no meaningful recovery of stolen funds has been confirmed. This entity is distinct from Merlin Chain, an unrelated Bitcoin Layer 2 protocol.

Rodeo Finance was an Arbitrum-based leveraged yield protocol that allowed users to open leveraged positions in DeFi yield strategies using borrowed USDC from an integrated lending pool. The protocol suffered two separate security exploits in July 2023 within six days of each other, with the second — a TWAP oracle manipulation attack — draining approximately 472 ETH (roughly $888,000 net) and collapsing its total value locked from $20 million to under $500. The attacker bridged stolen funds to Ethereum, routed 150 ETH through Tornado Cash, and the protocol never fully recovered operationally.

Litecoin (LTC) is one of the oldest proof-of-work cryptocurrencies, created in October 2011 by former Google engineer Charlie Lee as a Bitcoin fork with faster block times and the Scrypt hashing algorithm. The protocol itself has a long operating history and has been formally classified as a digital commodity by U.S. regulators as of 2026. ZachXBT flagged Litecoin in connection with a January 2026 social engineering theft in which a single victim lost approximately $282 million in BTC and LTC — the largest individual crypto theft of that year — though the attack targeted a holder rather than representing any flaw in the Litecoin protocol or its development team.

Tropykus is a DeFi lending and borrowing protocol deployed on the Rootstock (RSK) Bitcoin sidechain, founded in 2021 by a Colombian team targeting Latin American underbanked communities. On June 14, 2023, the protocol suffered an exploit in its rBTC micro-market due to a redeem rounding error and exchange rate manipulation, resulting in losses of approximately $150,000 — roughly 10% of total value locked at the time. The team committed to full reimbursement of affected users and subsequently reverted to Compound Finance's original codebase, but the incident highlighted unresolved smart contract risks in a customized fork.

AutoShark Finance was a Binance Smart Chain-based yield optimizer and AMM that suffered two separate economic exploits in 2021, resulting in total losses exceeding $1.4 million in BNB across its SHARK and JAWS tokens. The protocol underwent multiple failed recovery attempts — including token migrations from SHARK to JAWS and a new reserve-currency token ATLAS — before formally shutting down in March 2022 after all three tokens had lost 97–99.75% of their peak value. AutoShark has been flagged by ZachXBT in the context of the wider BSC flash loan attack wave that targeted PancakeBunny forks.

Arcadia Finance v1 was a decentralized margin lending protocol deployed on Ethereum and Optimism that suffered a critical reentrancy exploit on July 10, 2023, resulting in the loss of approximately $459,030 across both chains. The attack exploited a missing reentrancy guard in the vault liquidation function combined with absent untrusted-input validation, allowing the attacker to bypass collateral health checks and drain darcWETH and darcUSDC vaults. The stolen funds on Optimism were largely laundered through Tornado Cash; the protocol subsequently paused all contracts and issued a bounty ultimatum to the attacker that went unanswered.

Safe Dollar (SDO) was an algorithmic stablecoin launched on the Polygon network in June 2021 that collapsed to zero within two weeks of its initial DEX offering. The protocol suffered two separate exploits in rapid succession, with the second draining approximately $248,000 in USDC and USDT from its liquidity pools by exploiting a reward-calculation flaw that allowed unlimited SDO minting. The project was flagged as a high-risk entity by on-chain investigators and DeFi security researchers, and its stablecoin peg was never restored.

Blur Finance (ticker: BLR) was a yield aggregator DeFi protocol that operated on BNB Chain and Polygon in mid-2022. In August 2022, developers allegedly executed a textbook rug pull, withdrawing approximately $600,000 from user-deposited funds before deleting all social media channels and abandoning the project. The BLR token collapsed 99%, and the protocol's smart contracts on both chains have since been formally flagged on BscScan and PolygonScan as rug pull addresses.

ElasticSwap was an Avalanche-first AMM protocol specializing in elastic supply tokens, which launched in May 2022 and was exploited in December 2022 for approximately $854,000 via flash loan attacks that exploited an accounting inconsistency between its addLiquidity and removeLiquidity functions. The vulnerability class that enabled the exploit had been identified in a Code4rena security audit conducted ten months earlier but was not adequately remediated before deployment. The protocol recovered approximately 55% of user funds through a bounty program and community vote, but the TIC governance token lost over 70% of its value and the protocol appears to have ceased meaningful activity.

Roe Finance is a decentralized lending protocol built on Ethereum that allows Uniswap v2 liquidity providers to lend LP tokens for additional yield. On January 11, 2023, the protocol suffered a flash loan-driven price oracle manipulation exploit that drained approximately $80,000 from its pools, with the majority of profits captured by a front-running MEV bot rather than the original attacker. The protocol issued no official post-mortem or public response to the incident, raising concerns about transparency and operational accountability.

KyberSwap is a decentralized exchange (DEX) and liquidity protocol operated by Kyber Network. In November 2023, KyberSwap Elastic — the protocol's concentrated liquidity layer — suffered one of the largest DEX exploits of the year, with approximately $48.9 million drained across thirteen chains via a sophisticated tick-manipulation and rounding-error attack. The alleged attacker, Canadian national Andean Medjedovic, was subsequently indicted by U.S. federal prosecutors on five felony counts and remains a fugitive as of mid-2026.

Epicentral Labs is a pseudonymously-led Solana-based startup building OPX, an on-chain options trading protocol, and the associated Solana Options Standard (SOS) open-source SDK. As of May 2026, the OPX protocol has not launched on mainnet and remains in devnet closed beta, raising questions about delivery risk. The project's LABS governance token carries a micro-cap market capitalization of approximately $185,000, with reported wallet concentration risk and no publicly verifiable smart contract audit on record.

TAC Protocol is an EVM-compatible Layer-1 blockchain built on Cosmos SDK that bridges Ethereum DeFi applications to the TON blockchain and Telegram ecosystem. On May 12, 2026, its cross-chain bridge was exploited for approximately $2.86 million — the protocol's entire TVL at the time — due to missing validation in sequencer software that allowed attackers to forge Jetton wallets. The attacker subsequently accepted a 10% white-hat bounty, returning roughly 90% of stolen funds to TAC's multisig; the bridge remains paused pending an independent security audit as of late May 2026.

Transit Finance (also known as Transit Swap) is a cross-chain DEX aggregator supporting over 122 decentralized exchanges across Ethereum, BNB Chain, TRON, Solana, Polygon, and other networks. The protocol has suffered two confirmed security exploits: a $28.9 million hack in October 2022 due to an arbitrary external call vulnerability in its routing contract, with approximately $18.9 million recovered; and a second $1.88 million exploit in May 2026 via a deprecated TRON smart contract that remained on-chain and exploitable years after official deprecation. ZachXBT flagged the protocol amid broader DeFi monitoring, and the 2022 attacker routed funds through OFAC-sanctioned Tornado Cash.

LeetSwap was a decentralized exchange (DEX) launched on Coinbase's Base Layer 2 network in mid-2023 and briefly held the position of the network's largest DEX by trading volume and total value locked. On August 1, 2023, shortly after Base's mainnet opened to all users, an attacker exploited a publicly exposed smart contract function to drain approximately 342 ETH (~$630,000) from multiple liquidity pools. The protocol halted trading, partially recovered funds through white-hat rescue operations, and has since operated at a fraction of its pre-exploit TVL, with no public audit ever confirmed prior to the incident.

Unibot is a Telegram-based trading bot launched in May 2023 that enabled users to execute Uniswap trades directly within Telegram. On October 31, 2023, a newly deployed router contract containing a call injection vulnerability was exploited, draining approximately $560,000–$640,000 in user funds that were subsequently laundered through Tornado Cash; the team ultimately reimbursed affected users at a reported cost of $1.78 million. A second crisis followed in March 2024 when the Ethereum and Solana development teams publicly split amid mutual accusations of unauthorized deployments and revenue misappropriation, causing the token to shed an additional 40% of its value and reducing the project to a fraction of its former user base.

Wise Lending V1 is the first version of the Wise Lending decentralized lending and yield-aggregation protocol deployed on Ethereum, built from scratch by WiseSoft LLC and founded by Peter Girr. The V1 deployment suffered two confirmed on-chain exploits within approximately three months, losing an estimated $700,000+ in total user funds across both incidents, with no publicly documented recovery or compensation plan. ZachXBT has flagged the entity, and post-exploit TVL collapsed effectively to zero.

Tectonic is a decentralized money market protocol on the Cronos blockchain, operating as a fork of Compound, that allows users to lend and borrow cryptocurrency assets. Launched in December 2021 by Gary Or (former CTO of Crypto.com) and incubated by Particle B and Cronos Labs, the protocol reached approximately $1 billion TVL at peak in early 2022 before collapsing over 95% alongside the broader crypto bear market. A disclosed reentrancy vulnerability in the staking contract was reported in March 2024 allowing potential extraction of millions in a single transaction, and a separate flash loan exploit in February 2024 resulted in approximately $250,000 in losses.

Lava (lavadefi.io) is a decentralized, non-custodial multichain lending and borrowing protocol deployed on Arbitrum and Base, operating since March 2024. The protocol suffered two documented exploit incidents in 2024 totaling approximately $470,000 in losses, both rooted in protocol logic vulnerabilities and flash loan abuse. The platform was flagged by on-chain investigator ZachXBT, and separately the lava.xyz Bitcoin lending product drew significant backlash in late 2025 after quietly switching users from a self-custodial DLC-based model to a fully custodial setup without adequate disclosure.

RocketSwap is a decentralized exchange (DEX) launched on the Coinbase Base Layer 2 network in mid-2023 that suffered a $865,000 private key compromise exploit just days after Base's public launch, making it one of the first major exploits on the network. The attack, confirmed by security firms PeckShield and Certik as a private key compromise, was compounded by a separate $69,000 social engineering loss one week prior, and the hacker subsequently laundered stolen funds through Tornado Cash, Binance, OKX, and a self-created memecoin called LoveRCKT. The project has been flagged by ZachXBT and community analysts, with some alleging that pre-exploit proxy contract modifications and the team's decision to silence communications point to possible insider involvement, though this has not been conclusively proven.

Astrid Finance is an Ethereum-based liquid restaking protocol built on EigenLayer, allowing users to deposit liquid staking tokens (stETH, rETH, cbETH) in exchange for liquid restaked tokens. On October 28, 2023, the protocol suffered a smart contract exploit due to a missing input validation check in its withdraw function, resulting in the theft of approximately $228,000 in assets. The attacker eventually returned 80% of stolen funds after an on-chain negotiation and legal threat by the team; all affected users received refunds, and the vulnerable contracts remain paused pending re-audit.

SharedStake is an Ethereum liquid staking protocol launched in January 2021 that allowed users to deposit ETH in exchange for the vETH2 liquid staking token. In June 2021, a co-founder using the pseudonym 'Kairos' exploited a critical timelock bypass vulnerability in the protocol's vesting contracts — a bug that had been disclosed to the team two months prior — draining approximately $128,000 from liquidity providers and sending 100 ETH through Tornado Cash. The protocol subsequently relaunched as SharedDeposit v2 under remaining team members, though the SGT governance token never recovered.

An active phishing campaign exploiting Google Search sponsored advertisements to impersonate the Uniswap decentralized exchange was publicly exposed on May 25, 2026, by on-chain analyst b_block_oficial. Attackers operating two identified Ethereum wallets have allegedly stolen over $400,000 from multiple victims by deploying wallet-drainer malware services (Inferno Drainer and Vanilla Drainer), which siphon assets after victims approve malicious smart contracts on cloned Uniswap interfaces. The Security Alliance (SEAL) has confirmed blocking 356+ related fraudulent advertisement URLs and describes the broader Google Ads phishing trend as active and ongoing for more than a year.

Earning.Farm is an Ethereum-based DeFi yield aggregator that deployed leveraged yield strategies on top of Aave. The protocol suffered two distinct security incidents — a flash loan attack in October 2022 that drained approximately 750 ETH (~$950,000), followed by a reentrancy exploit in August 2023 that resulted in an additional ~$528,000 loss. The protocol has been flagged by ZachXBT and has shown no evidence of recovery, compensation to users, or resumed operations following either incident.

Uwerx (WERX) was a purported decentralized freelancing platform that conducted a multi-stage token presale in 2023 before suffering a flash loan exploit on August 2, 2023, one day after its Uniswap listing, resulting in the loss of approximately 176 ETH (~$324,000). Despite two prior smart contract audits by SolidProof and InterFi Network, neither audit identified the exploited vulnerability. The project subsequently relaunched on Polygon in October 2023 but has since been listed as abandoned on CoinSniper, with the token trading at effectively zero value and only six recorded holders as of early 2026.

PeopleDAO is a community-governed decentralized autonomous organization that emerged from ConstitutionDAO in late 2021, adopting the PEOPLE token as its governance instrument and operating as a meta-DAO incubator for social-good subDAOs. In March 2023, the organization suffered a significant treasury exploit in which an attacker stole 76.5 ETH (approximately $120,000) by exploiting a publicly shared Google Sheets payroll form with edit access — a failure of basic operational security controls. The stolen funds were moved to centralized exchanges and no recovery has been confirmed; the incident drew engagement from on-chain investigator ZachXBT and blockchain security firm SlowMist.

WXETA (Wrapped Xeta) is an ERC-20 token deployed on Ethereum using a Diamond (EIP-2535) upgradeable proxy architecture, associated with XETA Capital / XETA Genesis — a DeFi yield platform incorporated in Belize that claimed up to 20% monthly returns via high-frequency trading algorithms. The underlying XETA ecosystem is named as a co-defendant in a federal civil RICO lawsuit filed in January 2025 alleging tens of millions of dollars in investor fraud, and ZachXBT has flagged the entity. The platform ceased onboarding new members at end of 2023 and converted member positions into non-liquid NFTs, leaving the withdrawal status of the bulk of investor funds disputed.

Maestro is a Telegram-based crypto trading bot developed by Gearlay Technologies Inc. (Canada) that enables sniping, copy-trading, and wallet management across 14 blockchains. On October 24, 2023, a critical access-control vulnerability in its MaestroRouter2 smart contract was exploited, draining approximately 280 ETH (~$500,000) from 106 user accounts; the team subsequently refunded all affected users with 610 ETH (~$1.1 million) sourced from its own revenue. The platform operates a partial-custody model in which user private keys are encrypted and stored on Maestro servers, representing a persistent systemic risk.

Yield Protocol was a decentralized finance protocol offering fixed-rate, fixed-term borrowing and lending on Ethereum and Arbitrum, launched in October 2020 and funded by Paradigm. It suffered multiple security incidents including collateral damage from the March 2023 Euler Finance hack and a critical smart contract vulnerability patched via Immunefi in April 2023, before announcing a full wind-down in October 2023 citing insufficient demand and regulatory pressure. After official operations ceased in December 2023, abandoned smart contracts on Arbitrum were exploited in April 2024 for approximately $181,000 via a flash loan attack on pool balance discrepancies.

Magpie XYZ is a multi-chain DeFi yield-optimization ecosystem built on a SubDAO model, enhancing veTokenomics across protocols including Wombat Exchange, Pendle Finance, PancakeSwap, Radiant Capital, and Camelot DEX. The ecosystem has suffered two distinct smart contract exploits: a $129,000 router vulnerability in April 2024 and a critical $27.3 million reentrancy exploit in September 2024 via its Penpie SubDAO, the latter of which resulted in laundering through Tornado Cash and law enforcement referrals to the FBI and Singapore Police. ZachXBT has flagged the entity in connection with the broader security incidents.

Spicenet is an early-stage DeFi interoperability protocol founded in 2023 and headquartered in Kingston, Canada, with a technical hub in Bengaluru, India. The project raised $3.4 million in a December 2024 seed round led by Hack VC and Magnus Capital, and is building a cross-chain brokerage network comprising two products — Spice Flow (multi-chain distribution) and Spice Edge (execution layer). As of May 2026, Spicenet remains pre-mainnet; no regulatory actions, fraud allegations, or security breaches have been publicly documented.

A coordinated international law enforcement operation announced on April 29, 2026, dismantled at least nine cryptocurrency investment fraud compounds operating across Southeast Asia and Dubai, resulting in 276 arrests and the restraint of over $701 million in cryptocurrency. The operation was led by Dubai Police in cooperation with the FBI, China's Ministry of Public Security, and Royal Thai Police, targeting 'pig-butchering' romance fraud schemes operated by three alleged criminal organizations—Ko Thet Company, Sanduo Group, and Giant Company—whose compounds employed trafficked workers held under coercive conditions. The U.S. Department of Justice charged six defendants in the Southern District of California, and separately charged two Chinese nationals for managing the Shunda compound in Myanmar; related OFAC sanctions targeted a Cambodian senator and 28 associates for protecting scam compound networks.

Eesee was a gamified NFT marketplace and launchpad launched in April 2024 on the Blast blockchain by Vova Sadkov and Mark X, raising $2.85 million from investors including SevenX Ventures and Animoca Brands. The platform's native ESE token reached an all-time high of approximately $0.149 in April 2024 before declining more than 93% from peak. The same founders are identified in a May 2026 ZachXBT investigation into LAB Token, where Eesee is cited as evidence of a serial project abandonment pattern involving repeated investor harm across successive crypto ventures.

LaunchZone (LZ) was a Binance Smart Chain-based DeFi launchpad and IDO platform originally launched as BSCex in December 2020, later rebranded in March 2021. On February 27, 2023, the protocol suffered a critical smart contract exploit in its Bscex SwapX contract, resulting in approximately $700,000 drained from its liquidity pool and a total of nearly $7.8 million in cumulative losses as additional vulnerable contracts were identified. The platform ceased operations on March 26, 2023, with over 75,000 user wallets remaining exposed weeks after the initial attack. ZachXBT has flagged this entity as a risk.

BTC24H is an ERC-20 token and associated DAO platform launched on Polygon in late 2024, marketed as a mechanism for continuous Bitcoin distribution through high-yield daily payouts. The platform's Lock contract suffered a critical access-control vulnerability in December 2024 that allowed any caller to drain tokens, resulting in an estimated $85,700 loss. Multiple independent scam-detection services rate associated BTC24H web domains as high-risk or outright malicious, and the project's tokenomics — 5% daily returns for 30 days via a multi-level referral structure — exhibit structural characteristics consistent with unsustainable high-yield investment programs.

Clober is a fully on-chain order book DEX (Decentralized Exchange) for EVM networks, built on the proprietary LOBSTER algorithm, which launched on February 14, 2023. Its Liquidity Vault product, a hybrid order-book/AMM product launched on Coinbase's Base network in December 2024, was exploited for approximately 133.7 ETH (~$501,000) within days of launch due to a reentrancy vulnerability introduced in post-audit code changes. The attacker ultimately moved the stolen funds through Tornado Cash after on-chain bounty negotiations failed.

Vestra DAO is an Ethereum-based DeFi and SocialFi protocol operating the VSTR token, launched in late 2024. On December 4, 2024, the protocol suffered a critical smart contract exploit in its staking contract that drained approximately $480,000–$500,000 worth of VSTR tokens — an attack that occurred less than one month after the token began trading. Stolen funds were laundered through Tornado Cash, the token price collapsed by roughly 50%, and the project's ability to fully compensate affected users remains unresolved.

Spectral Labs (spectrallabs.xyz) is a U.S.-based Web3 protocol founded in 2021 that pivoted from an on-chain credit scoring product (MACRO Score) to an autonomous AI agent economy platform. The project has raised approximately $30 million from institutional investors including General Catalyst, Social Capital, and Jump Capital. Its governance token SPEC reached an all-time high of approximately $18.48 in November 2024 before collapsing more than 99% to under $0.10 by mid-2026, with Bybit delisting the token from both spot and futures markets, raising significant concerns around tokenomics, unlock-driven selling pressure, and product-market fit.

Syndicate Labs was an a16z-backed Ethereum rollup infrastructure company founded in 2021 by Will Papper and Ian Lee, raising over $28 million to build programmable smart sequencers and the Commons Chain L3. On April 29, 2026, its Commons cross-chain bridge was exploited via a compromised private key stored without multisig or hardware-signing protection, draining approximately 18.5 million SYND tokens (~$330,000) plus ~$50,000 in user funds; all affected users were subsequently made whole from treasury reserves. On May 21, 2026, the company announced a full wind-down, citing irrecoverable consolidation of the rollup market around Base and Arbitrum, causing SYND to fall to an all-time low of $0.01061.

INK Finance is a multichain DeFi governance and treasury management protocol, native token QUILL, with deployments on Polygon, Ethereum, Avalanche, and BNB Chain. On May 11, 2026, an attacker drained approximately $140,180 USDT from its Workspace Treasury Proxy contract on Polygon by exploiting a whitelist authorization flaw amplified with a Balancer V2 flash loan. The exploit was confirmed on-chain via Polygonscan; as of the time of writing the INK Finance team had not released a formal post-mortem or recovery plan.

Trenton Richard David Johnston is a 19-year-old Canadian national indicted by a federal grand jury in the Southern District of Florida on May 11, 2026, on charges of conspiracy to commit wire fraud and conspiracy to commit money laundering. Johnston allegedly led a support-impersonation scheme targeting cryptocurrency users that caused losses exceeding $13 million. He was residing in the United States unlawfully on an overstayed visa and is alleged to have spent over $1 million in stolen funds on luxury vehicles, jewelry, and nightlife in Miami.

FEGex is a decentralized exchange (DEX) and DeFi launchpad built around the FEG (Feed Every Gorilla) token ecosystem, operating on Ethereum and BNB Chain. The protocol has suffered three separate security exploits between 2022 and 2024, resulting in cumulative losses exceeding $3.6 million and a near-total collapse of token value following the most recent incident. The team operates anonymously and the protocol has demonstrated a repeated inability to prevent critical smart contract vulnerabilities despite multiple third-party audits.

Hegic is an anonymous-founded, Ethereum-based decentralized options trading protocol originally launched in April 2020. The original (v1) smart contract suffered a critical code defect within hours of mainnet deployment that permanently locked user funds, compounded by misrepresentation of the pre-launch security review. A separate deprecated contract from January 2022 was additionally exploited in February 2025, draining approximately $80,000 in WBTC. While affected users were reimbursed out of team funds in both incidents, the underlying contracts remain permanently compromised.

The OpenClaw GitHub Phishing Campaign is a series of coordinated social-engineering attacks, active since at least January 2026, that exploit the brand identity of OpenClaw — a legitimate open-source AI agent framework with over 300,000 GitHub stars — to lure crypto developers into connecting cryptocurrency wallets to a malicious cloned website. The March 2026 wave used fake GitHub accounts to mass-tag developers with promises of a $5,000 CLAW token airdrop, directing them to a wallet-draining site at token-claw[.]xyz backed by obfuscated JavaScript and a command-and-control server. An earlier January 2026 wave involved the hijacking of official OpenClaw social accounts and a fraudulent CLAWD token on Solana that briefly reached a $16 million market cap before collapsing more than 90%.

Cardex is an on-chain fantasy trading card game that launched on the Ethereum layer-2 network Abstract in February 2025, offering tokenized digital versions of collectible trading cards for competition in online tournaments. Within one week of launch, a critical operational security failure — the inadvertent exposure of a shared session signer private key on the application's frontend — allowed an attacker to drain approximately $400,000–$470,000 in ETH from roughly 9,000 user wallets over a seven-hour period. The project has been flagged by ZachXBT; user accusations of a rug pull circulated on Telegram, though Abstract core contributors attributed the incident to mishandled credentials rather than intentional fraud. No confirmed restitution fund or formal accountability measure had been publicly disclosed as of the most recent reporting.

Orange Finance is an Arbitrum-based automated liquidity management protocol designed for LPDfi (liquidity provider DeFi), enabling users to earn swap fees and options premiums via concentrated AMM vaults. On January 8, 2025, the protocol suffered a critical security breach in which an attacker compromised the admin private key, exploited a misconfigured multi-signature wallet that required only a single signature to execute, and drained approximately $843,556 across all active vaults. The protocol was flagged by ZachXBT and has not resumed normal operations since the incident.

MoonHacker is an independently deployed DeFi vault protocol built on Optimism that was designed to interact with the Moonwell lending protocol. On December 23, 2024, MoonHacker vault contracts suffered a flash loan exploit due to improper input validation and absent access controls in the executeOperation function, resulting in the loss of approximately $320,000 USDC. The Moonwell team confirmed no affiliation with MoonHacker, the vault deployers remain anonymous, and stolen funds were converted to DAI and routed through Tornado Cash, complicating recovery efforts.

SIR (Synthetics Implemented Right), operating as SIR.trading, is an Ethereum-based DeFi protocol offering non-liquidating leveraged tokens and synthetic assets. On March 30, 2025, just 39 days after its February 20 mainnet launch, the protocol's Vault contract was completely drained of its entire $355,000 TVL through an exploit targeting a novel misuse of Ethereum's transient storage (EIP-1153) introduced in the Dencun upgrade. The attacker laundered proceeds through Railgun; the founder publicly pleaded for a partial return of funds; the protocol subsequently relaunched after completing four additional security audits.

Atlantis Loans was a decentralized lending and borrowing protocol built on BNB Chain (BSC) that was abandoned by its development team in April 2023 due to financial distress. Despite the abandonment, active smart contracts and unrevoked user approvals remained on-chain, which an attacker exploited in June 2023 through a malicious governance proposal, ultimately draining an estimated $2.5 million from users. The protocol is now defunct, its website is down, and its TVL has collapsed to near zero.

Kalax (ticker: KALA) was a non-custodial yield aggregator deployed on the Blast and Scroll blockchains in 2024 that marketed itself as an auto-compounding protocol for DEXs and lending markets. Despite commissioning a Beosin security audit and publishing promotional security guarantees, the project's founders are alleged to have executed an exit scam on October 14, 2024, abandoning the protocol and deleting all official social media accounts after draining user funds from protocol vaults. The kalax.io domain subsequently redirected to an unrelated gambling site, with no team communications issued to affected depositors.

Impermax V3 is the third major iteration of Impermax Finance, a DeFi leveraged yield-farming and lending protocol that allows liquidity providers to use Uniswap V3 LP tokens as collateral. The protocol suffered two separate critical exploits in 2025 — a ~$300,000 flash-loan collateral valuation attack in April and a ~$380,000 liquidation logic exploit in November — both on the Base chain, resulting in cumulative losses exceeding $680,000 and leaving lenders with unresolved bad debt. These incidents follow a 2022 private key compromise affecting the IMX token, representing a recurring pattern of security failures across the protocol's history.

Dritan Kapllani Jr. is an 18-year-old US-based individual publicly identified by on-chain investigator ZachXBT on May 12, 2026, as allegedly responsible for approximately $19 million in cryptocurrency social engineering thefts spanning August 2025 through March 2026. He is named as 'Co-Conspirator 1' in a federal criminal complaint (case no. 26-cr-20181, S.D. Fla.) unsealed May 11, 2026, charging associates Trenton Richard David Johnston and Brandon Michael Tardibone, though Kapllani himself had not been formally charged as of May 15, 2026. Following ZachXBT's public exposure, Kapllani allegedly moved $2.59 million in funds into harder-to-freeze assets through a newly created wallet.

Tenderize V2 is a DeFi liquid staking protocol launched on January 29, 2024, enabling users to mint validator-specific liquid staked tokens (tTokens) for assets including MATIC, LPT, and GRT across Ethereum, Arbitrum, and Sei Network. The protocol suffered a protocol logic exploit on April 7, 2025, resulting in a loss of approximately $10,850 via a proxy upgrade skim technique on Ethereum; the incident was relatively small in dollar terms but raised concerns about smart contract integrity. ZachXBT has flagged this entity, and while the protocol holds multiple security audits including a Hacken audit scoring 9.8/10 and a Halborn audit, its current TVL of approximately $495,000 reflects limited adoption relative to the broader liquid staking market.

Hacken Token (HAI) is the native utility token of Hacken, a Ukrainian-founded Web3 cybersecurity company established in 2017 that audits smart contracts and blockchain infrastructure for over 1,500 clients worldwide. In June 2025, a private key controlling HAI minting privileges was compromised during a bridge infrastructure migration, allowing an attacker to mint approximately 900 million tokens and dump roughly $253,000 worth on decentralized exchanges, causing a near-99% price collapse. The incident drew industry-wide attention due to its irony — a company whose business model is built on securing others' blockchain infrastructure had maintained a single-key minting architecture for over five years without multisig protection.

SuperRare is a curated Ethereum-based NFT art marketplace founded in 2018 by John Crain, Charles Crain, and Jonathan Perkins, operating as a high-end platform for 1-of-1 digital artworks with its own governance token RARE. On July 28, 2025, a critical access control vulnerability in the platform's RareStakingV1 staking contract was exploited, resulting in the theft of approximately 11.9 million RARE tokens worth roughly $731,000. SuperRare subsequently reimbursed the 61 affected wallets by August 5, 2025, and the RARE token recovered approximately 41% following the remediation announcement.

Peapods Finance is a permissionless DeFi protocol on Ethereum and multiple EVM chains that pioneered a 'Volatility Farming' yield mechanism using asset-backed Pods and Leveraged Volatility Farming (LVF). The protocol has suffered three distinct security incidents since its December 2023 launch, including a $231K reentrancy exploit, a slippage manipulation attack, and a $200K oracle price manipulation attack in July 2025. On-chain investigator ZachXBT identified that the individual behind the initial 2023 'white hat' exploit had dumped a portion of stolen funds before returning the remainder, raising questions about the altruistic framing of that recovery.

Silo Finance V1 is a non-custodial isolated lending protocol launched on Ethereum mainnet in August 2022, enabling permissionless markets for long-tail crypto assets by confining risk to individual lending pools (Silos). The protocol experienced two security incidents in 2023: a critical interest rate manipulation vulnerability discovered by a white-hat researcher (no user funds lost) and a white-hat drain of approximately $45,000 in SILO incentive tokens due to a separate contract flaw. The deployed production version of V1 diverges from the audited codebase, a risk the team has publicly acknowledged but not fully remediated through re-audit.

<cite index="11-3,27-15">Axiom Exchange is a crypto trading platform founded in 2024 by Henry Zhang (Mist) and Preston Ellis (Cal), backed by Y Combinator</cite>. <cite index="11-1,21-3">In February 2026, blockchain investigator ZachXBT alleged that senior employees misused internal access controls to conduct insider trading using sensitive user wallet data</cite>. <cite index="11-5,27-17">Despite generating over $390 million in revenue to date, the platform now faces serious allegations of internal data abuse and trading misconduct</cite>.

Dexodus Finance is an oracle-based perpetual derivatives DEX operating on Coinbase's Base L2 network, founded in 2023 and headquartered in Barcelona, Spain. On May 26, 2025, the protocol suffered a signature replay attack that drained approximately $291,000–$300,000 from its liquidity pool due to the absence of nonce tracking and timestamp validation in its Chainlink oracle price-report verification logic. The team claims to have achieved 100% fund recovery within 24 hours, deprecated Perps V1, and launched a redesigned Perps V2 system; however, the protocol's current TVL remains modest at approximately $1.28M and independent verification of the full recovery narrative is limited.

numa. (stylized with a period) is a non-custodial DeFi protocol on Arbitrum and Sonic that issues LST-backed synthetic assets (nuUSD, nuBTC, nuETH, nuGOLD) through a burn-and-mint tokenomics model. The protocol suffered two separate exploits in 2025 — a $506K price manipulation attack in April and a $313K collateral valuation exploit in August — resulting in cumulative losses exceeding $800K and a token price decline of approximately 99% from its peak. ZachXBT has flagged the entity in the context of trust intelligence monitoring.

Astera.fi is a DeFi credit facility and lending protocol operating on Ethereum's Linea Layer-2 network, issuing the asUSD stablecoin through both over- and under-collateralized mechanisms. On October 9, 2025, the protocol suffered a flash loan exploit via a liquidity index inflation attack that drained approximately $821,856–$880,000 across three lending pools. The protocol has been flagged by ZachXBT and market data indicates near-zero trading activity for asUSD, with the token appearing to have effectively ceased normal operation post-exploit.

Themis Protocol is a DeFi lending and borrowing platform deployed on Arbitrum that allows users to collateralize Uniswap v3 LP positions and Balancer LP tokens to borrow stablecoins and blue-chip assets. On June 27, 2023, approximately eleven days after its beta launch, the protocol suffered a flash loan oracle manipulation exploit resulting in approximately $370,000 in losses. The attacker laundered the stolen funds via Tornado Cash, the protocol was suspended indefinitely, and TVL effectively dropped to near zero following the incident.

Midas Capital is a multichain DeFi isolated lending protocol that forked its codebase from Rari Capital's Fuse implementation. The protocol suffered two separate security exploits in 2023 totaling approximately $1.26 million in losses, with both incidents attributed to known smart contract vulnerabilities that had previously affected other Compound V2 forks. ZachXBT flagged the protocol, and the second exploit resulted in laundered funds routed through Tornado Cash.

Cozy V2 is a DeFi protection marketplace deployed on Optimism that allows users to buy or provide protection against smart contract hacks, depegs, and other on-chain risks. On August 29, 2025, the protocol suffered a $427,000 exploit caused by a missing caller verification check in its withdrawal logic, with funds subsequently bridged to Ethereum mainnet and deposited into Tornado Cash. The incident is notable for its irony: a protocol designed to insure against DeFi hacks was itself hacked through a preventable authorization flaw.

CATFI is a Solana-based memecoin launched in early 2025 via Pump.fun that was the subject of a coordinated rug pull orchestrated by a South Korean operator known online as 'Eth Father,' identified by prosecutors only as Mr. Park. The scheme artificially inflated the token 1,001-fold within 26 hours before a mass exit drained investor funds, causing approximately 900 million KRW (~$600,000) in losses across at least 256 victims. In May 2026 the Seoul Southern District Prosecutors' Office charged five individuals, marking South Korea's first criminal prosecution of a decentralized-exchange rug pull under the Virtual Asset User Protection Act.

The Verus-Ethereum Bridge is a cross-chain asset transfer protocol connecting the Verus blockchain to Ethereum, launched in October 2023. On May 18, 2026, a critical validation flaw in the bridge's checkCCEValues function was exploited, allowing an attacker to drain approximately $11.58 million in assets — comprising 103.6 tBTC, 1,625 ETH, and 147,000 USDC — at a cost of roughly $10 in transaction fees. All stolen funds were converted to approximately 5,402 ETH and subsequently moved through Tornado Cash.

402bridge (also written x402bridge) was a short-lived cross-chain bridge protocol built on the x402 HTTP payment standard, operating at 402bridge.fun. On October 28, 2025, approximately 13 hours after deployment, an attacker exploited a leaked admin private key to drain $17,693 in USDC from 227 user wallets in under 30 minutes; the protocol ceased operations immediately afterward and no user compensation has been announced. Security firm SlowMist noted that while the incident appeared consistent with a private key leak, the possibility of insider involvement could not be ruled out.

Hector Lending is a defunct DeFi lending protocol built on the Fantom blockchain and operated by Hector Network (also known as Hector DAO). It was one of several products in an ecosystem whose treasury declined from approximately $110 million to near zero through a combination of alleged team mismanagement, three separate security incidents, and a court-ordered receivership. The broader Hector Network entered BVI receivership in February 2024 and subsequently obtained US Chapter 15 bankruptcy recognition — the first DAO ever to do so — in July 2024.

Corepound (CORP) is an alleged yield aggregator protocol operating on the Core blockchain (Core DAO ecosystem), with its native CORP token traded primarily on Molten Finance V2. The protocol was flagged by on-chain investigator ZachXBT and has experienced an extreme price collapse exceeding 86% within a 24-hour window, consistent with a protocol logic incident or coordinated exit. The protocol's official website (corepound.xyz) is currently inaccessible, no independent security audit has been publicly identified, and the development team has not been publicly identified.

Mars Perps was the perpetual futures product of Mars Protocol, deployed on the Neutron outpost of the Cosmos ecosystem. On December 14, 2025, the protocol suffered a mechanism design exploit that drained $973,079 USDC from lending depositors via skew-based same-block arbitrage. The exploit ultimately triggered a full protocol wind-down, which concluded in March 2026 with user funds returned and community channels closed.

Raga Finance is a DeFi yield optimization protocol launched in 2024 and deployed on Berachain and Hyperliquid, offering automated cross-chain vaults for earning yield on ETH, BTC, and stablecoins. A pre-launch security audit by QuillAudits uncovered 16 smart contract vulnerabilities — including critical flaws enabling permanent loss of user funds, a non-functional emergency panic function, and an open-access vault address setter — constituting the protocol logic incident flagged for review. The protocol has been flagged by ZachXBT, and while the development team reportedly remediated all identified vulnerabilities, the severity and breadth of pre-launch flaws raise meaningful questions about engineering process and ongoing risk.

AzukiDAO is an informal decentralized autonomous organization formed in late June 2023 by a self-described group of 72 to 74 Azuki NFT holders in response to widespread community outrage over the Azuki Elementals NFT launch. Within days of its formation, AzukiDAO's BEAN governance token airdrop contract was exploited via a signature replay vulnerability, resulting in the theft of approximately 35 ETH ($68,000). On-chain investigator ZachXBT had previously flagged the Azuki project's founder Zagabond (Alex Xu) for alleged involvement in multiple prior abandoned NFT projects, and his findings were central to the community grievances that motivated AzukiDAO's creation.

SudoRare was an anonymous NFT automated market maker (AMM) protocol launched on August 23, 2022, presented as a fork of SudoSwap and LooksRare. Approximately six hours after launch, the anonymous development team executed a premeditated rugpull via a backdoored smart contract, draining approximately 519 ETH (valued at $815,000–$852,000) from user deposits before deleting all online presence. Blockchain security firms PeckShield and CertiK traced a funding wallet to Kraken, but no public arrests or legal proceedings have been reported.

GMBL.COMPUTER is an Arbitrum-based DeFi gambling protocol that launched in September 2023 and was exploited within hours of going live, losing approximately 471 ETH (~$770,000) due to an off-chain server signature vulnerability and a flaw in its referral system. The exploiter returned roughly half of the stolen funds (235 ETH) after the team issued a conditional bug bounty offer. The protocol operates with an anonymous team, no disclosed security audits, no regulatory licensing, and as of 2025 shows near-zero trading volume and minimal on-chain activity.

Locus Finance is a DeFi yield-vault protocol launched in July 2023 by Iakov Levin, the founder of the defunct custodial crypto platform Midas Investments, which collapsed in December 2022 with a reported $63.3 million deficit. On December 30, 2023, Locus suffered a $320,964 exploit due to a developer private key leak during a CTO transition. The LOCUS token has declined over 99% from its all-time high, the protocol's TVL is near zero, and Levin is subject to regulatory enforcement actions in California and Wisconsin related to his prior venture.

Sturdy V1 was a DeFi lending protocol on Ethereum and Fantom that offered interest-free borrowing by routing collateral into yield-bearing positions via third-party protocols such as Lido, Curve, and Yearn Finance. On June 12, 2023, the protocol suffered a read-only reentrancy exploit that drained approximately 442 ETH (roughly $800,000) from its lending pools by manipulating the Balancer B-stETH-STABLE price oracle. Stolen funds were laundered through Tornado Cash within 20 minutes and were never recovered, despite a $100,000 bounty offer to the attacker. ZachXBT flagged the protocol in connection with the exploit. Sturdy subsequently launched a redesigned V2 architecture.

Echo Protocol is a Bitcoin liquidity aggregation and yield infrastructure protocol operating on the Monad and Aptos blockchains, offering liquid staking, restaking, and cross-chain DeFi services through its wrapped Bitcoin asset eBTC. On May 19, 2026, the protocol suffered a critical admin key compromise on its Monad deployment, enabling an attacker to mint approximately 1,000 unauthorized eBTC tokens worth $76.7 million and borrow $3.45 million in WBTC through the Curvance lending protocol, ultimately laundering roughly $822,000 through Tornado Cash. The incident exposed severe centralized access-control failures in a protocol marketed as trustless Bitcoin DeFi infrastructure.

Convergence (CVG) is an Ethereum-based DeFi yield-aggregation protocol built on top of Curve and Convex Finance. On August 1, 2024, an attacker exploited a missing input-validation check in the CvxRewardDistributor contract — introduced by a post-audit gas-optimization change — to mint 58 million CVG tokens and sell them for approximately $212,000, collapsing the token price by 99%. The protocol never recovered; following a community DAO vote, the team pivoted operations to a successor project called Tangent Finance (TGN).

zkFinance is a DeFi lending and borrowing protocol deployed on zkSync Era that also offers bridging, cross-chain swaps, and a concentrated-liquidity DEX. The protocol suffered a documented $200,000 protocol logic exploit attributed to an oracle misconfiguration in November 2024 and has since registered near-zero TVL ($24,990) with no active loans outstanding. The team is pseudonymous, no public founder identities have been verified, and the protocol's native ZGT token has attracted minimal exchange listing activity and negligible on-chain trading volume.

UniLend V2 is a permissionless DeFi lending and borrowing protocol deployed on Ethereum mainnet in February 2024, designed to support all ERC-20 tokens via isolated dual-asset pools. On January 12, 2025, the protocol suffered a smart contract exploit that drained approximately $197,000 from its stETH pool due to a logic flaw in health factor calculations during the asset redemption process. Despite having been audited by PeckShield and SlowMist prior to launch, the exploited vulnerability was not caught or fully remediated, and as of the last available reporting the attacker's 20% bounty offer had not yielded a fund recovery.

Clipper is a decentralized exchange (DEX) built by Shipyard Software and governed by AdmiralDAO, designed to offer retail traders the lowest per-transaction costs on trades under $10,000 using a novel Formula Market Maker (FMM) mechanism. On December 1, 2024, a protocol logic exploit drained approximately $457,878 from its Optimism and Base liquidity pools by manipulating a single-asset deposit and withdrawal function; the attacker voluntarily returned 104 ETH in January 2025. While the protocol has legitimate venture backing and a documented technical architecture, the exploit revealed a gap between audited and deployed code, and the protocol has been flagged by on-chain investigator ZachXBT.

LeadBlock's Morpho Blue Market refers to a permissionless lending market and associated MetaMorpho vault curated by LeadBlock Partners on the Morpho Blue protocol. On October 13, 2024, an oracle misconfiguration in the LeadBlock-curated PAXG/USDC market enabled an opportunistic user to borrow approximately $230,000 in USDC against only $350 of PAXG collateral, exploiting an overvalued asset price of $2.6 trillion per unit of gold. The incident was attributed to an incorrectly configured SCALE_FACTOR by LeadBlock's oracle provider and raised questions about the adequacy of pre-launch testing and risk curation practices.

four.meme is a permissionless meme token launchpad built on BNB Chain (BSC), operated under the Four (formerly BinaryX) ecosystem, that enables zero-KYC token creation with automatic bonding-curve-to-PancakeSwap liquidity migration. The platform suffered two confirmed smart contract exploits within six weeks in early 2025, losing a combined total of approximately $310,000 in user and pool funds. Repeat critical vulnerabilities, a phishing campaign that hijacked Google search results, and ecosystem-wide spam and token-pollution incidents raise substantial safety concerns for users.

Sharwa.Finance is an on-chain portfolio margin trading protocol deployed on Arbitrum, enabling leveraged spot and options trading with cross-margin collateral. The protocol suffered a $147,000 exploit in October 2025 via a flash loan price-oracle manipulation attack, a vulnerability class that had been explicitly identified and reported by the Pashov Audit Group over one year prior to the incident. The protocol was flagged by on-chain security researchers including ZachXBT-adjacent monitoring networks, and a second oracle manipulation incident resulting in approximately $32,850 in losses was recorded in May 2026.

Hyperdrive HL (formerly Ambit Finance) is a stablecoin lending and liquid-staking protocol deployed on Hyperliquid EVM, which raised a $6 million Series A in May 2025 led by Hack VC and Arrington Capital. On September 27, 2025, an attacker exploited an arbitrary-call vulnerability in the protocol's router contract, draining approximately $782,000 in USDT0 and thBILL tokens across two markets. The team paused operations, patched the vulnerability, and compensated affected users before resuming, though the incident occurred within a broader wave of security breaches across the Hyperliquid ecosystem.

OKX NFT Aggregator is the NFT marketplace and aggregation layer of OKX, one of the world's largest crypto exchanges, supporting over 21 blockchains and 32 aggregated markets. The product has been implicated in a smart contract storage-collision exploit (June 2024), operates within an exchange that pleaded guilty to U.S. AML violations and agreed to a $504 million DOJ settlement (February 2025), and saw its parent DEX aggregator suspended in March 2025 after North Korea's Lazarus Group used the broader OKX Web3 infrastructure to launder approximately $100 million from the Bybit hack. ZachXBT has flagged the entity in the context of these broader OKX platform concerns.

Hedera is a public distributed ledger technology platform using a patented hashgraph consensus mechanism, launched to mainnet in September 2019. In March 2023, the network suffered a protocol-level exploit in its Smart Contract Service that drained approximately $600,000 in liquidity pool tokens from three decentralized exchanges, requiring a full mainnet proxy shutdown for 41 hours. The platform operates under a council governance model comprising up to 39 global enterprises, which provides institutional stability but draws criticism for centralization relative to permissionless blockchains.

THORChain is a decentralized cross-chain liquidity protocol that enables native asset swaps across blockchains without wrapped tokens, using its RUNE token as settlement collateral. Since its mainnet launch, the protocol has suffered three significant exploit events totaling over $25 million in losses, became the primary laundering conduit for North Korea's Lazarus Group following the 2025 Bybit hack ($1.2 billion routed through the network), and its THORFi lending product collapsed in January 2025 with approximately $200 million in user funds frozen. The protocol faces ongoing legal action from creditors, has lost key developers over ethical disputes about blocking illicit transactions, and experienced a further $10.8 million vault breach in May 2026.

DIMO (Decentralized Infrastructure for Mobility Operations) is a Web3 vehicle data protocol built on Polygon and later migrating to Base, developed by Digital Infrastructure Inc. The protocol allows drivers to connect their vehicles, stream data, and earn $DIMO tokens in exchange. In November 2025, a sophisticated attacker compromised a developer key and withdrew approximately 30 million DIMO tokens (3% of total supply) from a Wormhole bridge contract, causing a price drop of over 57% in 30 days and triggering a CertiK security alert. The project has legitimate venture backing and a publicly identified founding team, but the security incident, centralized key management failure, and ongoing token unlock pressure are material risk factors.

Tornado Cash is a decentralized, non-custodial cryptocurrency mixing protocol deployed on Ethereum in December 2019, co-founded by Roman Storm, Roman Semenov, and Alexey Pertsev. It was sanctioned by the U.S. Treasury's Office of Foreign Assets Control (OFAC) in August 2022 for allegedly laundering over $7 billion in virtual currency, including hundreds of millions stolen by North Korea's Lazarus Group; the sanctions were later lifted in March 2025 following a Fifth Circuit ruling that immutable smart contracts do not constitute sanctionable 'property' under IEEPA. All three co-founders face or have faced criminal proceedings: Pertsev was convicted in the Netherlands in May 2024 and sentenced to 64 months in prison, Storm was convicted on one of three counts in the U.S. in August 2025, and Semenov remains at large.

Lazarus Group is a North Korean state-sponsored advanced persistent threat (APT) actor, also tracked as APT38, TraderTraitor, BlueNorOff, Hidden Cobra, and ZINC, operating under the Reconnaissance General Bureau (RGB) of the Korean People's Army. Active since approximately 2009, the group has stolen an estimated $6.75 billion in cryptocurrency through targeted attacks on exchanges, bridges, and blockchain companies, using stolen funds to finance North Korea's weapons programs and circumvent international sanctions. The U.S. Department of Justice has indicted three named members, and OFAC placed the group on the Specially Designated Nationals (SDN) list in April 2022.

KelpDAO (also KernelDAO) is an Ethereum-based liquid restaking protocol that issues rsETH, a yield-bearing token representing restaked positions via EigenLayer. On April 18, 2026, attackers attributed to North Korea's Lazarus Group (TraderTraitor subunit) exploited a single-verifier bridge configuration to mint 116,500 unbacked rsETH tokens worth approximately $292 million, making it the largest single DeFi exploit of 2026. The attack triggered cascading losses across Aave, SparkLend, and Fluid, sparked a $300 million+ industry recovery coalition (DeFi United), a legal dispute over $71 million frozen by Arbitrum's Security Council, and a protracted public blame dispute between KelpDAO and bridge provider LayerZero.

No verifiable information about an entity named 'Burgeleth' was found across any indexed web source as of May 2026. Exhaustive searches across news outlets, blockchain explorers, social media platforms, regulatory databases, domain registries, and crypto-specific intelligence sources (ZachXBT, Chainalysis, Scam Sniffer) returned zero results matching this name in a crypto or financial context. The slug may refer to an extremely obscure or newly created entity, an alternate spelling of a different entity, or a name that has not yet generated any publicly indexed presence.

Bybit is a Dubai-headquartered cryptocurrency derivatives and spot exchange founded in 2018 by Ben Zhou, serving over 80 million registered users globally. On February 21, 2025, the exchange suffered the largest cryptocurrency theft in recorded history when North Korean state-sponsored hackers attributed to the Lazarus Group (TraderTraitor) stole approximately $1.46 billion in Ethereum via a supply chain compromise of Safe{Wallet}'s frontend infrastructure. Separately, Bybit accounts have been cited in the ICIJ's 2025 Coin Laundry investigation into crypto exchanges facilitating international criminal money flows.

Ninamo is a purported crypto entity whose name was submitted for investigation on AVOID.NET. Exhaustive searches across regulatory databases, blockchain explorers, crypto news outlets, scam trackers, social media platforms, domain registries, and the Wayback Machine returned no verifiable information about any crypto project, exchange, token, or DeFi protocol operating under the name Ninamo. No wallet addresses, enforcement actions, community reports, or archived web presence could be located.