Track the dark side of crypto through fraud cases, shady projects, exploits, and misleading schemes. This section breaks down what happened, why it matters, and what the community should watch out for.
Adshares’ reported bridge exploit has moved into a recovery phase, but public evidence for a 10% bounty offer still needs official confirmation. The case shows why exploit recovery claims need the same verification standard as attack reports.
Philippine investigators arrested 15 people in Mandaluyong after raiding an alleged crypto investment scam hub using a spoofed website. The case shows how organized fraud desks package crypto promises through social engineering and forged digital systems.
Ripple CTO David Schwartz warned XRP users that fake airdrops, giveaway posts and impersonator accounts have surged across social platforms. The alert puts wallet-drainer risk back at the center of XRP Ledger user security.
Pi Network’s latest warning tells users to verify founder accounts, official channels and wallet links before trusting Pi-related claims. The alert comes as impersonators use fake giveaways, misleading pages and support-style messages to target Pioneers.
DarkSword’s leaked iOS exploit code has turned a targeted spyware chain into a wider wallet-security concern. Crypto users now face higher risk from malicious websites, fake support pages and mobile data theft.
Mistral AI’s official Python SDK briefly shipped a malicious PyPI version that downloaded a Linux-focused credential stealer. The attack raises direct key-rotation questions for AI and crypto teams using developer secrets in build systems.
Three malicious node-ipc versions were pushed to npm with credential-stealing code that targeted developer machines and CI/CD systems. The incident shows how one poisoned JavaScript package can create downstream key-risk across crypto teams.
Huma Finance says deprecated Polygon V1 BaseCreditPool contracts were exploited for about $101,400, while user deposits, PST and Solana V2 stayed unaffected. The breach turns old DeFi infrastructure into the main risk signal.
TrustedVolumes lost millions after a custom RFQ proxy accepted attacker-signed orders against the protocol’s own inventory. The exploit shows how signer validation can fail when authorization is not tied to the asset source.
ShapeShift’s FOX Colony on Arbitrum was drained after a meta-transaction self-call bypassed authorization checks. SlowMist says the flaw let an attacker replace the resolver and drain ERC-20 assets through delegatecall.
Transit Finance says a deprecated TRON contract from 2022 was exploited for about $1.88 million in DAI. The incident shows why old contract versions can remain dangerous even after teams stop using them.
TAC’s TON-side bridge incident moved from a $2.8 million exploit into a recovery test after the team said affected assets were limited to USDT, BLUM and tsTON. The case puts cross-chain controls under pressure again.
Adshares appears to have suffered a bridge validation failure after fake wrapped ADS was minted and sold into Ethereum liquidity. The case shows how weak mint verification can turn wrapped-token reserves into a direct loss channel.
THORChain’s exploit response has moved into a second risk phase as fake refund and airdrop claims target confused users. The warning shows how attackers turn protocol incidents into wallet-drainer opportunities.
THORChain’s $10.7 million Asgard vault breach turns a cross-chain exploit into a signing-layer trust test. The key question is whether the failure came from code, operator infrastructure, or validator-side key management.
DeFi users keep chasing yield while most protocol risk remains uncovered. The insurance market exists, but hacks, bridge failures, governance attacks and phishing have outgrown the narrow cover products built during DeFi Summer.
The KelpDAO hack did not rely on a normal smart contract bug. Attackers fooled cross-chain verification infrastructure, released rsETH against a burn that never happened and forced DeFi lenders to confront hidden bridge risk.
