- SBI Crypto experienced a breach, resulting in a $21 million loss of assets through a suspected laundering attempt.
- A phishing scam aimed at GMGN deceived 107 users into approving fraudulent transactions.
- Month-over-month, honeypot token scams surged by 600%, with over 2,100 tokens identified.
Web3 has entered a more dangerous phase of cybersecurity threats, as attackers utilize artificial intelligence, automation, and intricate social engineering to target users across decentralized platforms.
As per GoPlus Security, in October alone, more than $45.84 million was lost due to an influx of scams, phishing attacks, token exploits, and wallet hacks.
This data highlights the evolving tactics of scammers, creating impactful exploits that have harmed thousands of users and platforms throughout Ethereum, Binance Smart Chain, and Base.
Hackers leverage AI and automation to enhance phishing schemes
GoPlus noted a significant increase in phishing attacks resulting in losses surpassing $3.5 million.
A growing number of these scams are facilitated by “Phishing-as-a-Service” platforms, where threat actors deploy AI tools to quickly produce fake websites and execute large-scale campaigns with reduced operational expenses.
One of the largest phishing incidents involved the trading platform GMGN.
In this event, 107 users were led astray by a counterfeit third-party website into approving harmful transactions, leading to a total loss of over $700,000.
The phishing scheme duplicated legitimate wallet activities, tricking victims into signing authorization requests that granted attackers access to their funds.
In another case, a trader authorized a malicious “increaseAllowance” command, incurring a loss of $325,000 in Coinbase Wrapped Bitcoin.
Separately, another user faced a $440,000 loss after signing a fake “permit” transaction.
Both incidents underscore the rise in fraudulent contract approvals, often enabled by deceptive interfaces mimicking trustworthy apps.
Sophisticated exploits tied to state-sponsored laundering methods
The most significant exploit stemmed from SBI Crypto, which was breached, resulting in a $21 million loss of digital assets, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash.
While SBI Crypto did not officially confirm the breach’s origin, a joint investigation by ZachXBT and Cyvers indicated patterns resembling those used by North Korean hacker groups.
The attackers reportedly funneled funds through Tornado Cash, a crypto mixer previously sanctioned for facilitating the laundering of state-sponsored theft.
This laundering approach closely mirrors activities associated with the Lazarus Group, although the report emphasized that the connection is not verified.
Web3 platforms targeted by honeypot tokens
Alongside phishing attacks and exploits, the report documented a striking increase in honeypot tokens.
These malicious smart contracts enable users to purchase tokens but hinder them from selling or withdrawing funds.
Last month, honeypot tokens skyrocketed by 600%, with 2,189 identified—still significantly fewer than the 40,000 recorded in June 2025.
The Binance Smart Chain accounted for most of these tokens, with 1,780, followed by 216 on Ethereum and 131 on Base.
These tokens carry hidden restrictions that block transactions, trapping users’ funds in illiquid assets.
Their rise signifies a shift towards embedded contract-level fraud, capable of circumventing basic security measures.
Tokens and social accounts compromised in broader exploits
The broader ecosystem also witnessed losses stemming from social media and platform breaches.
Astra Nova’s official social account was compromised, leading to a mass sell-off of its native token RVV and resulting in approximately $10.3 million in losses.
In a different incident, the decentralized finance platform Garden Finance was affected by a vulnerability that cost users around $10.8 million, according to ZachXBT.
These occurrences illustrate a widening vulnerability across both user-facing interfaces and backend contract programming.
