133 entries tagged “history”.
A 2017–2018 ICO for 'LOCIcoin' tied to the InnVenn IP-search platform. The SEC charged Loci and CEO John Wise with fraud for raising $7.6M on false claims about revenue, headcount, and user base; Wise also misused investor funds. Settled with a $7.6M penalty and an officer/director bar.
A 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
A 2018 ICO for 'Crowd Machine Compute Tokens' (CMCT) that the SEC charged as fraudulent: founder Craig Sproule raised ~$33M to build a decentralized app platform but secretly diverted $5.8M to South African gold-mining entities. Consent judgments ordered ~$20M+ and barred Sproule as an officer/director.
A purported gold/art-backed digital asset that the SEC called a fraud: it falsely claimed backing by $1B in art or $2B in gold and 'risk-free' returns up to 224,923%, raising $4.3M+ from 150+ investors. Defendants were jailed for contempt; founder Robert Dunlap was later convicted of mail fraud.
A Las Vegas company that the SEC said was a $12M+ Ponzi scheme: it told 277+ investors their money would be invested in securities and crypto via an 'artificial intelligence supercomputer' guaranteeing 20–30% annual returns. The SEC halted it in 2021; over 90% of funds came from investors.
An ICO for the DROP token built around a fake 'Dex' trading bot. The SEC said it raised ~$1.9M while claiming $54M from 34,000 investors, and that the founders falsified evidence during the probe. Founders Jeremy McAlpine and Zachary Matar pleaded guilty to securities fraud (36 and 30 months).
A mobile crypto-investing app that the SEC and New York AG said was fraudulent: it sold unregistered 'CSD' tokens, misrepresented its management, charged hidden fees, and traded in customers' accounts without permission. A NY court shut it down in 2021 with a $3M judgment against CEO Delgerdalai Davaasambuu.
A blockchain 'universal shopper profile' startup whose 2017–2018 ICO raised ~$42.5M. The SEC and New York AG said it was fraudulent — fake retailer partnerships, no working product. Founder Eran Eyal pleaded guilty to felony securities fraud (NY) and settled with the SEC.
A 2017–2018 ICO for the VERI token that the SEC said raised ~$14.8M via false statements and that founder Reginald Middleton manipulated on secondary markets. Middleton and Veritaseum settled with the SEC in 2019 for ~$9.5M and a permanent digital-securities bar.
An Ethereum token whose deployer key was compromised on March 5, 2021, letting an attacker upgrade the contract, mint ~59.5M PAID, and sell ~2.5M for ~$3M in ETH before liquidity was pulled. The team blamed a leaked key; some observers alleged an insider rug.
A BNB Chain index token whose website briefly displayed 'WE SCAMMED YOU GUYS…' in May 2021, prompting rug-pull reports. A widely shared $32M figure is disputed — the team said the site was hacked and its market cap never exceeded $2M.
A zkSync DEX (token MAGE) drained of ~$1.8M during its April 2023 token launch — concluded to be a rug pull by rogue developers via excessive 'feeTo' permissions. CertiK had audited it days earlier and later offered a victim compensation plan.
An Arbitrum DEX (token SAPR) whose deployer rug-pulled ~$3M in May 2023 by using proxy upgradeability to swap the audited staking contract for a malicious one. Funds were laundered via Tornado Cash. CertiK had audited it weeks earlier and later flagged it an 'exit scam'.
A BNB Chain Dogecoin-style memecoin/DEX. In July 2022, PeckShield said developer-controlled wallets executed a 'soft rug pull', selling ~$4.5M of TEDDY (converted to ~10,000 BNB + 2M BUSD, sent to Binance). TEDDY fell ~99%.
A Solana yield aggregator launched via the SolPAD launchpad that went dark in Aug 2021 after withdrawing liquidity — one of Solana's first major rug pulls. CoinDesk verified ~$6.7M removed; funds were reportedly bridged to Ethereum and routed through Tornado Cash.
An Avalanche OlympusDAO-style 'reserve memecoin' run as an 8-day experiment (Nov 2021). When its promised treasury-funded 'buyback' opened on a private AMM, SDOG crashed 90%+ in seconds; only ~7% of supply could sell at a profit and insiders reportedly back-ran it for ~$10M. The team called it a 'game-theory experiment'.
An Avalanche OlympusDAO-style 'reserve currency' protocol whose TIME token crashed after on-chain investigator ZachXBT revealed (Jan 2022) that its pseudonymous treasury manager '0xSifu' was Michael Patryn — a convicted felon and co-founder of the collapsed QuadrigaCX exchange.
A 2021 BNB Chain 'charity' token heavily promoted by influencers, including FaZe Clan members. Its advertised anti-whale limit was changed from 24 hours to 60 seconds just before launch, enabling insiders to dump; widely described as a pump-and-dump.
A December 2023 software supply-chain attack: a phished former Ledger employee's npm key let attackers publish malicious versions of Ledger's widely used 'Connect Kit' library, injecting the Angel Drainer into many dApps. About $500K–$600K was drained in a few hours before a fix shipped.
A 2018 ICO that billed its B2G token as 'the next generation of Bitcoin.' New Jersey issued a cease-and-desist calling it a fraudulent unregistered securities offering, and the SEC charged actor Steven Seagal for touting it without disclosing he was promised $250K cash plus $750K in tokens.
An NFT collection launched on OpenSea in September 2021 that promised a fighting game. About a week later its anonymous developer 'Evil Ape' vanished with 798 ETH (~$2.7M). In June 2024 U.S. prosecutors charged three U.K. nationals over the scheme.
A knockoff of the Mutant Ape Yacht Club NFTs whose creator, French national Aurelien Michel, raised ~$2.9M then 'rug-pulled' buyers, abandoning promised rewards. He was arrested at JFK in 2023, pleaded guilty to wire-fraud conspiracy, and forfeited $1.4M.
An Avalanche stablecoin protocol exploited for about $8.5M in February 2023 via a flash loan that abused a flawed solvency check. Two brothers were arrested in France (aided by ZachXBT) but were later acquitted of criminal charges by a French court.
Two 2017 ICOs run by Brooklyn's Maksim Zaslavskiy, marketed as tokens backed by real estate and diamonds that did not exist. The case produced the first U.S. criminal conviction for an ICO fraud; Zaslavskiy was sentenced to 18 months in 2019.
A cryptocurrency marketed by Rowland Marcus Andrade's NAC Foundation as 'anti-money-laundering' Bitcoin. A U.S. jury convicted Andrade of wire fraud and money laundering in 2025; the DOJ said he defrauded investors of about $10M with false claims, including a fabricated Panama Canal deal.
A 2017 ICO by Dominic Lacroix that promised returns of more than 1,300% in under a month. It was the first case brought by the SEC's new Cyber Unit; the SEC obtained an emergency freeze and a multimillion-dollar judgment.
An NFT 'play-to-earn' game promoted by Logan Paul in 2021 that never fully launched after raising millions. A Coffeezilla exposé called it a 'rug pull'; Paul apologized and offered refunds. An investor class action against Paul was dismissed; a defamation suit over the 'scam' label was ongoing.
An 8,888-piece NFT collection whose two creators abruptly shut it down within hours of selling out in Jan 2022 and moved ~$1.1M to their own wallets. The U.S. DOJ charged Ethan Nguyen and Andre Llacuna with wire fraud and money laundering.
A token themed on the Netflix series 'Squid Game' that rug-pulled in November 2021. A contract mechanism prevented most buyers from selling; developers cashed out an estimated $3.38M and the token's value fell to near zero.
A purported blockchain marketplace whose 2017–2018 ICO of 'OPP Tokens' raised ~$600K from ~200 investors. The SEC charged founder Sergii Grybniak with fraud for falsely calling the ICO 'SEC registered/compliant' and exaggerating the platform's users; a 2025 final judgment imposed a $100K penalty.
A Solana memecoin launched on Pump.fun in November 2024 by a teenager who 'rug-pulled' it live on stream, selling his ~51M tokens for ~128 SOL (~$30K). He repeated the move with further tokens; the community then doxxed him and ironically pumped QUANT.
A 2018 ICO that claimed it would put fruit and vegetables on the blockchain. After raising only a small amount, the team vanished and replaced its website with a single crude word — a widely cited example of a low-effort ICO exit scam.
A Utah operation that the SEC says raised ~$18M selling 'Green Boxes'/'Green Nodes' that supposedly mined a 'GREEN' token on a 'Green Blockchain.' In reality GREEN was a non-mineable ERC-20 the founder pre-minted, and the boxes mined Bitcoin that wasn't given to investors.
A token (ORME) sold via the Ormeus Global MLM that the SEC said defrauded thousands of investors of $124M+. The Barksdale siblings falsely claimed it was backed by a $250M crypto-mining operation producing $5.4–8M/month — they had abandoned mining in 2019 after under $3M in total revenue.
A San Francisco crypto lender (CredEarn, offered via Uphold) that collapsed into bankruptcy in November 2020 with customer losses later valued at $783M+. The DOJ said executives falsely marketed it as 'collateralized,' 'hedged,' and insured; CEO Daniel Schatt and CFO Joseph Podulka pleaded guilty.
A global crypto Ponzi/pyramid scheme (later rebranded 'Weltsys') that the DOJ and SEC say defrauded thousands of mostly Spanish-speaking investors of ~$8.4M with promises of guaranteed returns from nonexistent crypto mining and trading. Senior promoter Juan Tacuri got the 20-year statutory maximum.
A purported crypto hedge fund that promised ~1% daily returns from an 'EX BOT' trading robot. The SEC and DOJ called it a Ponzi scheme with ~$40M+ in investor losses; head trader Joshua David Nicholas pleaded guilty and was sentenced to 51 months.
A crypto hedge fund (with affiliate VQR Multistrategy Fund) that claimed ~$90M in assets and a market-neutral arbitrage strategy. Founder Stefan Qin pleaded guilty to securities fraud after draining investor capital; he was sentenced in 2021 to 7.5 years.
In November 2019, 342,000 ETH (~$41.5M at the time) was stolen from South Korean exchange Upbit. In November 2024 South Korea's National Police Agency officially attributed the theft to North Korea's Lazarus and Andariel groups — its first such attribution of an exchange hack.
A purported crypto mining and trading platform (MCC) that the U.S. DOJ called a $62M global investment fraud. Prosecutors say founder Luiz Capuci Jr. sold 'Mining Packages' and 'Trading Bots' with guaranteed returns but diverted investor funds to wallets he controlled.
A crypto exchange that U.S. and EU authorities say laundered roughly $700M+ of illicit funds, acting as a counterparty for the Hydra darknet market and ransomware crews. Its infrastructure was seized in January 2023; founder Anatoly Legkodymov pleaded guilty to running an unlicensed money-transmitting business.
A cryptocurrency exchange (2011–2017) that the U.S. DOJ called one of the primary ways cybercriminals laundered illicit funds. It received proceeds of hacks, ransomware, and drug sales — including ~300,000 BTC tied to the Mt. Gox theft — and was shut down in 2017 when operator Alexander Vinnik was arrested.
A BNB Chain yield-farming project that rug-pulled about $10M in January 2022. The team minted millions of ARBX via an owner-only mint() function, dumped them, routed user deposits to unverified pools, and deleted its site and socials — months after a CertiK audit.
A BNB Chain AMM drained of about $50M on April 28, 2021 during a contract migration, after a single-character math error in its pair contracts let an attacker withdraw far more than deposited. The team suspected an internal leak; U.S. authorities later seized ~$31M.
A Solana stablecoin drained of about $52.8M on March 23, 2022 via an 'infinite mint' bug: missing collateral-validation let an attacker mint ~2B CASH with worthless tokens, collapsing the peg to near zero. The attacker left a message saying small accounts were refunded.
A BNB Chain yield aggregator hit by a flash-loan price-manipulation 'economic exploit' on May 19, 2021. The attacker minted ~6.97M BUNNY and dumped it for about $45M in profit, crashing BUNNY from ~$146 to near $1; the team said no vaults were breached.
A partially collateralized stablecoin protocol on Polygon whose share token TITAN collapsed from ~$64 to near zero on June 16, 2021 in what the team called crypto's 'first large-scale bank run.' Its TVL fell from ~$2B; investor Mark Cuban said he was among those hit.
An Ethereum yield aggregator (a Harvest/Yearn clone) that rug-pulled ~$10.8M (some estimates ~$12.5M) in Dec 2020 by swapping audited 'Strategy' contracts for malicious ones via an unmonitored timelock. CP3R fell ~99% and the team vanished.
A 2014–2015 virtual currency created by Homero 'Josh' Garza via GAW Miners/ZenMiner. The SEC and DOJ said it was a Ponzi scheme built on 'Hashlets' that didn't exist plus false claims of a $100M reserve. Garza pleaded guilty to wire fraud; victims lost $9M+.
A Solana DEX whose MNGO token was manipulated by trader Avraham Eisenberg in Oct 2022 to borrow ~$110M against an inflated position. He returned ~$67M; a 2024 jury conviction was vacated on appeal in 2025 (venue + no material misstatement), which prosecutors appealed.
A memecoin on Coinbase's Base network that surged in late July 2023, then collapsed ~90% when its pseudonymous deployer removed liquidity — a rug pull. Reported liquidity removed ranged from about $23M to $25.6M.
An OlympusDAO-style project with no website or whitepaper and pseudonymous developers that raised ~13,556 ETH (~$60M) in October 2021. About 20 hours later all liquidity was withdrawn and the token fell to zero — a rug pull.
A Solana memecoin tied to viral personality Haliey Welch, launched Dec 4, 2024. Its market cap reached ~$490M before falling 95%+ within hours, prompting rug-pull/pump-and-dump allegations and a securities lawsuit against the operators (not Welch).
A 2021 Ethereum token (unrelated to Ethereum) promoted by celebrities. The SEC charged Kim Kardashian for touting it without disclosing a $250,000 payment; she settled for $1.26M. A private 'pump-and-dump' class action was later dismissed.
About $70M was drained from the Hong Kong-based exchange CoinEx in September 2023 after its hot-wallet private keys were compromised. Researchers (Elliptic, ZachXBT) linked the theft to North Korea's Lazarus Group, partly via wallets shared with the Stake.com hack.
About $41M was stolen from the crypto casino Stake.com on September 4, 2023, after attackers obtained access to its hot wallets (ETH, BNB Chain, Polygon). The FBI publicly attributed the theft to North Korea's Lazarus Group (APT38).
Two linked crypto payment processors were drained in mid-2023 — about $60M from Alphapo and ~$37M from CoinsPaid — via compromised hot-wallet keys. The FBI attributed both thefts to North Korea's Lazarus Group (TraderTraitor); CoinsPaid said it was breached after months of social-engineering.
A Web3 game on the Blast network drained of about $62.5M in March 2024 by one of its own developers — an insider whom investigators (ZachXBT) linked to North Korea. After negotiations, the developer returned all of the funds without a ransom.
A July 30, 2023 incident in which a compiler bug in older Vyper versions broke reentrancy protection, letting attackers drain several Curve pools and dependent protocols (Alchemix, JPEG'd, Metronome). Gross losses were ~$70M; white-hats and returns cut net losses to about $52M.
An early Bitcoin Ponzi (2011–2012) run by Trendon Shavers ('pirateat40'), who promised up to 7% weekly returns and took in ~764,000 BTC. The SEC won a $40M+ judgment, and in 2016 Shavers was sentenced to 18 months — the first U.S. federal securities-fraud case involving Bitcoin.
A cross-chain lending protocol drained of about $50M on October 16, 2024. Mandiant attributed it to a North Korea-linked actor (UNC4736 / AppleJeus) that used a fake-contractor Telegram lure to plant macOS malware on developers' machines and forge multisig approvals.
A decentralized exchange drained of about $48M in November 2023 via a complex exploit of its Elastic concentrated-liquidity pools. The attacker then posted an on-chain 'treaty' demanding full executive control of the Kyber company in exchange for the funds.
A yield-farming protocol exploited on October 26, 2020 in a flash-loan attack that manipulated Curve pool prices to drain its USDC and USDT vaults. Estimates ranged from ~$24M to ~$33.8M; the attacker returned about $2.5M.
A crypto lending program in which Gemini customers lent assets to Genesis for yield. After Genesis froze withdrawals in November 2022, ~340,000 Earn investors were locked out of ~$900M. The SEC charged both firms in January 2023; Genesis later went bankrupt and settled for $21M.
A U.S. crypto lender that, in February 2022, paid $100M to settle SEC and 32-state charges that its BlockFi Interest Accounts were unregistered securities — a first-of-its-kind action. It later froze withdrawals and filed for bankruptcy in November 2022 amid FTX exposure.
A purported diamond-backed cryptocurrency run by Jose Angel Aman as the latest stage of a multi-year diamond-investment Ponzi. The SEC said the linked schemes raised about $30M from 300+ investors; Aman was sentenced in 2020 to six years and ordered to pay ~$23M in restitution.
A DeFi platform that falsely claimed backing by Morgan Stanley and used a paid actor as a fictitious 'CEO' while promising 1% daily returns. In May 2023 it exit-scammed roughly $31.6M, with on-chain investigator ZachXBT tracing funds bridged to Tron and Ethereum.
A Dallas-based operation that sold the Bitqy and BitqyM tokens. The SEC said founders Bruce Bise and Samuel Mendez defrauded over 13,000 investors in unregistered offerings; the DOJ said the venture raised ~$24M. Both pleaded guilty to tax evasion and received 50-month prison terms.
The New Zealand exchange Cryptopia was hacked in January 2019, losing about NZ$30M (~$20M) in crypto, and was placed into liquidation in May 2019. A landmark NZ court ruling held that the assets were held on trust for account holders.
The Ethereum stablecoin protocol Beanstalk lost about $182M in April 2022 when an attacker used a flash loan to borrow enough governance tokens to pass a malicious proposal that drained the protocol's funds in a single transaction.
The Nomad token bridge was drained of about $190M in August 2022 in a chaotic 'free-for-all' after a flawed upgrade let users replay other people's withdrawal messages by copying transactions.
Harmony's Horizon bridge was exploited for about $100M in June 2022 after attackers compromised multisig signing keys. The FBI later attributed the theft, along with the Ronin hack, to North Korea's Lazarus Group.
A U.S. crypto brokerage that froze withdrawals and filed for bankruptcy in July 2022. The FTC charged the company and former CEO Stephen Ehrlich with falsely telling customers their deposits were FDIC-insured; the company settled for a suspended $1.65B judgment.
A 2018 ICO by Titanium Blockchain (TBIS), led by Michael Stollery, that raised ~$21M for its 'BAR' token using fabricated testimonials and bogus partnerships (e.g. the Federal Reserve, PayPal, Boeing). The SEC froze it; Stollery was sentenced to 51 months.
A 2017 Texas ICO that marketed itself as the world's 'first decentralized bank' on the AriseCoin token, with false claims of FDIC insurance and a Visa partnership and a bogus '$600M raised'. The SEC halted it; the real fraud was ~$4M. CEO Jared Rice got 5 years.
A BNB Chain yield-vault protocol that lost ~$31M (≈14M BUSD and ~73,600 BNB) one day after launch in March 2021. The deployer used the proxy upgradeTo() function to swap the vault logic for malicious contracts with a permissionless 'backdoor' and drained the vaults. Widely classified as a rug pull.
A BNB Chain stableswap protocol that rug-pulled ~$27M in June 2021 by deploying a linked library different from its verified source code, letting operators drain the protocol and approved user wallets. A white-hat traced the team to Manchester, UK; arrests followed and most funds were returned.
A fraudulent virtual currency (MBC) marketed 2014–2017 as gold-backed and tradeable. Founder Randall Crater was convicted of wire fraud in 2022 and sentenced to over eight years; courts ordered ~$7.6M in restitution/forfeiture.
A purported crypto mining/trading company (founded ~2018) that the U.S. DOJ says was a Ponzi scheme promising guaranteed daily returns. Founder David Carmona was sentenced in 2024 to 121 months (~10 years) and ordered to forfeit ~$3.6M.
Two ICO tokens promoted in Vietnam by Modern Tech as MLM investments advertising up to 48% monthly returns. Widely reported as a ~$660M exit scam affecting ~32,000 people, though later Vietnamese investigation said those figures were inflated.
A South African crypto investment platform (founded 2019) whose founders said it was hacked in April 2021, then left the country. Loss figures are heavily disputed ($3.6B reported vs ~$40–50M later); the founders deny wrongdoing.
A 'decentralized' smart-contract investment platform the SEC called a 'textbook pyramid and Ponzi scheme', raising $300M+ (DOJ cited ~$340M). The SEC charged 11 people in 2022.
A BNB Chain token (2021) whose leaders, per the SEC/DOJ, falsely told investors the liquidity pool was 'locked' while retaining access and misappropriating assets worth more than $200M. CEO convicted in 2025.
A 2017 ICO that sold the CTR token and, per the SEC, raised over $32M by touting nonexistent partnerships with Visa, Mastercard, and Bancorp. Co-founder Sohrab Sharma was sentenced to 8 years.
A Turkish exchange that abruptly halted withdrawals in April 2021 as founder Faruk Fatih Özer fled abroad. Loss estimates are disputed (the indictment cited ~$43M; media reported up to ~$2B). Özer was sentenced to 11,196 years in 2023.
A Canadian exchange that collapsed in 2019 after the reported death of CEO Gerald Cotten. An Ontario Securities Commission review concluded it operated like a Ponzi scheme, with a ~$169M (CAD) shortfall driven by Cotten's hidden trading losses.
A ~$147M pyramid scheme (2013–2015) by U.S. Fine Investment Arts (USFIA) that sold 'Gem Coins' — a digital currency falsely claimed to be backed by billions in amber and gemstones from nonexistent mines. Founder Steve Chen pleaded guilty and was sentenced in 2021 to 10 years.
A Houston-based operation that the SEC says was a $300M Ponzi scheme targeting 40,000+ predominantly Latino investors with promises of 15–100% returns from crypto and forex trading. The SEC halted it in 2022 and later charged 17 network leaders; founder Mauricio Chavez pleaded guilty to wire fraud.
A crypto exchange and 'Himalaya Coin/Dollar' project that was one strand of a >$1B fraud the U.S. DOJ pinned on exiled Chinese businessman Guo Wengui (Miles Guo). A jury convicted Guo in July 2024 on nine counts; prosecutors said ~$262M was raised via the Himalaya Exchange alone.
A multi-level-marketing 'crypto and forex' investment program that the SEC says raised more than $650M from over 200,000 investors (2019–2023), many in the Haitian-American community. The SEC charged founders Cynthia and Eddy Petion in 2024, alleging a fraudulent Ponzi/pyramid scheme.
Founder of PlusToken, one of the largest crypto Ponzi schemes ever — a ~$2.25B+ pyramid (2018–2019) that drew 2M+ members with a fake 'arbitrage' return. A Chinese court convicted him and 13 others in 2020, with sentences up to 11 years.
A Solana memecoin created by Kelsier Ventures (led by Hayden Davis). After Argentine President Javier Milei promoted it on Feb 14, 2025, its market cap briefly topped ~$4.5B before insiders sold; reporting describes a rug pull with about $251M in investor losses.
About $196M was stolen from the BitMart exchange in December 2021 after attackers obtained a private key controlling two hot wallets (~$100M on Ethereum, ~$96M on BNB Chain). Funds were laundered via 1inch and Tornado Cash; BitMart reimbursed affected users.
A global multi-level-marketing scheme that sold 'investment packages' promising 300% returns over 16 months from purported forex trading, paid in crypto. Per the U.S. DOJ it raised over $650M from thousands of investors, then collapsed in 2022 blaming a 'hack'; founders were indicted in 2025.
About $81.5M was drained from the Orbit Bridge (by South Korea's Ozys) on Dec 31, 2023 – Jan 1, 2024, via weak withdrawal/signature validation. Ozys later said a former security chief had weakened its firewall weeks earlier and pursued legal action.
A purported medicinal-cannabis 'e-growing' investment platform that was in fact a Ponzi scheme. From 2020 to 2022 it took about €645M (~$688M) from ~186,000 investors with promises of 6–14% monthly returns, then froze withdrawals. Europol coordinated nine arrests in April 2024.
A BNB Chain lending protocol whose QBridge was exploited for about $80M on January 27, 2022. A logic flaw let an attacker mint unlimited 'qXETH' collateral without depositing any ETH, then borrow out the protocol's assets. Chainalysis later assessed it was likely North Korea-linked.
A blockchain-gaming ecosystem on Polygon whose semi-custodial wallets were drained of about $140M on December 13, 2021. Attackers compromised Vulcan Forged's servers to obtain its wallet-provider (Venly) credentials and export 96 users' private keys; the team reimbursed users from its treasury.
A DeFi protocol whose users lost about $120M on December 2, 2021 — not via a smart-contract bug but a front-end attack: a compromised Cloudflare API key let attackers inject a script that tricked users into approving malicious token allowances, then drained their wallets.
About $120M+ was drained from hot wallets of the Justin Sun-owned exchange Poloniex on November 10, 2023, across Ethereum, Tron, and Bitcoin. Security firms attributed it to a private-key compromise, with the North Korea-linked Lazarus Group widely suspected.