Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Users lose $9.5 million to fake Ledger wallet app on the Apple App Store

After a fake version of the Ledger cryptocurrency wallet app made it onto the normally highly curated Apple App store, customers lost $9.5 million dollars to the malicious product. Believing it was a genuine Ledger product, people entered their seed phrases into the app, then discovered their wallets were immediately drained.

One victim, a musician who goes by G. Love, wrote: "I lost my retirement fund in a hack/Scam when I switched my Ledger over to my new computer and by accident downloaded a malicious ledger app from the Apple store. All my BTC gone in an instant." According to him, he lost 5.9 BTC (~$445,000).

Crypto sleuth zachxbt traced some of the stolen funds through Kucoin, a Chinese cryptocurrency exchange that was recently fined and forced to exit US markets over licensing and anti-money laundering failures. "The three largest victims lost seven figures each," he wrote.

Apple removed the malicious app from their App Store on April 13, six days after it had been added.

Theme tags: Hack or scam

Hyperbridge exploited two weeks after April Fools' hack joke

Screenshot of a tweet by Hyperbridge: We've been breached We're working hard to fix this! Security Incident Report At 03:47 UTC on April 1, Hyperbridge flagged a breach totaling approximately $37M across our Ethereum, Arbitrum, and Base deployments. Initial analysis points to the Lazarus Group. We are not ruling out quantum computing or unsupervised Claude agents. We missed the window to prevent this. Yesterday, external auditors reached out but our team was offline - celebrating a new addition to the Hyperbridge family with an ungodly amount of KitKat. Yeah, one of our engineers is now a dad. Early warnings were dismissed as April Fools' pranks. That was a critical error and we own it. We are committed to making this right.Hyperbridge April Fools' tweet (attribution)
On April Fools' Day, the Hyperbridge blockchain bridge project posted a tweet claiming that the North Korean Lazarus hacking group had drained $37 million from the project. A linked blog post contained a Rickroll GIF and an explanation of "Why Hyperbridge can't be hacked".

The following day, a Hyperbridge developer posted a screenshot of a blockchain transaction, writing "Lmao the uniBTC exploiter is testing Hyperbridge. I hope you have a quantum computer bro". Another commenter replied, "Rule #1 dont actively provoke attackers".

About two weeks later, an attacker was able to forge a transaction to change the admin rights for the Polkadot/Ethereum bridge contract, allowing them to mint 1 billion DOT tokens. They were able to cash out about $237,000 due to limited liquidity.

The April Fools' posts have since been deleted.

Theme tags: Hack or scam

Bitcoin Depot hacked for $3.67 million

A yellow and black Bitcoin ATM with "Bitcoin sold here" printed on the sideA Bitcoin Depot kiosk (attribution)
Bitcoin ATM operator Bitcoin Depot has disclosed a March 23 hack in which attackers stole 50.903 BTC (~$3.67 million) from company wallets. According to the company's disclosure with the SEC, the exploiters gained access to the company's IT systems and wallet credentials, allowing them to steal the assets.

Bitcoin Depot is the largest operator of crypto ATMs globally and in the United States, with approximately 8,700 kiosks in the US and 9,200 worldwide.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Bitcoin

Drift exploited for $285 million

The Solana-based Drift defi perpetual futures exchange was exploited for $285 million. The project alerted the community on social media, writing: "Drift Protocol is experiencing an active attack. ... This is not an April Fools joke."

The project later described the exploit as "a novel attack involving durable nonces, resulting in a rapid takeover of Drift's Security Council administrative powers." Once the attacker had access to admin capabilities, they quickly eliminated risk management limits on the protocol and drained huge quantities of tokens, which they swapped to USDC and then ETH. The attack was attributed to extremely sophisticated social engineering, likely by North Korean hackers.

Some have criticized USDC's issuer, Circle, for not freezing the stolen funds during the six hours they were held in USDC. Unlike ETH, USDC is controlled by a centralized company that can, and regularly does, freeze assets determined to have been stolen or connected to illicit activity.

The theft is among the largest in defi history.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Solana
Tech tags: DeFi

Moonwell faces $1 million governance attack

The Moonwell lending protocol faced a governance attack on its deprecated Moonriver instance that could have drained $1 million from the project. Because Moonwell's MFAM governance token trades at fractions of a cent, an attacker was able to accumulate around 40 million tokens, submit a malicious proposal, and achieve quorum. Moonwell governance token holders scrambled to vote down the proposal before the voting ended on March 27.

Ultimately, facing being outvoted, the attacker dumped their MFAM holdings and the proposal was canceled as their balance had fallen below the proposal threshold.

This was only the most recent of Moonwell's troubles after the protocol suffered a $1.78 million loss in February due to an oracle misconfiguration and a $3.7 million loss in November 2025.

Theme tags: Shady business
Tech tags: lending

Balancer Labs shuts down after $110 million hack

After a November 2025 exploit in which $110 million was drained from the Balancer defi protocol, the company behind the project has announced it will shut down. Besides the massive loss, the hack also caused users to flee the protocol, and Balancer's total value locked quickly plummeted from around $775 million to around $300 million. It has continued to decline since, now hovering around $150 million.

Balancer co-founder Fernando Martinelli has said he strongly considered shutting down the protocol entirely, but ultimately decided to continue the project as it generates a relatively small amount of revenue. Instead, the project will move to being operated by a DAO and operating company, which Martinelli hopes will allow them to dodge "real and ongoing legal exposure" and "the liability of past security incidents".

Although another Balancer co-founder has optimistically presented this as "the start of a better chapter" for Balancer, it remains to be seen whether a skeleton crew will be able to revive the project.

Theme tags: Collapse
Blockchain tags: Blockchain: Ethereum
Tech tags: DAO, DeFi

USR stablecoin depegs in $24 million exploit

The Resolv USD stablecoin, also known as USR, lost its intended dollar peg and dropped to around $0.14 after an exploiter was able to mint and sell tens of millions of unbacked tokens. USR is an asset-backed stablecoin that uses cryptoassets like bitcoin, ETH, and other stablecoins as collateral.

An exploiter took advantage of a flaw in USR's minting code to create tens of millions of USR tokens without depositing any assets to back them. The attacker then sold the unbacked USR, crashing the stablecoin's price to as low as $0.14. The attacker has profited at least 11,400 ETH (~$24 million), though they are still selling.

Some defi protocols paused USR-exposed strategies to avoid downstream impacts. Resolv issued a statement that the token's collateral pool was unaffected, though this is likely little comfort for those who purchased the unbacked USR.

Theme tags: Hack or scam
Tech tags: stablecoins

Venus Protocol accumulates $2.15 million in bad debt after exploit

The BNB Chain's Venus Protocol lending protocol accumulated $2.15 million in bad debt after an exploiter manipulated the price of the Thena protocol's THE token. THE had very low liquidity, and the exploiter took advantage of it to manipulate the THE price oracle by borrowing against THE, using the borrowed funds to buy more THE, and repeating — causing the price oracle to reflect higher and higher prices. The attacker was able to avoid a supply cap on Venus by "donating" the funds rather than depositing them in the standard way.

While the exploit left the Venus Protocol with over $2 million in bad debt, it's not clear if the attacker even made money from the exploit. The exploiter's position was ultimately liquidated, collapsing the increase in THE price. However, it's possible the exploiter took advantage of the price discrepancy elsewhere to profit.

The Venus Protocol has had a number of issues in the past — notably in June 2023, when the team developing the BNB Chain had to intervene when the a thief borrowed $150 million on Venus against stolen tokens and then faced liquidation.

Theme tags: Hack or scam
Blockchain tags: Blockchain: BNB Chain
Tech tags: DeFi, lending