$29 million stolen from from Step Finance treasury wallets
The Solana-based defi portfolio tracker Step Finance lost 261,854 SOL (~$28.7 million) when a thief gained access to treasury and fee wallets. It's not yet clear how the attacker was able to steal the funds, although Step Finance posted to Twitter that the theft occurred via a "well known attack vector". Step wrote that they were working with cybersecurity firms and law enforcement to address the incident.
Aperture Finance users lose at least $3.4 million
An attacker exploited a bug in an Aperture Finance smart contract to steal at least $3.4 million from users who had enabled "instant liquidity management" features. Aperture Finance is a defi platform that aims to allow users to trade by telling large language models their "intents".
Aperture has said they disabled portions of their web app impacted by the bug, and are working to try to trace and recover stolen funds.
$13.43 million stolen from Matcha Meta users in SwapNet exploit
Some users of Matcha Meta, a decentralized exchange aggregator on the Base blockchain, suffered losses after a thief exploited a vulnerability in its SwapNet integration. SwapNet is another DEX aggregator that integrates with Matcha Meta, and Matcha blamed a vulnerability in their smart contracts that enabled a thief to steal assets transferred via the integration.
Most of the lost funds came from a single user, who lost $13.34 million in assets. Other users lost a combined $90,000.
- "SwapNet Incident Post Mortem", Matcha Meta
Thief of millions in seized U.S.-controlled crypto alleged to be government crypto contractor's son
Two crypto thieves decided to settle an argument over who was wealthier by screensharing as they transferred crypto between wallets to prove ownership. In doing so, one of them — known online as "Lick" — revealed a wallet address that crypto sleuth zachxbt quickly tied to the theft of around $40 million from US government wallets containing seized crypto assets, including a $20 million theft zachxbt reported in October 2024. Lick's wallets contained around $90 million in total, including the stolen government assets and those stolen from other victims.
zachxbt has alleged that "Lick" is a man named John Daghita. After reporting Daghita's identity, "Lick" appeared to try to scrub his Telegram account, then dusted zachxbt's public crypto wallet from one of the theft addresses.
Daghitia is reportedly the son of Dean Daghita, the owner of Command Services & Support (CMDSS). In October 2024, CMDSS landed a contract with the US Marshals to manage seized crypto assets, which is still active. After zachxbt linked the younger Daghita to his father and CMDSS, CMDSS also scrubbed its online presence. Around that time, Lick began trolling zachxbt again, and later sent 0.6767 ETH (~$1,900) of the stolen funds to zachxbt.
CMDSS' website boasts that they are "a proven provider of mission-critical services to the Department of Defense and Department of Justice".
Saga halts blockchain after $7 million theft
The Saga project halted its blockchain after acknowledging that $7 million had been stolen. An attacker was evidently able to mint a large quantity of Saga Dollar tokens, though it's not yet clear whether it was because of a smart contract vulnerability, private key compromise, or some other issue. The attacker was quick to swap most of the assets to ETH to thwart asset freezes or blockchain halts.
The Saga Dollar token lost its peg and fell to around $0.75 after the attack.
Former NYC Mayor Eric Adams accused of rug pull as NYC Token crashes
Shortly after losing his campaign for re-election as mayor of New York City, Eric Adams announced he would be launching "NYC Token". He's pitched the project as a fundraising tool to fight "antisemitism" and "anti-Americanism", and as a project to "teach our children how to embrace the blockchain technology."
He launched the project on January 12, and buyers piled in in hopes of being early to a high-profile crypto token endorsed by a public figure. However, within hours, the team began pulling liquidity as the price peaked, extracting around $2.5 million. As the price began to fall, the team added back around $1.5 million, leaving around $1 million unaccounted for.
Additionally, on-chain researchers observed at least one wallet that spent almost $750,000 to purchase around 1.5 million $NYC around 10 minutes before the token was publicly announced, leading to speculation around insider trading. However, because of the token price crash after the team began pulling liquidity, the apparent insider ultimately lost around $500,000.
People were quick to accuse Adams, or his unidentified crypto team, of rug-pulling buyers. Adams and the project's social media account have claimed that the team was simply moving or "rebalanc[ing]" liquidity, though they have not yet offered any explanation as to where the missing $1 million went.
- Tweet by RuneCrypto_ [archive]
- Tweet thread by Bubblemaps [archive]
- Tweet by NYC Token [archive]
- Tweet thread by Bubblemaps [archive]
- Wallet on Solscan [archive]
- "Pitching Crypto and Needling Mamdani: Adams’s Post-Mayoralty Takes Shape", New York Times [archive]
- "Former 'bitcoin mayor' Eric Adams faces $3 million rugpull allegation after issuing NYC Token", CoinDesk [archive]
Crypto holder loses $283 million to scammer impersonating wallet support
A crypto holder has lost $282 million in bitcoin and litecoin after a scammer impersonating a customer support employee for the Trezor hardware wallet manufacturer successfully convinced them into revealing their seed phrase. After gaining access to the assets, they quickly swapped them to the Monero privacycoin. The volume of assets was so large that the Monero price spiked as the scammer laundered the finds. The scammer also swapped assets using the THORChain project, which boasted on social media about the "World record speedrun. ⚡️" (presumably without realizing they were bragging about a thief using their project to launder money).
Around $700,000 of the stolen assets were frozen thanks to intervention by a security firm called ZeroShadow, although this represents only 0.2% of the total loss.