Raydium has said it will compensate users who lost funds in the exploit.
Raydium users lose $1.34 million after legacy smart contract exploited
Drift exploited for $285 million
The project later described the exploit as "a novel attack involving durable nonces, resulting in a rapid takeover of Drift's Security Council administrative powers." Once the attacker had access to admin capabilities, they quickly eliminated risk management limits on the protocol and drained huge quantities of tokens, which they swapped to USDC and then ETH. The attack was attributed to extremely sophisticated social engineering, likely by North Korean hackers.
Some have criticized USDC's issuer, Circle, for not freezing the stolen funds during the six hours they were held in USDC. Unlike ETH, USDC is controlled by a centralized company that can, and regularly does, freeze assets determined to have been stolen or connected to illicit activity.
The theft is among the largest in defi history.
Step Finance, SolanaFloor, and Remora Markets shut down after January hack
According to Step Finance, "we explored every possible path forward, including financing and acquisition opportunities. Unfortunately, we were unable to secure a viable outcome and have made the difficult decision to end all operations effective immediately."
In reply to Step Finance's announcement, crypto investor Mike Dudas claimed that the project had contacted him about bridge financing, but that Step had never responded to his request for more information about the hack. "i responded: 'would need to see the security post mortem before i could consider investing here' <crickets>"
$29 million stolen from from Step Finance treasury wallets
Former NYC Mayor Eric Adams accused of rug pull as NYC Token crashes
He launched the project on January 12, and buyers piled in in hopes of being early to a high-profile crypto token endorsed by a public figure. However, within hours, the team began pulling liquidity as the price peaked, extracting around $2.5 million. As the price began to fall, the team added back around $1.5 million, leaving around $1 million unaccounted for.
Additionally, on-chain researchers observed at least one wallet that spent almost $750,000 to purchase around 1.5 million $NYC around 10 minutes before the token was publicly announced, leading to speculation around insider trading. However, because of the token price crash after the team began pulling liquidity, the apparent insider ultimately lost around $500,000.
People were quick to accuse Adams, or his unidentified crypto team, of rug-pulling buyers. Adams and the project's social media account have claimed that the team was simply moving or "rebalanc[ing]" liquidity, though they have not yet offered any explanation as to where the missing $1 million went.
- Tweet by RuneCrypto_ [archive]
- Tweet thread by Bubblemaps [archive]
- Tweet by NYC Token [archive]
- Tweet thread by Bubblemaps [archive]
- Wallet on Solscan [archive]
- "Pitching Crypto and Needling Mamdani: Adams’s Post-Mayoralty Takes Shape", New York Times [archive]
- "Former 'bitcoin mayor' Eric Adams faces $3 million rugpull allegation after issuing NYC Token", CoinDesk [archive]
Upbit hacked for $30 million
Upbit reimbursed users who had lost funds from company reserves. The exchange was able to freeze around $1.77 million of the stolen assets.
This theft occurred exactly six years after Upbit suffered a theft of 342,000 ETH (priced at around $50 million at the time).
Credix vanishes after $4.5 million exploit
Credix subsequently announced they had negotiated with the thief, who they said agreed to return the funds "in return for money fully paid by the credix treasury". They did not disclose how much they paid to the hacker.
However, shortly after this announcement, the company deleted its social media accounts and disappeared, leading some to wonder if the "hack" may have in fact been a rug pull by insiders. The promised reimbursements have not yet materialized.
$2.2 million in user funds stolen from Texture; hacker returns 90%
Shortly after the attack, Texture sent a message to the thief: "We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%. You made an opsec mistake, but it’s not too late to avoid escalating the situation."
The threat and "bounty" offer apparently worked, and the hacker returned $1.98 million, keeping $220,000 as a so-called "greyhat bounty". "As the hacker has fulfilled their side of the agreement, we will not pursue the matter further," wrote Texture.
Loopscale hacked for $5.8 million two weeks after launch
ICERAID crypto project claims to pay people to report immigrants and "terrorist" judges to law enforcement
An instructional video posted to social media by the platform encourages people to "do [their] patriotic duty" by going to a District Court in a blue state, then "Secretly snap a photo of the judge. Don't let the bailiff see you." The video shows a person uploading a photograph of Judge James Boasberg, who is presiding over the Trump administration deportation flights case, and reporting him for "terrorism".
The project has been likened to Stasi programs in which citizens were paid to spy and report on their neighbors.
The founder of ICERAID, Jason Meyers, claims that he had had conversations with the White House about the project, although the website for the tool states it is not affiliated with any government agency and is not a website of the US government. Meyers has faced several enforcement actions resulting in disciplinary penalties over his involvement in security sales, and in 2014 was permanently banned by FINRA from broker-dealer activities after misappropriating investor funds. Meanwhile, multiple users have complained about not receiving their promised ICERAID tokens, and the project reportedly changed its terms after the token presale to reduce the amount of money buyers would earn for participating.









