Hello, I did an xsgd/usdt coin exchange on Tuesday, but the assets did not arrive to the account, I was advised to contact support in Telegram, but I realized that I was robbed and it was scammers! How can I get my assets back? 25.02 at 11:33 I made the first transaction swap xsgd/usdt in the amount of 1.04k$/1.39k xsgd and my assets did not arrive to my account, I wrote to the support that Google showed me on the website https://ascendex.com/ru/support/articles/49325-sushiswap-sushi. then they sent me an email with a support link in telegram and there the manager Evgeny called me, who informed that my assets were frozen due to an incorrect swap amount and that a duplicate transaction needed to be made to unblock the assets. I made a duplicate transaction and they didn’t respond to me and I lost my assets again. I realized that I was robbed. What should I do? I contacted the wallet support and they advised me to write to you

I came across a YouTube video advertising a ChatGPT bot on the Ethereum blockchain. The presenter, a woman with a British accent, appeared very real and charismatic—though it's possible she was AI-generated. The scam involves smart contracts that redirect funds to the scammer's wallet. The video provided a step-by-step guide, instructing users to paste a specific code into a suspicious bot website. It also recommended using the MetaMask wallet. Unfortunately, MetaMask was unable to help recover my losses. Beware of scams like this!

When I wanted to withdraw ETH from contract to my MetaMask wallet, the money went to another address, because of the smart contract that scammer had made.

I havent logged in into my metamask for 680 days, and today when i logged in i saw that someone 24 days ago stole 0.3 eth from my metamask.

As responded and described to MetaMask Support: Did I ever… 1. Access a website from a social media app such as X (Twitter), Discord, or Telegram?   - I only have Telegram. I have not been on Telegram lately. If I am, I do use links to websites. I would only be checking updates on chosen channels or messages. 2. Try to manually verify your wallet using the Secret Recovery Phrase? - NO. I have not had to use my Secret Recovery Phrase. I cannot recall ever doing that or when I last did, if ever. 3. Interact with someone claiming to be a support representative? - NO. This is the first time contacting Support at Metamask. ONLY Support lately has been Coinbase. 4. Use your 12-word secret recovery phrase on your device?   - NO. Same as #2. 5. Install a new application or extension on your device?   - NO. Actually I deleted about 11 unused apps in the last 2 days. ————— How your Secret Recovery Phrase is backed up. - Backed up and stored on Encrypted Storage Vault (C2 Password by Synology) The estimated USD value that was lost.  $4300.  I received $4321.82 USDT amount in Metamask wallet (0x9a77…eeaa) from Coinbase Wallet (0xd5f1…17d5) on Feb 28, 2025 1:21 PM PT.  Within 5 minutes of receiving, I swapped Max amount of USDT in wallet to ETH.  I noticed an unusual  ETH transaction simultaneous to the Swap. I suspected that was to pay for the transaction.

My account has been hacked.

A critical vulnerability in Venus Protocol enabled the attack: the absence of proper safeguard mechanisms in pricing an ERC4626 token in the core pool allowed the attacker to execute the entire exploit, resulting in ~$800k in bas debt. The operation began with the attacker securing a flash loan from Aave to establish a highly leveraged position in wUSDM—amounting to approximately $2.3M—through two coordinated smart contracts. The next move was donating around $450k USDM (ERC4626 inflation attack) to the wUSDM smart contract. This donation artificially inflated the conversion ratio from about 1.069 to 1.7, improving the health ratio of the collateral position and triggering a liquidation process. With this, the attacker could secure ~$200k in ETH in net profit (borrow and liquidation fees) after the flash loan was repaid. Subsequently, the attacker proceeded to recover most of the “donation” by using the manipulated exchange rate to their favor—not through a further exploit, but by purchasing wUSDM liquidity on SyncSwap with USDC, then converting it using the inflated price established by the earlier donation. This final arbitrage step allowed the attacker to recover most of the initial donation, for about ~$400k. All in, the attacker secured ~$600k in profits. The remaining ~$200k to get to the ~$800k in bad debt was liquidation revenue kept by Venus protocol. After exploiting Venus Protocol, the hacker could use the liquidity in Sync Swap’s pool (v3Pool stable concentrated liquidity), where most liquidity sat at an exchange rate of ~ 1.069 USDC for 1 wUSDM. This allowed the exploiter to bridge USDC from any chain to zkSync and swap 1.069 USDC for 1 wUSDM, which could then be unwrapped for 1.7 USDM. This USDM could subsequently be bridged to other USDM-supported chains with secondary market USDC/USDM pools, such as Curve, where the attacker could swap 1 USDM for 1 USDC and then bridge back the USDC, restarting the loop process. Consequently, the attacker extracted approximately all of the ~$400k USDM that was “donated” in the previous transaction by the exploiter, which remained on the wUSDM smart contract until he withdrew all wUSDM liquidity provided in the SyncSwap Pool. It’s worth noting that LP providers were not affected as they received USDC using the correct exchange rate in exchange for the swap, at which point the hacker had no further opportunities. ## Conclusion This exploit underscores the **critical risks** associated with **price oracle integration in ERC-4626 tokens**, particularly the vulnerabilities of **over-leveraging and collateral manipulation**. The absence of **protocol-level safeguards**, such as **price update delays, minimum deposit thresholds, and/or mechanisms to neutralize the effects of unexpected token transfers**, created conditions that allowed the attacker to exploit Venus Protocol. **Mountain Protocol and USDM and wUSDM holders remain unaffected by this event.**

Hi, my wallet was suddenly drained. My funds were sitting into TheVault.Finance dapp and were all moved to the 83JjzyfQjAJcikoiaFmR2R1pUiW8chZfzKQntrQ5M4e. I don't have many hope of recovering this but anyways I want to open a case.

While swapping any token on https://1inch.io/ it asks you to give permission for the swap. once given, i found that you seem to approve a ''spender'' for ''unlimited'' allowance of the swapped token. putting the entire asset at risk I could see this through:'' https://etherscan.io/tokenapprovalchecker It seems that every swap i do through https://1inch.io/ puts the swapped token at risk of being drained at any given time by approving a unlimited allowance to the spender. at this point it happened twice within 1 week (18 feb - 24 feb) the reason i ended up using 1inch is because i was in search of trying to find the lowest gas fees for swaps on ethereum. it works surprisingly well with very low gas fees, however it seems that it also forces you to put your asset at risk. at first i thought i made a mistake by possibly ending up on a fake website imposing to be the official 1inch, but after checking all the approvals i seemed to have made on https://etherscan.io/tokenapprovalchecker, I am absolutely sure that all these swaps have been made through the official 1inch without exception. First time it happened: It started with a spontaneous smart contract execution with the below transactionhash. 0x2a172b41dbec2022cf4517e27bf62a0cddd20e4f46cd58b370a51a453e91429e then it swapped 283,748 qf to 0,243 eth then it sent 0,243 eth valued at 600,17 dollar to 0xd771bed952950280ad3a0973ac91919d77e6b997 After losing my first asset, and learning all the above, i trusted to have gained enough knowledge to not let it happen again. second time it happened: what i did next was: swap eth to weth using 1inch again after that i revoked the allowance immediately then i swapped weth for QF then i revoked the allowance of unlimited QF immediately as well. and then, to my surprise, a contract executed faster than i could revoke the allowance for my qf. it executed and put the following transactions in motion: weth to eth (i had 0.1 weth) qf - usdc. (i had 92,622 qf valued at 228,57 dollar) usdc-eth (228,57 to 0.0866 eth) then it combined both assets and sent a total of: 0.189 eth valued at 459,20 dollars to 0x00cbda79f65518b676c08d1f75e15b9b32f38d3c i have tried to find similar stories of people getting scammed this way, but i have not yet found a exact experience. At this point i've lost all my trust in crypto. if anyone can tell me how i can participate on the eth chain without all my assets randomly disappearing, please share some knowledge.

Metamask cryptocurrency hack by unknown assailant

Mine account may have a sweeper script monitoring it, which can automatically transfer the tokens sending to the other account within seconds.

i have accessed four.meme & traded tokens , after trading i shut down my laptop and went to sleep , in the morning i found that all BNB in my wallet was drained and transferred to 6 different wallet by hacker , please be careful while trading on four.meme

Total lost on All major chain , latest stolen on Gravity Chain and Abstract chain