Case Study
TrickyRoxxx
Case Study
The RPC Poisoning Attack That Cost $290M — And Why Retail Missed It Coming
On April 18, 2026, a sophisticated state-sponsored attacker poisoned the RPC infrastructure feeding KelpDAO's rsETH bridge, fraudulently approving 116,500 rsETH in transfers. By April 20, that theft had cascaded into $200M in Aave bad debt and triggered a $10B panic withdrawal wave across DeFi. One of the
Live Threat
X Coin Doesn't Exist — But the Scam Does
xcoincore.io is live right now, stealing from retail crypto users. Here's exactly how it works. X has not launched a cryptocurrency. There is no "X Coin." There is no presale. Anyone telling you otherwise is in the process of stealing from you. xcoincore.io is
case-study
Ledger Data Breach and Wrench Attack Campaign: When Digital Exposure Becomes Physical Threat
A compromised e-commerce database turned hardware wallet users into targets of physical coercion, proving that operational security extends far beyond private key management.
case-study
The $40M Hardware Wallet Phishing Theft: How Social Engineering Defeated Cold Storage
A sophisticated, multi-vector phishing campaign stripped 521.99 BTC from a high-net-worth individual despite hardware wallet protections.
case-study
Marlon Ferro Wrench Attack Ring: Coordinated Physical Home Invasions Targeting Crypto Holders
How a criminal enterprise merged digital surveillance with physical coercion to steal cryptocurrency from victims in their homes.
case-study
Bybit Multisig Blind Signing Hack: A $1.5 Billion Supply Chain Compromise via Safe{Wallet} Frontend Manipulation
How North Korea's Lazarus Group exploited blind signing and a compromised web interface to execute the largest single theft in crypto history.
case-study
Silent Swap: The JavaScript Supply Chain Attack That Weaponized the World's Most Downloaded Packages Against Crypto Users
A single phished developer credential turned billion-download npm packages into multi-chain wallet address hijacking infrastructure.
case-study
Julia Goodwin SIM Swap and Physical Attack: When Digital Compromise Escalates to Armed Home Invasion
A retirement-age crypto investor was targeted through carrier-level SIM hijacking, followed by violent physical coercion — exposing the lethal convergence of telecom fraud and real-world violence in crypto theft.
case-study
GreedyBear Malicious Firefox Extensions Campaign: A Supply-Chain Phishing Operation That Drained $1M Across Multiple Chains
Over 150 counterfeit browser extensions impersonating MetaMask and Coinbase Wallet weaponized the Firefox Add-ons ecosystem to harvest seed phrases at scale.
case-study
Trezor Support Impersonation Phishing: A $284 Million Single-Call Social Engineering Attack
One phone call. One compromised investor. 71% of January 2025's total adjusted crypto fraud losses.
case-study
Ledger-Global-e Customer Data Breach & Phishing Campaign: Supply Chain Data Exposure at Scale
Third-party e-commerce partner compromise exposes Ledger customers to targeted phishing, reprising the company's worst operational nightmare.