Scams

SlowMist identified critical security vulnerabilities in NOFX AI, an open-source crypto futures trading platform built on DeepSeek and Qwen architectures, that allowed attackers to access wallet private keys and exchange API credentials. Binance and OKX worked with SlowMist to identify affected users and revoke compromised credentials by November 17. The flaws affected multiple system versions, with authentication controls failing to protect administrator functions and sensitive endpoints returning API keys by default.

A two-year investigation by the New York Times and the International Consortium of Investigative Journalists traced approximately $28 billion in funds linked to criminal activity through major cryptocurrency exchanges. Binance, OKX, and Bybit served as primary channels for proceeds allegedly generated through cyberattacks, social-engineering schemes, and large-scale fraud operations. The platforms reportedly enabled rapid conversion of illicit funds into widely traded digital assets and stablecoins, with flows continuing even after Binance paid a $4.3 billion U.S. settlement for anti-money laundering violations.

The US Department of Justice filed civil forfeiture complaints targeting over $15 million in Tether connected to North Korea's state-backed hacking group APT38. The FBI initially seized the USDT in March 2025, tracing it to four cryptocurrency platform breaches in 2023. Separately, five individuals pleaded guilty to helping North Korean IT workers infiltrate US companies through fraudulent remote work schemes.

The U.S. Department of Justice filed civil forfeiture complaints for $15.1 million in USDT seized from North Korean military hacking group APT38. The stablecoin was stolen in 2023 attacks against four international virtual currency platforms. Separately, five individuals pleaded guilty to facilitating a scheme in which North Korean IT workers used stolen identities to fraudulently secure employment at 136 U.S. companies.

Price manipulation attacks resulted in $42 million in losses across 51 separate incidents during 2025, according to CertiK Alert. The November 12 incident involving Popcat on Hyperliquid demonstrated coordinated manipulation tactics, triggering $63 million in liquidations through artificial buy walls and sudden order withdrawals. CertiK recorded 19 incidents in Q4 alone, approaching Q2's peak of 20 cases.

Publicly traded companies building digital asset treasuries are increasingly accepting in-kind token deposits instead of purchasing assets on open markets. The approach enables firms to raise capital while establishing valuations for illiquid tokens, but exposes equity investors to heightened volatility from newly launched, untested assets. This strategy diverges from established Bitcoin treasury models, which typically raise funds through conventional financing before acquiring liquid market positions.

An unidentified trader deliberately destroyed $3 million while executing a leveraged manipulation on Hyperliquid's POPCAT perpetual contract, causing approximately $4.9 million in losses to the platform's hyperliquidity provider vault. The attacker withdrew USDC from OKX, distributed funds across multiple wallets, opened over $26 million in long positions, then removed an artificial buy wall to trigger mass liquidations.

A trader deliberately sacrificed $3 million to manipulate Hyperliquid's POPCAT perpetual market, causing the platform's Hyperliquidity Provider vault to absorb $4.9 million in losses. The attacker distributed funds across 19 wallets, opened over $26 million in leveraged positions, and erected a fake $20 million buy wall that triggered cascading liquidations when removed. The manipulator's entire stake was liquidated during the event, with analysts describing the incident as a structural disruption rather than a profit-driven exploit.

The US Department of Justice, FBI, and Secret Service formed the Scam Center Strike Force on November 12, 2025, to target cryptocurrency fraud operations linked to Chinese transnational crime groups. The initiative addresses investment scams that defraud Americans of billions annually through fake crypto platforms, according to US Attorney Jeanine Ferris Pirro. Federal authorities have seized over $401 million in cryptocurrency assets to date.

Decentralized exchange Hyperliquid halted deposits and withdrawals on November 12, 2025, after a trader's leveraged positions on memecoin POPCAT triggered approximately $25 million in liquidations across 19 wallets. The platform's liquidity vault absorbed roughly $5 million in bad debt. The incident marked the second major manipulation event on the exchange in 2025.