Web3 is Going Just Great

October 15, 2025

Paxos accidentally mints more than twice the global GDP in PayPal stablecoins

Paxos, the issuer of PayPal's PYUSD stablecoin, accidentally minted 300 trillion of the supposedly dollar-pegged token. For context, this is approximately 2.5x the global GDP, and around 125x the total number of US dollars actually in circulation.

Paxos later announced that the mint was an "internal technical error", and that they had burned the excess tokens.

While PayPal promises its customers that "Reserves are held 100% in US dollar deposits, US treasuries and cash equivalents – meaning that customer funds are available for 1:1 redemption with Paxos," there clearly isn't much in the way of safeguards to ensure that is always the case. As with most stablecoin issuers, Paxos merely issues self-reported and unreviewed portfolio reports, and monthly third-party attestations (not audits) of reserves.

October 10, 2025

Hyperliquid user loses $21 million to private key leak

An attacker apparently obtained access to a victim's private key, enabling them to drain $21 million in various crypto assets. The attacker quickly bridged the stolen funds to ETH, then bounced through various addresses in hopes of disguising their origin and making the funds more challenging to recover.

Some originally feared that the theft was enabled by an exploit on Hyperliquid itself, shortly after another Hyperliquid-based project was compromised, but the theft appears to have been a key leak rather than an exploit on the protocol.

"Hyperliquid User Loses $21 Million Due to Private Key Compromise, Experts Say", Decrypt [archive]

October 4, 2025

Abracadabra loses more "Magic Internet Money" to third hack in two years

(attribution)

In their third major hack in two years, the Abracadabra defi lending project lost $1.8 million of their Magic Internet Money stablecoin. An attacker took advantage of a bug in the project smart contracts to borrow more than their provided collateral would normally allow. The attack was funded via Tornado Cash, and the exploiter then swapped the stolen tokens for ETH and laundered them back through Tornado.

The project disclosed the theft, describing the exploit as affecting "some deprecated contracts". They downplayed the theft, saying they'd bought back the stolen assets using treasury funds.

Abracadabra previously suffered a $13 million theft in March 2025, and a $6.5 million theft in January 2024.

"Abracadabra loses $1.8 million in protocol's third major DeFi hack since 2024", The Block

September 29, 2025

Futureverse announces restructuring two years after raising $54 million

(attribution)

In 2023, there was no shortage of buzzy press coverage for Futureverse, which promised to build a metaverse and gaming-focused blockchain. They partnered with Ready Player One author Ernest Cline to build the "Readyverse". They partnered with the estate of Muhammad Ali to build an "AI-powered" boxing game (with NFTs!) They partnered with Rebook to build a "virtual sneaker design experience", where customers could design sneakers to equip to their Fortnite or Roblox characters. That year, the company had raised $54 million in a Series A round led by 10T Holdings and Ripple Labs. They made even more money from token sales to retail investors.

As recently as this year, Futureverse was earning spots on "most innovative company" lists. In April, they announced they'd be acquiring Candy Digital, an NFT company created by Mike Novogratz, Gary Vaynerchuk, and others (which itself had raised a $100 million series A in 2021, and another funding round in 2023). "NFTs will be back in a big way one of these days", wrote Axios, covering the sale in April 2025.

But now, Futureverse has announced they've "made the difficult decision to begin a restructuring of the business". Focusing only on the AI portion of their business, and conspicuously omitting any mention of blockchains, NFTs, or metaverses, the company says they "recognize that adjustments are needed to ensure the long-term sustainability of our vision."

Futureverse locked comments on the post, likely to try to dodge angry community members who accused the company of stealing from them or rug-pulling.

"Futureverse Raises $54 Million From 10T, Ripple Labs for Metaverse Push", Decrypt [archive]
"The most innovative companies with between 51 and 200 employees for 2025", Fast Company [archive]
"Exclusive: Futureverse acquires NFT startup Candy Digital", Axios

September 27, 2025

Hyperdrive lending protocol exploited for $782,000

(attribution)

Exploiters drained $782,000 in crypto assets from two markets on the Hyperdrive lending protocol, which is built on the Hyperliquid layer-1 blockchain. The attacker apparently took advantage of a security flaw in one of the project's smart contracts to drain the funds.

Hyperdrive paused all markets while investigating the vulnerability, and patched the bug. They also compensated those who had lost money in the exploit.