Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Step Finance, SolanaFloor, and Remora Markets shut down after January hack

Step Finance announced that, following a $30 million theft in late January, the project would be shutting down. Along with it, they will shut down SolanaFloor — a Solana-focused media project — and Remora Markets — a Solana-based tokenized stocks platform.

According to Step Finance, "we explored every possible path forward, including financing and acquisition opportunities. Unfortunately, we were unable to secure a viable outcome and have made the difficult decision to end all operations effective immediately."

In reply to Step Finance's announcement, crypto investor Mike Dudas claimed that the project had contacted him about bridge financing, but that Step had never responded to his request for more information about the hack. "i responded: 'would need to see the security post mortem before i could consider investing here' <crickets>"

Theme tags: Collapse
Blockchain tags: Blockchain: Solana
Tech tags: DeFi

YieldBlox lending pool drained of $10.2 million

A lending pool operated by YieldBlox on the Stellar blockchain was emptied of around $10.2 million in an oracle manipulation attack on the Reflector oracle supplying prices for the USTRY/USDC market. Reflector has said that there was no flaw with their oracle, and that market illiquidity caused the problem. "Reflector quoted correct prices. ... but it's impossible to quote adequate prices for a market fully handled by a single market-maker with almost zero trading activity."

The attacker was able to manipulate the oracle price to show that USTRY was priced at $100 (rather than its actual trading price of around $1.05). Then, they borrowed against the overvalued asset, withdrawing XLM and USDC priced at $10.2 million. However, around 48 million of the stolen XLM (~$7.2 million) were frozen.

Theme tags: Hack or scam
Tech tags: DAO, DeFi, lending

IoTeX bridge exploited for $2 million after private key compromise

IoTeX, a platform to connect IoT devices to blockchain networks, lost around $2 million after a private key compromise enabled an attacker to drain funds from the project's token safe. Initial loss estimates were as high as $8.8 million, although IoTeX CEO Raullen Chai stated that the actual loss was closer to $2 million.

Blockchain security researcher Specter has suggested there may be links between this attack and a $50 million theft from the Infini "stablecoin neobank" a year ago.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

South Korean prosecutors lose $22 million of seized crypto to the wallet inspector, later recover it

Still frame from The Simpsons episode "Homer Goes to College", where they encounter the "wallet inspector""The wallet inspector" from The Simpsons (attribution)
Staff members working for South Korean prosecutors, for some reason, decided to use a "wallet checking tool" during an August 2025 audit of seized crypto assets. The tool they selected turned out to be a phishing tool, and five wallets were drained of 320 BTC.

On February 19, the office announced they had recovered the stolen assets and identified the thief.

Theme tags: Hack or scam, Law
Blockchain tags: Blockchain: Bitcoin

Moonwell lending protocol suffers $1.78 million loss after second oracle misconfiguration in four months

After an oracle misconfiguration, the Moonwell defi lending protocol accumulated $1.78 million in bad debt. When the protocol showed that cbETH was priced at just over a dollar, rather than its actual market price of around $2,200, bots and humans alike rushed to take advantage of the mispricing. The error cascaded into liquidations across the platform.

This is the second time Moonwell has suffered a loss thanks to an oracle misconfiguration. In November 2025, the platform was left with almost $3.7 million in bad debt after a different asset was mispriced.

Although the vulnerable pull requests were at least partially developed by an AI tool, the security auditor who initially attributed the vulnerability to Claude Opus 4.6 later softened his criticism, noting that even senior developers could have made the same mistake. He did, however, criticize the project for a lack of sufficiently rigorous testing that should have caught the issue.

Theme tags: Bug
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi, lending