AI-driven Phishing and Token Exploits Drain $45.8M from Web3

Web3 security suffered major losses in October as AI-driven phishing and complex token exploits accounted for $45.84 million in theft, according to GoPlus Security. Phishing-as-a-Service platforms powered by AI tools enabled rapid fake website creation, leading to $3.5 million in phishing losses. Notable incidents included 107 GMGN users losing $700,000, a $325,000 theft via a malicious “increaseAllowance” on Wrapped Bitcoin (WBTC), and $440,000 lost through a fraudulent “permit” transaction. The largest breach involved SBI Crypto, with $21 million in BTC, ETH, LTC, DOGE, and BCH drained and allegedly laundered via Tornado Cash by suspected state-backed hackers. Meanwhile, honeypot token scams jumped 600% month-on-month to 2,189 tokens on Binance Smart Chain, Ethereum, and Base, trapping investors in illiquid contracts. Elsewhere, the Astra Nova token RVV plunged after a social media hack caused a $10.3 million sell-off, and Garden Finance users lost $10.8 million to a DeFi exploit. These events underscore evolving threats to Web3 security from AI techniques, social engineering, and embedded contract fraud.