Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
USDC 
Solana 
TRON 
Lido Staked Ether 
Figure Heloc 
Dogecoin 
WhiteBIT Coin 
USDS 
Cardano 
Hyperliquid 
Wrapped stETH 
LEO Token 
Zcash 
Wrapped Bitcoin 
Bitcoin Cash 
Binance Bridged USDT (BNB Smart Chain) 
Monero 
Wrapped Beacon ETH 
Chainlink 
Toncoin 
Canton 
Wrapped eETH 
Stellar 
Sui 
Litecoin 
sUSDS 
USD1 
Dai 
Coinbase Wrapped BTC 
MemeCore 
Avalanche 
Hedera 
WETH 
Ethena USDe 
Shiba Inu 
Rain 
USDT0 
Global Dollar 
PayPal USD 
Cronos 
Circle USYC 
Bittensor 
Tether Gold 
BlackRock USD Institutional Digital Liquidity Fund 
Ethena Staked USDe 
Uniswap 
Polkadot 
PAX Gold 
Mantle 
World Liberty Financial 
NEAR Protocol 
Ondo 
Ondo US Dollar Yield 
Pi Network 
OKB 
Little Pepe 
Falcon USD 
HTX DAO 
syrupUSDC 
Internet Computer 
Pepe 
Aster 
Sky 
Ripple USD 
Ethereum Classic 
USDD 
Aave 
Bitget Token 
BFUSD 
Morpho 
KuCoin 
Janus Henderson Anemoy Treasury Fund 
Ethena 
Jupiter Perpetuals Liquidity Provider Token 
Algorand 
Cosmos Hub 
Quant 
POL (ex-MATIC) 
Kaspa 
Jito Staked SOL 
United Stables 
Superstate Short Duration U.S. Government Securities Fund (USTB) 
Kelp DAO Restaked ETH 
Spiko EU T-Bills Money Market Fund 
Render 
Binance-Peg WETH 
Blockchain Capital 
Rocket Pool ETH 
NEXO 
Worldcoin 
Binance Bridged USDC (BNB Smart Chain) 
Aptos 
Stable 
Wrapped BNB 
Filecoin 
Arbitrum 
Function FBTC 
Siren 
Gate 
Jupiter 
JUST 
syrupUSDT 
Flare 
Venice Token 
Pump.fun 
Binance Staked SOL 
VeChain 
BUILDon 
XDC Network 
USDtb 
Bonk 
Beldex 
NEW X CEO IS BACK 
Polygon Bridged USDC (Polygon PoS) 
DeXe 
Solv Protocol BTC 
OUSG 
Lombard Staked BTC 
Pudgy Penguins 
Dash 
GHO 
clBTC 
Midnight 
Provenance Blockchain 
Official Trump 
Usual USD 
SkyAI 
Virtuals Protocol 
YLDS 
StakeWise Staked ETH 
Terra Luna Classic 
Kinetiq Staked HYPE 
Artificial Superintelligence Alliance 
tBTC 
A7A5 
WrappedM by M0 
PancakeSwap 
Stacks 
TrueUSD 
Injective 
Sei 
Billions Network 
c8ntinuum 
Kite 
Mantle Staked Ether 
EURC 
Humanity 
Polygon PoS Bridged DAI (Polygon POS) 
Aerodrome Finance 
Chiliz 
Resolv wstUSR 
COCA 
edgeX 
Celestia 
Curve DAO 
Doge Strategy 
Liquid Staked ETH 
ADI 
Arbitrum Bridged WBTC (Arbitrum One) 
Tezos 
USDGO 
Spiko Amundi Overnight Swap Fund (EUR) 
SPX6900 
Wrapped Flare 
Janus Henderson Anemoy AAA CLO Fund 
币安人生 (BinanceLife) 
L2 Standard Bridged WETH (Base) 
Unibase 
First Digital USD 
Steakhouse USDC Morpho Vault 
apxUSD 
Sun Token 
Ether.fi 
LAB 
Binance-Peg XRP 
LayerZero 
USX 
Ether.Fi Liquid ETH 
Renzo Restaked ETH 
Monad 
DoubleZero 
Noon 
Kinesis Gold 
sBTC 
Pendle 
FLOKI 
Jupiter Staked SOL 
Gnosis 
Savings USDD 
Lido DAO 
Bitcoin SV 
Zebec Network 
JasmyCoin 
Marinade Staked SOL 
Arbitrum Bridged WETH (Arbitrum One) 
Jill Gunter, co-founder of Espresso, reported Thursday that her crypto wallet was drained due to a vulnerability in a Thirdweb contract, according to statements posted on social media.
- Crypto veteran Jill Gunter reported the theft of over $30,000 in USDC from her wallet, which was drained on Dec. 9 and routed through Railgun.
- The vulnerability stemmed from a legacy Thirdweb contract that allowed access to funds with unlimited token approvals.
- The incident followed a separate 2023 open-source library flaw that affected more than 500 token contracts and was exploited at least 25 times, according to ScamSniffer.
Gunter, described as a 10-year veteran of the cryptocurrency industry, said more than $30,000 in USDC stablecoin was stolen from her wallet. The funds were transferred to the privacy protocol Railgun while she was preparing a presentation on cryptocurrency privacy for an event in Washington, D.C., according to her account.
In a follow-up post, Gunter detailed the investigation into the theft. The transaction that drained her jrg.eth address occurred on December 9, with the tokens having been moved into the address the day before in anticipation of funding an angel investment planned for that week, she stated.
Although the tokens were transferred from jrg.eth to another address identified as 0xF215, the transaction showed a contract interaction with 0x81d5, according to Gunter’s analysis. She identified the vulnerable contract as a Thirdweb bridge contract she had previously used for a $5 transfer.
Thirdweb informed Gunter that a vulnerability had been discovered in the bridge contract in April, she reported. The vulnerability allowed anyone to access funds from users who had approved unlimited token permissions. The contract has since been labeled as compromised on Etherscan, a blockchain explorer.
Gunter stated she did not know whether she would receive reimbursement and characterized such risks as an occupational hazard in the cryptocurrency industry. She pledged to donate any recovered funds to the SEAL Security Alliance and encouraged others to consider donations as well.
Thirdweb published a blog post stating the theft resulted from a legacy contract not being properly decommissioned during its April 2025 vulnerability response. The company said it has permanently disabled the legacy contract and that no user wallets or funds remain at risk.
In addition to the vulnerable bridge contract, Thirdweb disclosed a wide-reaching vulnerability in late 2023 in a commonly used open-source library. Security researcher Pascal Caversaccio of SEAL criticized Thirdweb’s disclosure approach, stating that providing a list of vulnerable contracts gave malicious actors advance warning.
According to analysis by ScamSniffer, a blockchain security firm, over 500 token contracts were affected by the 2023 vulnerability and at least 25 were exploited.
