arbitrum

Pink Drainer was a Drainer-as-a-Service (DaaS) phishing toolkit that operated from approximately July 2023 to May 2024, facilitating the theft of over $85.3 million in cryptocurrency from more than 21,000 victims across Ethereum and other networks. The operators ran the service by licensing a sophisticated wallet-draining script to affiliate phishers for a 20-30% cut of stolen proceeds, then announced a voluntary shutdown on May 17, 2024, citing their goal as 'accomplished.'

Glori Finance was an alleged DeFi lending protocol deployed on the Arbitrum network in early 2024, operating as a Compound V2 fork with approximately $1.4 million in total value locked (TVL) at the time of its exposure. On April 14, 2024, blockchain investigator ZachXBT identified that the top GLORI token holders had seeded liquidity using funds stolen from prior scams — specifically the Crolend, Hash DAO, and HellHoundFi frauds — linking Glori Finance to a serial scam ring responsible for over $20 million in cumulative losses. Following ZachXBT's public disclosure, the Glori Finance X account was deactivated and the protocol's website went offline, consistent with an exit scam.

Tapioca DAO is an omnichain DeFi money market built on LayerZero, offering a CDP stablecoin (USDO) and isolated lending markets (Singularity/Big Bang) across Arbitrum and BNB Chain. On October 18, 2024, the protocol suffered a critical security breach when a team member was targeted by a social engineering attack attributed to North Korea's Contagious Interview campaign, resulting in private key compromise, drainage of TAP token vesting contracts, and the minting of 5 quintillion USDO. Approximately $4.4–4.7 million was stolen before a partial counter-exploit recovered roughly 996 ETH (~$2.7 million), leaving the protocol treasury down approximately 45% and the TAP token price collapsed over 95%.

Garden Finance is a cross-chain Bitcoin bridge protocol launched in 2023 by former Ren Protocol developers, using Hash Time Locked Contracts (HTLCs) and an intents-based solver network to enable atomic swaps across Ethereum, Solana, Arbitrum, Base, and other chains. On October 30–31, 2025, one of its largest solver operators was compromised via a leaked private key, resulting in approximately $11.4 million in stolen assets that were subsequently laundered through Tornado Cash. Prior to the exploit, blockchain investigator ZachXBT alleged that over 80% of the protocol's recent fee revenue was derived from laundering funds stolen in the February 2025 Bybit hack, which the Lazarus Group (DPRK) perpetrated for approximately $1.4 billion.

Pendle is a permissionless yield-trading protocol on Ethereum, launched in 2021 by TN Lee and Vu Nguyen, that allows users to separate and trade the principal and yield components of yield-bearing assets. In September 2024, Penpie — an independent yield optimizer built on top of Pendle — suffered a $27 million reentrancy exploit that was made possible in part by Pendle's permissionless market creation design. Although Pendle's own contracts were not directly exploited, the protocol's architecture contributed to the attack surface, and all 11,261 ETH in stolen funds were subsequently laundered through Tornado Cash.