solana

Fake Ledger Live apps are malicious wallet impersonation applications distributed through official app stores — including the Microsoft Store and Apple App Store — that harvest cryptocurrency seed phrases to drain victims' wallets. Two major documented incidents have resulted in confirmed losses of at least $10.3 million: approximately $768,000 via the Microsoft Store in November 2023, and approximately $9.5 million via the Apple App Store in April 2026. Parallel macOS malware campaigns distributing trojanized DMG installers have been active since at least August 2024, with four concurrent active campaigns identified by security researchers.

On November 3, 2024, unidentified scammers compromised the X (Twitter) account of rapper Wiz Khalifa (35.7 million followers) and used it to promote two fraudulent Solana meme coins — $WIZ and $WIZZLE — launched on pump.fun. The $WIZ token reached a peak market cap of approximately $2.5 million within 15 minutes before collapsing over 95% in under one hour, with at least two insider wallets extracting a combined $160,000 in profit. Blockchain investigator ZachXBT linked the incident to a broader campaign of celebrity account takeovers that allegedly stole over $3.5 million in total, and subsequently accused a former professional Fortnite player known as 'Serpent' of involvement in the coordinated scheme.

NFTMachine is the online alias of Tyler Gaye, a Denver, Colorado resident who allegedly orchestrated a presale fraud in early 2021 by raising approximately $500,000 (reportedly 277 ETH from 130+ investors) for a promised NFT marketplace called opeNFT (also stylized ONFT), which was never launched. A Denver District Court judge entered a default judgment of $275,000 against Gaye in November 2022, classifying the conduct as civil theft. On-chain investigator ZachXBT has subsequently alleged Gaye continued launching new crypto projects — including Arcade DAO and Gamegear — under the alias 'scaredofboobs' without satisfying the court-ordered judgment.

Aqua (also known as AquaBot) was a Solana-based Telegram trading bot that conducted a presale in September 2025, raising approximately 21,770 SOL ($4.65 million) from retail investors before executing an apparent exit scam. On-chain investigator ZachXBT flagged the project after presale funds were split into four tranches, routed through intermediary wallets, and sent to instant exchanges hours before the scheduled token generation event. The project had secured endorsements from multiple established Solana ecosystem participants — including Meteora, Helius, Dialect, SYMMIO — and had received a near-perfect audit score from QuillAudits just days before the alleged rug pull.

JELLY (JellyJelly / JELLYJELLY) is a Solana memecoin launched in January 2025 by Venmo co-founder Iqram Magdon-Ismail that became the center of a major market manipulation incident on Hyperliquid on March 26, 2025. A coordinated trader used a self-liquidation strategy — opening large opposing long and short positions — to force Hyperliquid's HLP liquidity vault to absorb a toxic short, causing up to $13.5 million in unrealized losses before validators emergency-delisted the token and force-settled all positions at a fixed price. The incident triggered widespread criticism of Hyperliquid's decentralization claims and raised systemic questions about perpetuals DEX risk management.

pump.fun (operated by Baton Corporation Ltd., also listed on AVOID.NET as 'pumpdotfun') is a Solana-based meme token launchpad that launched in January 2024 and rapidly became one of the most-used token creation platforms in crypto, generating over $800 million in cumulative revenue and more than 11.9 million tokens. The platform is subject to an active RICO class action lawsuit in the SDNY alleging up to $5.5 billion in retail losses, a UK FCA regulatory ban, a $1.9 million insider flash loan exploit, documented use by North Korea's Lazarus Group for money laundering, and independent research classifying 98.6% of its tokens as rug pulls or fraud.

pump.fun (operated by Baton Corporation Ltd., also listed on AVOID.NET as 'pumpdotfun') is a Solana-based meme token launchpad that launched in January 2024 and rapidly became one of the most-used token creation platforms in crypto, generating over $800 million in cumulative revenue and more than 11.9 million tokens. The platform is subject to an active RICO class action lawsuit in the SDNY alleging up to $5.5 billion in retail losses, a UK FCA regulatory ban, a $1.9 million insider flash loan exploit, documented use by North Korea's Lazarus Group for money laundering, and independent research classifying 98.6% of its tokens as rug pulls or fraud.

Garden Finance is a cross-chain Bitcoin bridge protocol launched in 2023 by former Ren Protocol developers, using Hash Time Locked Contracts (HTLCs) and an intents-based solver network to enable atomic swaps across Ethereum, Solana, Arbitrum, Base, and other chains. On October 30–31, 2025, one of its largest solver operators was compromised via a leaked private key, resulting in approximately $11.4 million in stolen assets that were subsequently laundered through Tornado Cash. Prior to the exploit, blockchain investigator ZachXBT alleged that over 80% of the protocol's recent fee revenue was derived from laundering funds stolen in the February 2025 Bybit hack, which the Lazarus Group (DPRK) perpetrated for approximately $1.4 billion.

Metawin is an offshore crypto casino and gaming platform licensed under the Anjouan (Comoros) gaming authority, operated by Asobi N.V. from Curacao, and founded by Richard 'Skel' Skelhorn. On November 3, 2024, the platform suffered a significant hot wallet exploit across Ethereum and Solana blockchains resulting in approximately $4 million in stolen funds, with blockchain investigator ZachXBT tracing the stolen assets to KuCoin and a nested HitBTC service across more than 115 attacker-linked addresses. The CEO subsequently claimed to have personally covered the losses, restoring withdrawals for approximately 95% of affected users, though the platform's offshore jurisdictional status and the underlying security vulnerability raise ongoing concerns.

Act I: The AI Prophecy (ACT) is a Solana-based AI-narrative memecoin launched via Pump.fun in October 2024 with no verified product utility. The token reached an all-time high of approximately $0.92 in November 2024 before declining over 98% to roughly $0.013 by mid-2026. It has been subject to a documented co-founder token dump, a suspicious 49% flash crash on Binance in April 2025 attributed to large coordinated sell orders, and broad sector criticism from on-chain investigator ZachXBT who labeled 99% of AI agent tokens as scams.

Andy Ayrey is a New Zealand-based AI researcher and self-described performance artist who created Truth Terminal, an autonomous AI chatbot that became closely associated with the Goatseus Maximus (GOAT) memecoin, which briefly reached a $900M–$1B market cap in late 2024. Ayrey disclosed holding 1.25 million GOAT tokens gifted to him and pledged not to trade on insider knowledge, later establishing a non-profit foundation (Truth Collective) to manage the AI's holdings. ZachXBT's involvement concerns the October 2024 SIM-swap hack of Ayrey's X account — which third-party hackers exploited to deploy scam memecoins netting over $1.5M — rather than direct fraud allegations against Ayrey himself; however, broader ethical concerns persist around the gray-area ecosystem of AI-agent-driven memecoin promotion that Truth Terminal helped legitimize.

Kiln is an institutional-grade, non-custodial staking infrastructure provider that manages over $14 billion in staked assets across 50+ proof-of-stake networks, including approximately 6% of the entire Ethereum validator set. In September 2025, Kiln suffered a sophisticated supply chain attack in which a threat actor compromised a GitHub access token belonging to a Kiln infrastructure engineer, injected malicious code into the Kiln Connect API, and caused the theft of approximately 192,600 SOL (~$41 million) from enterprise customer SwissBorg. The incident prompted Kiln to exit all 1.6 million ETH worth of its Ethereum validators as a precautionary measure, triggering the longest Ethereum exit queue backlog in the network's history.

MustStopMurad is the X handle of Murad Mahmudov, a Princeton-educated former Goldman Sachs analyst and co-founder of the now-defunct Adaptive Capital hedge fund, who rose to prominence in 2024 as the primary advocate of the 'memecoin supercycle' thesis following a widely-circulated speech at TOKEN2049 Singapore. On-chain investigator ZachXBT published what he alleged to be 11 wallets linked to Mahmudov in October 2024, holding approximately $24 million in memecoins, raising concerns about undisclosed large holdings in tokens he publicly promotes to hundreds of thousands of followers. No regulatory action has been filed; the core allegations of supply control, potential front-running, and undisclosed conflicts of interest remain contested and unproven in any legal forum.

BONAD.fun is a permissionless meme token launchpad operating on the Monad blockchain, positioned as BONK's community-driven expansion from Solana into the EVM ecosystem via Monad. The platform is an independent community project not officially endorsed or vetted by the BONK Foundation, and no public smart contract audit has been documented. The platform shares brand identity and fee-recycling mechanics with Bonk.fun, the Solana-based predecessor that suffered a domain hijacking and wallet-drainer attack in March 2026 — a front-end attack vector that is directly relevant to BONAD.fun's risk surface as a structurally similar deployment.

M2 is a UAE-based cryptocurrency exchange licensed by the Abu Dhabi Global Market (ADGM) Financial Services Regulatory Authority, operating as a regulated Multilateral Trading Facility and custodian since late 2023. On October 31, 2024, the exchange suffered a $13.7 million hot wallet breach attributed to an access control vulnerability across the Bitcoin, Ethereum, and Solana networks. M2 subsequently reimbursed all affected customers from its own assets and stated it had engaged law enforcement and regulatory authorities.

Porkbun LLC is a legitimate ICANN-accredited domain registrar founded circa 2014-2015, headquartered in Sherwood, Oregon, and managing over 3.45 million domains. While the company is not itself a scam operation, it has attracted scrutiny from the crypto security community — including on-chain investigator ZachXBT — for hosting phishing infrastructure linked to Angel Drainer and Inferno Drainer wallet-draining services, including fake Ledger sites. Third-party tracking platforms document hundreds of flagged phishing domains registered through Porkbun and allege that the company's abuse-response enforcement has been inadequate, with a majority of reported domains remaining active after formal abuse reports.