Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.

Hubpay

Payment Rails, On/Off-Ramps & CBDCsmedium·risk 0.4300·TVL —·blast $0·active

website github twitter discord

Static profile (Identity / Contract / Dependency / Governance / Reputation)

Identity

Sector

Payment Rails, On/Off-Ramps & CBDCs

Subsector tags

infra_tooling, general_defiDemo

Chain deployments

—

Website

https://www.hubpay.xyzDemo

Launch date

—

Immutable

noDemo

Permissionless

noDemo

Contract

Primary address

—

Proxy pattern

n/a

Upgrade authority

n/a

Multisig threshold

—

Compiler

0.8.19

Uses assembly

noDemo

Bug bounty

noneDemo

Contract addresses

0xe8eec2d575d3ce5f174a2f014c318158da49dc89Demo

Audits tier

3

Dependency

Oracle providers

—

Bridge dependencies

—

Stablecoin dependencies

—

LST / LRT deps

—Demo

DEX liquidity venues

velodrome, camelot, balancerDemo

CEX listings

—Demo

Custodian

—Demo

KMS provider

unknownDemo

RPC provider

quicknodeDemo

Frontend host

vercelDemo

npm lockfile sha

sha256:0e53854e0156f196bc75a035eefeb4aaccaf89432fbd360137ab8d906ea0544cDemo

Governance

Governance type

delegatedDemo

Governance token

0xf0ab710303c1bbb03230835ddfaf152f259b5d09Demo

Treasury size

$0Demo

Team size

25Demo

Jurisdiction

DEDemo

Incorporated entity

Hubpay FoundationDemo

Anonymous team

noDemo

Security disclosure

noDemo

IR SLA (hours)

—Demo

Reputation

GitHub

https://github.com/hubpay/hubpayDemo

Commit velocity (30d)

0Demo

Contributors

47Demo

Twitter

@hubpayDemo

Discord

https://discord.gg/rif2eoDemo

Last incident

Sep 29, 2024Demo

KYT screening

cleanDemo

Threat History

1 recorded incident

Sep 29, 2024phishing drainerhuman opunattributed_criminalDemo

$684.1K

On 2024-09-29, Hubpay suffered a phishing drainer incident resulting in approximately $684,128 in losses. The exploit targeted the human_op layer. Attribution: unattributed_criminal. This is a demonstration entry — not a real incident.

DEMO:AADAPT.TA0001DEMO:AADAPT.TA0040

View incident →

Peer Incidents · Method B

5 root-cause predicate matches

Vulnerable to: phishing drainer

Matches the phishing drainer predicate

17 historical peer events

GoldfinchNov 21, 2025Demo
$1M
BitgetNov 17, 2025Demo
$739.9K
OrcaApr 12, 2025Demo
$180.8K
Ether.fiFeb 6, 2025Demo
$443.4K
Alchemy PayNov 8, 2024Demo
$334.2K
+ 12 more

Vulnerable to: frontend dns hijack

Matches the frontend dns hijack predicate

12 historical peer events

Bridge.xyz / StripeJan 25, 2025Demo
$10.4M
UK FCA Digital SandboxJul 15, 2024Demo
$3.6M
Three SigmaJun 24, 2024Demo
$2.7M
CryptoQuantJun 24, 2024Demo
$517.3K
Celsius (defunct)Jun 2, 2024Demo
$22M
+ 7 more

Vulnerable to: supply chain npm

Matches the supply chain npm predicate

10 historical peer events

Beefy FinanceFeb 19, 2025Demo
$176.2K
PowerledgerFeb 11, 2025Demo
$7.4M
UnichainDec 23, 2024Demo
$8.8M
MEXCSep 26, 2024Demo
$1M
Mango MarketsAug 6, 2024Demo
$915.6K
+ 5 more

Vulnerable to: dvn collapse

Matches the dvn collapse predicate

8 historical peer events

Blast, Blockdaemon Wallet +2Dec 2, 2025Demo
$93.6M
Fordefi, XSGDFeb 14, 2025Demo
$17M
Element Finance, QuantozJul 20, 2024Demo
$1.1M
Mercado Bitcoin, SwellJun 19, 2024Demo
$15.3M
Internet Computer (DFINITY), Mantle +1Jun 17, 2024Demo
$10.3M
+ 3 more

Vulnerable to: governance proposal malicious

Matches the governance proposal malicious predicate

5 historical peer events

Stripe CryptoOct 12, 2024Demo
$1.5M
Notional V3Oct 25, 2023Demo
$507.1K
Hong Kong Monetary Authority — Ethereum pilotsSep 12, 2022Demo
$18.9M
FalconXSep 11, 2022Demo
$4.8M
AvailJul 21, 2020Demo
$30.8M

Dependency Twins · Method A + B + C ensemble

Top 10 of 25 precomputed

Spruce ID

Identity, NFTs, Gaming & Consumer Apps · medium

A · Jaccard0.14

C · Cosine1.00

kms_provider = unknown
frontend_host = vercel
subsector_tags = general_defi, infra_tooling
method_b_root_causes = phishing_drainer

UK FCA Digital Sandbox

Payment Rails, On/Off-Ramps & CBDCs · medium

A · Jaccard0.14

C · Cosine1.00

kms_provider = unknown
frontend_host = vercel
subsector_tags = general_defi, infra_tooling
method_b_root_causes = frontend_dns_hijack

Mercado Bitcoin

Centralized Exchanges & Brokerages · medium

A · Jaccard0.13

C · Cosine0.95

kms_provider = unknown
frontend_host = vercel
subsector_tags = infra_tooling, general_defi
method_b_root_causes = dvn_collapse

Element Finance

Lending, Money Markets & CDPs · medium

A · Jaccard0.13

C · Cosine0.95

kms_provider = unknown
frontend_host = vercel
subsector_tags = infra_tooling, general_defi
method_b_root_causes = dvn_collapse

Internet Computer (DFINITY)

L1 & L2 Network Operators · medium

A · Jaccard0.13

C · Cosine0.95

kms_provider = unknown
frontend_host = vercel
subsector_tags = infra_tooling, general_defi
method_b_root_causes = dvn_collapse

Celsius (defunct)

Centralized Lenders & Market Makers · medium

A · Jaccard0.11

C · Cosine0.90

kms_provider = unknown
frontend_host = vercel
subsector_tags = general_defi
method_b_root_causes = frontend_dns_hijack

Chainbase

RPC, Node & Dev Infrastructure · medium

A · Jaccard0.10

C · Cosine0.91

kms_provider = unknown
subsector_tags = general_defi, infra_tooling
method_b_root_causes = frontend_dns_hijack

Hivemapper

DePIN & Physical Infrastructure Networks · medium

A · Jaccard0.10

C · Cosine0.89

kms_provider = unknown
subsector_tags = general_defi, infra_tooling
method_b_root_causes = dvn_collapse

Curve Finance

Smart-Contract DEXs, AMMs & Aggregators · medium

A · Jaccard0.13

C · Cosine0.86

kms_provider = unknown
frontend_host = vercel
subsector_tags = infra_tooling, general_defi
method_b_root_causes = phishing_drainer

Three Sigma

Security, Audit & Insurance Vendors · medium

A · Jaccard0.08

C · Cosine0.91

frontend_host = vercel
subsector_tags = infra_tooling, general_defi
method_b_root_causes = frontend_dns_hijack