chaindrainMVP
Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.

Thirdweb

RPC, Node & Dev Infrastructuremedium·risk 0.4300·TVL ·blast $0·active
websitegithubtwitterdiscord
Static profile (Identity / Contract / Dependency / Governance / Reputation)

Identity

Sector
RPC, Node & Dev Infrastructure
Subsector tags
infra_tooling, general_defiDemo
Chain deployments
Website
https://www.thirdweb.xyzDemo
Launch date
Immutable
noDemo
Permissionless
yesDemo

Contract

Primary address
Proxy pattern
n/a
Upgrade authority
n/a
Multisig threshold
Compiler
0.6.12
Uses assembly
noDemo
Bug bounty
noneDemo
Contract addresses
0x58aa1faa3913b41ea8c075d0ee439c2e05164ac1Demo
Audits tier
2

Dependency

Oracle providers
Bridge dependencies
Stablecoin dependencies
LST / LRT deps
Demo
DEX liquidity venues
balancerDemo
CEX listings
Demo
Custodian
Demo
KMS provider
hashicorp_vaultDemo
RPC provider
quicknodeDemo
Frontend host
vercelDemo
npm lockfile sha
sha256:aa65e58616ad04e4ca36cd0fe02f3f4cad6bb40ef880ac48c80c187e6afd6016Demo

Governance

Governance type
token_votingDemo
Governance token
0x3f1ba1d284d29edf542d86b15fa7c43809a968e2Demo
Treasury size
$0Demo
Team size
3Demo
Jurisdiction
SGDemo
Incorporated entity
Thirdweb DAO LLCDemo
Anonymous team
yesDemo
Security disclosure
yesDemo
IR SLA (hours)
12Demo

Reputation

GitHub
https://github.com/thirdweb/thirdwebDemo
Commit velocity (30d)
14Demo
Contributors
54Demo
Twitter
@thirdwebDemo
Discord
https://discord.gg/1td2x7rDemo
Last incident
Aug 23, 2025Demo
KYT screening
cleanDemo

Threat History

2 recorded incidents
flash loan governanceprotocolunattributed_criminalDemo
$33.2M

On 2025-08-23, Thirdweb suffered a flash loan governance incident resulting in approximately $33,232,997 in losses. The exploit targeted the protocol layer. A flash loan was used to amplify the attack. Attribution: unattributed_criminal. This is a demonstration entry — not a real incident.

DEMO:AADAPT.TA0040DEMO:AADAPT.TA0009
View incident →Flash loan
phishing drainerhuman opmev_searcherDemo
$176.2K

On 2021-09-14, Thirdweb suffered a phishing drainer incident resulting in approximately $176,243 in losses. The exploit targeted the human_op layer. Attribution: mev_searcher. This is a demonstration entry — not a real incident.

DEMO:AADAPT.TA0001DEMO:AADAPT.TA0040
View incident →

Peer Incidents · Method B

9 root-cause predicate matches

Vulnerable to: rug pull hard

Matches the rug pull hard predicate

22 historical peer events
  • SushiSwapDemo
    $25.6M
  • AlliumDemo
    $110.6K
  • HTX (Huobi)Demo
    $23M
  • Aptos FoundationDemo
    $1.2M
  • EtherscanDemo
    $633.1K
  • + 17 more

Vulnerable to: phishing drainer

Matches the phishing drainer predicate

17 historical peer events
  • GoldfinchDemo
    $1M
  • BitgetDemo
    $739.9K
  • OrcaDemo
    $180.8K
  • Ether.fiDemo
    $443.4K
  • Alchemy PayDemo
    $334.2K
  • + 12 more

Vulnerable to: flash loan governance

Matches the flash loan governance predicate

17 historical peer events
  • LayerZero Labs (physical verification context only)Demo
    $40.2M
  • First Digital USDDemo
    $12.1M
  • Protocol-Native Treasury Agents (DAO-embedded)Demo
    $13.8M
  • F2PoolDemo
    $3.5M
  • BinanceDemo
    $96.6M
  • + 12 more

Vulnerable to: rug pull soft

Matches the rug pull soft predicate

14 historical peer events
  • Euler FinanceDemo
    $3.2M
  • KlimaDAODemo
    $100.8K
  • Governed protocol (monetary policy–driven)Demo
    $174K
  • R3 (Ethereum interop only)Demo
    $79.1K
  • ViaBTCDemo
    $805.5K
  • + 9 more

Vulnerable to: frontend dns hijack

Matches the frontend dns hijack predicate

12 historical peer events
  • Bridge.xyz / StripeDemo
    $10.4M
  • UK FCA Digital SandboxDemo
    $3.6M
  • Three SigmaDemo
    $2.7M
  • CryptoQuantDemo
    $517.3K
  • Celsius (defunct)Demo
    $22M
  • + 7 more

Vulnerable to: supply chain npm

Matches the supply chain npm predicate

10 historical peer events
  • Beefy FinanceDemo
    $176.2K
  • PowerledgerDemo
    $7.4M
  • UnichainDemo
    $8.8M
  • MEXCDemo
    $1M
  • Mango MarketsDemo
    $915.6K
  • + 5 more

Vulnerable to: dvn collapse

Matches the dvn collapse predicate

8 historical peer events
  • Blast, Blockdaemon Wallet +2Demo
    $93.6M
  • Fordefi, XSGDDemo
    $17M
  • Element Finance, QuantozDemo
    $1.1M
  • Mercado Bitcoin, SwellDemo
    $15.3M
  • Internet Computer (DFINITY), Mantle +1Demo
    $10.3M
  • + 3 more

Vulnerable to: regulatory seizure

Matches the regulatory seizure predicate

6 historical peer events
  • RaydiumDemo
    $1.9M
  • CoinDCXDemo
    $29.8M
  • Silo FinanceDemo
    $14M
  • Base BridgeDemo
    $8.3M
  • EigenDADemo
    $101M
  • + 1 more

Vulnerable to: governance proposal malicious

Matches the governance proposal malicious predicate

5 historical peer events
  • Stripe CryptoDemo
    $1.5M
  • Notional V3Demo
    $507.1K
  • Hong Kong Monetary Authority — Ethereum pilotsDemo
    $18.9M
  • FalconXDemo
    $4.8M
  • AvailDemo
    $30.8M

Dependency Twins · Method A + B + C ensemble

Top 10 of 25 precomputed
#1

Aptos Foundation

L1 & L2 Network Operators · medium
Ensemble
0.460
A · Jaccard0.03
B · Overlap3
C · Cosine0.71
Matches on
  • subsector_tags = infra_tooling, general_defi
  • method_b_root_causes = rug_pull_hard, rug_pull_soft
#2

German Federal Government blockchain bond pilots

Payment Rails, On/Off-Ramps & CBDCs · medium
Ensemble
0.456
A · Jaccard0.08
B · Overlap2
C · Cosine0.91
Matches on
  • frontend_host = vercel
  • subsector_tags = general_defi, infra_tooling
  • method_b_root_causes = dvn_collapse, rug_pull_hard
#3

Subsquid

RPC, Node & Dev Infrastructure · medium
Ensemble
0.443
A · Jaccard0.08
B · Overlap2
C · Cosine0.86
Matches on
  • frontend_host = vercel
  • subsector_tags = infra_tooling, general_defi
  • method_b_root_causes = flash_loan_governance, rug_pull_hard
#4

Ledger Live

Self-Custody Wallets & Key Management · medium
Ensemble
0.424
A · Jaccard0.07
B · Overlap2
C · Cosine0.81
Matches on
  • frontend_host = vercel
  • subsector_tags = infra_tooling, general_defi
  • method_b_root_causes = rug_pull_hard, rug_pull_soft
#5

Protocol-Native Treasury Agents (DAO-embedded)

AI Agents & Autonomous On-Chain Systems · medium
Ensemble
0.412
A · Jaccard0.05
B · Overlap2
C · Cosine0.79
Matches on
  • frontend_host = vercel
  • subsector_tags = general_defi
  • method_b_root_causes = flash_loan_governance
#6

Project mBridge

Payment Rails, On/Off-Ramps & CBDCs · medium
Ensemble
0.407
A · Jaccard0.04
B · Overlap2
C · Cosine0.78
Matches on
  • subsector_tags = general_defi, infra_tooling
  • method_b_root_causes = rug_pull_hard, rug_pull_soft
#7

Base Bridge

Cross-Chain Bridges & Messaging · critical
Ensemble
0.387
A · Jaccard0.13
B · Overlap1
C · Cosine0.90
Matches on
  • kms_provider = hashicorp_vault
  • frontend_host = vercel
  • subsector_tags = infra_tooling, general_defi
  • method_b_root_causes = regulatory_seizure
#8

Karak

Liquid Staking & Restaking · medium
Ensemble
0.385
A · Jaccard0.04
B · Overlap2
C · Cosine0.71
Matches on
  • subsector_tags = infra_tooling, general_defi
  • method_b_root_causes = flash_loan_governance, rug_pull_hard
#9

Kelp DAO

Liquid Staking & Restaking · high
Ensemble
0.383
A · Jaccard0.08
B · Overlap2
C · Cosine0.66
Matches on
  • frontend_host = vercel
  • subsector_tags = general_defi, infra_tooling
  • method_b_root_causes = rug_pull_hard
#10

HTX (Huobi)

Centralized Exchanges & Brokerages · critical
Ensemble
0.378
A · Jaccard0.03
B · Overlap2
C · Cosine0.70
Matches on
  • subsector_tags = infra_tooling, general_defi
  • method_b_root_causes = frontend_dns_hijack, rug_pull_hard