chaindrainMVP
Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

phishing drainerDemo

May 9, 2022 · $6.2M · human op

Narrative

On 2022-05-09, Spruce ID suffered a phishing drainer incident resulting in approximately $6,208,320 in losses. The exploit targeted the human_op layer. Attribution: dprk_lazarus. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
phishing_drainer
Secondary causes
Attack layer
human_op
Strategy
human_exploit
Actor role
target
Attribution
dprk_lazarus
Attacker address
0xc9f0d5cfe3ac86e80a66ad845d0c29f55b8b8853
Flash loan
no
Audited at time
no
Bounty at time
no

AADAPT mappings

DEMO:AADAPT.TA0001DEMO:AADAPT.TA0040DEMO:AADAPT.T1566.003

Evidence

Disclosure date
May 11, 2022
Funds recovered
Audit firms at time
Post-mortem URLs (synthetic)
  • https://medium.com/spruce-id/post-mortem-spruce-id-2022-05-09
tx hashes (2)
  • 0x779d91ad8fcc478695a096940ee7cbbe1745e55c2167515177462c87b0e5770a
  • 0xd467891fe81831ddcc5fc5b94b448306dab5d5c461134517d87eef7824800ded