chaindrainMVP
Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

phishing drainerDemo

Feb 6, 2025 · $443.4K · human op

Narrative

On 2025-02-06, Ether.fi suffered a phishing drainer incident resulting in approximately $443,364 in losses. The exploit targeted the human_op layer. Attribution: dprk_lazarus. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
phishing_drainer
Secondary causes
Attack layer
human_op
Strategy
human_exploit
Actor role
target
Attribution
dprk_lazarus
Attacker address
0x68ba6b649f0aa4ea7d7968dad61198caeb2f9598
Flash loan
no
Audited at time
no
Bounty at time
yes

AADAPT mappings

DEMO:AADAPT.TA0001DEMO:AADAPT.TA0040DEMO:AADAPT.T1566.003

Evidence

Disclosure date
Feb 8, 2025
Funds recovered
Audit firms at time
Post-mortem URLs (synthetic)
  • https://medium.com/ether-fi/post-mortem-ether-fi-2025-02-06
  • https://rekt.news/ether-fi-rekt
tx hashes (2)
  • 0xddabd318381e2bf14757ecb084b7e93b22970b6957b3897593899709f214d733
  • 0xc3d527a030a884a06bc74433a4da2ca968b1d40273507d2e9cddbee65b6f0f3e