Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

phishing drainerDemo

Nov 21, 2025 · $1M · human op

Narrative

On 2025-11-21, Goldfinch suffered a phishing drainer incident resulting in approximately $1,045,627 in losses. The exploit targeted the human_op layer. Attribution: unattributed_criminal. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
phishing_drainer
Secondary causes
Attack layer
human_op
Strategy
human_exploit
Actor role
target
Attribution
unattributed_criminal
Attacker address
0x37cc9a603366b90cad6a5a1f17bccab73e2a54bf
Flash loan
no
Audited at time
no
Bounty at time
no

AADAPT mappings

DEMO:AADAPT.TA0001DEMO:AADAPT.TA0040DEMO:AADAPT.T1566.003

Evidence

Disclosure date
Nov 22, 2025
Funds recovered
Audit firms at time
Post-mortem URLs (synthetic)
  • https://medium.com/goldfinch/post-mortem-goldfinch-2025-11-21
  • https://rekt.news/goldfinch-rekt
tx hashes (4)
  • 0x1699170ab41a6a846fe23b944756be00d0e502d1415c0a119be19cba58aa8651
  • 0x99f3eee5c2d12ae3d437b061c9192c2098783d3fe72f9b4a6635b608c86857d3
  • 0x549bd7320552a5143c78048123f51d5e9f4e8c518e64a86b6286534fe969ce96
  • 0x6e823a4eb414588d4de50dd3bef1ccbec9cb30eb275921b3f597e5577d915882