CRYPTO ROAST

🤎 Barça Hacked: Fake $FCB Token Drops on Solana 🟠The post looked way too “official”: as if the club was launching its own fan crypto with a smart contract and shiny links to a “new era of innovation.” In reality — just another rug bait. 🟠Not Barça’s first rodeo either. Back in 2020, their Twitter was hacked by OurMine, who trolled fans with a fake “Neymar returning” post. That was more of a prank — this time it’s pure cash grab. 🟠Fan tokens themselves already sit in a gray zone: marketed as “bringing fans closer to clubs,” but in practice they’re mostly just speculative assets. Add fake copies into the mix, and the trust burns even faster. 🟠For comparison: PSG launched an official fan token through Chiliz in 2020. Back then it looked innovative, but reality quickly turned into speculation and fading hype. Against that backdrop, Barça’s hack only adds more skepticism around fan tokens. ⚽️ Lesson? Hackers love to prey on trust and emotions: if you see an “official” token post, double-check before clicking. In Web3, even football has become a scam playground… though honestly, I first thought it was just a fundraiser for Mbappé’s transfer. 📱 Token Report (X) — your daily pulse on crypto and global markets

😈 LORD MILES TURNED FAILURE INTO $60K PROFIT 🟠British adventurer Lord Miles set out to do a 40-day desert fast in Saudi Arabia. Polymarket quickly spun up a market: will he make it or not? 🟠Here’s the twist — Miles secretly stacked thousands of dollars against himself. When he inevitably bailed on the challenge, he didn’t just walk away hungry… he walked away richer. 🟠Total haul? Over $60,000 in profit for failing his own stunt. 👑 Crypto gambling culture in a nutshell: sometimes, losing the game is the winning strategy. 📱 Token Report (X) — your daily pulse on crypto and global markets

💵 September’s Crypto Bloodbath: $127M Gone, but “Less Bad” than August 🟠PeckShield dropped the September stats: ~$127M lost across ~20 exploits. That’s still brutal, but technically a 22% drop from August’s $163M. Call it progress? 🟠UXLINK – $44.14M A social graph project rug-pulled by its own weakness. Hackers drained liquidity and vanished, leaving users with empty bags. 🟠SwissBorg – $41.5M Even a regulated, Europe-facing platform isn’t immune. Attackers exploited infrastructure loopholes, turning trust into dust. 🟠Venus user – $13.5M One unlucky wallet holder got phished. Silver lining: ~$13M was clawed back — which almost never happens in crypto. 🟠Yala – $7.64M Smaller, but painful. A targeted exploit on a rising DeFi name, showing hackers don’t care about size, only opportunity. 🟠GriffAI – $3M AI + crypto hype attracts predators. A focused hack drained millions, proving buzzwords don’t equal bulletproof code. 🍃 September wasn’t the bloodiest month, but it’s a reminder: no chain, no platform, no hype project is safe. Hackers don’t sleep, they just hunt. 📱 Token Report (X) — your daily pulse on crypto and global markets

🔤 Even BNB isn’t safe 🟠Hackers hijacked the official BNB Chain X-account with its 4M followers and instantly pushed fake airdrops, baiting holders into “claiming rewards.” Classic move. 🟠CZ jumped in with a PSA urging people not to click shady links. Odd flex, considering he technically has nothing to do with BNB Chain anymore — but hey, old habits die hard. 🟠The scam site mimicked Binance’s look down to the last pixel, asking for full wallet access. For now, the account’s been restored and “only” $8K in damage reported. 🙏 A multi-billion-dollar chain gets hacked, and the loss is smaller than some NFT degen’s weekly gambling budget. 📱 Token Report (X) — your daily pulse on crypto and global markets

⚡️ The “Goddess of Wealth” finally fell 🟠Zhimin Qian — better known in China as Yadi Zhang — just pled guilty in London after pulling off one of the biggest crypto scams in history. Between 2014 and 2017, she swindled more than 128,000 victims in China and parked the stolen cash into 61,000 BTC. At today’s prices, that stash is worth around $6.7B. 🟠For years, she lived like a ghost. Fake IDs, escaping China, hiding in the UK, even trying to launder stolen funds through London real estate. The Met Police needed seven years and a multi-jurisdiction investigation to finally pin her down. 🟠Her partner in crime? Jian Wen, a former takeaway worker who went from living above a restaurant to renting a multimillion-pound mansion in North London. She’s already serving 6 years and 8 months. 🟠Now Qian is in custody, awaiting sentencing. Lawyers say her guilty plea could help victims claw back some funds. But here’s the kicker: reports suggest the UK government might want to keep the seized BTC for itself. 😇 The irony writes itself: a woman once hailed as the “goddess of wealth” built her empire on fake promises, and now the biggest prize might not even return to the people she robbed. 📱 Token Report (X) — your daily pulse on crypto and global markets

🤎 Love hurts — especially in crypto 🟠In Colorado, a 70-year-old retiree met “Erin” on a dating site. She seemed caring, sweet, and — of course — “knew about investing.” 🟠At first, everything looked legit: a few BTC trades on a real exchange, the balance grew, and so did his trust. The old man started believing in both the miracle and Erin. 🟠Then came the “insider tip.” She convinced him to move funds to a “secure app.” Four transfers later, the romance was over. 🟠Scammers walked away with $1.4M. The crypto was sent straight to a cold wallet overseas. 😐 No happy ending here — except maybe Erin really did teach him something: at least now he knows which crypto NOT to invest in. 📱 Token Report (X) — your daily pulse on crypto and global markets

🎸 America just dropped a Netflix pilot IRL 🟠Two brothers — Raymond (23) and Isaiah Garcia (24) — stormed a Minnesota home with an AR-15 and a shotgun, holding an entire family hostage for 9 hours. The target? Crypto wallets. 🟠First, they squeezed $36K from hot wallets on the spot. Then they dragged the victim three hours out to a cabin stash, where they forced him to move another $8M. 🟠Their downfall? Pure clown-level mistakes: dropping a suitcase with a disassembled rifle and leaving behind a Wendy’s receipt near the woods. Police didn’t need Sherlock to connect the dots. 😠 Cases like this are spiking — crypto isn’t just a hacker’s playground anymore, it’s becoming prime real estate for armed extortion. 📱 Token Report (X) — your daily pulse on crypto and global markets

💵 Hypervault just pulled the oldest trick in the DeFi book — and it smells like a rug 🟠PeckShield flagged an “abnormal withdrawal” of $3.6M. The route was textbook: Hyperliquid → Ethereum bridge → swapped to ETH → funneled straight into TornadoCash. 🟠To make it juicier, the project’s Twitter account? Deleted. Vanished into thin air right after the cash-out. 🟠Community now debates: was it a hack or an inside job? But let’s be real — when funds vanish this cleanly and socials go dark, it’s rarely just “bad luck.” 👮‍♂️ Another reminder: DeFi “vaults” can easily turn into black holes. If the team disappears, so does your money. 📱 Token Report (X) — your daily pulse on crypto and global markets

➕ From Church Fund to Crypto Dust 🟠South Korea just dropped a story you couldn’t script if you tried. A parish secretary in Mokpo was entrusted with sacred finances — 480M won (≈ $350K), donations meant for land and church construction. 🟠And where did the money go? Straight into a Telegram “coin-lending” dumpster fire, promising golden mountains. 🟠From July last year to August this year, the 60-year-old church manager funneled donations under the guise of “construction materials” and “land deposits.” To keep it clean, he cycled the funds through acquaintances’ accounts before pulling them back. 🟠The finale? Classic crypto theater: chat closed, admins vanished, money evaporated. Only then did the church official realize he hadn’t just been scammed — he’d been zeroed out. 🟠In police interrogation he confessed: “I was blinded by greed.” The Catholic Archdiocese is now auditing, while investigators dig into both his schemes and the scam itself. 🙏 Reads like a parable: even money meant for a church, once it touches crypto, can end up as a burnt offering. 📱 Token Report (X) — your daily pulse on crypto and global markets

🔤 Karma? Not really — just another crypto circus 🟠The hacker first drained ≈ $40M from UXLINK: $11M via a delegateCall on the multisig, then minted 2B new tokens, instantly crashing the price by 70%. He managed to swap part of it into ETH, pocketing $28M. 🟠But the victory lap was short. A few clicks later, the same exploiter signed a phishing contract from Inferno Drainer and lost 542M UXLINK ($48M). 🟠Crypto Twitter is cheering about “karma,” but let’s be real — he’s still up $40M. What he lost were worthless tokens he minted out of thin air. 😳 Moral of the story: in crypto, even when you get “punished,” you can still walk away with a bag. Karma plays by different rules here. 📱 Token Report (X) — your daily pulse on crypto and global markets

⭐️ Steam flopped on moderation yet again 🟠Indie platformer Block Blasters launched on July 30 squeaky clean, collecting glowing reviews. But a month later, devs shipped a malicious patch packed with batch scripts and loaders. 🟠The malware drained over $150K in crypto from players’ wallets. 🟠One of the victims: Latvian streamer RastalandTV, battling cancer and raising funds for treatment through pumpfun. He lost $32K in donations — everything he had saved. 🟠Devs even sent out “sponsorship offers” to streamers, luring them into downloading the infected build. 😐 Steam keeps acting like a fortress with doors wide open. When the world’s biggest gaming marketplace can’t catch something this blatant, it’s not just bad moderation — it’s a systemic failure. 📱 Token Report (X) — your daily pulse on crypto and global markets

🤘 GitHub turned into a spam cannon overnight 🟠Hackers discovered a clever way to abuse GitHub’s native notification system, blasting out phishing messages that look almost indistinguishable from the real thing. Users received alerts and emails advertising supposed “GitCoin (#GTC) grants.” 🟠Click the link, connect your wallet — and instead of free money, you land straight on a fake phishing site. 🟠The trick works because GitHub’s notifications are something devs instinctively trust. Many clicked without a second thought, only to realize later it was a scam. Even well-known developers like Jeff Geerling reported being mass-blasted with these fake “issues.” 🤖 This isn’t just another random phishing campaign. It shows how fragile our trust in dev infrastructure really is. You don’t even need to compromise code — hijacking trusted communication channels is enough. Today it’s GitHub spam, tomorrow it could be something much bigger. 📱 Token Report (X) — your daily pulse on crypto and global markets

☠️ A state-level scam, literally 🟠Hackers hijacked the X account of Kenya’s former Prime Minister and dropped a deepfake video where he “endorsed” a token called Kenya Token. The post stayed up for a few hours — long enough for the price to pump and speculators to pile in. 🟠The trick? The name Kenya Token sounds almost identical to the official Kenya Digital Token (KDT), which the government actually unveiled back in July. That resemblance gave it just enough credibility. But once people realized the deepfake was sloppy and the whole thing was a fraud, the scammers pulled the rug. 🟠This is how fragile trust is in crypto — it only takes a hacked account and a cheap deepfake to spin up a frenzy. 🇰🇪 In this space, “see it, believe it” doesn’t cut it anymore. It’s see it, triple-check it. 📱 Token Report (X) — your daily pulse on crypto and global markets

🔤 “120 HOURS” – when scammers weaponize sympathy 🟠A disabled streamer popped up on Pump․Fun claiming he had only 120 hours left to live. To “leave something for his family,” he launched a token called 120 HOURS. 🟠Investors bought into the sob story, pumping the market cap to $500k while the creator pocketed over $14k in fees. 🟠And then — stream off, scammer gone. No family, no tragic countdown. Just another rug and a lot of bagholders. 🔞 Crypto once again proves: the most effective scams don’t prey on greed, they prey on empathy. And those are always the most painful lessons. 📱 Token Report (X) — your daily pulse on crypto and global markets

⚡️UPD: Ethan strikes back 🟠Fired from TON Foundation? No problem. The ex-SMM found a new playground — he dug up the old TON Cabal community where he was still the sole admin. Renamed it to “Ethan’s Cabal” and started shilling his memecoin there. 🟠The result? Hardcore TON fans are flooding the comments with outrage, while Ethan still hopes to pull off a rug. Reality check: so far his entire crypto career boils down to $4k and a lost job. 🤡 At this point, it’s less of a scandal and more of a sitcom. Ethan has officially become a meme: how to lose everything for pocket change. 📱 Token Report (X) — your daily pulse on crypto and global markets

😈 Ambitious SMM Intern on TON 🟠At TON Foundation, an intern mistook his role for a personal get-rich-quick startup. Ethan, the guy running the official TON X account, decided to moonlight as a “life guru,” dropping gems like: “Stop being poor, just take the money.” 🟠But the show didn’t end there. He launched his own shitcoin on Pumpfun, shilled it through his X account and even slipped it into TON Community. The finale? A quick liquid exit, $4k in his pocket, project deleted, accounts wiped. 🟠TON Foundation wasn’t amused: the stunt immediately hurt their already fragile reputation. Ethan got fired, lost his blue checkmark, and the team even published a special post addressing the fiasco. 💭 The irony? He wasn’t fired for launching a shitcoin — but for doing it so clumsily that he got caught. 📱 Token Report (X) — your daily pulse on crypto and global markets

⏱ NPM turns into a minefield. Again. 🟠This time it’s ctrl/tinycolor — a library with over 2.2M downloads a week. The latest versions came with a hidden infostealer that kicks in on install, scanning your system and pulling private data. 🟠The trick? Hackers disguised the malware as a legit tool: TruffleHog, the well-known secrets scanner. On the surface — a useful utility. Under the hood — a full-blown data siphon. 🟠NPM is the backbone package manager for JavaScript and Node.js. The irony? Millions of developers trust it to power their projects, yet once again it’s acting as a conveyor belt for malware. 🚫 Every new case like this proves it: supply chain attacks aren’t “security horror stories” anymore — they’re everyday reality. Today it’s system data, tomorrow it’s private keys from your crypto wallets. 📱 Token Report (X) — your daily pulse on crypto and global markets

⚡️ UPD: Monero Hit by Reorgs Again 🟠 The Monero network just went through another reorg — 18 blocks rolled back, leaving around 117 transactions invalid. Suspicion once again points to mining pool Qubic, which has already been tied to similar incidents in the past. 🟠 SlowMist’s CEO put it bluntly: as long as the community keeps pretending nothing’s wrong, Monero lives under a constant Damocles sword. And no — you don’t even need a strict 51% hashrate majority, just a clever play with pools. 💭 In reality, Monero keeps walking a thin line between its image as “the ultimate privacy coin” and the growing cracks in its stability. Ignoring these signals only eats away at trust from the inside. 📱 Token Report (X) — your daily pulse on crypto and global markets

🅰️ SwissBorg hacked for $41.5M — thanks to a dumb API bug 🟠 On September 8th, hackers drained ≈192,600 SOL (~$41.5M) from SwissBorg’s staking wallets. The entry point? Not some elite 0-day exploit, but a basic API vulnerability in Kiln, their staking provider. 🟠 The loot came from SwissBorg’s SOL Earn program, which ran through a third-party DeFi wallet. Withdrawals are now frozen, but SwissBorg says users are safe — only 2% of total assets got hit, and the treasury will cover the loss. 🟠 The irony? SwissBorg has been pitching itself for years as a “next-gen crypto banking app,” a smart aggregator for smart money. Yet it took just one sloppy API hole to blow a $41M crater in that narrative. 🟠 We’ve seen this movie before — Curve’s reentrancy bug ($70M), Balancer’s pool exploit ($900k), even SushiSwap’s router fiasco ($3M). The pattern is clear: it’s never the flashy stuff, it’s the boring, overlooked code paths that nuke protocols. 💡 Moral: In crypto, castles don’t fall to siege weapons. They fall because someone forgot to lock the side door. 📱 Token Report (X) — your daily pulse on crypto and global markets

⚡️ UPD on WLFI 🟠 The World Liberty Financial scandal just escalated. Polygon DevRel Bruno Škvorc revealed his wallet was frozen — same as Justin Sun’s. The reason? Marked as “high-risk transactions,” even though we’re talking about victims, not criminals. 🟠 Škvorc called WLFI the “new age mafia”: “They stole my money. And since the Trump family is behind it, I can’t do anything. There’s no one to complain to, no one to argue with, no one to sue.” 🟠 WLFI is now being called the scam of all scams. We haven’t seen a case this loud in crypto where politics and finance blend into pure chaos. Bottom line: WLFI isn’t about decentralization or freedom — it’s about control, freezes, and mafia-style power plays. 📱 Token Report (X) — your daily pulse on crypto and global markets