Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
GoPlus has issued a security alert: Users who claimed the DMT airdrop from @dexmaxai are advised to revoke approvals immediately or transfer their assets to a secure wallet. Multiple victims reported today that they were tricked into granting approvals for other tokens during the DMT airdrop process, resulting in over a thousand users being compromised and more than USD 130,000 in assets stolen via cross-chain transfers. The official website and Twitter account of @dexmaxai are now offline, indicating a possible rug pull. Investigations show that attackers prompted users to sign additional transactions during the airdrop claim, thereby obtaining malicious token approvals and subsequently transferring the approved assets. After stealing funds, attackers bridged the assets to Ethereum, with most of the stolen funds flowing into HitBTC, while a smaller portion remains on-chain. Attack method (per SlowMist): Phishing Attack. Reported loss: $ 130,000.
- chain
- ethereum
- protocol
- DMT 空投(@dexmaxai)
- bug_class
- rug
- date_occurred
- 2025-11-20
- loss_usd
- $130,000
- source_id
- sm:dmt-dexmaxai-::2025-11-20