Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to SlowMist founder Yu Cos and ZEROBASE officials, a malicious contract on the BSC chain, “Vault” (0x0dd2…2396), impersonated the ZEROBASE frontend to trick users into authorizing USDT. The incident is suspected to have occurred due to a compromise of the ZEROBASE frontend and was not an issue with the Binance Web3 wallet itself. So far, hundreds of addresses have been affected, with the largest single loss reaching $123,000. The stolen funds have been transferred to the Ethereum address 0x4a57…fc84. ZEROBASE has enabled an authorization monitoring mechanism, and the community is urging users to quickly revoke risky authorizations via revoke.cash. Attack method (per SlowMist): Frontend Attack. Reported loss: $ 123,000.
- chain
- ethereum
- protocol
- ZEROBASE
- bug_class
- frontend
- date_occurred
- 2025-12-12
- loss_usd
- $123,000
- source_id
- sm:zerobase::2025-12-12