ZEROBASE frontend hacked! Hackers impersonated the official account to deploy malicious contracts, and hundreds of users have been victimized.

2025-12-12 15:30:32

Blockchain security organization SlowMist founder Yu Xian (@evilcos) and ZEROBASE official (@zerobasezk) jointly disclosed this evening (12th) that the ZEROBASE official frontend was suspected of being affected by a supply chain attack. Hackers successfully implanted a phishing page, tricking users into granting unlimited USDT approval on the malicious smart contract “Vault” on the BSC chain (address: 0x0dd28fd7d343401e46c1af33031b27aed2152396). Once users click the fake page and sign the authorization, funds will be instantly transferred away by the malicious contract. Currently, hundreds of addresses are confirmed victims, with total losses of approximately $250,000, and the largest single loss reaching $123,000.

The cause is known now, it is unrelated to @BinanceWallet. It was caused by @zerobasezk’s frontend being hacked, leading relevant users to authorize USDT to the malicious contract, which was subsequently drained. @mirrorzk and I also have some guesses about why the frontend was hacked, but it’s not easy to confirm until he is done with his work.

— Cos(Yu Xian)😶‍🌫️ (@evilcos) December 12, 2025

Currently, the stolen USDT has been transferred via cross-chain bridge to the Ethereum network, deposited into the attacker’s address: 0x4a57d6b5c3e6e6b4a5b5c3e6e6b4a5b5c3e6e6b4.

ZEROBASE official urgent statement:

We have received reports from multiple users that a phishing malicious contract appears on BNB Chain (BSC), impersonating ZEROBASE and hijacking users. It disguises itself as the official ZEROBASE interface, tricking users into granting USDT approvals to steal assets.

Malicious contract address: 0x0dd28fd7d343401e46c1af33031b27aed2152396

We have urgently launched the “Malicious Approval Detection Mechanism.” When you visit the ZEROBASE staking page, if the system detects your wallet has interacted with the above phishing contract, it will automatically block deposit and withdrawal functions until you revoke the approval for the phishing contract. You are advised to immediately check and revoke any suspicious or unnecessary contract approvals in your wallet using the following tools (or similar tools):

Please remain highly vigilant:

Never click on unknown links
Beware of impersonating admin accounts
Carefully verify contract addresses every time a wallet pop-up asks for signing

Important Security Notice

We have received user reports that a phishing contract on BNB Chain (BSC) is attempting to impersonate ZEROBASE and hijack user connections, falsely presenting itself as the official ZEROBASE interface to scam users into granting USDT approvals.…

— ZEROBASE (@zerobasezk) December 12, 2025

!Dongqu official website tg banner-1116 | Dongqu Trends - Most Influential Blockchain News Media

📍Related reports📍

AI project Port3 cross-chain bridge compromised: hackers print 1 billion tokens and dump, causing an 80% price crash

Balancer issues ‘final ultimatum’ to hackers: 96 hours to return the money or face all measures

Tags: Binance Web3 Wallet BSC DeFi Security USDT Stolen ZeroBase Supply Chain Attack Frontend Attack Malicious Contract SlowMist Yu Xian Unlimited Approval Phishing Page

ZBT-1.5%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.