- Trending
- Comments
- Latest
Hackers compromised the Zerobase platform’s website Friday afternoon, stealing more than $240,000 in USDT from 270+ users who connected their wallets to what appeared to be the legitimate interface.
The attack, which occurred around 2:30 PM UTC, exploited the front-end website rather than Zerobase’s underlying blockchain infrastructure, according to on-chain investigators.
On-chain investigators say the breach did not compromise Zerobase’s underlying blockchain infrastructure. Instead, attackers exploited the platform’s web-facing interface, deceiving users into approving a malicious smart contract that quietly drained their funds.
The Zerobase front-end hack has since become a case study in how front-end vulnerabilities can undermine trust in otherwise secure decentralized protocols.
According to blockchain analytics firm Lookonchain, multiple users began reporting unauthorized fund movements shortly after interacting with the Zerobase interface. Investigators later determined that hackers had taken control of the front-end, deploying a phishing smart contract on BNB Chain that impersonated legitimate Zerobase activity.
Once users connected their wallets and approved USDT spending permissions, the attackers were able to siphon funds without further interaction. One wallet alone reportedly lost 123,597 USDT, highlighting the scale of damage caused by the Zerobase front-end hack.
Blockchain cybersecurity platform HashDit identified the malicious contract address as 0x0dd28fd7d343401e46c1af33031b27aed2152396, noting that it was specifically designed to hijack wallet approvals and extract tokens.
Unlike traditional smart contract exploits, front-end attacks operate at the user interaction layer, making them harder for non-technical users to detect in real time.
Zerobase publicly acknowledged the incident, warning users who had interacted with the phishing contract and announcing immediate safeguards. In a statement posted on X, the company said:
“When you access ZEROBASE Staking, if your wallet is detected to have interacted with this contract, the system will automatically block deposits and withdrawals until the approval to the phishing contract is revoked,” — Zerobase.
The Binance Wallet team also moved swiftly to contain the fallout from the Zerobase front-end hack. The company confirmed it had blocked the malicious website domain, blacklisted the associated contracts, and begun sending alerts to affected users.
“We will continue to monitor the situation and take necessary measures to ensure user security. We will share any further updates as soon as possible,” — Binance Wallet team.
Lookonchain urged affected users to immediately review and revoke wallet permissions using tools such as revoke.cash, emphasizing that front-end compromises can continue to drain funds as long as approvals remain active.
The Zerobase front-end hack comes at a time of heightened scrutiny over crypto security practices globally. The incident follows revelations surrounding the late-November Upbit exchange hack, where South Korean regulators accused Binance of only partially complying with a request to freeze stolen assets.
On November 27, hackers exploited a vulnerability in Upbit’s Solana-based hot wallet, stealing digital assets later valued at approximately 44.5 billion won, or $33 million.
Authorities requested Binance to freeze about 470 million won in stolen Solana tokens, but Binance froze roughly 80 million won, citing the need for “fact-checking” before acting.
Separately, blockchain security firm CertiK reported suspicious Tornado Cash deposits linked to anomalous withdrawals from 0G Labs, where about 520,000 tokens—worth roughly $516,000—were withdrawn using a privileged emergency function.
While unrelated in execution, these incidents collectively underscore systemic risks that extend beyond smart contracts to operational and interface-level security.
