ZEROBASE Front-End Breach: Hackers Compromise Interface in Latest Crypto Security Scare
Another day, another front-end breach—ZEROBASE joins the growing list of crypto platforms with compromised user interfaces.
The attack vector? A direct hit on the web application layer, bypassing backend safeguards and targeting the very portal users trust for transactions.
Front-end vulnerabilities represent crypto's soft underbelly. While teams obsess over smart contract audits and consensus mechanisms, the entry point most users interact with remains exposed. It's the digital equivalent of installing a vault door on a screen porch.
Security researchers note these breaches often follow predictable patterns: DNS hijacking, malicious script injections, or compromised third-party dependencies. The result? Redirected transactions, drained wallets, and the inevitable 'we're investigating' tweet from the team.
Meanwhile, the finance sector watches with familiar cynicism—traditional banks might move at glacial speed, but at least their login pages don't spontaneously become phishing sites. Crypto's innovation frontier apparently includes pioneering new ways to lose your assets before morning coffee.
The incident underscores the industry's persistent security triage. For every quantum-resistant blockchain protocol, there's a basic web server running outdated software. Until projects treat front-end security with the same rigor as their tokenomics, users remain one compromised CDN away from empty wallets.
Zero-knowledge proofs won't save you from a hijacked JavaScript file. Sometimes the most sophisticated attacks exploit the least sophisticated vulnerabilities.
Front-end attack on Zerobase interface causes $240K loss
According to blockchain cybersecurity platform HashDit, the malicious contract address linked to the incident was identified as 0x0dd28fd7d343401e46c1af33031b27aed2152396. The contract was specifically made to hijack wallet connections and extract approved tokens.
Zerobase’s hack was different from the regular smart contract exploits, because a front-end compromise does not need a breacher to tamper with the blockchain’s security. They can manipulate the interface and add malicious codes to intercept transactions or redirect assets once approvals are in place.
These attacks take place at the user interaction layer, so they can be difficult for non-technical users to detect even as their funds are being rerouted. Lookonchain pleaded with affected users to immediately review their wallet permissions and use revoke.cash or similar services to remove any suspicious or unnecessary contract approvals from their wallets.
Zerobase acknowledged the issue in a post on X, warning users who had interacted with the malicious contract and adding that it had implemented automatic safeguards for affected wallets.
“When you access ZEROBASE Staking, if your wallet is detected to have interacted with this contract, the system will automatically block deposits and withdrawals until the approval to the phishing contract is revoked,” the company wrote.
The Binance Wallet team also confirmed it blocked the website domain suspected of hosting malicious activity. It also blacklisted the relevant contracts to prevent more authorization risks, and WOULD automatically send alerts to affected users within 30 minutes advising them to review their approvals.
“We will continue to monitor the situation and take necessary measures to ensure user security. We will share any further updates as soon as possible,” the Binance team noted.
Binance with questions to answer after Upbit hack discovery
The Zerobase incident comes on the backdrop of Binance’s scrutiny over its response to the Upbit exchange hack that occurred late November. Cryptopolitan reported that South Korea’s regulators accused the world’s largest exchange by volume of only partially complying with a freeze request from Upbit.
On November 27 hackers stole a significant amount of digital assets from the exchange and later laundered the funds through more than a thousand wallets. That same day, South Korean police and Upbit formally requested Binance to freeze approximately 470 million won worth of stolen solana tokens traced to its platform.
Binance froze only about 80 million won, or roughly 17% of the requested amount citing the need for “fact-checking” before taking any action. South Korean authorities were notified that the freeze had been completed around midnight on November 27, 15 hours after the initial request was submitted.
Upbit later disclosed the perpetrators had exploited a vulnerability in its Solana-based hot wallet, siphoning funds from 24 Solana ecosystem tokens in less than an hour. Losses from the attack were estimated at 44.5 billion won, equivalent to about $33 million at the time.
The exchange later confirmed that all customer losses would be covered using internal reserves, seeking to reassure users amid heightened concerns about platform security.
In a separate but related blockchain security event, blockchain security firm CertiK detected suspicious Tornado Cash deposits linked to anomalous withdrawals from 0G Labs on Friday.
🚨 Hack Alert
Two projects were hacked at once
1. Yesterday CertiK alert system detected Tornado Cash deposits which trace back to abnormal withdrawals coming from the 0G labs reward contract
2. Hackers compromised ZEROBASE frontend, stealing funds from 270+ users, totaling… pic.twitter.com/9MoyQTlFSh
— Musttt (@Musttt_Web3) December 12, 2025
An unidentified party made a withdrawal of approximately 520,000 0G tokens, valued at around $516,000, using a privileged emergencyWithdraw function. The funds were first transferred to the address 0x617E8e3C07bEF319F26C1682270A19e89Ea2bf75.
Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.
