On Thursday, Jill Gunter, co-founder of “the base layer for rollups” Espresso, took to X to inform followers her wallet had been drained due to a vulnerability in a ThirdWeb contract.
The 10-year crypto veteran noted the “deep irony” of her funds being funneled into privacy protocol Railgun while she was “writing a defense of privacy in crypto to present in DC next week.”
In a follow-up thread, Gunter describes the process of investigating how over $30,000 USDC was lost.
Read more: ZachXBT cracks Railgun privacy to expose Bittensor hacker
The transaction, which drained Gunter’s jrg.eth address, occurred on December 9.
The tokens had been moved into the address the day before the theft “in anticipation of funding an angel investment I planned to make this week.”
Although the tokens had been moved from jrg.eth to another (0xF215), the transaction shows a contract interaction with 0x81d5.
This vulnerable contract that led to the drained wallet, Gunter found, was a Thirdweb bridge contract that she had previously used for “a $5 transfer.”
After contacting Thirdweb, she was informed that a vulnerability was found in the bridge contract in April. It “allowed anyone to access funds from users who had clicked through and accepted unlimited token approvals.”
Indeed, the contract is now labelled on Etherscan as compromised.
Read more: Explained: how crypto’s ‘largest supply chain attack’ stole just $0.05
A Thirdweb blog post, published today, states that the theft “resulted from the legacy contract not being properly decommissioned during our April 2025 vulnerability response.”
Thirdweb “permanently disabled the legacy contract… and no user wallets or funds remain at risk.”
Gunter praised the SEAL Security Alliance for its response, pledging to donate any potential reimbursement, and urged others to do the same.
Thirdweb’s second rodeo
In addition to the vulnerable bridge contract, ThirdWeb had previously disclosed a wide-reaching vulnerability in late 2023.
It informed the crypto community of “a security vulnerability in a commonly used open-source library.”
Security researcher and SEAL member Pascal Caversaccio dubbed Thirdweb’s statement “not responsible disclosure.” He argued that providing a list of vulnerable contracts gave black hats hackers a “head start.”
According to crypto scam tracker ScamSniffer’s analysis, over 500 token contracts were affected and at least 25 exploited.
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
Source: https://protos.com/jill-gunter-has-wallet-drained-via-vulnerable-thirdweb-contract/
