Espresso Co-Founder Jill Gunter Reports Wallet Drain Tied to Legacy Thirdweb Contract

Highlights:

• Jill Gunter has reported a wallet drain through a legacy contract flaw that still exposes users to clear risk.
• The new attacks show that weak contract checks let hackers place more pressure on DeFi security teams.
• Thirdweb is facing more scrutiny as users question how legacy code remained active.

Jill Gunter, co-founder of Espresso, reported that her crypto wallet lost more than $30,000 in USDC during a contract-linked theft. She said the incident occurred on December 9 while she prepared a privacy presentation in Washington, D.C. She moved the funds into her jrg.eth wallet a day earlier to support an angel investment planned for that week. The tokens later moved from her address to another wallet labeled 0xF215. She said the transaction also showed a contract interaction with address 0x81d5.

Gunter said her review traced the issue to a Thirdweb bridge contract she used for a small transfer in the past. She said the approval remained active and allowed access to her tokens. Gunter added that she examined blockchain records to confirm the sequence of actions. She said her team continued to study the transaction flow to understand each step. She also shared updated findings to help other users review their permissions.

Her posts gained quick attention from developers who followed the case online. They noted that the stolen tokens moved into Railgun, a privacy protocol. They also questioned why the legacy contract still allowed interaction. Gunter said she did not know whether she would receive reimbursement. She said she planned to donate any recovered funds to the SEAL Security Alliance and encouraged broader support for the group.

Jill Gunter Reports Wallet Drain as Probe Continues

Gunter said Thirdweb confirmed that the bridge contract carried a known flaw from April this year. She said the company told her the contract remained active because it was not fully retired after the earlier response. Thirdweb said the issue came from a legacy contract that stayed enabled after our vulnerability review.

The firm said it disabled the contract and removed remaining token permissions. The company said no other active wallets faced similar risks. It said it reviewed other tools to prevent further exposure. Gunter said the update clarified the link between the flaw and the theft.

Security concerns are growing as developers discuss code management. They have pointed to a recent attack on Nemo Protocol as an example. Attackers exploited two smart contract flaws on September 8 and took $2.6 million from users. The post-mortem said a rogue developer added unaudited features that enabled unauthorized state changes.

Wider Contract Issues Raise New Security Questions

ScamSniffer said more than 500 token contracts faced exposure from the flaw. It said at least 25 contracts suffered confirmed exploits. Analysts said the scale showed the risks of shared components across projects.

The industry has experienced new breaches this year caused by vulnerabilities in smart contracts. Bunni, an Ethereum-based decentralized exchange, lost $2.3 million when hackers took advantage of a vulnerability in its liquidity system. The problem was detected by CertiK analysts within hours. 1inch also reported a 5 million loss when an attacker utilized an old Fusion v1 implementation.