• The malfunction allowed 32 wallets to claim 623M PYBOBO within 4 seconds.
• The event emptied nearly all the 625M reward pool almost instantly.
• The glitch coincides with OKB’s price underperformance.

The virtual currency sector recorded another sell-off on Friday as Bitcoin lost 10% in the past 24 hours to press time’s $81,865.

The global crypto market cap stands at $2.81 trillion after a 10% decline over the last day.

Amidst the broader bloodbath, OKX’s native token suffered the most as the downside coincided with OKX facing new scrutiny after an unexpected contract glitch in its recent Boost reward campaign.

A planned distribution of PYBOBO coins ended up with nearly all the pool drained within four minutes, and it wasn’t the massive demand as earlier thought.

🚨UPDATE: OKX’s PYBOBO Reward Pool drained in seconds.

Users report massive claims cleared almost instantly, showing the insane demand and liquidity frenzy. pic.twitter.com/mER1GrLeRJ

— The Crypto Times (@CryptoTimes_io) November 21, 2025

OKX’s token underperformed the overall cryptocurrency market in the past 24 hours.

It dipped from $115 to $94 during this writing, and over 18% dip on its daily price chart.

OKB experienced intensified selling pressure as the news of contract malfunctioning spread.

A 4-second glitch empties 99.68% of incentives

On-chain stats show that 32 addresses claimed 623 million PYBOBO coins, wiping nearly all the 625 million allocated for the distribution event.

The most striking thing is that the entire sweep took only four seconds, catching the team and participants unaware.

Notably, a multifunction within the OKX Boost claim contract seems to have permitted abnormal, rapid claims, allowing a few addresses to receive far more PYBOBO tokens than initially planned.

OKLink identified a particular wallet that claimed 37.847 million tokens, worth roughly $18,600.

Nevertheless, what’s striking is how fast the pool evaporated, with 99.68% of rewards gone by the time the ream noticed the glitch.

The event’s nature indicates an unintended move that propelled distributions well beyond their specified limits.

OKX Wallets halts claiming amid investigations

The team acknowledged the issue immediately after the reports emerged and confirmed delaying PYBOBO claiming until after resolving the contract issuer.

Claiming for PYBOBO rewards will be postponed.

We'll provide updates here once the issue has been resolved.

— OKX Wallet (@wallet) November 21, 2025

The temporary pause aims to prevent further potential damage as the project conducts a review.

The team has promised to publish more updates as they investigate the matter.

The incident sent ripples across the OKX ecosystem. OKB testified to that with its overwhelming selling pressure.

OKB price outlook

OKX’s token  hit a daily low of $94 after losing the $100 psychological mark.

It has dropped from a daily high of $115, losing over 18% of its value in the past 24 hours.

OKB has seen its daily trading volume surge 100%, signaling increased speculative activity.

The digital coin would likely slump further before regaining a dependable footing as sellers thrive in the current financial landscape.

The post OKB price dips 20% as OKB Boost contract glitch drains entire reward pool appeared first on CoinJournal.

• Organised crime groups run scam operations from Southeast Asia.
• The US DOJ seized $112 million in crypto linked to these scams in 2023.
• Chainalysis reported scam revenues reached $9.9 billion in 2024.

Pig-butchering scams, once seen as consumer-level fraud, have quietly evolved into a global web of organised crime.

With links to human trafficking, cryptocurrency abuse, and international money laundering, authorities are now viewing these scams as matters of national security.

In a recent Chainalysis podcast, Andrew Fierman, the firm’s head of national security intelligence, and Erin West, a former prosecutor and founder of Operation Shamrock, discussed the evolution of pig-butchering scams.

They painted a chilling picture of how the fraud has transformed from digital deceit to a full-blown transnational crime model.

The scam involves creating trust-based relationships with victims over time, sometimes romantic, sometimes platonic, before luring them into bogus cryptocurrency investments.

Funds are then siphoned through fake platforms and disappear into an opaque crypto network.

Southeast Asian compounds and forced scam labour

Pig-butchering operations are no longer run by isolated hackers. Fierman and West explained that many are now backed by sprawling fraud rings operating across Southeast Asia.

These rings run dormitory-style compounds where trafficked workers, often victims themselves, are forced to operate scam networks.

In 2023, the US Department of Justice (DOJ) seized around $112,000,000 in crypto tied to such schemes.

However, according to Chainalysis, the problem has grown rapidly.

Scam-related revenue in the crypto space exceeded $9.9 billion in 2024, with pig-butchering scams alone increasing by nearly 40% compared to the previous year.

Victims often suffer more than once. After being drained of their initial funds, many receive follow-up messages from fraudulent recovery companies offering to “help” retrieve their lost assets.

These secondary scams use the same tactics, often targeting victims again by using lists sold among fraud rings.

Using blockchain visibility to fight back

While pig-butchering relies on exploiting emotions and trust, the infrastructure often moves through traceable digital rails.

Fierman suggested that this is where blockchain transparency can be turned against the scammers.

By tracking wallet flows and transactions on-chain, regulators, exchanges, and virtual asset service providers (VASPs) can intervene.

This is particularly possible at the point of cashing out, which remains the critical vulnerability for these operations.

Efforts are being made to freeze and reclaim these funds.

In August, a joint action by APAC law enforcement agencies and firms like Chainalysis, OKX, Binance, and Tether resulted in freezing $47,000,000 tied to pig-butchering schemes.

DOJ leads with new task force

The US is treating the matter seriously.

On 12 November, the DOJ announced the launch of a new “Scam Center Strike Force”.

This unit will specifically target transnational crime syndicates linked to Southeast Asia that have engineered these elaborate crypto investment frauds.

The strategy goes beyond arrests.

It involves targeting facilitators of the scam economy, including those offering payment solutions, managing the digital platforms, and providing banking rails.

This approach includes sanctions, indictments, and diplomatic efforts designed to pressure bad actors across borders.

Erin West stated the need to use all available legal and technical tools in this battle.

Disruption at scale, especially across the entry and exit points of crypto fraud, remains the immediate priority for law enforcement.

Common tactics and growing digital risks

The core mechanics of pig-butchering have not changed, even as the scale and coordination have grown.

Scammers still initiate contact over messaging platforms, using charm and emotional manipulation to build trust.

Fast declarations of love, secrecy about personal details, and the push toward investing in a “guaranteed” crypto platform are major warning signs.

These scams often include screenshots showing fake profits to pressure victims into depositing funds.

Once in, victims are encouraged to invest more before being ultimately locked out of the system.

Now, however, these scams sit within a broader framework of crime that merges human exploitation and financial laundering.

Victims are no longer just people who lose their savings.

They are also unknowingly interacting with a global machinery that fuels trafficking and cross-border criminal finance.

The post Crypto romance scams now a national threat, not just consumer fraud appeared first on CoinJournal.

• An attacker withdrew $3 million in USDC from OKX and split it across 19 wallets.
• They opened $26 million in leveraged long positions on POPCAT perpetuals.
• A $20 million buy wall was placed to falsely signal market strength.

A sharp and deliberately executed sequence of trades has exposed a serious vulnerability in decentralised finance infrastructure.

Hyperliquid, a derivatives platform known for its POPCAT-denominated perpetual futures, recorded a loss of $4.9 million after one entity manipulated internal liquidity to set off a cascade of liquidations.

This was not a conventional exploit for profit, but a calculated test of how much stress an automated liquidity provider can endure before it breaks.

It began with the movement of $3 million in USDC, withdrawn from the OKX crypto exchange. The funds were distributed evenly across 19 new wallets, each routing assets into Hyperliquid.

There, the trader opened over $26 million in leveraged long positions tied to HYPE, the perpetual contract priced in POPCAT.

This aggressive positioning was then reinforced with a synthetic buy wall worth around $20 million, placed near the $0.21 price level.

This wall functioned as a temporary illusion of demand strength. Price responded to the signal, rising as participants interpreted the buy wall as structural support.

However, once the wall vanished, that support disappeared, and liquidity thinned.

With no bids to absorb market movement, highly leveraged positions began liquidating en masse. The protocol’s Hyperliquidity Provider vault, built to absorb such events, took the full impact.

A deliberate architecture stress test with real losses

What separates this incident from typical price manipulation is that the initiator made no profit.

The $3 million in initial capital was entirely consumed in the process. This strongly suggests that the goal was not financial gain but architectural disruption.

By introducing false liquidity signals, removing them at a precise point, and triggering liquidation thresholds, the attacker was able to manipulate the internal logic of the vault system.

The vault, designed to balance risk across positions and supply liquidity in volatile moments, was pulled into a liquidation cascade that it could not fully contain.

This raised questions about how automated liquidity mechanisms handle synthetic volatility events, particularly when faced with malicious but structurally informed participants.

The entire sequence unfolded onchain and was flagged by Lookonchain, which traced the trades back to their source and identified the attack’s distinct phases.

Withdrawal freeze sparks questions about platform stability

Shortly after the vault was impacted, Hyperliquid’s withdrawal bridge was temporarily disabled.

A developer associated with the protocol stated that the platform had been paused using a function called “vote emergency lock.”

This mechanism allows contract administrators to halt certain operations during suspected manipulation events or infrastructure risks.

The withdrawal function was re-enabled within roughly an hour. Hyperliquid did not release any official communication linking the freeze directly to the POPCAT trading event.

However, the timing suggested a precautionary action intended to prevent additional outflows or manipulation during a period of platform instability.

This marked one of the largest losses Hyperliquid has suffered from a single coordinated event, highlighting that even in the absence of external code exploits, internal systems can be compromised through precise liquidity attacks.

Community reaction underscores DeFi volatility

Community responses varied from technical analysis to satire. One observer described it as “the costliest research ever,” while another suggested the entire $3 million burn was “performance art.”

Others focused on what the attack revealed about perpetual futures markets with thin liquidity buffers, noting how easily they can be pushed into self-reinforcing failure.

One user described the event as “peak degen warfare,” referring to the high-risk strategy used to exploit predictable vault reactions.

Despite no direct theft, the outcome was functionally equivalent to a targeted denial-of-liquidity assault.

The attacker had no gain, but the protocol suffered a measurable financial hit, and its architecture showed clear signs of stress under pressure.

This incident has become a case study in how decentralised systems can be stressed from within using only publicly available tools and capital.

In this instance, no vulnerability was found in the codebase. Instead, the vulnerability lay in the assumptions that underpinned market structure and risk containment.

Hyperliquid has not announced any changes to its vault mechanics following the attack.

However, the broader DeFi ecosystem is likely to take note of the strategy and review how vaults absorb or reflect risk under coordinated synthetic pressure.

The post Hyperliquid’s $5m wipeout shows how DeFi vaults can collapse from within appeared first on CoinJournal.