Espresso co-founder Jill Gunter reported Thursday that her cryptocurrency wallet has been depleted due to a vulnerability in a third-web contract, according to a statement posted on social media.
summary
- Crypto industry veteran Jill Gunter reported that more than $30,000 in USDC was stolen from her wallet on December 9th, and the money was extracted on December 9th and transferred through Railgun.
- The vulnerability stems from a legacy Thirdweb contract that allows unlimited token authorization to access funds.
- The incident followed another open source library flaw in 2023 that affected more than 500 token contracts and was exploited at least 25 times, according to ScamSniffer.
Gunter, who is said to be a 10-year veteran in the cryptocurrency industry, said more than $30,000 in USDC stablecoins were stolen from his wallet. According to her account, the funds were transferred to privacy protocol Railgun while she was preparing a presentation on crypto privacy for an event in Washington, DC.
In a subsequent post, Gunter detailed the investigation into the theft. She said the transaction that depleted her jrg.eth address occurred on Dec. 9, and the tokens were moved to the address the day before in anticipation of an angel investment funding scheduled for that week.
According to Gunter’s analysis, the tokens were transferred from jrg.eth to another address identified as 0xF215, but the transaction shows contract interaction with 0x81d5. She identified the vulnerable contract as the Thirdweb bridge contract that she had previously used to transfer $5.
Thirdweb notified Gunter in April that a vulnerability had been discovered in the bridge contract, she reported. This vulnerability allowed anyone to access the funds of users who authorized unrestricted token privileges. The contract was subsequently classified as compromised on blockchain explorer Etherscan.
Gunter said he does not know if he will receive a refund, calling such risks an occupational hazard in the crypto industry. She pledged to donate the recovered funds to the SEAL Security Alliance and encouraged others to consider donating as well.
Thirdweb published a blog post stating that the theft occurred because legacy contracts were not properly retired during the response to the April 2025 vulnerability. The company has permanently revoked the previous contract and said users’ wallets and funds will not be at risk.
In addition to the vulnerable bridge contract, Thirdweb disclosed widespread vulnerabilities in commonly used open source libraries in late 2023. SEAL security researcher Pascal Cabersaccio criticized the Third Web’s disclosure approach, saying providing a list of vulnerable contracts gives advance warning to malicious actors.
More than 500 token contracts were affected by the 2023 vulnerability, and at least 25 were exploited, according to an analysis by blockchain security firm ScamSniffer.
read more: DeepSeek AI predicts price scenarios for XRP, Solana, and Dogecoin
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
