It started like any normal day in Web3 - networking, chatting with friends in Discord, and keeping an eye on the markets. But for one holder, a seemingly innocent job offer turned into a nightmare that nearly wiped out their digital assets.

They were approached on Twitter by someone claiming to be from Kanpai Pandas, offering a moderator role for a new play-to-earn (P2E) game called Gunrush. The project looked legit — a professional whitepaper, an active Discord, and users chatting about everything from gaming to meme coins. Nothing seemed off.

After doing their due diligence, they joined the Gunrush Discord and started a conversation. Everything checked out — until they were asked to download a game client from the whitepaper.

The Setup

The holder ran multiple virus scans — everything came back clean. No warnings, no red flags. It was a 654MB file — large enough to seem legitimate. They clicked it. Nothing happened. No game launch, no error message, just a pop-up saying, “Thank you for using my program.”

A second window appeared: “You can uninstall if needed.”

At the time, it seemed odd but harmless. They deleted the file, ran CCleaner, and moved on.

Meanwhile, the recruiter pushed ahead, still onboarding them as a new mod. When asked to scan a QR code for an authenticator, the holder hesitated — something felt off.

Then, the first red flag.

The Stolen Assets Begin to Move

Checking Vtopia, the holder noticed someone had just dumped a ton of NFTs onto the floor. That’s when the realization hit — they were under attack.

• They hadn’t connected their wallet.

• They hadn’t approved any transactions.

• And yet… NFTs and tokens were disappearing.

Somehow, the hackers had gained remote access to their browser wallet, likely from the fake game client. 40 million $DOUGH vanished before their eyes.

The Race to Secure Assets

The holder scrambled to disconnect wallets, but the drain continued. They sent as much as they could to a fresh wallet on a different seed phrase, but the attack was moving faster.

Then, they remembered D3fenders.

With Emergency Migration, they secured the assets still in their PDA vault and paid for gas using an external source to send their NFTs and tokens to a safe location.

There was a moment of confusion, as they had to first select what they wanted to migrate, but after quick guidance, the D3fenders Vault did its job.

The Remaining Assets Were Safe.

The Aftermath

By evening, the immediate wallet drain had stopped. The holder moved everything out, leaving just a small amount of SOL in their main staking wallet to test whether the attacker still had access.

That SOL disappeared immediately.

This confirmed what they suspected — the attack was still active, but D3fenders had stopped it from getting worse.

The next morning, they moved everything else out and secured it on a Ledger.

Total Losses:

• 102 Vtopians

• 6 ALFs

• 4 BASC

• 40 Million $DOUGH

• A bit of SOL

Had they not acted fast, and had D3fenders’ Emergency Migration not been in place, the damage could have been far worse.

The Takeaway: Security Is Everything

Phishing attacks aren’t always obvious. They don’t always come from fake links or shady websites. Sometimes, they’re meticulously crafted social engineering scams — long cons where attackers gain trust before they strike.

This is why the D3fenders Vault exists.

Because even when things seem safe, even when you take precautions, Web3 moves fast — and the right security tools can be the difference between losing everything and securing what matters most.

Stay safe. Stay protected. Use D3fenders.

Follow us on X

Join our Discord Server

We have User Guides available on our website if you need support.

Learn how to setup your D3fenders Vault System today by subscribing to our YouTube Channel & following our walkthrough guides.

Check out our Medium article here

Our digital collectibles provide unlimited access to our D3fenders Vault System. Check them out on Magic Eden!