- Jill Gunter’s crypto wallet was drained due to a vulnerability in a Thirdweb contract.
- The stolen funds, over $30,000 in USDC, were transferred into the privacy protocol Railgun.
- The breach exploited a legacy contract that was not properly decommissioned after a vulnerability was disclosed in April 2025.
- Thirdweb confirmed the contract is now permanently disabled and no other wallets remain at risk.
- Gunter plans to donate any recovered funds to the SEAL Security Alliance and encouraged others to donate as well.
On December 9, 2025, Jill Gunter, co-founder of Espresso, announced that her crypto wallet had been drained. The loss occurred because of a vulnerability in a Thirdweb bridge contract she had interacted with previously. The stolen USDC, valued at over $30,000, was transferred to the privacy-focused protocol Railgun.
The transaction that emptied Gunter’s wallet was tracked publicly and confirmed to be the result of an exploit on a legacy contract. This bridge contract had a security flaw that allowed unauthorized access to funds from users who gave unlimited token approvals. The flaw was originally identified in April 2025 but the contract had not been fully disabled until recently.
In a detailed investigation shared on X, Gunter explained the timeline and nature of the theft. She had moved the tokens into her wallet the day before for an upcoming angel investment. The vulnerable contract involved was labelled as compromised on Etherscan.
Thirdweb published a blog post confirming that the theft was due to the legacy contract not being properly decommissioned during their April response to the vulnerability. They stated they have now permanently disabled the contract and ensured no other user funds are at risk.
Gunter praised the SEAL Security Alliance for their assistance. She also pledged to donate any reimbursed funds to the organization, urging others to consider doing the same.
This incident marks Thirdweb’s second significant security challenge. In late 2023, the company disclosed a major vulnerability in a widely used open-source library affecting over 500 token contracts, with at least 25 exploited. Security experts criticized the disclosure process for potentially aiding Hackers by listing vulnerable contracts.
Update as of December 12, 2025, 5:08 PM UTC: Clarified that Gunter’s initial announcement did not specify the involvement of the Thirdweb contract, which was revealed later.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
