Two things happened this week that show both sides of the crypto security problem — a hacker stole $2.4 million from TesseraDAO by creating fake tokens out of thin air, while the U.S. government froze millions more tied to global crypto scam networks.
What Happened to TesseraDAO?
TesseraDAO was a crypto project on the BNB Chain (the network created by Binance). Last week, a hacker got hold of an admin key — basically the master password that controls how the project’s tokens work.
With that key, the attacker did something that should never be possible: they created 99 million TSR tokens from nothing. Then they immediately sold all of them on the open market.
Think of it like someone getting the key to a bank vault, printing their own money inside, then spending it all before anyone notices. The result? TSR’s price crashed by nearly 100%, falling to around $0.0002. Investors who held the token lost almost everything.
Where Did the Money Go?
After selling the fake tokens, the attacker converted about $2.5 million into USDT (a stablecoin pegged to the dollar). They then moved the money from BNB Chain to Ethereum — a common trick to make tracking harder.
From there, they sent roughly 1,285 ETH through Tornado Cash, a tool that mixes cryptocurrency transactions the way a blender mixes ingredients. It breaks the trail between where the money came from and where it ends up, making it extremely difficult for investigators to follow.
The Bigger Problem: Projects With “Backdoor Keys”
This wasn’t a fancy hack. The attacker didn’t break any code. They simply got access to a key that gave them god-mode control over the token — something many crypto projects still quietly keep for themselves.
It’s a core contradiction in crypto: projects promise to be “decentralized” (meaning no single person controls them), but many maintain hidden admin keys that let a single person do exactly that — control everything.
Security experts have been warning about this for years. The fix is straightforward: use multi-signature wallets (where multiple people have to approve changes), hardware security modules, and truly decentralized governance. But many smaller projects skip these steps because they’re complicated and expensive.
Meanwhile, the Government Is Cracking Down
On the same day the TesseraDAO mess was unfolding, the U.S. Department of Justice announced the results of a major operation targeting crypto scam networks operating out of Southeast Asia.
Called “Disruption Week,” the operation ran from May 18, 2026, and involved cooperation between the DOJ, Apple, Google, Meta, Microsoft, Coinbase, and law enforcement agencies from Australia, Canada, New Zealand, Thailand, and the UK.
What they accomplished:
- Shut down over 1.4 million fake social media accounts on Facebook and Instagram used to scam people
- Froze over $3.8 million in cryptocurrency tied to criminal networks (Coinbase alone froze $3 million)
- Arrested 7 scammers in Thailand, with 63 total arrests connected to scam centers
- Shut down servers and internet infrastructure used by criminal compounds in Cambodia, Laos, and Burma
The Scams Are Getting Bigger Every Year
According to the DOJ, crypto investment scams are now one of the fastest-growing and most financially devastating forms of fraud targeting Americans:
- 2023: $3.96 billion lost to crypto investment scams
- 2024: $5.8 billion lost (a 47% jump)
- 2025: $7.2 billion lost (another 24% increase)
Many of these scams work through “pig butchering” — criminals build romantic or friendly relationships with victims over months, then convince them to invest in fake crypto platforms. Once the money is deposited, it’s gone.
What Does This Mean for Your Money?
- Be skeptical of any crypto project that doesn’t clearly explain who controls the admin keys. If they can’t tell you, that’s a red flag.
- Never trust someone you met online who wants to “help you invest” in crypto — especially if they contacted you first.
- Stick to established projects with audited smart contracts and transparent governance. Smaller, unaudited projects carry much higher risk.
- If a deal sounds too good to be true, it almost certainly is. Nobody is going to double your money risk-free.
The crypto space is full of innovation and opportunity, but it’s also full of traps. The TesseraDAO hack shows that even “decentralized” projects can have single points of failure. And the DOJ crackdown shows just how massive the scam problem has become.
Disclaimer: This article is for informational purposes only and should not be considered financial advice. Cryptocurrency investments carry significant risk. Always do your own research before investing.
99 million tokens minted from nothing. BNB chain needs better guardrails for new projects, this is embarrassing for the ecosystem
BNB chain guardrails would require centralized oversight which defeats the purpose. the real fix is multisig admin keys, not chain-level controls
minting bug for .5M… auditors really said ‘looks good to me’ on that one huh
the audit probably didnt cover admin key access control. most audits dont. they check the smart contract logic but skip who can call what
most audits check contract logic but skip the admin key setup because that is not in scope. it should be mandatory but auditors get paid either way
DOJ freezing millions is the more interesting part here. theyve been quietly building cases across jurisdictions for months now
quietly building cases is how the DOJ operates. by the time you read about asset freezing theyve been working on it for 6 months minimum
every time a DAO gets exploited its some basic access control issue. when are teams gonna stop rushing launches