Crypto entrepreneur Jill Gunter, a co-founder of Espresso, said her crypto wallet was hacked after a flaw was found in a Thirdweb contract.
In a post shared on social media Thursday, Gunter explained that more than $30,000 in USDC was taken from her wallet on December 9. The stolen funds were sent through Railgun, a privacy-focused crypto protocol. She said the theft happened while she was getting ready to give a talk about crypto privacy in Washington, D.C. — an ironic twist she openly acknowledged.
Gunter, who has spent over 10 years in the crypto industry, said the money had just been moved into her wallet the day before. She was planning to use it for an angel investment later that week when the wallet was suddenly drained.
After looking into the transaction, she found that the funds were moved from her jrg.eth address to another wallet, but the key detail was a contract interaction tied to a Thirdweb bridge contract she had used once before for a small $5 transfer.
According to Gunter, Thirdweb later confirmed that the bridge contract had a known flaw. The issue allowed attackers to drain funds from wallets that had approved unlimited token permissions. That contract was flagged as compromised on Etherscan.
She said she doesn’t yet know if she’ll be reimbursed and described the loss as part of the risks that come with working in crypto. Gunter also said that if any of the stolen funds are recovered, she plans to donate the money to the SEAL Security Alliance, encouraging others to support the group as well.
Thirdweb later published a blog post explaining what happened. The company said the theft came from a legacy contract that was not fully shut down during its response to an earlier vulnerability discovered in April 2025. Thirdweb said the contract has now been permanently disabled and stressed that no current user funds are at risk.
This incident follows another major Thirdweb issue revealed in late 2023, when a flaw in a widely used open-source library affected more than 500 token contracts. According to blockchain security firm ScamSniffer, at least 25 of those contracts were actively exploited.
Some security experts have criticized how the earlier issue was disclosed. SEAL researcher Pascal Caversaccio said that publicly listing vulnerable contracts may have given hackers a head start.
The case is another reminder of how even experienced crypto users can be caught off guard — and how old, forgotten contracts can still cause real damage if they aren’t fully shut down.
