MGNR disclosed that an October 2021 targeted attack likely began with a phishing email impersonating a recognized contact and carrying a fake DOCX tied to a Pantera-themed term sheet. The intrusion probably installed a keylogger and stole password manager credentials that exposed a shared private key for a temporary hot wallet. The attackers appeared capable with scripting, cross-chain bridging, and mixing, and MGNR said other crypto firms had received similar targeted emails. The firm temporarily disabled trading systems and wallets, worked with law enforcement, recovered a substantial portion of funds, and froze some exchange accounts linked to fake KYC.