The distribution of the false tokens happened in the DApp called Trybe and it was that the mutability of the application affected the security, this is the link:
https://steemit.com/eos/@d1360x/eos-dapp-fails-to-distribute-tokens

And the theft of the 40,000 EOS was also in a DApp called EOSBet for vulnerability in the intelligent contracts a day after they indicated that it was very safe, this is the link:

https://steemit.com/eos/@d1360x/hackers-steal-40-000-eos