Quick Summary: On October 16, 2024, Radiant Capital, a DeFi lending protocol, was exploited in a major cyberattack, resulting in over $58 million in losses.

Details of the Exploit: Attackers gained access to three out of eleven private keys needed to control Radiant's smart contracts, allowing them to drain funds across multiple blockchains. The breach impacted liquidity pools on the Binance Smart Chain (BSC) and Arbitrum networks, forcing Radiant to suspend its markets on Ethereum and Base. Hackers exploited Radiant’s multi-signature wallet to gain sufficient control to upgrade the protocol’s smart contracts and initiate unauthorized transfers of assets. The attack resulted in the loss of popular tokens like USDC, WBTC, WETH, and BNB, with $18 million being drained from BSC pools alone.

Block Data Reference:

• Arbitrum Exploiter Address
• BSC Exploiter Address

Quick Summary: On October 10, 2024, a phishing attack led to the loss of $2.47 million in Aave Ethereum sDAI after a user unknowingly signed a malicious "permit" signature.

Details of the Exploit: The victim was tricked into signing a fraudulent "permit" transaction, giving the scammer access to their sDAI tokens. The scam relied on temporary addresses pre-computed using the CREATE2 function, a common tactic in phishing schemes to deceive victims into approving unauthorized access to their assets.

Block Data Reference:

• Transaction Hash

Quick Summary: On October 3, 2024, a lending project on the Arbitrum network experienced a $130,000 loss due to a price oracle manipulation attack.

Details of the Exploit: The hacker manipulated the price feed from the UniswapV3Pool to artificially inflate the value of WETH-USDC LP tokens. By manipulating the token prices during the borrowing process, the attacker withdrew more assets than initially deposited, exploiting the protocol's reliance on manipulated data.

Block Data Reference:

• Transaction Hash

Quick Summary: On October 1, 2024, the FireToken smart contract was exploited just 24 seconds after its launch, allowing an attacker to profit approximately $24,000.

Details of the Exploit: The vulnerability stemmed from the token-burning mechanism implemented in the contract's _transfer() function. Each token transfer reduced the circulating supply, immediately triggering a sync() function call that updated the Uniswap liquidity pool reserves. This setup allowed the attacker to reduce FireToken reserves while maintaining the ETH reserves constant, leading to price manipulation in the pool.

Block Data Reference:

• Exploit Transaction

Quick Summary: On September 27, 2024, Bedrock, a liquid restaking protocol, suffered a $2 million exploit targeting its synthetic Bitcoin token, uniBTC.

Details of the Exploit: Hackers exploited a vulnerability in the staking mechanism for uniBTC, draining approximately $2 million from decentralized exchange liquidity pools. The protocol reassured users that the underlying assets—wrapped BTC and standard Bitcoin held in reserves—were unaffected. Bedrock's team implemented security patches to address the flaw and is currently preparing a post-mortem report along with a reimbursement plan for impacted users.

Block Data Reference:

• Exploiter Address
• Exploit Transaction

Quick Summary: On September 26, 2024, uniBTC experienced a protocol logic vulnerability that led to a $1.7 million loss. The attacker exploited the minting mechanism to create unlimited tokens.

Exploit Details: The flaw in the minting logic allowed the hacker to generate an infinite number of uniBTC tokens, which were then dumped onto the market, causing significant devaluation and financial loss.

Block Data:

• Exploit Reference

Quick Summary: On September 26, 2024, Onyx was targeted through a liquidation logic flaw, resulting in a $4 million loss. The exploit manipulated the liquidation process to drain funds.

Exploit Details: The attacker exploited a vulnerability in the liquidation logic, allowing them to force liquidations under unfavorable conditions and siphon off substantial funds from the protocol.

Block Data:

• Exploit Reference

Quick Summary: On September 25, 2024, Truflation faced a severe security breach where malware led to the compromise of a private key, resulting in a $5 million loss.

Exploit Details: Malware infiltrated Truflation's infrastructure, compromising a critical private key. This allowed the attacker to access and drain funds from the platform, causing substantial financial damage.

Block Data:

• Exploit Reference

Quick Summary: On September 20, 2024, Shezmu was exploited through a protocol logic flaw that allowed for infinite minting and subsequent dumping of tokens, leading to a $4.9 million loss.

Exploit Details: The vulnerability in Shezmu's minting logic enabled the attacker to create unlimited tokens. These tokens were then rapidly sold on the market, causing a significant drop in token value and substantial financial loss.

Block Data:

• Exploit Reference

Quick Summary: Singapore’s BingX Exchange suffered over a $50 million hack on September 20, 2024. The hacker exploited vulnerabilities to withdraw funds from BingX's 15 hot wallets.

Exploit Details: The breach targeted multiple chains, including Ethereum, Binance Smart Chain, Base, Optimism, Polygon, Arbitrum, and Avalanche. BingX activated emergency protocols, suspended withdrawals, and transferred assets to safety. Most funds are secure in cold wallets.

Block Data:

• Hacker Wallet Address
• BingX Wallet Maintenance Notice

Quick Summary: On September 16, 2024, DeFi platform Delta Prime suffered a breach exceeding $6 million on the Arbitrum chain. The attack is ongoing, with pools still being drained.

Exploit Details: It appears the admin lost the private key. The attacker gained control of the admin wallet and upgraded contracts to malicious versions, draining pools like DPUSDC, DPARB, and DPBTCb. The stolen USDC was swapped to ETH.

Block Data:

• Suspicious Address: 0x0ef5a5130c795dba28e6b2cbfda05cf1ef81cc54

Quick Summary: On September 10, 2024, a major breach hit Indodax, Indonesia's leading crypto exchange, resulting in the loss of $22 million in various cryptocurrencies. Hackers took control of hot wallets and transferred the funds across multiple blockchains.

Exploit Details: Hackers accessed the hot wallets and executed unauthorized transfers across networks like Bitcoin, Ethereum, and Tron. The attackers used Tornado Cash to obfuscate their tracks. The vulnerability is believed to have exploited weaknesses in the withdrawal system, targeting signature manipulations.

Block Data:

• Bitcoin: bc1q5uqpn0ha5llrvhcvkq3nfalp8fj7qe3rydcvmf
• Tron: TBooefeY6FvGuyKfvp5yE1HmzhzvXnvA1P
• Ethereum: 0xb0a2e43d3e0dc4c71346a71484ac6a2627bbcbed
• Polygon: 0x90fffbc09e9a5f6d035e92d25d67e244ef5e904f
• Optimism: 0x3b8f1131a20e131c195bda6fdd6e9be38935eb6d

Quick Summary: A flash loan attack hit the Binance Smart Chain's CUT token liquidity pool on September 10, 2024. The attacker manipulated the CUT-BUSD pair, draining liquidity worth $1.4 million.

Exploit Details: The attacker exploited a flaw in the token's yield mechanics through a PancakeSwap flash loan, using the address 0x0917914b0A70ee7F1f2460Fcd487696856E31154 to manipulate the pool. The exploited pool was drained of its assets.

Block Data:

• Exploiter Address

Quick Summary: On September 3, 2024, Penpie, a yield aggregator protocol, suffered a major reentrancy attack, with over $27 million in assets being drained.

Exploit Details: The attacker exploited the protocol’s contract to create fraudulent yield tokens. By executing multiple transactions, the hacker siphoned funds from the Penpie system.

Block Data:

• Exploiter 1
• Exploiter 4

Quick Summary: On August 28, 2024, Aave’s Repay With Collateral Adapter V3 suffered an exploit that led to the loss of $56,000.

Exploit Details: The exploit stemmed from a flaw in the _buyOnParaSwap function, where an unchecked token allowance led to unauthorized transfers of funds. The attacker exploited this to drain tokens from the contract.

Block Data:

• Exploiter
• Transaction

Quick Summary: A phishing scam targeted a DeFi Saver Proxy user on August 21, 2024, leading to a loss of $55 million in DAI.

Exploit Details: The victim unknowingly signed a malicious transaction that gave the attacker control over their proxy, leading to the complete draining of their assets.

Block Data:

• Exploit Transaction

Quick Summary: On August 13, 2024, the Vow project suffered an exploit where a vulnerability in token conversion resulted in the loss of $1.2 million.

Exploit Details: A smart contract bug allowed the attacker to create valueless tokens, which they converted into real assets by manipulating the burn rate, resulting in significant losses.

Block Data:

• Exploiter Address

Quick Summary: On August 7, 2024, the Nexera platform experienced a major exploit where unauthorized access led to the theft of $449,000 in NXRA tokens.

Exploit Details: The attacker exploited security credentials to gain control of the Nexera Fundrs’ smart contracts and transfer millions of NXRA tokens to an external address.

Block Data:

• Exploiter

Quick Summary: The Ronin Network's bridge was hacked on August 6, 2024, with losses totaling $12 million in ETH and USDC due to a contract vulnerability.

Exploit Details: The attackers exploited an uninitialized variable in the updated bridge contract to execute unauthorized withdrawals. A failure in security protocols enabled the attacker to gain access to critical funds.

Block Data:

• Exploit Transaction

Quick Summary: On August 1, 2024, Convergence Finance faced an exploit in their liquidity pools, leading to the loss of $210,000 worth of assets.

Exploit Details: A vulnerability in the reward distribution contract allowed the attacker to claim excessive rewards, which they then swapped for assets, draining liquidity pools.

Block Data:

• Exploiter

Quick Summary: Terra Blockchain suffered an exploit on July 31, 2024, leading to a $6.5 million loss in assets due to an oracle manipulation attack.

Exploit Details: The exploit targeted price feeds from the oracle contract, manipulating the price of TerraUSD to allow for massive liquidations across the ecosystem.

Block Data:

• Exploit Transaction

Quick Summary: Karastar, a GameFi project, suffered an attack on July 26, 2024, resulting in the theft of $69,000. The hacker exploited a backdoor function in the contract to steal tokens.

Exploit Details: The attacker upgraded several contract implementations to bypass access controls and used the transfer(address token, address fromUser, uint256 value) function to siphon tokens from the platform.

Block Data:

• Proxy Upgrade TX
• Drain TX
• Funds Held By

Quick Summary: WazirX, a prominent Indian crypto exchange, was compromised on July 18, 2024, losing approximately $230 million in Ethereum-based assets.

Exploit Details: Attackers infiltrated the exchange’s multi-signature wallet system by compromising multiple signer accounts. They were able to swap signers' Externally Owned Accounts (EOAs) and replace the multisig implementation.

Block Data:

• Attacker Address
• Attack Transaction

Quick Summary: The crypto project ETHTrustFund, once regarded as promising, was revealed as a scam on July 16, 2024, when the developer moved $2.2 million in funds from the treasury to a private wallet, initiating a rug pull.

Exploit Details: The developer, known only as "Peng," drained the treasury by moving all the assets to a new address. The ETHTrustFund project was a fork of the $OHM project, which had leveraged hype and built a community, only to collapse under the exit scam.

Block Data:

• Treasury Address
• Fund Transfer

Quick Summary: The NEVER token project, operating on the Binance Smart Chain, was exit scammed on July 16, 2024, resulting in a $240,000 loss for investors.

Exploit Details: A backdoor within the smart contract allowed insiders to dump tokens on PancakeSwap without holding them in their wallet, leading to the drain of project funds.

Block Data:

• Scammer Address
• Sell TX

Quick Summary: On July 16, 2024, LI.FI, a cross-chain DeFi protocol, was exploited, resulting in an $8 million loss due to a vulnerability in its GasZipFacet.sol contract.

Exploit Details: A bug in the depositToGasZipERC20 function allowed an attacker to execute arbitrary code and perform unauthorized transfers from the protocol, using carefully crafted calldata to exploit the protocol's swap mechanism.

Block Data:

• Attacker Address
• Attack TX

Quick Summary: Minterest fell victim to an exploit on July 15, 2024, with the loss of $1.46 million in cryptocurrency, primarily ETH, due to a flash loan attack on the Mantle Network.

Exploit Details: The attacker used a reentrancy vulnerability in Minterest's flashloan contract, manipulating the market's cash balances to borrow mETH tokens, which they then exchanged for ETH.

Block Data:

• Attacker Address
• Tornado Cash TX

Quick Summary: Dough Finance, a DeFi protocol, was exploited on July 12, 2024, in a flash loan attack, resulting in the loss of $1.8 million in assets, primarily in USDC.

Exploit Details: The attacker exploited a vulnerability in the ConnectorDeleverageParaswap contract, using a flash loan to drain liquidity and swap assets for ETH, which was later mixed via Tornado Cash.

Block Data:

• Attacker Address
• Flash Loan TX

Quick Summary: Smart Bank Token, operating on the Binance Smart Chain, was exploited on July 11, 2024, in a flash loan attack that resulted in $56,000 in losses.

Exploit Details: The attacker utilized a flash loan from PancakeV3Pool to manipulate the vulnerable Smart Bank Token contract, creating an opportunity to profit by draining liquidity from the protocol.

Block Data:

• Attacker Address
• Flash Loan TX

Quick Summary: CoinStats, a popular cryptocurrency portfolio tracker, was hacked on June 22, 2024. Users lost approximately $2 million due to phishing attacks that targeted wallets created within CoinStats.

Exploit Details: Hackers sent phishing messages to CoinStats users, tricking them into providing access to their wallets. The stolen funds were linked to North Korea’s Lazarus Group.

Block Data:

• Phishing TX

Quick Summary: On June 21, 2024, Sportsbet.io, a popular online crypto sports betting platform, was hacked, resulting in a $3.5 million loss. The hack was likely linked to a larger attack that previously affected BtcTurk.

Exploit Details: The hacker targeted Sportsbet.io's wallets, stealing USDT and TRX. Crypto investigators believe this attack is part of a larger series of breaches by the same malicious actor.

Quick Summary: On June 19, 2024, the Farcana GameFi project was exploited, with an attacker stealing approximately $440,000 due to a leaked private key.

Exploit Details: The attacker gained access to one of Farcana’s treasuries by compromising an externally owned account (EOA) and transferred assets to an external wallet, later mixing the funds via Tornado Cash.

Block Data:

• Exploiter Address

Quick Summary: On June 19, 2024, a Pendle protocol user fell victim to a phishing attack and lost $1.4 million in Ethereum.

Exploit Details: The attacker tricked the user into signing a malicious transaction, which gave them access to the user’s wallet and enabled them to transfer funds to their own address.

Block Data:

• Exploiter Address

Quick Summary: In June 2024, Holograph, an NFT protocol, experienced a $14.4 million exploit after a former developer used a vulnerability in the smart contract to mint 1 billion HLG tokens.

Exploit Details: The hacker took advantage of their previously assigned permission to mint tokens, creating a massive supply of HLG, which led to a token crash. The tokens were later transferred to Ethereum and sold.

Quick Summary: YYS token on the Binance Smart Chain was exploited on June 8, 2024, in a flash loan attack, leading to a loss of $29,000.

Exploit Details: The attacker borrowed USDT from PancakeSwap’s V3 pool and used it to manipulate the YYS token contract's sell function, extracting liquidity from the protocol.

Block Data:

• Attacker Address