Quick summary: Balancer’s preliminary report attributes the ≈$116m multi-chain loss to a sophisticated exploit combining BatchSwaps and flash loans with manipulation of the Stable Pools’ EXACT_OUT rounding logic. In many instances exploited funds remained as internal Vault balances before being withdrawn in later transactions.

Key points:

• Vulnerable pool types: **V2 Stable Pools** and **Composable Stable v5**; other pool types unaffected.
• Exploit technique: BatchSwaps + flash loans + upscale/rounding bug on EXACT_OUT swaps allowed drain of stable pools.
• Observed behaviour: exploited value often sat within the Vault as internal balances before extraction in subsequent calls.
• Mitigation: affected pools paused; creation of new vulnerable pools disabled pending fixes; 20% white-hat bounty offered for returns.
• Partial recoveries: ~5,041 osETH (~$19M) and ~13,495 osGNO (~$2M) clawed back or frozen in co-ordinated action.
• YFarmX write-up: Balancer hack — V2 vaults drained in exploit

Block / on-chain lead:

• Consolidator: 0xaa760d53541d8390074c61defeaba314675b8e3f — Etherscan

Quick Summary: This wasn’t a protocol bug—it was full wallet takeover. After a user’s signing key leaked, the thief bridged out roughly $21M, including ~$17.75M DAI and ~$3.11M MSYRUPUSDP, then moved flows toward Ethereum.

Details: On-chain behaviour is consistent with raw key possession: attacker-signed transfers, bridging, and swaps with no contract-level trickery. Typical exposure routes include malwared desktops, fake wallet updates, credential reuse, or seed backups left in cloud drives/screenshots. The adversary drained balances in sequence and bridged to Ethereum for laundering/conversion. The precise compromise vector remains unconfirmed.

Block Data:

• Alert: PeckShieldAlert on X

Quick Summary: The team yanked user deposits—about $3.6M—off Hyperliquid, bridged to Ethereum, swapped to ETH, and funneled ~752 ETH into Tornado Cash. Socials vanished and the site went dark: classic exit pattern, not a bug.

Details: Hypervault pitched hands-off yield—auto-compounding bots and adapters that farmed across HyperEVM and external venues. When the switch flipped, treasury-like moves consolidated user funds, bridged them, and laundered a large chunk via Tornado. With comms deleted and infrastructure pulled, this fits the “rug” playbook rather than an external exploit.

Block Data:

• Alert: PeckShieldAlert on X

Quick Summary: An adversary slipped a rogue LayerZero peer into GriffinAI’s cross-chain setup, then mass-minted GAIN on BNB Chain—sending the token down ~90% within a day and extracting an estimated low-single-digit millions.

Details: The attacker stood up a malicious contract on Ethereum and registered it as a “trusted” peer, bypassing the legit endpoint list. That opened the door to mint ~5B GAIN (vs. a 1B cap), dump ~147.5M GAIN on PancakeSwap/OTC, and bridge proceeds via deBridge toward Solana/Ethereum/Base/Arbitrum. Traces show ~5M GAIN swapped to ~2,955 BNB, then bridged, turned into ~720 ETH, with ~700 ETH washed through Tornado. Market cap cratered from the mid-eight figures as the sell pressure cascaded.

Block Data:

• Website: griffinai.io
• Alert: CertiKAlert on X
• Alert: PeckShieldAlert on X

Quick Summary: Over a week, thieves siphoned ~$24M across BTC/ETH/LTC/DOGE/BCH. ETH slices hit Tornado; parts oddly looped through SBI infra before landing on DEXs—very DPRK-coded tradecraft.

Details: The lion’s share left Bitcoin (~$17.45M), followed by Ethereum (~$6.4M). Trackers spotted 924 ETH moving to Tornado in 15 txs, and ~143.2 BTC sitting relatively still. SBI confirmed an “unauthorised outflow” while probing root cause (key compromise vs. supply-chain risk both plausible). The incident arrived months after SBI absorbed DMM Bitcoin users post their $308M hit.

Attacker Footprints:

• ETH: 0x40d76a78ddba2ea81fb0f9fba147a08bcfc2b866
• BTC: bc1qx0a2kfjd7eweczv8xqjm6rggm40v0nkhfss78l
• BCH: qpv9nh5ktagsmtkqle8z2w4dd3mksskpmy499z7c9k
• LTC: ltc1qjyrn9p803efj3p8a0g3fmlevs45kq704ns363t
• DOGE: DRiEQuJ9pt3GgNraQmHVTjNg4B7uv1XuGb

Quick Summary: An attacker rewired multi-sig control (delegateCall ➝ owner/threshold change), moved ~$11.3M in assets, then minted 1B extra UXLINK—crushing price. Irony followed: the original thief later lost ~542M UXLINK (~$48M) to a second phishing crew.

Details: After seizing admin, the actor swept USDT/USDC/WBTC/ETH, then granted mint rights on Arbitrum to hyper-inflate supply. Exchanges were asked to freeze inflows while a token swap/comp plan was drafted. A subsequent Inferno-style drain relieved the first attacker of a massive chunk of their newly minted stash.

Block Data:

• Attacker: 0xaC77B44A5F3acC54E3844A609fffd64F182ef931
• Attacker: 0x5210BFdf0cFE6471322D597D16Cf440F5AC59309
• Attacker: 0x7277c705B5B1963b602cB4E3Ab8E188d925Bed00

Quick Summary: Despite audits, partnerships, and an active Telegram trading bot, Aqua’s team yanked ~21,770 SOL (~$4.65M) and ghosted—an exit dressed up as legitimacy.

Details: The project flaunted endorsements (audits/KOLs) and reported ~$137M 30-day bot volume with ~$2.83M revenue, building credibility ahead of a presale that dwarfed real liquidity (~860 SOL). Presale funds were split across routes and funneled to instant-swap venues. Investigators have linked wallet behaviour to prior large exit scams, suggesting repeat actors.

Block Data:

• Presale Address: 4Ea23VxEGAgfbtauQZz11aKNtzHJwb84ppsg3Cz14u6q

Quick Summary: A compromised API at partner provider Kiln let thieves whisk ~193k SOL (~$41.5M). SwissBorg covered users from treasury and kept services running; core infra was unaffected.

Details: Because Kiln acts as a staking backend, malicious calls resembled legitimate flows until after funds moved. SwissBorg’s internal controls ring-fenced the blast radius to the integration. The team mobilised exchanges, forensics, and white-hats while backfilling user balances directly from the company’s SOL reserves.

Block Data:

• Exploiter (Solana): Solscan account

Quick Summary: Custom Liquidity Distribution Function (LDF) logic around Uniswap v4 hooks let a trader craft “just-so” swaps that nudged rebalancing math off course—bleeding ~$8.4M across Unichain (earlier) and Ethereum (later).

Details: The exploit hinged on the protocol’s adaptive range-rebalancing. Specific trade sizes pushed the curve into pathological states; the accounting of LP shares mis-credited value, allowing incremental extraction. Bunni paused contracts network-wide and urged withdrawals pending a patched deployment and audit pass.

Block Data:

• ETH Exploit Tx: 0x1c27c4d625429acfc0f97e466eda725fd09ebdc77550e529ba4cbdbc33beb97b
• Unichain Exploit Tx: 0x4776f31156501dd456664cd3c91662ac8acc78358b9d4fd79337211eb6a1d451
• Attacker (ETH): 0xe04efd87f410e260cf940a3bcb8bc61f33464f2b (USDC/USDT haul)
• Helper (ETH): 0x18a0Aa63C07534f69aD626E6F72f20Cbe5969263

Quick Summary: A booby-trapped Zoom client led a user to sign a malicious delegation, enabling borrow/redeem on their behalf. Venus paused within ~20 minutes and, via an orchestrated liquidation/receivership plan, clawed everything back in ~13 hours.

Details: The attacker flash-loaned ~285.72 BTCB, cleared the victim’s ~306.89 BTCB debt, migrated deposits (USDT, wBETH, FDUSD, USDC, ETH) to a contract, borrowed ~$7.14M USDC on the remaining BNB, and repaid the flash loan—classic delegate-abuse flow. Governance and responders then seized collateral and redirected assets to a receiver, netting full restitution.

Block Data:

• Exploit Tx: BscScan
• Victim: 0x563617b87d8bb3f2f14bb5a581f2e19f80b52008
• Attacker: 0x7fd8f825e905c771285f510d8e428a2b69a6202a
• Receiver: 0xC753FB97Ed8E1c6081699570b57115D28F2232FA
• Custom Liquidator: 0xe011d57ecf48c448a7601eae30e6bf2d22886c50

Quick Summary: On PulseChain, an attacker gamed a “bonus Esteem” mint path tied to Favor purchases, siphoning ~pDAI/PulseX/Pulse worth ~$5M and later bridging proceeds as ~215 ETH funded from mixer capital.

Details: By routing through a fringe trading pair seeded with a mintable junk token, the exploiter looped: mint bonus Esteem ➝ convert via Smelter ➝ crush the Favor pool ➝ repeat. Tally: ~890.87M pDAI, 9.05B PulseX, 7.41B Pulse. Response was swift (pause within ~10 minutes). The team is proposing a make-good via contract rebuilds, targeted airdrops, and treasury support, plus a 20% bounty and a request for the return of 700M pDAI.

Block Data:

• Attacker: 0x48c9f537f3f1a2c95c46891332E05dA0D268869B
• Attacker (alt): 0xf3ba0d57129efd8111e14e78c674c7c10254acae

Quick Summary: A high-touch support-impersonation scheme relieved a victim of 783 BTC (~$91M). The crooks posed as exchange and hardware-wallet staff, then began obfuscating flows using peel chains and privacy tooling.

Details: The ruse blended “customer support” from multiple brands to win trust and extract access. Once keys/authorisations were compromised, funds moved in slices to reduce traceability, with activity observed flowing into Wasabi-style coin-joins. Notably, the incident landed exactly one year after the $243M Genesis creditor theft—timing that may be intentional signalling rather than coincidence.

Block Data:

• Tx: da598f2a941ee3c249a3c11e5e171e186a08900012f6aad26e6d11b8e8816457
• Exploiter (BTC): bc1qyxyk4qgyrkx4rjwsuevug04wahdk6uf95mqlej
• Reference: analysis thread

Quick Summary: On August 14, 2025, BtcTurk suffered a $48M hot wallet breach across multiple chains. Assets were swapped to ETH and laundered.

Details: Cyvers flagged abnormal outflows on Ethereum, Avalanche, Arbitrum, Base, Optimism, Mantle, and Polygon. The attacker consolidated assets and swapped them to ETH. BtcTurk paused deposits/withdrawals but assured cold wallets were safe. Authorities are investigating.

Quick Summary: Bitcoin launchpad Odin.fun was exploited for 58.2 BTC (~$7M) after liquidity manipulation in its AMM tool.

Details: Attackers added spoof tokens like SATOSHI to inflate liquidity, then withdrew BTC. Deposits fell from 291 BTC to 232.8 BTC in under 2 hours. Co-founder blamed Chinese-linked groups. Odin engaged auditors and law enforcement.

Quick Summary: A phishing scam tricked a victim into signing a malicious transaction, draining $3.05M USDT.

Details: The attacker convinced the victim to sign an approval that let them transfer funds. The USDT was quickly routed through multiple wallets. On-chain records confirm the scammer’s addresses.

Quick Summary: CrediX on Sonic was exploited for $4.5M after misassigned admin roles let attackers mint unbacked tokens.

Details: The attacker was granted broad roles (BRIDGE, ADMIN, RISK) via ACL mismanagement. They minted unbacked acUSDC, drained pools, bridged to Ethereum, and spread funds across wallets. Losses were reimbursed after negotiation.

Quick Summary: WOO X suffered a targeted phishing attack on a team member’s device, enabling $14M in account drains.

Details: Nine accounts were compromised between 13:50 and 15:40 UTC+8. Most withdrawal attempts were blocked, but $14M slipped through. WOO X covered losses and restored balances within 48 hours.

Quick Summary: CoinDCX lost $44M after attackers breached an internal liquidity account.

Details: The attacker gained server-level access and drained liquidity via Tornado Cash, bridging between Solana and Ethereum. CoinDCX pledged reimbursement and is working with CERT-In and forensics teams.

Quick Summary: Hot wallet compromise led to $28M stolen from BigONE across Bitcoin, Ethereum, Tron, and Solana.

Details: Attacker drained $14M BTC, $7M ETH/BNB, $7M TRX, and $500K SOL. BigONE suspended deposits/withdrawals, but promised full reimbursement.

Quick Summary: Arcadia lost $2.5M on Base after a router validation flaw in RebalancerSpot let attackers steal LP tokens.

Details: Exploiter spoofed swapData payloads, tricking the Rebalancer into executing malicious calls. Funds bridged to Ethereum. Arcadia paused contracts and offered a 10% bounty.

Quick Summary: GMX was exploited for $42M on Arbitrum, though $37M was later recovered.

Details: The flaw was in GMX V2’s cross-margin liquidity checks. Attackers manipulated collateral ratios to withdraw unbacked assets. Recovery came after swift coordination with exchanges and MEV searchers.

Quick Summary: Resupply lending protocol was drained for $9.5M due to an oracle manipulation attack.

Details: Exploiter used flash loans to distort the price of collateral tokens, borrowing against inflated values and draining pools. The team paused the protocol and engaged auditors for a fix.

Quick Summary: MEV bots on BNB Chain were exploited for $2M after attackers injected malicious sandwich trades.

Details: Attackers crafted backrunning opportunities that lured bots into executing unprofitable swaps, siphoning their balances. The attack targeted poor slippage controls in bot logic.

Quick Summary: Iranian exchange Nobitex suffered an $82M hack targeting its hot wallets.

Details: Assets were stolen across Bitcoin, Ethereum, and Tron. Withdrawals were halted and Nobitex pledged reimbursements. On-chain sleuths linked flows to known Lazarus-associated wallets.

Quick Summary: AlexLab on Stacks was exploited for $16.1M after private keys were compromised.

Details: Stolen funds were moved into Bitcoin, Litecoin, and other assets. Reports tie the hack to North Korean Lazarus group. AlexLab is rebuilding infrastructure with new multisig controls.

Quick Summary: ForceBridge on Nervos was exploited for $3.7M via flawed cross-chain validation.

Details: Exploiters forged bridge proofs to mint synthetic assets, then dumped them on-chain. Nervos froze the bridge and launched an investigation.

Quick Summary: On May 28, 2025, a flaw in Cork Protocol’s wrapped StETH market was abused, letting an attacker siphon off about 3,760 wstETH (around $12 million) in a single transaction.

Details of the Exploit: The vulnerability lay in the contract’s exchange‐rate logic between wstETH and weETH. By minting counterfeit tokens that distorted the on-chain rate oracle, the attacker was able to withdraw far more value than intended. Transaction traces show the exploit was launched from a wallet likely backed by a third-party service, and within minutes the stolen wstETH was swapped into ETH. Cork Protocol (supported by a16z and OrangeDAO) has since frozen all markets and engaged Dedaub to audit and harden the system.

• Dedaub (auditor)

Quick Summary: On May 22, 2025, Cetus Protocol on Sui was hit by a sophisticated AMM manipulation that drained roughly $260 million, sending many token prices plummeting over 90% and forcing an immediate halt to all swaps.

Details of the Exploit: The attacker introduced fake tokens into Cetus’s liquidity pools, skewing the automated market-maker’s price curve to massively overvalue reserves. This allowed trades at distorted rates, letting them extract genuine assets en masse. The bug bypassed Cetus’s token validation checks, and on-chain data shows the exploiter later laundered proceeds through a series of decentralised swaps. Cetus’s developers have since paused contract operations and are conducting an in-depth forensic review.

• Website
• Twitter

Quick Summary: On April 27, 2025, a hacker stole 3,520 BTC (~$330.7M) from a victim’s wallet, using social engineering to exploit vulnerabilities. The stolen funds were swapped into Monero (XMR), triggering a 50% price spike in XMR.

Details of the Exploit: The attack involved moving stolen BTC to address bc1qcrypchnrdx87jnal5e5m849fw460t4gk7vz55g, from where it was laundered via six instant exchanges. The increased demand for Monero resulted in a sharp price surge. Analysts pointed to social engineering as the likely attack vector. The incident also raised concerns about security practices and market volatility.

Quick Summary: On April 26, 2025, Loopscale, a Solana-based DeFi lending protocol, was exploited for $5.8M due to an oracle manipulation bug. The hacker exploited the system’s loan functions, draining USDC and SOL vaults.

Details of the Exploit: Attackers exploited a vulnerability in Loopscale’s RateX PT token pricing, allowing them to take out undercollateralized loans. This drained ~5.7M USDC and 1,200 SOL from the vaults, affecting 12% of the protocol’s TVL. Loopscale paused operations and negotiated a 10% bounty with the attacker, who agreed to return 90% of the funds. This exploit highlights ongoing risks with oracle manipulation in DeFi protocols.

Quick Summary: A compromised admin wallet quietly swept $5 million in unclaimed ZK tokens, shaving 20 % off the price before an on-chain ultimatum forced their return.

Details of the Exploit: Using the airdrop contract’s sweepUnclaimed() function, the attacker minted an extra 0.45 % of supply, then off-loaded tokens across DEXs. ZKsync offered a 10 % white-hat bounty and threatened litigation; funds were sent back on 23 April, closing the affair with unusually swift restitution.

Block Data:

• Transaction

Quick Summary: A gap in KiloEx’s access-control let an attacker spoof oracle prices, flip a leveraged long and walk away with $7 million.

Details of the Exploit: The intruder routed calls through the MinimalForwarder contract, injecting a forged signature that cascaded unchecked to the price-feed. First the oracle was slammed lower to open positions cheaply; minutes later it was pumped to close them at a premium. Funds ­originated from 0x00fac9…bcbd and have since been bridged to BNB Chain via Polyhedra. Trading remains halted while a full post-mortem and bounty programme are prepared.

Quick Summary: A hijacked ProxyAdmin contract let a thief lift 18.4 m UPC—worth roughly $70 m—in a single stroke.

Details of the Exploit: With admin keys in hand, the attacker upgraded the proxy to embed withdrawByAdmin, draining three treasury wallets to 0xFf7…334. Funds remain dormant, suggesting either negotiations or a very public game of chicken. UPCX paused transfers but insists user balances are ring-fenced.

Quick Summary: A bookkeeping glitch let an attacker self-liquidate, re-borrow and drain $13 m, before hopping from Arbitrum to Ethereum and into Tornado Cash.

Details of the Exploit: A failed GMX deposit stranded collateral in OrderAgent. The exploiter then triggered liquidation that wiped the debt record but not the collateral, recycling it for fresh loans until 6,260 ETH was gone. Abracadabra has dangled a 20 % bounty; GMX code was untouched.

Block Data:

• Exploit TX
• Exploiter Address

Quick Summary: An attacker with leaked admin rights hot-swapped Zoth’s logic contract, draining $8.32 m before anyone noticed.

Details of the Exploit: After funding from 0x3b33c5…, the perpetrator pointed the proxy at a malicious implementation, withdrew funds, and routed them through 0x7b0cd0…. Evidence points to key compromise rather than on-chain bug—an all-too-familiar tale of access-control failure.

Quick Summary: A re-entrancy loop in fillOrderInteraction() let thieves siphon $1.2 m USDC and 638 ETH.

Details of the Exploit: Because the function echoed back user-supplied takingAmount, attackers could recursively gain fresh approvals each call. Chained via fillOrderTo() in the Aggregation Router, the loop drained balances well beyond any bona-fide order size.

Block Data:

• Exploit TX

Quick Summary: Mask Network’s founder lost $4 m after his phone—and, seemingly, his keys—went walkabout at a birthday party.

Details of the Exploit: Cyvers flagged the drain of 113 ETH, 923 WETH and a grab-bag of liquid-staked assets. The loot was atomised across six wallets (one ending …df7). Yan suspects an offline compromise of his handset; SlowMist, ZachXBT and police are on the case.

Quick Summary: A developer-held backdoor let $50 m USDC slip out of Infini’s coffers and into Tornado-funded wallets.

Details of the Exploit: Retained admin privileges nullified Infini’s defences. The thief routed USDC to DAI, then into 17,696 ETH at 0xfcc8…6e49. CEO Christian Li vowed reimbursement, but the timing—three days after the Bybit mega-breach—deepened jitters over internal controls.

Block Data:

• Exploiter Wallet

Quick Summary: A phished multisig transaction bled 401,346 ETH—roughly $1.4 bn—from one of Bybit’s cold wallets.

Details of the Exploit: The UI showed a familiar Safe address; behind the curtain, contract permissions were rewritten to hand the attacker the keys. ETH, mETH and stETH were swept out, swapped and scattered across fresh wallets. ZachXBT rang the alarm; Bybit says the damage is ring-fenced to a single vault and withdrawals continue.

Block Data:

• Withdraw TX

Quick Summary: The LIBRA memecoin—championed on X by Argentina’s president—went from $4.4 bn cap to ashes, saddling 74 k traders with $286 m in paper losses.

Details of the Exploit: Insiders pre-mined and pre-pumped, then rugged. Leaked chats tie Hayden Davis and Kelsier Ventures to earlier scams (MELANIA, OG FUN) and suggest leverage over President Milei. Dave Portnoy’s $5 m hit, later mysteriously reimbursed, stoked talk of hush payouts. Argentina’s equity market slid 6 %; Congress whispers impeachment.

Quick Summary: zkLend suffered a $9.5M exploit on Starknet when an attacker attempted to launder funds via Railgun.

Details of the Exploit: An unknown attacker moved stolen assets from zkLend to Ethereum through Railgun – a privacy protocol that unexpectedly reversed the laundering attempt. zkLend then offered a whitehat bounty allowing the attacker to retain 10% if approximately 3,300 ETH (valued at ~$8.6M) were returned by the deadline. This case highlights the compliance benefits of Railgun over other anonymizing mixers.

Block Data:

• zkLend Ethereum Return Address
• Hacker Railgun Deposit
• Railgun Returns Deposit

Quick Summary: DogWifTools was exploited for $10M, draining multiple wallet types.

Details of the Exploit: Malicious actors infiltrated users’ devices and drained hot, hardware, and centralized exchange wallets by exploiting a reversed GitHub token extraction method. Experts warn this breach exposes deep systemic vulnerabilities.

Quick Summary: Phemex lost $37M amid multi-chain wallet breaches.

Details of the Exploit: Attackers targeted hot wallets on Ethereum, BNB, Polygon, Arbitrum, Base, and Optimism. Suspicious stablecoin transactions were rapidly converted to ETH and laundered via mixers, prompting emergency protocols.

Quick Summary: $29M in SUI tokens were stolen and laundered via Tornado Cash.

Details of the Exploit: Around 6.27M SUI tokens were illicitly moved from the Sui network to Ethereum and then laundered, complicating traceability despite significant user growth.

Quick Summary: Gifto minted 1.2B extra tokens, triggering an $8.6M dump.

Details of the Exploit: Following Binance’s delisting notice, massive on-chain minting flooded exchanges. The oversupply crashed the token’s value, drawing sharp criticism for exploiting the grace period.

Quick Summary: Radiant Capital lost over $58M in a cyberattack.

Details of the Exploit: Attackers obtained three private keys and drained funds across BSC and Arbitrum. This breach exposed critical weaknesses in multi-signature wallet security and spurred immediate system upgrades.

Block Data Reference:

• Arbitrum Exploiter Address
• BSC Exploiter Address

Quick Summary: A phishing scam cost $2.47M in sDAI.

Details of the Exploit: A user unwittingly signed a fraudulent permit transaction, granting an attacker control over their sDAI wallet via temporary CREATE2 addresses.

Quick Summary: A $130K loss hit an Arbitrum lender via oracle manipulation.

Details of the Exploit: The attacker manipulated the UniswapV3Pool price feed to inflate WETH-USDC LP token values, enabling excessive withdrawals from the protocol.

Block Data Reference:

• Transaction Hash

Quick Summary: FireToken was exploited 24 seconds post-launch for $24K.

Details of the Exploit: A flaw in the token-burning mechanism reduced circulating supply without affecting ETH reserves, allowing an attacker to profit from subsequent price manipulation in the liquidity pool.

Block Data Reference:

• Exploit Transaction

Quick Summary: Bedrock lost $2M by targeting its synthetic Bitcoin token, uniBTC.

Details of the Exploit: Attackers exploited a flaw in the staking mechanism for uniBTC, draining $2M from liquidity pools while core BTC reserves remained intact. A post-mortem and reimbursement plan are underway.

Block Data Reference:

• Exploiter Address
• Exploit Transaction

Quick Summary: uniBTC’s minting flaw led to a $1.7M loss.

Details of the Exploit: An infinite minting vulnerability enabled the attacker to generate unlimited tokens, dump them on the market, and significantly devalue uniBTC.

Block Data:

• Exploit Reference

Quick Summary: Onyx lost $4M via a liquidation flaw.

Details of the Exploit: The attacker exploited a vulnerability in the liquidation logic, allowing them to force unfavorable liquidations and siphon off $4M from the protocol.

Block Data:

• Exploit Reference

Quick Summary: Truflation lost $5M after a malware breach.

Details of the Exploit: Malware infiltrated the infrastructure and compromised a critical private key, enabling attackers to drain $5M from the platform.

Block Data:

• Exploit Reference

Quick Summary: Shezmu’s flaw dumped tokens for a $4.9M loss.

Details of the Exploit: A minting logic vulnerability allowed unlimited token creation, which were rapidly sold off—crashing the token’s value and causing severe financial damage.

Block Data:

• Exploit Reference

Quick Summary: BingX lost $52M through multi-chain wallet breaches.

Details of the Exploit: Vulnerabilities in 15 hot wallets across Ethereum, BSC, Base, Optimism, Polygon, Arbitrum, and Avalanche allowed unauthorized transfers. Emergency protocols were enacted and assets secured in cold storage.

Block Data:

• Hacker Wallet Address
• BingX Wallet Maintenance Notice

Quick Summary: DeltaPrime lost $6M via a key compromise.

Details of the Exploit: The admin’s lost private key allowed attackers to maliciously upgrade contracts and drain liquidity pools on Arbitrum. Stolen USDC was swapped to ETH, emphasizing the need for enhanced key security.

Block Data:

• Suspicious Address: 0x0ef5a5130c795dba28e6b2cbfda05cf1ef81cc54

Quick Summary: Indodax lost $22M through multi-chain wallet breaches.

Details of the Exploit: Hackers exploited vulnerabilities in hot wallets across Bitcoin, Ethereum, and Tron using Tornado Cash to obfuscate transfers, draining a total of $22M and exposing critical flaws in the withdrawal system.

Block Data:

• Bitcoin: bc1q5uqpn0ha5llrvhcvkq3nfalp8fj7qe3rydcvmf
• Tron: TBooefeY6FvGuyKfvp5yE1HmzhzvXnvA1P
• Ethereum: 0xb0a2e43d3e0dc4c71346a71484ac6a2627bbcbed
• Polygon: 0x90fffbc09e9a5f6d035e92d25d67e244ef5e904f
• Optimism: 0x3b8f1131a20e131c195bda6fdd6e9be38935eb6d

Quick Summary: A flash loan attack drained $1.4M from CUT.

Details of the Exploit: Exploiting a yield flaw via a PancakeSwap flash loan, the attacker manipulated the CUT-BUSD pair to drain $1.4M from the liquidity pool.

Block Data:

• Exploiter Address

Quick Summary: Penpie lost over $27M via reentrancy.

Details of the Exploit: A reentrancy flaw enabled attackers to generate fraudulent yield tokens and siphon funds through multiple transactions, draining over $27M from the protocol.

Block Data:

• Exploiter 1
• Exploiter 4

Quick Summary: Aave lost $56K via an unchecked allowance flaw.

Details of the Exploit: A flaw in the _buyOnParaSwap function allowed unauthorized transfers by exploiting unchecked token allowances, draining $56K from the collateral adapter.

Block Data:

• Exploiter
• Transaction

Quick Summary: A phishing scam cost $55M in DAI.

Details of the Exploit: A user unwittingly signed a fraudulent permit transaction, granting an attacker control over their proxy, draining $55M in DAI from the account.

Quick Summary: Vow lost $1.2M due to a conversion flaw.

Details of the Exploit: A smart contract bug enabled attackers to create valueless tokens and convert them into real assets by manipulating the burn rate, causing a $1,200,000 loss.

Block Data:

• Exploiter Address

Quick Summary: Nexera lost $449K via unauthorized access.

Details of the Exploit: Attackers exploited compromised security credentials to gain control of Nexera’s smart contracts and transfer NXRA tokens, resulting in a $449K loss.

Block Data:

• Exploiter

Quick Summary: Ronin lost $12M via a bridge vulnerability.

Details of the Exploit: An uninitialized variable in the updated Ronin bridge contract enabled unauthorized withdrawals of ETH and USDC totaling $12M.

Block Data:

• Exploit Transaction

Quick Summary: Convergence lost $210K via a liquidity pool exploit.

Details of the Exploit: A vulnerability in the reward distribution contract allowed an attacker to claim excessive rewards and drain $210K from liquidity pools.

Block Data:

• Exploiter

Quick Summary: Terra lost $6.5M via an oracle manipulation attack.

Details of the Exploit: An attacker manipulated Terra’s oracle price feeds, triggering massive liquidations that resulted in a $6.5M asset loss and exposed critical flaws in the pricing mechanism.

Block Data:

• Exploit Transaction