April 17, 2026
Kelp DAO rsETH Bridge
Kelp DAO's rsETH bridge was apparently exploited in a LayerZero-based attack, with estimated losses of roughly $292 million.
Amount stolen: $292,000,000
Source: The Block
This page tracks notable DeFi exploit incidents in a chronological format, with newer and legacy incidents combined into one timeline. Amounts are shown in USD where publicly reported, and entries are retained for historical continuity as new incidents are documented.
Total exploits: 172 • Total reported losses: $5,786,642,000
April 17, 2026
Kelp DAO's rsETH bridge was apparently exploited in a LayerZero-based attack, with estimated losses of roughly $292 million.
Amount stolen: $292,000,000
Source: The Block
April 16, 2026
Rhea Finance's post-mortem said exploit losses reached about $18.4 million after expanding beyond the protocol's initial estimate.
Amount stolen: $18,400,000
Source: The Block
April 9, 2026
Attackers exploited Aethir bridge logic, triggering unauthorized transfers before the team halted bridge activity and started compensation.
Amount stolen: $423,000
Source: Cointelegraph
April 3, 2026
The exploit targeted lending market contract logic, allowing funds to be extracted from affected Silo V2 markets.
Amount stolen: $392,000
Source: DeFiLlama Hacks Database
March 21, 2026
Attackers reportedly abused minting and validation controls to create unbacked assets and drain protocol value.
Amount stolen: $24,500,000
Source: NOMINIS March 2026 report
March 2, 2026
The incident impacted borrowing and lending positions after attacker interactions with LlamaLend contract flows.
Amount stolen: $240,000
Source: BlockSec incident roundup
February 28, 2026
The exploit abused contract permissions and led to unauthorized withdrawals from Wise Lending V2-held funds.
Amount stolen: $66,000
February 26, 2026
The attacker reportedly manipulated oracle/price inputs, enabling undercollateralized borrowing and a protocol drain.
Amount stolen: $390,000
February 1, 2026
Attackers reportedly forged cross-chain message validation, releasing funds without corresponding legitimate deposits.
Amount stolen: $3,000,000
Source: NOMINIS February 2026 report
January 31, 2026
Compromised executive devices were reportedly used to gain wallet access, resulting in treasury fund drains.
Amount stolen: $40,000,000
Source: Tom's Hardware report
January 25, 2026
The exploit affected protocol-managed liquidity positions and enabled attacker withdrawals from managed funds.
Amount stolen: $3,200,000
Source: BlockSec incident roundup
January 19, 2026
Reports attributed the incident to smart-contract weaknesses that allowed unauthorized withdrawals.
Amount stolen: $4,200,000
Source: NOMINIS January 2026 report
January 7, 2026
The exploit leveraged contract interactions that resulted in a limited but material fund loss.
Amount stolen: $230,000
Source: DeFiLlama Hacks Database
January 6, 2026
The incident involved contract abuse that enabled unauthorized asset withdrawals from Fusion by IPOR.
Amount stolen: $336,000
Source: DeFiLlama Hacks Database
October 4, 2025
A separate exploit again abused Spell contract logic, leading to an additional drain after earlier hardening steps.
Amount stolen: $1,700,000
Source: Three Sigma incident analysis
March 29, 2025
The attacker manipulated pool/accounting conditions in Venus Core Pool to extract funds from the lending market.
Amount stolen: $902,000
Source: DeFiLlama Hacks Database
March 25, 2025
An exploit in Spell-related contract flows resulted in unauthorized withdrawals and major treasury/user losses.
Amount stolen: $13,000,000
Source: CoinDesk coverage
February 11, 2025
The exploit targeted protocol contract interactions, allowing a limited but confirmed unauthorized withdrawal.
Amount stolen: $183,000
Source: Cointelegraph coverage
November 11, 2024
A third DeltaPrime incident resulted in another multi-million dollar drain through repeated contract-level abuse.
Amount stolen: $4,800,000
Source: Three Sigma incident analysis
October 16, 2024
A large follow-on Radiant V2 exploit enabled attacker-controlled borrowing/withdrawals and major protocol losses.
Amount stolen: $53,000,000
Source: Cointelegraph coverage
October 4, 2024
A separate Lava incident triggered additional unauthorized withdrawals despite prior mitigations.
Amount stolen: $130,000
Source: DeFiLlama Hacks Database
September 16, 2024
A second major DeltaPrime exploit again targeted protocol contract/accounting paths and caused larger losses.
Amount stolen: $5,980,000
Source: SC Media coverage
August 6, 2024
Compromised validator/private-key control was used to approve fraudulent bridge withdrawals at massive scale.
Amount stolen: $624,000,000
Source: Ronin post-mortem
July 23, 2024
The first DeltaPrime incident involved contract abuse that enabled attacker withdrawals from protocol liquidity.
Amount stolen: $1,000,000
Source: DeltaPrime post-mortem
June 9, 2024
Unauthorized wallet recovery activity led to losses from affected smart-wallet users in the Loopring ecosystem.
Amount stolen: $5,000,000
Source: Cointelegraph coverage
June 2, 2024
Attackers exploited Velocore V2 pool mechanics, draining liquidity across affected pairs before pause actions.
Amount stolen: $6,800,000
Source: Cointelegraph coverage
May 16, 2024
A compromised insider/private key was reportedly used to execute unauthorized transfers from protocol-controlled accounts.
Amount stolen: $2,000,000
Source: The Block coverage
April 30, 2024
Attackers exploited Pike V1 contract pathways to withdraw funds not backed by valid collateral state.
Amount stolen: $1,600,000
Source: Cointelegraph coverage
March 29, 2024
The exploit abused protocol contract logic, resulting in a smaller but confirmed drain.
Amount stolen: $340,000
Source: DeFiLlama Hacks Database
March 5, 2024
A contract exploit on WOOFi Swap enabled unauthorized swaps/withdrawals and protocol losses before mitigation.
Amount stolen: $8,500,000
Source: Cointelegraph coverage
February 28, 2024
Attackers exploited a contract vulnerability and withdrew user funds from Seneca-controlled pools.
Amount stolen: $6,500,000
Source: Cyvers incident coverage
January 30, 2024
An exploit in Spell-connected contracts enabled unauthorized borrowing/withdrawals and a multi-million dollar drain.
Amount stolen: $6,500,000
Source: The Block coverage
January 2, 2024
Attackers abused a vulnerability in Radiant V2 contract interactions to remove funds from protocol-controlled pools.
Amount stolen: $4,500,000
May 2, 2023
Decentralized exchange Level Finance has experienced a security breach allowing an attacker to steal more than $1 million of the exchange’s native Level Finance (LVL) token.
Amount stolen: $1,000,000
Source: Cointelegraph
April 28, 2023
Decentralized-finance protocol 0VIX has lost roughly $2 million in a flash-loan exploit, according to on-chain data on Polygon’s block explorer. A total of 1.45 million USDC, along with other tokens, was stolen before being bridged to the Ethereum mainnet on Stargate Finance, where it was eventually swapped for ether (ETH).
Amount stolen: $1,082,000
Source: CoinDesk
April 27, 2023
Newly launched decentralized exchange Merlin was drained of around $1.82 million from its liquidity pool on Wednesday, with auditor CertiK—who completed an audit of the DEX just before its launch—blaming “rogue developers
Amount stolen: $1,082,000
Source: Decrypt
April 15, 2023
The multi-chain lending protocol Hundred Finance disclosed Saturday that it lost around $7 million after being hacked on the Ethereum layer-2 blockchain Optimism.
Amount stolen: $7,400,000
Source: Decrypt
April 13, 2023
A bug in a token issued by decentralized finance (DeFi) protocol Yearn Finance was impacted in an exploit this morning, security firm PeckShield tweeted, leading to millions of dollars in losses. Losses could total over $11 million and occurred on Aave version 1, the data suggested. These were spread over U.S. dollar-pegged stablecoins dai (DAI), tether (USDT), USD coin (USDC), Binance USD (BUSD) and tru USD (TUSD).
Amount stolen: $11,000,000
Source: CoinDesk
April 9, 2023
Decentralized exchange SushiSwap has fallen victim to an exploit, which led to the loss of more than $3.3 million from at least one user, known as 0xSifu on Twitter. The exploit involves an approve-related bug on the RouterProcessor2 contract — which PeckShield and SushiSwap Head Chef Jared Grey recommend revoking on all chains.
Amount stolen: $200,000,000
Source: The Block
April 1, 2023
Allbridge has yet to publicly disclose how much was stolen, but blockchain security firm CertiK said the sum is close to $550,000, while PeckSheild said the exploit netted $282,889 in BUSD and $290,868 worth of Tether, totaling roughly $573,000.
Amount stolen: $573,000
Source: Cointelegraph
March 29, 2023
The Safemoon token liquidity pool (LP) was drained of nearly $9 million worth of tokens on Wednesday after attackers manipulated a faulty feature on its smart contracts. Safemoon’s SFM tokens fell over 40% in early Asian hours before slightly recovering at writing time.
Amount stolen: $200,000,000
Source: CoinDesk
March 13, 2023
Euler Finance has suffered an exploit that resulted in almost $200 million being lost. The losses occurred over four transactions in dai (DAI), wrapped bitcoin (WBTC), staked ether (sETH) and USDC, according to smart contract auditor BlockSec. The attacker used a flash loan to conduct the attack.
Amount stolen: $200,000,000
Source: CoinDesk
March 9, 2023
Hedera, the team behind distributed ledger Hedera Hashgraph, has confirmed a smart contract exploit on the Hedera Mainnet that has led to the theft of several liquidity pool tokens.
Amount stolen: n/a
Source: CoinTelegraph
March 6, 2023
PeopleDAO, a group formed to buy a copy of the U.S. Constitution, has lost 76.5 ETH ($120,000) to a social engineering hack on March 6 that targeted the project’s monthly contributor payout form on Google Sheets.
Amount stolen: $120,000
Source: The Block
February 27, 2023
BNB Chain-based DeFi protocol LaunchZone claims an exploit led to $700,000 of funds being drained from its liquidity pool, with its native token plunging in value.
Amount stolen: $700,000
Source: CoinTelegraph
February 17, 2023
The $8 million Platypus flash loan attack was made possible because of code that was in the wrong order, according to a post-mortem report from Platypus auditor Omniscia. The auditing company claims the problematic code didn’t exist in the version they audited.
Amount stolen: $8,000,000
Source: CoinTelegraph
February 13, 2023
On Feb. 13, onchain security firm Peckshield noticed a security breach on the dForce network. DForce had suffered a reentrancy hack attack on two vaults and lost about $3.65 million. After the hack, dForce immediately paused the vaults to ensure the safety of the remaining funds. In a tweet earlier today, dForce announced that the exploited funds had been fully returned to their multi-sig on both Arbitrum and Optimism.
Amount stolen: $0
Source: crypto.news
February 7, 2023
Security firm PeckShield reported that the hacker successfully drained roughly 551 BNB off CoW Swap into Tornado Cash, which was worth around $181,600 at the time of writing.
Amount stolen: $181,000
Source: CoinDesk
February 3, 2023
Crypto trading venue Orion Protocol was set to pause operations Thursday after an apparent attacker drained millions of dollars worth of cryptocurrency, according to cybersecurity firm Peckshield.
Amount stolen: $3,000,000
Source: CoinDesk
January 12, 2023
An oracle hack allowed the exploiter to manipulate the price of the AllianceBlock token, leading to an estimated $120 million loss, according to Peckshield.
Amount stolen: $120,000,000
Source: CoinTelegraph
January 12, 2023
According to a report issued by the team on Friday, DeFi digital asset lending firm LendHub has lost $6 million in digital assets on its network.
Amount stolen: $6,000,000
Source: crypto.news
December 26, 2022
Defrost Finance, which on Sunday said its V1 and V2 products had been exploited, said the hacker in the larger V1 attack has returned the funds.
Amount stolen: $0
Source: CoinDesk
December 25, 2022
Rubic, a service that allows users to swap cryptocurrencies between different exchanges, was exploited earlier Wednesday after attackers gained access to the private keys of an administrator’s wallet.
Amount stolen: $1,000,000
Source: CoinDesk
December 16, 2022
Solana-based decentralized exchange platform Raydium confirmed in a tweet on Friday that it had been the victim of an exploit. At press time, around $2 million worth of different cryptocurrencies was sitting in the account of an attacker that managed to maliciously withdraw user funds from Raydium exchange pools.
Amount stolen: $2,000,000
Source: CoinDesk
December 11, 2022
Arbitrum-based lending protocol Lodestar Finance was exploited in a flash loan attack on Dec. 10. According to Lodestar, the attacker manipulated the price of PlutusDAO’s plvGLP token before borrowing all platform liquidity using the inflated token.
Amount stolen: $5,800,000
Source: Cointelegraph
December 2, 2022
Ankr, which called itself the first “node-as-a-service
Amount stolen: $5,000,000
Source: CoinDesk
November 11, 2022
DFX Finance, a decentralized exchange protocol for fiat-pegged stablecoins, reported that it was attacked at 2:21 pm ET. An unknown attacker siphoned approximately $7.5 million from DFX, according to estimates from security researchers at BlockSec.
Amount stolen: $7,500,000
Source: The Block
November 2, 2022
Skyward finance, an IDO platform enabling fair token distribution for projects on the NEAR Protocol, has reportedly been exploited for 1.1M NEAR tokens, worth an estimated $3 million USD at time of publication.
Amount stolen: $3,000,000
November 1, 2022
Solend, a Solana-based lending protocol, reported a market manipulation attack that resulted in $1.26 million of bad debt for the protocol. The incident occurred on Wednesday, as noted by security firm PeckShield.
Amount stolen: $1,026,000
Source: The Block
October 19, 2022
Celo-based lending and borrowing protocol Moola Market had over $10 million worth of tokens stolen, and later returned, Wednesday morning after a market manipulation attack.
Amount stolen: $10,000,000
Source: CoinDesk
October 11, 2022
TempleDAO, a protocol that claims it provides sustainable income via staking, suffered a malicious exploit this morning on one of its staking vaults for 1,830 ETH, roughly $2.3 million at the time, according to data from Etherscan.
Amount stolen: $2,300,000
Source: The Block
October 11, 2022
Mango, a decentralized finance platform hosted on the Solana blockchain, has been exploited for over $100 million. The exploit was initially reported on Twitter by blockchain auditors OtterSec, who say “the attacker was able to manipulate their Mango collateral.
Amount stolen: $100,000,000
Source: CoinDesk
October 6, 2022
BNB Chain, the blockchain of crypto exchange Binance, was paused on Oct. 6 due to an exploit on its cross-chain bridge, with attackers making off with an estimated $100 million worth of cryptocurrency.
Amount stolen: $100,000,000
Source: CoinTelegraph
October 2, 2022
Transit Swap, a multichain decentralized exchange aggregator, lost roughly $21 million after a hacker exploited an internal bug on a swap contract. Following the revelation, Transit Swap issued an apology to users with efforts to track down and recover the stolen funds currently underway.
Amount stolen: $21,000,000
Source: CoinTelegraph
September 8, 2022
In September 2022, DeFi project New Free DAO was the victim of a flash loan attack. The attacker took advantage of weak reward calculation code to drain 4,481 WBNB worth approximately $1.25 million from the contract.
Amount stolen: $1,025,000
Source: Halborn
September 6, 2022
Avalanche-based lending protocol Nereus Finance has been the victim of a crafty hack that saw a user net $371,000 worth of USD Coin using a smart contract exploit. Blockchain cybersecurity firm CertiK was one of the first to detect the exploit on Tuesday, indicating that the attack impacted liquidity pools on Nereus relating to decentralized exchange (DEX) Trader Joe and automated market maker Curve Finance.
Amount stolen: $371,000
Source: CoinTelegraph
September 1, 2022
Kyber, a multi-chain decentralized finance (DeFi) platform, discovered a vulnerability to its website code that allowed exploiters to run away with approximately $265,000. Two “whale
Amount stolen: $265,000
Source: CoinDesk
August 14, 2022
On Aug. 14, a hacker took advantage of a bug on the iBTC/aUSD liquidity pool which resulted in 1.2 billion aUSD being minted without collateral. This event crashed the USD-pegged stablecoin to a cent, and in response, the Acala team froze the erroneously minted tokens by placing the network in maintenance mode.
Amount stolen: n/a
Source: Cointelegraph
August 2, 2022
The cross-chain token bridge Nomad was exploited Monday, with attackers draining the protocol of virtually all of its funds. The total value of cryptocurrency lost to the attack totaled near $200 million.
Amount stolen: $200,000,000
Source: CoinDesk
July 24, 2022
Proposals in crypto help communities make consensus-based decisions. However, for decentralized music platform Audius, the passing of a malicious governance proposal resulted in the transfer of tokens worth $6.1 million, with the hacker making away with $1 million.
Amount stolen: $6,100,000
Source: Cointelegraph
June 24, 2022
The Horizon Bridge to the Harmony layer-1 blockchain has been exploited for $100 million in altcoins which are being swapped for Ether (ETH). The hack may vindicate previously raised community concerns about the robustness of the two of four multisig that reportedly secures the bridge.
Amount stolen: $100,000,000
Source: Cointelegraph
June 16, 2022
Inverse Finance was exploited for more than $1.2 million worth of cryptocurrency on Thursday morning, on-chain data appears to show. Exploiters seemed to use a flash loan attack to trick the protocol and steal more than 53 bitcoin, worth $1.1 million, and 10,000 tether (USDT), a stablecoin backed on a 1-1 basis with U.S. dollars. The exploit comes just over two months after attackers stole $15 million worth of cryptocurrencies from Inverse Finance in a similar attack, as previously reported.
Amount stolen: $1,200,000
Source: CoinDesk
May 1, 2022
Decentralized finance (DeFi) platforms Rari Capital and Fei Protocol suffered a more-than-$80 million hack early Saturday. The hacker exploited a reentrancy vulnerability in Rari’s Fuse lending protocol, according to a tweet by smart contract analysis firm Block Sec.
Amount stolen: $80,000,000
Source: CoinDesk
April 30, 2022
Saddle Finance, a decentralized exchange for trading stablecoins, was hacked in a DeFi exploit today. The unknown hacker carried out the exploit at 07:40 AM UTC and netted over $10 million in ether cryptocurrency, according to on-chain data.
Amount stolen: $10,000,000
Source: The Block
April 28, 2022
Decentralized finance (DeFi) application Deus Finance was exploited for the second time in two months, with the attacker gaining more than $13.4 million of cryptocurrency in early Asian hours today, security researchers at PeckShield said in a tweet. The exploit occurred on the Fantom Network.
Amount stolen: $13,400,000
Source: CoinDesk
April 18, 2022
Credit-based stablecoin protocol Beanstalk Farms lost all of its $182 million collateral from a security breach caused by two sinister governance proposals and a flash loan attack.
Amount stolen: $182,000,000
Source: Cointelegraph
April 13, 2022
According to a statement by cybersecurity team BlockSec, Elephant Money DeFi protocol has fallen victim to a price manipulation attack that started with borrowed Wrapped Binance Coins (WBNB).
Amount stolen: $11,200,000
Source: U.Today
April 7, 2022
Starstream Finance had their treasury drained in an exploit and has advised anyone holding funds in AgoraDefi to withdraw them. The Team has announced this incident on their official Discord.
Amount stolen: $4,000,000
Source: CoinCodeCap
April 7, 2022
The operators of cryptocurrency play-to-earn game WonderHero have disabled the service after hackers stole about $320,000 worth of Binance Coin (BNB).
Amount stolen: $320,000
Source: The Record
April 2, 2022
Ethereum-based lending protocol Inverse Finance (INV) said Saturday it suffered an exploit, with an attacker netting $15.6 million worth of stolen cryptocurrency. According to Inverse, the attacker targeted its Anchor money market – artificially manipulating token prices to borrow loans against extremely low collateral.
Source: CoinDesk
March 29, 2022
The gaming-focused Ronin network announced Tuesday a loss of over $625 million in USDC and ether (ETH). According to a blog post published by the Ronin network’s official Substack, the exploit affected Ronin validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie DAO.
Amount stolen: $625,000,000
Source: CoinDesk
March 23, 2022
A stablecoin on the Solana blockchain has been exploited for around $52.8 million and lost practically all of its value.
Amount stolen: $52,800,000
Source: The Block
March 21, 2022
At the time of the attack, the attacker was fully prepared. Before the attack the hacker has moved funds needed for gas through the Celer Network cBridge. 15 minutes later the attacker deployed the contract that was used to drain funds from OneRing. This contract has been self-destructed however we are already working with node providers in order to get the information of the block where the contract was deployed. We believe we can find the bytecode, decompile it and at least have a brief idea on how this contract was structured.
Amount stolen: $1,400,000
Source: One Ring Finance | Medium
March 21, 2022
The Li Finance swap aggregator has experienced a smart contract exploit leading to the loss of around $600,000 from 29 users’ wallets. The exploit took place at 2:51 am UTC on Sunday. The attacker was able to extract varying amounts of 10 different tokens from wallets that had given “infinite approval
Amount stolen: $600,000
Source: Cointelegraph
March 20, 2022
On March 20, 2022, Uno Re’s partner- Umbrella Network announced that the LP tokens staked in their Polar Stream staking contracts on Ethereum and BNB Chain are drained from both of the contracts. Reportedly, the hacker then withdrew liquidity using those stolen LP tokens from both the UMB-ETH Uniswap and the UMB-BNB Pancakeswap pools.
Amount stolen: $700,000
Source: Uno.Reinsure | Medium
March 9, 2022
Fantom-based algorithmic assets protocol Fantasm Finance was exploited for over $2.6 million worth of crypto early on Thursday, with the stolen tokens swapped for ether using privacy protocol Tornado Cash.
Amount stolen: $2,600,000
Source: CoinDesk
March 3, 2022
In early Asian hours on Thursday, hackers were able to exploit a vulnerability on the protocol that allowed them to mint NFTs for no cost. Treasure asked users to delist their NFTs from the marketplace at the time. NFTs are blockchain-based representation of a digital or real-world asset.
Amount stolen: n/a
Source: CoinDesk
February 21, 2022
Dego Finance’s official Twitter handle claimed that its own address providing liquidity on popular decentralized exchanges – Uniswap and PancakeSwap – was compromised. As a result, DEGO pairs liquidity provided by the team was drained.
Amount stolen: $10,000,000
Source: CryptoPotato
February 6, 2022
With teams now using independently modified forks of ChainBridge without auditing their changes, it was only a matter of time before costly mistakes were made. In the case of Meter, their modifications to the ChainBridge code introduced a bug in the automatic wrap and unwrap of native tokens like BNB and ETH, which created an opening for a hacker to exploit.
Amount stolen: $4,300,000
Source: ChainSafe
February 3, 2022
One of the most popular cross-blockchain bridges may have been the victim of a hack worth over $326 million on Wednesday. On-chain analysts called attention to an 80,000 ether (ETH) transaction from Wormhole to an address currently in possession of over $250 million worth of ETH. According to another developer, the attacker also kept 40,000 ETH on Solana, where they have been selling for other assets.
Amount stolen: $326,000,000
Source: CoinDesk
February 3, 2022
Hackers have stolen roughly $1.9 million from South Korean cryptocurrency platform KLAYswap after they pulled off a rare and clever BGP hijack against the server infrastructure of one of the platform’s providers.
Amount stolen: $1,900,000
Source: The Record
January 28, 2022
Binance Smart Chain-based Qubit Finance was exploited for over $80 million by attackers on Friday morning, developers confirmed in a post.
Amount stolen: $80,000,000
January 10, 2022
Sports nonfungible token (NFT) minting platform and Animoca Brands subsidiary Lympo suffered a hot wallet security breach and lost 165.2 million LMT tokens worth $18.7 million at the time of the hack.
Amount stolen: $18,700,000
Source: Cointelegraph
January 1, 2022
Decentralized trading protocol Tinyman, built on Algorand, was the victim of a smart contract exploit. The protocol is estimated to have lost $3 million after all was said and done.
Amount stolen: $3,000,000
Source: BeInCrypto
December 22, 2021
The Visor team revealed that a malicious smart contract drained the protocol’s staking contract of 8,812,958 VISR tokens. At the time of the exploit, this was valued at around $8.1 million.
Amount stolen: $8,100,000
Source: BeInCrypto
December 19, 2021
Yield compounding tool Grim Finance had $30 million worth of fantom tokens stolen from its protocol after an exploit on Sunday. The project took preventive measures to stop further damage.
Amount stolen: $30,000,000
Source: CoinDesk
December 13, 2021
Earlier today, 96 private keys were stolen from the crypto gaming ecosystem Vulcan Forged, enabling the attacker to siphon off $140 million in cryptocurrency.
Amount stolen: $140,000,000
Source: The Block
December 8, 2021
8ight Finance, the OHM fork on the Harmony blockchain that saw some $1.73 million worth of stablecoins stolen from its treasury, has admitted that its “opsec was low
Amount stolen: $1,073,000
Source: FullyCrypto
December 5, 2021
By using a large number of Tripool tokens, the hacker was able to open over-collateralized positions and drain real valuable assets and withdraw them to his or her own wallet. The lost tokens are valued at $5 million.
Amount stolen: $5,000,000
Source: U.Today
December 2, 2021
On Wednesday night an attacker drained funds from the wallets of dozens of users of the Badger DAO yield vault protocol using malicious contract permissions. Blockchain data and security analytics company PeckShield has concluded that the total loss amounted to about 2,100 BTC and 151 ETH.
Amount stolen: $120,000,000
Source: CoinDesk
November 30, 2021
Decentralized finance (DeFi) lending protocol bZx was compromised for $55 million today, in what is becoming a recurring theme.
Amount stolen: $31,000,000
Source: The Block
November 5, 2021
Decentralized finance (DeFi) lending protocol bZx was compromised for $55 million today, in what is becoming a recurring theme.
Amount stolen: $55,000,000
Source: The Block
October 27, 2021
An attacker has gained over $130 million of assets in an exploit that appears to have drained Cream’s coffers.
Amount stolen: $130,000,000
Source: CoinDesk
October 20, 2021
On 20 October 2021, at 0920 UTC. A smart contract was created to exploit the Hunny TUSD vault. The Contract was subsequently executed 26 times. This is the sequence of events.
Amount stolen: $2,000,000
Source: PancakeHunny | Medium
October 15, 2021
Indexed Finance has lost over $16 million worth of users’ assets after a hacker exploited a vulnerability in the protocol’s smart contracts.
Amount stolen: $16,000,000
Source: CryptoBriefing
September 30, 2021
DeFi Money Market Compound Overpays Millions in COMP Rewards in Possible Exploit; Founder Says $80M at Risk.
Amount stolen: $80,000,000 (?)
Source: CoinDesk
September 21, 2021
Decentralized finance (DeFi) platform Vee Finance has been hit for an exploit of around $35 million in the second major attack of an Avalanche platform.
Amount stolen: $35,000,000
Source: CoinDesk
September 20, 2021
An unidentified hacker has stolen 277 wrapped Bitcoin, currently worth around $12.5 million, by exploiting a bug in decentralized finance (DeFi) interoperability protocol pNetwork, its developers disclosed on Sunday.
Amount stolen: $12,000,000
Source: Decrypt
September 16, 2021
The SushiSwap decentralized exchange has narrowly avoided becoming the latest decentralized finance hack victim thanks to assistance from a white hat hacker. A security researcher from venture capital firm Paradigm, known on Twitter as Samczsun, has managed to save SushiSwap and its Miso platform from a potential loss of as much as 109,000 Ether (ETH).
Amount stolen: n/a
Source: Cointelegraph
September 12, 2021
Avalanche-Based Zabu Finance Sees $3.2M Hack. The attacker used Zabu’s “Transfer Tax
Amount stolen: $3,200,000
Source: CoinDesk
September 4, 2021
DaoMaker was exploited for ~$4m. They left the `init` function unprotected. The attacker re-initialized the contract with malicious data and then called `emergencyExit` to get away with the funds.
Amount stolen: $4,000,000
Source: @Mudit__Gupta
August 30, 2021
An unknown hacker has managed to gain $18.8 million in the latest flash loan exploit of the Cream Finance protocol through a reentrancy bug introduced by the Amp (AMP) token, according to an investigation by blockchain security firm Peckshield.
Amount stolen: $19,000,000
Source: Cointelegraph
August 12, 2021
According to a report from DAO Maker CEO Christoph Zaknun, hackers were able to remove roughly $7 million in USD Coin (USDC) from 5,251 user accounts. Despite the name, DAO Maker has no apparent connection to MakerDAO, the decentralized finance, or DeFi, protocol behind the stablecoin Dai (DAI).
Amount stolen: $7,000,000
Source: Cointelegraph
August 10, 2021
Multi-chain interoperability protocol Poly Network fell victim to an exploit today, resulting in the loss of roughly $600 million worth of various cryptocurrencies, the platform’s developers revealed.
Amount stolen: $268,000,000
August 10, 2021
On Aug 10th, Punk Protocol was hacked for $8.95M, ~$5M of which was later returned. The platform planned to offer a DeFi annuity scheme backed by ETH, WBTC and stablecoins.
Amount stolen: $3,950,000
Source: REKT
August 3, 2021
Popsicle Finance, a multi-chain yield-generating crypto project, has melted under the heat of a new exploit. The $25 million heist was revealed by security researcher Mudit Gupta, who said “the hack was complex but the bug was simple.
Amount stolen: $25,000,000
Source: Decrypt
July 23, 2021
Thorchain has been exploited for the third time in a month, bringing total losses to around $13 million. The platform, which looks after $100 million in funds, is designed for exchanging crypto tokens across different blockchains.
Amount stolen: $13,000,000
Source: The Block
July 16, 2021
PolyBunny, a yield farming protocol running on the Polygon network and QuickSwap decentralized exchange (DEX) based on Ethereum (ETH), got exploited for $2.4 million on July 16.
Amount stolen: $2,400,000
Source: CryptoSlate
July 15, 2021
THORChain has suffered another unfortunate exploit — the second this month.
Amount stolen: $4,900,000
Source: RUNEBase
July 15, 2021
Decentralized e-commerce platform Bondly Finance is the latest decentralized finance (DeFi) platform to suffer an alleged exploit. The developer team advised the DeFi community to stop trading Bondly, the platform’s native token, following a suspected exploit on Thursday.
Amount stolen: n/a
Source: Cointelegraph
July 10, 2021
crypto projects that had used ChainSwap to launch Ethereum tokens on Binance Smart Chain lost millions to an attacker whose address now holds about $4.4 million.
Amount stolen: $4,400,000
Source: Decrypt
July 2, 2021
On July 2nd, the project announced that its smart contract was compromised and the hackers drained around $800,000 worth of assets from users’ wallets.
Amount stolen: $800,000
Source: CryptoPotato
June 28, 2021
$140k in funds were taken by a targeted exploit on a logic error in the ETH Bifrost. The network was halted by nodes and patched. Swaps were re-enabled 6 hours later.
Amount stolen: $139,000
Source: THORChain | Medium
June 28, 2021
According to the contract address on the Polygon Scan dashboard, $248,000 in USDC and Tether was withdrawn from the protocol on June 28.
Amount stolen: $248,000
Source: BeInCrypto
June 22, 2021
Eleven Finance was exploited to drain a number of vaults at the loss of about $4.6 million. The incident was due to a bug that allows the attacker to withdraw funds without burning any shares. While it appears to be a flashloan attack, it is a flashswap-assisted one.
Amount stolen: $4,600,000
Source: PeckShield
June 21, 2021
Decentralized finance (DeFi) protocol Impossible Finance has lost as much as $500,000 in user funds during a flash loan attack today. The attack on Impossible Finance’s liquidity pool occurred at around 4:40 AM UTC on June 21 and resulted in a loss of 229.84 ETH (about $0.5 million at the time).
Amount stolen: $500,000
Source: Decrypt
June 16, 2021
This morning, Alchemix announced that the contracts for one of their synthetic assets, alETH, had experienced an “incident.
Amount stolen: n/a
Source: Cointelegraph
May 28, 2021
Belt Finance, a platform that provides automated market making for decentralized finance (DeFi), was hacked Saturday in a flash loan attack that resulted in a profit of $6.23 million for the perpetrator and an overall $50 million loss for the platform.
Amount stolen: $50,000,000
Source: CoinDesk
May 28, 2021
According to The Block Research’s Igor Igamberdiev, an attacker used flash loans to exploit the protocol for $7.2 million. Flash loans are blockchain-based loans where large amounts of tokens are borrowed, used for some purpose and repaid — all in the same transaction.
Amount stolen: $7,200,000
Source: The Block
May 27, 2021
Preliminary results show that BNT-ETH was the only exploited pool. Total amount is 125,585 BNT (~ $637k). The attacker has returned the BNT. All funds have been recovered with zero losses.
Amount stolen: n/a
May 26, 2021
A total of $330k was stolen, bringing their TVL (total value lost) to $1,560,000, and putting them on par with Value DeFi as one of the few protocols to be so unsafe that they have three positions onto the rekt leaderboard.
Amount stolen: $330,000
Source: REKT
May 26, 2021
Just 8 hours after the first attack, they lost another ~200 ETH to a completely different exploit.
Amount stolen: $550,000
Source: REKT
May 26, 2021
On May 26, 2021, 03:59:05 AM +UTC, less than 48 hrs after the Autoshark hack. Merlin Lab, (another fork of PancakeBunny), was attacked in a similar fashion to the Bunny and the Autoshark hack. As a result, the hacker was able to remove ~240 ETH (~680K USD).
Amount stolen: $680,000
Source: REKT
May 24, 2021
Flash loan attacks on the Binance Smart Chain (BSC) are becoming an everyday affair now. DeFi protocols are becoming much more vulnerable to attackers exploiting the (BSC) platform. In a third flash-loan-attack incident within a week’s time, AutoShark Finance has been the latest victim.
Amount stolen: $822,000
Source: CoinGape
May 19, 2021
Venus Protocol faced massive liquidations of over $200 million on Wednesday due to a possible price manipulation of its native XVS token.
Amount stolen: n/a
Source: The Block
May 19, 2021
Popular Binance Smart Chain-based decentralized finance protocol PancakeBunny has suffered a major exploit that allowed a hacker to make off with more than $200 million worth of crypto assets.
Amount stolen: $200,000,000
Source: Cointelegraph
May 16, 2021
bEarn Fi, a cross-chain auto yield farming protocol, was exploited earlier Sunday, resulting in a loss of almost $11 million, according to China-based blockchain analysis firm PeckShield.
Amount stolen: $11,000,000
Source: CoinDesk
May 12, 2021
Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
Amount stolen: $24,500,000
Source: CoinDesk
May 8, 2021
Rari Capital announced there was an exploit in the Rari Capital ETH Pool related to its Alpha Finance Lab integration. According to Etherscan, $15 million worth of ether was taken.
Amount stolen: $15,000,000
Source: CoinDesk
May 2, 2021
Spartan Protocol, a decentralized protocol built on Binance Smart Chain for incentivized liquidity and synthetic assets, was exploited earlier Sunday UTC due to “a flawed liquidity share calculation
Amount stolen: $30,000,000
Source: CoinDesk
April 28, 2021
Uranium Finance, an automated market maker platform on the Binance Smart Chain, has reported a security incident that resulted in a loss of about $50 million.
Amount stolen: $50,000,000
Source: Cointelegraph
April 19, 2021
EasyFi, a decentralized finance (DeFi) Polygon Network-powered protocol, has reported suffering a hack Monday of over $80 million.
Amount stolen: $80,000,000
Source: CoinDesk
April 4, 2021
According to a chain of tweets by Mudit Gupta, blockchain team lead at blockchain software company Polymath, there were five attackers, one of whom later returned his share of the stolen funds. The others, however, made off with FORCE tokens worth about US$376,000.
Amount stolen: $376,000
Source: CoinDesk
March 18, 2021
TurtleDex, a decentralized finance (DeFi) file storage project on the Binance Smart Chain (BSC), is believed to have pulled a rugpull exit scam yesterday when more than $2.4 million in funds were drained from trading pools on major BSC DeFi exchanges Ape Swap and Pancake Swap.
Amount stolen: $2,400,000
Source: Decrypt
March 16, 2021
Iron Finance is a partially collateralized stablecoin platform based on the Binance Smart Chain (BSC). It reported that on March 16, two Iron Finance vFarm pools were “subject to an incident
Amount stolen: $170,000
Source: BeInCrypto
March 14, 2021
Roll, a platform for issuing social tokens on the Ethereum network, suffered an apparent exploit on Sunday, resulting in the theft and subsequent sale of tokens.
Amount stolen: $5,700,000
Source: The Block
March 8, 2021
Decentralized finance (DeFi) platform DODO has been hacked for approximately $3.8 million worth of tokens.
Amount stolen: $1,910,000
Source: CoinDesk
March 5, 2021
PAID Network, a crypto project that utilizes an Ethereum-based token, has suffered a contract exploit, resulting in the minting of nearly $160 million worth of tokens by the attacker.
Amount stolen: $160,000,000
Source: The Block
March 4, 2021
Meerkat Finance, a decentralized finance project, has just said it has been drained by $31 million worth of crypto assets due to a hack. But on-chain data shows it may not be as simple as that.
Amount stolen: $31,000,000
Source: The Block
February 13, 2021
In one of the largest exploits of the DeFi era, this morning an attacker successfully drained over $37 million from Alpha Homora by leveraging Cream’s Iron Bank protocol-to-protocol lending platform.
Amount stolen: $37,000,000
Source: Cointelegraph
February 12, 2021
In this exploit, the exploiter(s) made a total profit of 31.87renBTC and 211 ETH, and used REN and Tornado.Cash to transfer assets anonymously.
Amount stolen: $1,500,000
Source: BT Finance | Medium
February 8, 2021
By forcing the staker contract to accept a liquidity pair containing a fake token, the attacker was able to remove $1.3 million in liquidity. The attacker created a fake token called AXZ and supplied rAXZZ/GRO liquidity. He then staked it in the contract and pulled out the other pair.
Amount stolen: $1,300,000
Source: REKT
February 4, 2021
DeFi yield farming project Yearn Finance has been hit by an exploit that has affected a DAI lending pool.
Amount stolen: $11,000,000
Source: Decrypt
January 19, 2021
DeFi protocol Saddle Finance was launched on Jan. 20, with the aim of alleviating the problematic spread between stablecoins and wrapped or tokenized crypto assets. Within a few hours of going live, however, whales had taken advantage of the new protocol by arbitraging for huge profits.
Amount stolen: $275,000
Source: BeInCrypto
December 28, 2020
Decentralized finance (DeFi) protocol Cover, which recently merged with Yearn.Finance, has just been exploited.
Amount stolen: $5,000,000
Source: The Block
December 18, 2020
Decentralized finance (DeFi) lending protocol Warp Finance has experienced a flash loan attack that resulted in a loss of $7.7 million worth of stablecoins.
Amount stolen: $7,700,000
Source: The Block
November 21, 2020
The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack.
Amount stolen: $30,000,000
Source: Decrypt
November 17, 2020
Stablecoin project Origin Dollar (OUSD) sustained a re-entrancy attack at 00:47 UTC Tuesday resulting in a loss of funds worth $7 million, including over $1 million deposited by Origin and its founders and employees.
Amount stolen: $7,000,000
Source: CoinDesk
November 14, 2020
Value DeFi was exploited for approximately $6 million earlier Saturday, possibly due to a flash loan attack, a scheme often seen in the fast-growing DeFi sector.
Amount stolen: $6,000,000
Source: CoinDesk
November 12, 2020
Decentralized finance (DeFi) protocol Akropolis lost $2 million in DAI in an exploit on Thursday morning.
Amount stolen: $2,000,000
Source: The Block
October 26, 2020
An arbitrage trade exploiting weak points in decentralized finance (DeFi) protocol Harvest Finance led to some $24 million in stablecoins being siphoned away from the project’s pools on Monday, according to CoinGecko.
Amount stolen: $24,000,000
Source: CoinDesk
October 11, 2020
Wrapped Leo (WLEO) and its investors have been named recent victims of hackers after the team confirmed in a blog post earlier today that about $42,000 was drained from the DeFi project.
Amount stolen: $42,000
Source: Cryptopolitan
September 29, 2020
Experimental DeFi platform Yearn Finance cultists were hit with losses this morning after an unidentified hacker exploited a smart contract vulnerability in Eminence, an upcoming gaming project built by Yearn founder Andre Cronje.
Amount stolen: $15,000,000
Source: Decrypt
September 13, 2020
Decentralized finance (DeFi) lending protocol bZx was attacked once again last night and lost a little over $8 million due to a faulty code in its smart contracts.
Amount stolen: $8,000,000
Source: The Block
September 7, 2020
An anonymous user has revealed how he made $250k in profits from a minor investment in a cloned version of Yearn.finance called Soft Yearn (SYFI).
Amount stolen: $250,000
Source: Cointelegraph
August 4, 2020
Attackers raided the decentralized finance (DeFi) protocol Opyn yesterday, making off with over 370,000 USDC. Opyn, which deals primarily with options for ETH, was subject to a double-spend attack.
Amount stolen: $370,000
Source: Decrypt
June 29, 2020
Balancer Pool admitted early Monday morning it had fallen victim to a sophisticated hack that exploited a loophole, tricking the protocol into releasing $500,000 worth of tokens.
Amount stolen: $500,000
Source: CoinDesk
April 19, 2020
The total value locked in the dForce ecosystem was down by 100% to $6 over the past 24 hours, per DeFi Pulse data. A day ago, the total value locked in the system was $24.9 million.
Amount stolen: $24,900,000
Source: The Block
February 28, 2020
Furucombo, a drag and drop tool for users to create DeFi transactions, has been exploited. The exploiter has stolen roughly $14M in ETH and ERC-20 tokens.
Amount stolen: $14,000,000
Source: The Block
February 15, 2020
In the last four days, the bZx DeFi trading protocol was exploited twice; the first attack was executed over Valentine’s Day and yielded ~1,271 ETH, while the second one was just last night and made ~2,378 ETH. That’s about $320,000 and $600,000, respectively, with ETH at $250.
Amount stolen: $900,000
Source: The Defiant
January 11, 2020
when Fulcrum team released their own Flash Loans feature on the Ethereum Mainnet, and we happened to find a very critical vulnerability in it. We discovered that $2.5M of user funds from 3 pools could be stolen within a single transaction..
Amount stolen: $2,500,000
Source: 1inch Network
A Smart Contract flaw has seen Levyathan mint limitless tokens and endure a cataclysmic price drop. Leviathan’s (LEV) token price fell from $0.15 to an unthinkable $0.00000147 at the time of writing according to CoinGecko data.
Amount stolen: n/a
Source: BSC NEWS