2016 hack event(s)
Description of the event: The Holdstation team has confirmed on X that its DeFAI Smart Wallet product experienced a security incident. According to the latest update, the total loss has been confirmed at approximately 462,000 USDT. The team stated that they are currently investigating the root cause of the incident and strengthening multiple layers of security protections. They have also begun formulating a compensation plan, with detailed arrangements and an execution timeline to be announced to the community at a later stage.
Amount of loss: $ 462,000 Attack method: Unknown
Description of the event: WLFI announced on X that USD1 experienced an organized attack this morning. The attackers reportedly compromised the accounts of several WLFI co-founders, paying influencers to spread FUD (Fear, Uncertainty, and Doubt) and heavily shorting $WLFI in an attempt to profit from artificially created market chaos. WLFI stated that the operation failed. Thanks to USD1’s robust minting and redemption mechanisms and its 100% 1:1 asset backing, USD1 remains stable and is currently trading near its par value. The team emphasized that no bad actors can shake their long-term commitment to USD1. Meanwhile, WLFI reminded users to obtain accurate information only through officially verified channels and to be wary of misleading content.
Amount of loss: - Attack method: Social Engineering
Description of the event: The IoT-focused public chain IoTeX suffered a professional hacker attack caused by a private key compromise of the ioTube bridge’s Ethereum-side validator owner. This allowed the attacker to gain administrative privileges and illicitly extract assets from the token safe. According to the official confirmation on February 24, the incident resulted in approximately $4.4 million in asset losses (including USDC, USDT, IOTX, and WBTC). The hacker converted most of the stolen funds into roughly 2,183 ETH and bridged them to the Bitcoin network via THORChain (with approximately 66.6 BTC currently tracked). The IoTeX team has implemented security enhancements and address blacklisting via the v2.3.4 mainnet upgrade. They have also issued an on-chain ultimatum: the attacker can receive a 10% white-hat bounty (approx. $440,000) and be exempted from legal liability if the funds are returned within 48 hours. A compensation plan for affected users is currently being finalized.
Amount of loss: $ 4,400,000 Attack method: Private Key Leakage
Description of the event: According to Decrypt, the DeFi lending protocol Moonwell incurred approximately $1.78 million in bad debt due to an oracle configuration error.
Amount of loss: $ 1,780,000.00 Attack method: Oracle Misconfiguration
Description of the event: Arbitrum has issued a security alert: The official X account for Arbitrum Governance (@arbitrumdao_gov) has been compromised. Do not click on any links posted by this account or engage with it. The team is working to restore access and will provide further updates soon.
Amount of loss: - Attack method: Account hacked
Description of the event: The cross-chain liquidity protocol CrossCurve (formerly EYWA) has confirmed that its cross-chain bridge protocol is under attack, due to a vulnerability in its smart contract that was exploited, resulting in the theft of approximately USD 3 million across multiple networks. Blockchain security firm Defimon Alerts identified that the attack vector exploited a gateway verification bypass vulnerability in CrossCurve’s ReceiverAxelar contract. Analysis shows that anyone could use a forged cross-chain message to call the contract’s expressExecute function, thereby bypassing the intended gateway verification and triggering unauthorized token unlocks on the protocol’s PortalV2 contract. Subsequently, CrossCurve issued a security update regarding the $EYWA token, stating that the exploitation has been successfully contained.
Amount of loss: $ 3,000,000 Attack method: Smart Contract Vulnerability
Description of the event: Step Finance has issued a statement on X regarding a recent exploit, disclosing that approximately $40 million was stolen from its treasury due to a compromise of an executive's device. Upon detecting the vulnerability, Step Finance launched an investigation in collaboration with cybersecurity researchers and relevant authorities, and has notified law enforcement. While certain operations were temporarily suspended during this period, the team has successfully recovered approximately $3.7 million in Remora assets and $1 million in other positions.
Amount of loss: $ 40,000,000 Attack method: Supply Chain Attack
Description of the event: According to BlockSec monitoring, an unknown contract on the BSC network was exploited. The attacker leveraged a design flaw in the “burn pair” mechanism to execute two reverse swaps, resulting in losses of approximately $100,000. The attacker first drained PGNLZ tokens, then triggered PGNLP burns and price manipulation, ultimately siphoning off most of the USDT from the liquidity pool.
Amount of loss: $100,000 Attack method: Contract Vulnerability
Description of the event: Solar, the official Solana Mandarin community, highly suspects its official X account (@Solana_zh) has been hacked. The team currently lacks access and is working urgently with X support to resolve the issue. Recovery time is TBD.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to PeckShield, Matcha Meta reported that SwapNet suffered a security breach, with losses reaching $16.8 million. The attacker swapped approximately 10.5 million USDC for around 3,655 ETH on Base, and has begun bridging the funds to Ethereum. BlockSec’s analysis indicates that the affected contract is not open-sourced and appears to contain an arbitrary call vulnerability. The attacker abused existing token approval mechanisms to execute transferFrom operations and steal assets. The cumulative losses are estimated at $13.37 million on Base, $3.53 million on Ethereum, $125,000 on Arbitrum, and $15,000 on BSC.
Amount of loss: $ 16,800,000 Attack method: Contract Vulnerability
Description of the event: Aperture Finance posted on X stating that it has detected an exploit affecting Aperture V3/V4 contracts. To prevent new approvals, core functionalities have been suspended in the front-end application, and the team is working with security partners to investigate the root cause of the incident. Previously, Aperture Finance suffered an attack with losses totaling approximately $3.67 million. On February 5, according to monitoring by PeckShield, a labeled attacker address related to Aperture Finance has deposited 1,242.7 ETH (approximately $2.4 million) into the privacy protocol Tornado Cash.
Amount of loss: $ 3,670,000 Attack method: Contract Vulnerability
Description of the event: Scroll alerted on X that the X account of co-founder @shenhaichen has been compromised. They are actively working to recover the account and advise users not to interact with any links or direct messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to an official announcement from Saga, the SagaEVM chain has suffered an attack involving a series of malicious contract deployments, cross-chain operations, and liquidity withdrawals. The attacker transferred approximately $7 million worth of USDC, yUSD, ETH, and tBTC, which have since been consolidated into ETH and sent to the address 0x2044…6ecb. Following the incident, SagaEVM was halted at block height 6,593,800. The Saga team is currently working with exchanges and cross-chain bridge providers to block the attacker’s address. A comprehensive technical post-mortem will be released in due course. The Saga SSC mainnet and other chains remain unaffected.
Amount of loss: $7,000,000 Attack method: Unknown
Description of the event: According to an announcement from Paradex, the internal systems of the Mithril trading bot were compromised by an attacker, resulting in the exposure of approximately 57 user subkeys. While these subkeys do not allow withdrawals, they grant trading permissions and are commonly used to connect third-party applications and trading bots. Paradex has suspended all XP transfers and revoked all subkeys associated with Mithril. The affected users are limited to accounts that had previously authorized the Mithril bot. The team also reminded users to exercise caution when authorizing third-party services and to independently assess the associated risks.
Amount of loss: - Attack method: Unknown
Description of the event: According to a BlockSec alert, the SynapLogic contract lacked critical parameter validation in the swapExactTokensForETHSupportingFeeOnTransferTokens function, allowing attackers to manipulate the whitelist logic and designate arbitrary recipient addresses. In addition, the contract failed to verify whether the total amount of native tokens distributed exceeded the actual payment made, enabling attackers to withdraw excess native tokens while simultaneously receiving newly minted SYP, resulting in losses of approximately $186,000.
Amount of loss: $ 186,000 Attack method: Smart Contract Vulnerability
Description of the event: According to PeckShieldAlert monitoring, the Makinafi protocol was exploited by hackers, resulting in a loss of approximately 1,299 ETH (about $4.13 million). The stolen funds are currently held in two addresses: 0xbed2...dE25 (around $3.3 million) and 0x573d...910e (around $880,000). News on January 23: Makina, a DeFi execution engine, posted on X stating that at 21:15 on January 22, the MEV Builder returned funds according to the SEAL Safe Harbor, deducting a 10% bounty. Approximately 920 ETH (out of 1,023 ETH collected) was returned, accounting for a portion of the total ~1,299 ETH stolen. The funds have been transferred to the recovery multi-sig address 0xc22F...8AB9. The team is continuing to pursue the remaining funds and is seeking to contact the RocketPool validator address 0x573D...910E, which received approximately 276 ETH.
Amount of loss: $ 4,130,000 Attack method: Oracle Price Manipulation Attack via Flash Loan
Description of the event: The FutureSwap protocol deployed on Arbitrum was exploited again via a reentrancy vulnerability, following its first attack four days ago, resulting in a loss of approximately $74,000. The attacker had previously abused the reentrancy function 0x5308fcb1 three days earlier to over-mint LP tokens, and after the cooldown period expired, redeemed the excess collateralized assets to realize profit.
Amount of loss: $ 74,000 Attack method: Reentrancy Attack
Description of the event: The blockchain verification protocol Truebit was suspected to have been hacked, losing 8,535 ETH, valued at approximately $26.44 million.
Amount of loss: $ 26,440,000 Attack method: Unknown
Description of the event: The Polymarket-based trading bot project Polycule has been hacked. The Polycule team stated that approximately $230,000 in user funds were affected in this incident. The related bots have been taken offline, and patching and security audits are expected to be completed before the end of this week.
Amount of loss: $ 230,000 Attack method: Contract Vulnerability
Description of the event: CertiK Alert tweeted that the X account of Darren Lau, founder of The Daily Ape, has been compromised by hackers. The CertiK security team warns users not to click any links or approve any transactions before control of the account is restored, and to remain vigilant.
Amount of loss: - Attack method: The X account was hacked