2034 hack event(s)
Description of the event: According to monitoring by BlockSec Phalcon, a suspicious transaction targeting an unknown contract (Stake) on the BSC chain has been detected, resulting in a loss of approximately $133,000. The attacker exploited a spot price dependency vulnerability within the Stake contract. By manipulating the price of TUR in the TUR-NOBEL pool and subsequently staking TUR, the attacker triggered reward calculations based on the artificially inflated price. They then claimed the amplified rewards through a referral account and ultimately profited by swapping the stolen TUR for USDT.
Amount of loss: $ 133,000 Attack method: Oracle Manipulation
Description of the event: According to The Block, DeFi lending protocol Moonwell is facing a governance attack on its Moonriver deployment, where an unknown attacker spent approximately $1,800 to acquire 40 million MFAM tokens and managed to buy, propose, and pass a initial vote within just 11 minutes. The attacker is seeking to transfer administrative control of seven lending markets, the comptroller, and the oracle to a malicious contract, which would enable the extraction of roughly $1.08 million in user funds. Although the proposal reached a quorum early on, "No" votes have since taken the lead, and while the voting is set to continue until March 27, the final outcome remains dependent on the remaining votes and community coordination.
Amount of loss: - Attack method: Governance Attack
Description of the event: SlowMist's CISO 23pds warned on X: "A major supply chain attack has hit LiteLLM (97M monthly downloads) via PyPI. Simply executing pip install litellm allows attackers to steal sensitive data: SSH keys, cloud logins (AWS/GCP/Azure), K8s configs, Git credentials, API keys, shell history, crypto wallets, and DB passwords."
Amount of loss: - Attack method: PyPI Supply Chain Attack
Description of the event: According to BlockSec Phalcon's monitoring, the BCE-USDT pool on PancakeSwap (BSC chain) was exploited a few hours ago, resulting in a loss of approximately $679,000. The root cause lies in a vulnerability within the BCE token's burn mechanism. The attacker deployed two malicious contracts to bypass buy/sell restrictions and trigger the token burn, ultimately extracting about $679,000 from the pool by manipulating its reserves.
Amount of loss: $ 679,000 Attack method: AMM Reserve Manipulation
Description of the event: PeckShield alerted on X that Resolv Labs’ stablecoin, $USR, has seen multiple suspicious large-scale minting events. A total of $80 billion worth of USR has been minted so far.
Amount of loss: - Attack method: Unknown
Description of the event: The DeFi protocol Neutrl announced on platform X that its frontend appears to have been compromised and that the team is conducting an urgent investigation. Out of an abundance of caution, the official advisory recommends that users refrain from interacting with the website until further updates are released. Additionally, Neutrl urged users to immediately revoke Permit2 approvals for relevant addresses via Revoke.cash. Users were also reminded to check and revoke approvals granted to other suspicious addresses to mitigate potential asset risks.Subsequently, Neutrl's preliminary investigation revealed that the DNS provider hosting the application's domain was subjected to a social engineering attack, resulting in the redirection of the domain by the attackers.
Amount of loss: - Attack method: DNS Hijacking
Description of the event: dTRINITY disclosed on X that yesterday, the dLEND deployment on Ethereum suffered its first deposit inflation attack. This incident drained the dUSD liquidity in the lending pool, resulting in approximately $257,000 in bad debt.The protocol has been temporarily paused, and the team is actively working on remediation measures. They have committed to covering 100% of the losses using internal funds. Repayment of the bad debt will begin within 24 hours of the announcement, after which dLEND is expected to resume operations.Deployments of dTRINITY on Fraxtal and Katana were not affected, and user funds remain safe. Each deployment maintains isolated reserves, collateral, and lending pools across different chains.
Amount of loss: $ 257,000 Attack method: Deposit Inflation Attack
Description of the event: An attacker exploited a vulnerability in the Venus Protocol, utilizing flash loans to acquire a substantial amount of assets. In this attack, the attacker’s address (0x1a35...6231) successfully obtained 20 BTC, 1.5 million CAKE, and 200 BNB, with a total value exceeding $3.7 million. To execute the operation, the attacker used a large quantity of THE tokens as collateral to borrow CAKE, BTCB, and BNB, triggering continuous liquidations of THE tokens. According to the latest investigation by Allez Labs, the risk management team for Venus Protocol, the attack originated from manipulation of the supply cap in the BNB Chain core pool. Starting in June 2025, the attacker gradually accumulated THE tokens, increasing their holdings over nine months to 84% of the supply cap (approximately 14.5 million THE). Subsequently, the attacker bypassed the normal deposit process by directly transferring tokens to the protocol contracts, completely circumventing the supply cap and ultimately establishing a position of 53.2 million THE—3.67 times the designated limit. Exploiting the low on-chain liquidity of THE tokens, the attacker manipulated the TWAP oracle, driving THE’s price from $0.27 to $0.53, thereby borrowing significant amounts of other assets. At its peak, the attacker used 53.2 million THE as collateral to borrow 6.67 million CAKE, 2,801 BNB, 1,970 WBNB, 1.58 million USDC, and 20 BTCB. To prevent further losses, Venus Protocol has suspended borrowing and withdrawal functionalities for markets involving THE assets, as well as other markets with highly concentrated liquidity, such as BCH, LTC, UNI, AAVE, FIL, and TWT. However, other Venus markets remain unaffected and continue to operate normally. Venus stated it will continue collaborating with security partners to conduct a thorough investigation of the incident and provide timely updates.
Amount of loss: $ 2,150,000 Attack method: Flash Loan assisted Oracle Manipulation Attack
Description of the event: According to monitoring by BlockSec Phalcon, the DBXen contract was attacked this morning, with estimated losses of approximately $150,000.The root cause lies in a sender identity inconsistency within the ERC-2771 meta-transaction mechanism.
Amount of loss: $ 150,000 Attack method: Logic Vulnerability
Description of the event: The AM/USDT pool on the BSC chain was exploited several hours ago, with estimated losses of approximately $131,000. The root cause lies in a vulnerability within the burn mechanism, which was exploited to manipulate the AM reserves in the pool and artificially inflate the token price. The attacker first manipulated the toBurnAmount and then triggered the burn logic after the AM balance in the pool had been adjusted. This drove the AM reserves down to an unnaturally low level, allowing the attacker to sell AM back to the pool at an inflated price to realize a profit.
Amount of loss: $ 131,000 Attack method: Leveraging flash loans for reserve manipulation
Description of the event: BONKfun announced on X that its official website fell victim to a malicious social engineering attack on March 11. The attacker hijacked the BONKfun domain via the Domain Name Service (DNS) provider and transferred it to an external registrar. The team confirmed that the incident was not caused by a breach of BONK or BONKfun’s internal systems, codebases, or team accounts. Following the incident, the team took immediate action: shutting down the website, coordinating with wallet service providers to flag the domain as malicious, and containing the impact on users. The attack resulted in approximately $30,000 in customer losses; the team will compensate affected users at 110% to cover potential opportunity costs. Control over the BONKfun domain and registration was fully restored around 5 PM ET on March 18. Major wallet provider functionalities were restored by the evening of March 19, and the website is now securely back online. As some antivirus software still flags the main domain as a risk, the team is actively addressing the issue. For users unable to access the official site due to antivirus blocks, a backup domain with identical functionality is now live and available for use.
Amount of loss: $ 30,000 Attack method: Social Engineering Attack➕Domain Hijacking➕Phishing
Description of the event: The NFT platform Gondi recently suffered a smart contract vulnerability attack, resulting in the theft of approximately 78 NFTs, with losses of about $230,000. According to an official announcement from Gondi, the attack is related to the new Sell & Repay contract deployed on February 20. Its Purchase Bundler function contained a logical flaw and failed to properly verify whether the caller was the legitimate owner or borrower of the NFT. The stolen NFTs include 44 Art Blocks, 10 Doodles, and 2 Beeple artworks, among others.
Amount of loss: $ 230,000 Attack method: Contract Vulnerability
Description of the event: According to BlockSec Phalcon's monitoring, a suspicious transaction targeting the MT-WBNB liquidity pool on BSC was detected several hours ago, resulting in an estimated loss of approximately $242,000. The root cause lies in a flaw within the buyer restriction mechanism: under deflationary mode, normal buy orders were reverted; however, the router and pair addresses were whitelisted. The attacker bypassed these restrictions by swapping and removing liquidity through the router to acquire MT tokens from the pair. Subsequently, the attacker sold MT to accumulate a pendingBurnAmount and invoked the distributeFees() function to directly burn MT from the trading pair, artificially inflating the price. This allowed the attacker to swap MT back for WBNB to realize a profit. Furthermore, a referral rule that allowed the transfer of the first 0.2 MT to bypass buyer restrictions enabled the attacker to initiate the exploit.
Amount of loss: $ 242,000 Attack method: Burn Mechanism Manipulation
Description of the event: The Bitcoin staking protocol Solv Protocol stated on X that its BRO Vault experienced a limited exploit. Fewer than 10 users were affected, with a loss of 38.0474 SolvBTC (approximately $2.7 million). Other vaults and user funds were not impacted, and mitigation measures have already been implemented to prevent similar incidents. The team has committed to fully covering the losses of the affected users. They also told the attacker that a 10% white-hat bounty will be offered if the funds are returned promptly. The attacker can contact the team via direct message or by sending an on-chain message to a designated address.
Amount of loss: $ 2,700,000 Attack method: Contract Vulnerability
Description of the event: According to BlockSec Phalcon’s monitoring, its system detected a suspicious transaction targeting an Inverse Finance contract on Ethereum several hours ago, resulting in a loss of approximately $240,000. The incident appears to involve DOLA price manipulation, which forced multiple users to liquidate their positions.
Amount of loss: $ 240,000 Attack method: Unknown
Description of the event: Bitcoin payment service provider Bitrefill disclosed on X that it suffered a cyberattack on March 1, 2026, resulting in a customer data breach. The attack originated from a compromised employee laptop, which allowed the attacker to access parts of the company’s databases and cryptocurrency wallets.The investigation indicates that the attack methods closely resemble those previously used by the North Korean DPRK Lazarus Group / Bluenoroff hacking organization in targeting crypto companies.Approximately 18,500 purchase records were affected, involving limited customer information such as email addresses, crypto payment addresses, and IP metadata. Among these, around 1,000 records contained customer names stored in encrypted form, which may also have been accessed.Bitrefill stated that customers do not need to take specific action but are advised to remain vigilant for any suspicious communications.The company added that the affected systems have been shut down and isolated, and it is working with security experts, on-chain analysts, and law enforcement agencies. Operations have now largely returned to normal.Bitrefill emphasized that it remains financially strong and profitable, capable of absorbing the losses from this incident, and will continue strengthening its cybersecurity measures, including internal access controls, monitoring, and incident response mechanisms.
Amount of loss: - Attack method: Endpoint Compromise via Social Engineering
Description of the event: Stake Nova suffered a loss of approximately $137,014, representing about 95% of user deposits. The root cause was an unchecked validation issue in the RedeemNovaSol() function, which led to a flash-loan exploit that drained the liquidity pool. The vulnerability has now been fixed, the dApp has been taken offline, and the website is currently under maintenance. The team is offering a 10% on-chain bounty to the attacker; otherwise, they stated they will continue to pursue accountability.
Amount of loss: $ 137,014 Attack method: Business Logic Vulnerability
Description of the event: The privacy gaming platform FOOMCASH was attacked on Base and Ethereum, resulting in a loss of 24,283,773,519,600 $FOOM (approximately $2.26 million). The vulnerability was caused by a misconfiguration of the verification key, which the attacker exploited to forge zkSNARK proofs and subsequently extract a massive amount of $FOOM from the compromised contracts.
Amount of loss: $ 2,260,000 Attack method: Contract Vulnerability
Description of the event: The Holdstation team has confirmed on X that its DeFAI Smart Wallet product experienced a security incident. According to the latest update, the total loss has been confirmed at approximately 462,000 USDT. The team stated that they are currently investigating the root cause of the incident and strengthening multiple layers of security protections. They have also begun formulating a compensation plan, with detailed arrangements and an execution timeline to be announced to the community at a later stage.
Amount of loss: $ 462,000 Attack method: Unknown
Description of the event: WLFI announced on X that USD1 experienced an organized attack this morning. The attackers reportedly compromised the accounts of several WLFI co-founders, paying influencers to spread FUD (Fear, Uncertainty, and Doubt) and heavily shorting $WLFI in an attempt to profit from artificially created market chaos. WLFI stated that the operation failed. Thanks to USD1’s robust minting and redemption mechanisms and its 100% 1:1 asset backing, USD1 remains stable and is currently trading near its par value. The team emphasized that no bad actors can shake their long-term commitment to USD1. Meanwhile, WLFI reminded users to obtain accurate information only through officially verified channels and to be wary of misleading content.
Amount of loss: - Attack method: Social Engineering