1914 hack event(s)
Description of the event: A member of the crypto community previously revealed that "a smart contract of a certain Web3 project was suspected to have been implanted with malicious code by an employee," leading to losses of several hundred thousand dollars. Thomson, a developer of the DeFi trading and asset management project QuantMaster, stated that he was the primary victim of this theft. According to Thomson, the suspect has been largely identified. The GitHub submission records clearly point to a specific employee, and the device used to submit the code is also unique. Cursor retains a complete local AI activity log, which has been reviewed, ruling out the possibility that the malicious code was generated or modified by AI.
Amount of loss: - Attack method: Insider Manipulation
Description of the event: A modular DeFi lending market built on Solana, Loopscale, has suffered an attack. The root cause of the exploit has been identified as an isolated issue with Loopscale’s pricing of RateX-based collateral. The incident led to the theft of approximately 5.7 million USDC and 1,200 SOL, accounting for about 12% of the platform's total funds. According to an official update posted by Loopscale on April 29, following successful negotiations, all stolen assets — 5,726,725 USDC and 1,211 SOL — were fully returned on April 26. No user deposits were affected.
Amount of loss: $ 5,800,000 Attack method: Oracle Attack
Description of the event: The open-source data visualization tool Grafana has responded to a recent attack, stating that the attacker forked a Grafana repository, executed a curl command to inject malicious code, and exported environment variables into a file encrypted with a private key, thereby stealing access tokens. The attacker then deleted the fork to conceal their activity. Using the compromised credentials, the attacker replicated the attack against four private repositories. This unauthorized access was limited to automation systems and did not affect production environments or release artifacts. Based on the attack behavior, the goal appeared to be token theft and stealthy persistence for future use.
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: Impermax was attacked on the Base network. In a tweet, Impermax stated that someone launched a flash loan attack and drained its V3 liquidity pools. The team is currently investigating and advises users not to interact with any V3 pools.
Amount of loss: $ 400,000 Attack method: Flash Loan Attack
Description of the event: On April 26, 2025, lending protocol Term Labs introduced an internal inconsistency in decimal precision during an update to the tETH oracle, resulting in incorrect pricing of the tETH asset within the protocol. This mispricing triggered unintended liquidations, affecting approximately 918 ETH. The incident stemmed from human error during a sensitive system upgrade — a failure in operational execution rather than a flaw in the code or smart contracts. Through rapid response and negotiation efforts, Term Labs successfully recovered around 556 ETH, reducing the final net protocol loss to 362 ETH (approximately $650,000).
Amount of loss: $ 1,650,000 Attack method: Human Error
Description of the event: According to the SlowMist MistEye security monitoring system, ACB appears to have been attacked on BSC, resulting in a loss of approximately $22,000.
Amount of loss: $ 22,804 Attack method: Contract Vulnerability
Description of the event: NUMA was attacked on the Arbitrum chain, resulting in a loss of approximately $530,000. The attacker swapped all assets to ETH, bridged them to Ethereum mainnet, and deposited the funds into Tornado Cash.
Amount of loss: $ 530,000 Attack method: Price Manipulation
Description of the event: R0AR has been exploited, with total losses amounting to approximately $780K. According to analysis by the SlowMist security team, the root cause of the exploit was the presence of a backdoor in the contract. During deployment, the R0ARStaking contract altered the balance (user.amount) of a specified address by directly modifying storage slots. Subsequently, the attacker extracted all funds from the contract through an emergency withdrawal function. R0AR stated in a tweet: “At this stage, we do not believe this to be an external exploit. One nefarious developer, external to the R0AR core team, is seemingly behind the drain. They have been removed from the project with all accesses revoked.”
Amount of loss: $ 780,000 Attack method: Insider Manipulation
Description of the event: The official X account of AI blockchain project DIN (@din_lol_) has been compromised by a hacker. Current posts from the account are not from the official team, and users are advised not to click any links or engage with related content. Additionally, the X accounts of DIN founder Harold and the DIN Foundation (@Foundation_DIN) have also been hijacked. The DIN team is actively addressing the incident and urges users to rely on official channels for further updates.
Amount of loss: - Attack method: Account Compromise
Description of the event: The decentralized perpetual futures exchange KiloEx was attacked, involving assets across multiple chains including BNB and Base. According to an analysis by the SlowMist Security Team, the root cause of the incident was the lack of access control checks in KiloEx's top-level contract (MinimalForwarder), which allowed the manipulation of oracle prices. Thanks to the active response from the project team and collaboration with SlowMist and others, all stolen assets were successfully recovered after 3.5 days of effort.
Amount of loss: $ 8,440,000 Attack method: Contract Vulnerability
Description of the event: The official website of hybrid blockchain project Aergo is temporarily unavailable due to a DDoS attack. The technical team is actively working on the issue and aims to restore access as soon as possible. Aergo reminds users to stay alert for impersonation and scam attempts — the team will never initiate DMs or request funds or wallet information.
Amount of loss: - Attack method: DDoS Attack
Description of the event: The ZKsync security team discovered that an admin account had been compromised, giving the hacker control of approximately $5 million worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. The ZKsync Security Council sent an onchain message to the hacker on Monday, April 21st at 15:03 UTC. In an effort to resolve this matter in the spirit of safe harbor, they offered a 10% bounty for returning 90% of the funds involved in the exploit. On Wednesday, April 23rd at 14:39 UTC, 90% of the funds were returned to the Era and Ethereum L1 addresses controlled by the Security Council.
Amount of loss: $ 5,000,000 Attack method: Private Key Leakage
Description of the event: Jake Gallen, CEO of digital asset trading platform Emblem Vault, was hacked after a suspicious Zoom video call, resulting in the loss of over $100,000 worth of Bitcoin and Ethereum. The attacker posed as a YouTube content creator with over 90,000 subscribers and exploited Zoom’s default remote access settings during the interview to install malicious software named “GOOPDATE” on Gallen’s computer.
Amount of loss: $ 100,000 Attack method: Social Engineering
Description of the event: According to the SlowMist MistEye security monitoring system, a MEV bot (address: 0x49e27d11379f5208cbb2a4963b903fd65c95de09) has lost approximately 116.7 ETH due to a lack of access control.
Amount of loss: $ 210,000 Attack method: Lack of Strict Access Control
Description of the event: According to the SlowMist MistEye security monitoring system, the NFT project Next Earth has suffered a reentrancy attack on Polygon.
Amount of loss: $ 17,000 Attack method: Reentrancy Attack
Description of the event: According to an announcement from blockchain payment platform UPCX, unauthorized activity was detected in its management accounts. As a precaution, the platform has urgently suspended UPC deposits and withdrawals. The official statement assures that user assets remain unaffected, and an active investigation is underway to determine the cause of the incident, with further updates to follow. Earlier reports suggested that an unauthorized party had accessed UPCX’s official addresses. The attacker allegedly transferred a total of 18.4 million UPC (approximately $70 million) from three management accounts. On April 4, UPCX posted on Twitter that, despite differing reports from various sources, the project still retains control over 18,473,290 UPC. While the suspicious activity remains under investigation, the project team will proceed with the transfer of the relevant UPC at approximately 09:00 UTC on April 4, 2025.
Amount of loss: $ 70,000,000 Attack method: Unknown
Description of the event: According to an official announcement from DeFi asset management protocol Zapper, its .fi domain was hijacked via social engineering. The current zapper(.fi) page is malicious and should be avoided — users are strongly advised not to click on any related links.
Amount of loss: - Attack method: Domain Hijacking
Description of the event: According to the SlowMist MistEye security monitoring system, the leveraged trading project SIR.trading (@leveragesir) on the Ethereum chain has been attacked, resulting in a loss of over $300,000 in assets. The root cause of this hack is that the transiently stored value set using tstore in the function was not cleared after the function call ended. This allowed the attacker to exploit this characteristic by constructing specific malicious addresses to bypass permission checks and transfer tokens.
Amount of loss: $ 355,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by SlowMist's security team, Min Token (MIN) is suspected to have been attacked on BSC, resulting in a loss of approximately $21,400.
Amount of loss: $ 21,415 Attack method: Price Manipulation
Description of the event: An attacker using a flash loan attack stole $13 million in the Magic Internet Money token from the Abracadabra Money project. The attack was enabled by a bug in the platform's smart contracts, and the hacker ultimately made off with around 6,262 ETH.
Amount of loss: $ 13,000,000 Attack method: Contract Vulnerability