83 hack event(s)
Description of the event: According to an official announcement from Saga, the SagaEVM chain has suffered an attack involving a series of malicious contract deployments, cross-chain operations, and liquidity withdrawals. The attacker transferred approximately $7 million worth of USDC, yUSD, ETH, and tBTC, which have since been consolidated into ETH and sent to the address 0x2044…6ecb. Following the incident, SagaEVM was halted at block height 6,593,800. The Saga team is currently working with exchanges and cross-chain bridge providers to block the attacker’s address. A comprehensive technical post-mortem will be released in due course. The Saga SSC mainnet and other chains remain unaffected.
Amount of loss: $7,000,000 Attack method: Unknown
Description of the event: The Flow Foundation announced that an attacker exploited a vulnerability in the Flow execution layer, transferring approximately $3.9 million in assets off the network before validators were able to coordinate and halt operations. The incident did not affect existing user balances, and all user deposits remain intact.
Amount of loss: $ 3,900,000 Attack method: Execution Layer Vulnerability
Description of the event: According to Arkham’s monitoring, an attacker allegedly carried out a deliberate exploit against HLP (Hyperliquidity Provider) on Hyperliquid. The attacker used 19 wallets and $3 million in principal to open a leveraged long position worth $20–30 million on POPCAT with 5× leverage, while placing large buy walls to support the price. Subsequently, the attacker suddenly removed the buy walls, causing a flash crash in POPCAT’s price and triggering the liquidation of their $3 million collateral to zero. Due to the lack of liquidity, HLP was forced to absorb the position, ultimately resulting in a bad debt loss of $4.9 million. Analyst @mlmabc noted that losing $3 million within seconds was not a mistake or negligence, but rather a deliberate attack targeting both HLP and Hyperliquid.
Amount of loss: $ 4,950,000 Attack method: Price Manipulation
Description of the event: Berachain announced that approximately USD 12.8 million in funds lost due to the BEX/Balancer v2 vulnerability have been fully returned to the Berachain Foundation’s deployer address, and the blockchain has now resumed normal operations.
Amount of loss: $ 12,800,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by Scam Sniffer, the official X account of Noble was compromised, and the attacker used it to post phishing tweets.
Amount of loss: - Attack method: Account Compromise
Description of the event: On October 1, BNB Chain officially announced that its English Twitter account had been compromised and was under emergency recovery, warning users not to click on any links.Subsequent investigation revealed that the incident involved a total of 10 phishing links, resulting in losses of approximately $8,000, with a single user losing as much as $6,500.The attacker deployed a phishing contract address, injected $17,800, and exchanged it for $22,000 worth of tokens. Following the incident, the team implemented additional security measures to prevent similar occurrences and further strengthened account protection.As of October 31, all user compensations related to this phishing incident have been completed, and transaction details are available on Etherscan. The root cause of the incident has been confirmed as phishing links, which have since been removed and brought under control.
Amount of loss: $ 8,000 Attack method: Phishing Attack
Description of the event: The official X account of @PlasmaFDN has been compromised. The attacker is posting phishing links using the X Bot UA spoofing trick—the URLs appear legitimate at first glance but redirect to a phishing site: https://vault-plasma[.]to. Do not click on any recent links or interact with the account until an official statement is released.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to reports from social media users, the official X account of Abstract Chain appears to have been compromised. The attacker is impersonating the project to promote a fake “official token” scam.
Amount of loss: - Attack method: Account Compromise
Description of the event: MegaETH stated that its X (formerly Twitter) account has been compromised, warning users not to click on any links or view recent posts.
Amount of loss: - Attack method: Account Compromise
Description of the event: ZKsync Developers posted on X that the official X accounts of both ZKsync and Matter Labs have been compromised. Please do not interact with these accounts or click on any related links.
Amount of loss: - Attack method: Account Compromise
Description of the event: TRON DAO stated on X that its account was compromised on May 2, 2025, at 9:25 AM PST. During the breach, an unauthorized party published a post containing contract address, sent private messages, and followed several unknown accounts.
Amount of loss: - Attack method: Account Compromise
Description of the event: Hyperliquid's X account is suspected to have been compromised. Please do not trust any content it posts or click on any links, to avoid potential losses.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official website of hybrid blockchain project Aergo is temporarily unavailable due to a DDoS attack. The technical team is actively working on the issue and aims to restore access as soon as possible. Aergo reminds users to stay alert for impersonation and scam attempts — the team will never initiate DMs or request funds or wallet information.
Amount of loss: - Attack method: DDoS Attack
Description of the event: The ZKsync security team discovered that an admin account had been compromised, giving the hacker control of approximately $5 million worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. The ZKsync Security Council sent an onchain message to the hacker on Monday, April 21st at 15:03 UTC. In an effort to resolve this matter in the spirit of safe harbor, they offered a 10% bounty for returning 90% of the funds involved in the exploit. On Wednesday, April 23rd at 14:39 UTC, 90% of the funds were returned to the Era and Ethereum L1 addresses controlled by the Security Council.
Amount of loss: $ 5,000,000 Attack method: Private Key Leakage
Description of the event: According to Yonhap News Agency, Kim Seok-hwan, a representative of Wemix Foundation, a blockchain subsidiary of Wemade, admitted at an emergency meeting that they lost approximately 8.65 million WEMIX tokens (worth about $6.22 million) due to a hack. On February 28, the hacker stole the authentication key of the NFT platform "Nile" and attacked the Play Bridge Vault system.
Amount of loss: $ 6,220,000 Attack method: Credential Compromise
Description of the event: Litecoin posted on X, stating that their X account was briefly compromised and some unauthorized content was published. These posts were deleted within seconds. They are still investigating the incident but have immediately found a delegated account that was compromised and removed it.
Amount of loss: - Attack method: Account Compromise
Description of the event: The parallel-execution EVM public chain Artela announced on the X platform that their official Discord was hacked today. The attacker took control of the Discord channel and spread fake airdrop messages. The team took immediate action, removed the fraudulent posts, and the Discord has now been restored.
Amount of loss: - Attack method: Account Compromise
Description of the event: The decentralized AI blockchain platform Sahara AI announced on the X platform that their official Discord has been compromised. Users are advised not to click on any links or respond to any messages until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: Terra blockchain experienced a security breach that led to the theft of tokens. The attackers exploited a known vulnerability related to the third-party module IBC hooks, stealing the value of cross-chain assets, including USDC stablecoins and Astroport tokens. The Terra team has taken emergency measures to prevent further losses and coordinated with validators to apply a patch to fix the vulnerability. According to Zaki Manian, co-founder of Sommelier Finance, although the vulnerability was patched in the Cosmos ecosystem back in April, Terra did not include this patch in their June upgrade, resulting in the vulnerability being re-exposed and exploited.
Amount of loss: $ 5,280,000 Attack method: Third-party Vulnerability
Description of the event: On July 26, 2024, Casper Network was attacked. Following the attack, Casper Network tweeted that they had worked with validators to pause the network in order to minimize the impact of the security vulnerability until it could be patched. According to the preliminary report released by Casper Network on July 31, 13 wallets were affected in this incident. The total amount of illicit transactions is estimated to be around $6.7 million. Casper Network discovered that malicious actors exploited a vulnerability that allowed a contract installer to bypass access rights checks on urefs, enabling them to grant the contract access to uref-based resources. This privilege escalation facilitated unauthorized access, including the ability to transfer tokens.
Amount of loss: $ 6,700,000 Attack method: Security Vulnerability