70 hack event(s)
Description of the event: Syscoin Bridge was exploited. The attacker leveraged a validation issue in the bridge flow, resulting in an unauthorized creation of approximately 5 billion SYS on the UTXO side. The funds were subsequently moved and split. The team has paused the bridge, is actively tracing the tainted outputs, coordinating with exchanges for blacklisting/monitoring, and working on a fix and remediation.
Amount of loss: $ 10,000,000 Attack method: Bridge Verification Flaw
Description of the event: Alephium TokenBridge was exploited. The attacker used a backend vulnerability in the bridge to forge messages, draining approximately $815K assets from Ethereum and BNB Chain within about 7 minutes, while minting a large amount of unbacked wrapped ALPH. The team quickly shut down the bridge, pledged to compensate users, and advised users to withdraw ALPH liquidity.
Amount of loss: $ 815,000 Attack method: Off-Chain Vulnerability in the Bridge Backend
Description of the event: Gravity Bridge, a cross-chain bridge connecting Ethereum and the Cosmos ecosystem, was exploited likely due to a compromised contract key or signing authorization. The attacker drained approximately $5.4M in assets (primarily USDC, ETH, and USDT). The exploiter has begun laundering funds via exchanges and mixers, with a significant portion (~2,102 ETH) still under their control.
Amount of loss: $ 5,400,000 Attack method: Private Key Leakage
Description of the event: The Butter Bridge V3.1 (part of MAP Protocol and Butter Network) was exploited. An attacker used a vulnerability in the OmniServiceProxy contract’s retry message verification logic, specifically an abi.encodePacked hash collision with dynamic-bytes fields. This allowed forging a cross-chain retry message that bypassed authentication, resulting in the minting of approximately 1 quadrillion (10^15) MAPO tokens (about 4.8 million times the legitimate ~208 million circulating supply). The attacker dumped ~1 billion fake MAPO into the Uniswap V4 ETH/MAPO pool, extracting roughly $180,000 in liquidity (≈52.21 ETH). The teams immediately paused the bridge and related swaps. User funds in pending swaps are safe, and a patch/audit/redeployment is in progress. The remaining ~999 trillion fake tokens stay in the attacker’s wallet, posing ongoing dilution risk.
Amount of loss: $ 180,000 Attack method: Smart Contract Vulnerability
Description of the event: Blockaid detected an ongoing exploit on the Verus-Ethereum Bridge. The attacker drained approximately $11.58 million in assets (including ~1,625 ETH, ~103.6 tBTC, and ~147k USDC). The funds were swapped and consolidated into a drainer wallet (e.g., 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9). This is a cross-chain bridge incident affecting the bridge infrastructure, not the core Verus blockchain. The project had recently issued an urgent update, but the exploit still occurred. Funds remain in the attacker's control as of the latest reports. On May 22, PeckShield's monitoring revealed that the exploiter of the Verus cross-chain bridge has returned 4,052.4 ETH (valued at around $8.5 million) to the team's designated address. This recovery accounts for 75% of the total plundered funds, while the remaining 25% (approximately 1,350 ETH) is being retained in the hacker's wallet as a bug bounty.
Amount of loss: $ 11,580,000 Attack method: Smart Contract Vulnerability
Description of the event: Adshares Bridge was exploited on Ethereum around May 15, 2026. The attacker used the bridge-minter EOA to sign three wrapTo() calls with non-existent native-chain transaction IDs on the Adshares canonical chain. This allowed minting large amounts of fake wrapped ADS (wADS: 99,999.93 ×2 + 999,999.94). The fake tokens were then dumped via Uniswap V4 UniversalRouter, draining roughly $628K in ETH and USDC from liquidity pools. Security researchers flagged it quickly, and the project posted an on-chain whitehat message offering a 10% bounty for return of 90% of funds.
Amount of loss: $ 628,000 Attack method: Bridge Verification Bypass
Description of the event: Decentralized cross-chain aggregation protocol Transit Finance suffered an exploit on its deprecated (2022-era) TRON smart contract, resulting in approximately $1.88 million in DAI being drained. The stolen funds were transferred to an Ethereum address. The team confirmed it was isolated to legacy code, stated that current contracts are secure, completed remediation on May 12, and promised full user compensation. They sent an on-chain message to the attacker offering a bug bounty for return within 48 hours, or they would pursue legal action.
Amount of loss: $ 1,880,000 Attack method: Smart Contract Vulnerability
Description of the event: Following a security incident, TAC identified an exploit on the TON side of its cross-chain layer carried out by an external attacker. The incident resulted in a loss of approximately $2.8M across USDT, BLUM, and tsTON. The TAC token, TON, and all ERC-20 tokens bridged from Ethereum are NOT affected. The bridge remains paused while forensic analysis and remediation are ongoing. A post-mortem will be published soon. The team is working with law enforcement and security partners to trace funds and plans to make users whole via a structured sale of Foundation TAC token reserves.
Amount of loss: $ 2,854,000 Attack method: Smart Contract Vulnerability
Description of the event: Syndicate Labs’ Commons cross-chain bridge was compromised due to a private key leak. The attacker used the leaked upgrade key to maliciously upgrade the bridge contracts, draining approximately 18.5 million SYND tokens (worth ~$330,000) and ~$50,000 in user assets, for a total loss of $380,000. The incident was limited to specific chains, and the project pledged full compensation to affected users.
Amount of loss: $ 380,000 Attack method: Private Key Leakage
Description of the event: ZetaChain disclosed in a post on X that its GatewayEVM contract was attacked today, affecting only wallets belonging to the internal ZetaChain team. The attack vector has been blocked to prevent further loss of funds. As a precautionary measure, cross-chain transactions on ZetaChain are currently suspended. The investigation is still ongoing, and no user funds have been affected so far. On April 29, ZetaChain announced on X that on April 27 it had suffered a premeditated and targeted attack. The attacker funded addresses using Tornado Cash and impersonated wallet addresses. Cross-chain ZETA transfers were not affected, and user funds remained safe. All impacted wallets were controlled by ZetaChain. A mainnet patch has been deployed, and cross-chain transactions will be re-enabled after continued monitoring. The attack impacted the arbitrary call functionality of GatewayEVM, resulting in an estimated loss of approximately $334,000 across four connected chains.
Amount of loss: $ 334,000 Attack method: Smart Contract Vulnerability
Description of the event: LayerZero issued a statement saying that on April 18, Kelp DAO suffered an attack resulting in approximately $290 million in losses. The incident is initially assessed to have been carried out by a highly sophisticated nation-state actor, suspected to be the TraderTraitor subgroup of North Korea’s Lazarus Group. The attack was completely isolated to Kelp DAO’s rsETH configuration and was caused by its use of a single DVN (Decentralized Verifier Network) setup. The LayerZero protocol itself was not exploited, and no other cross-chain assets or applications were affected. The core of the attack involved the hacker compromising downstream RPC infrastructure used by LayerZero’s DVN. The attacker obtained the RPC node list used by the DVN, then infiltrated two independent RPC nodes. They replaced the op-geth binary and used a custom payload to forge messages. This setup allowed the attacker to display false data only to the DVN, while showing correct data to other observers, including LayerZero Scan. The attacker then launched a DDoS attack against the uncompromised RPC nodes, forcing a failover to the poisoned RPC nodes. As a result, the DVN accepted the falsified messages, enabling the attack to succeed. After the attack was completed, the attacker removed the malicious binaries, logs, and configuration files. LayerZero has since decommissioned all affected RPC nodes, replaced them, and confirmed that the DVN has returned to normal operation.
Amount of loss: $ 293,000,000 Attack method: Supply Chain Attack
Description of the event: Based on monitoring by CertiK Alert, the Hyperbridge gateway contract fell victim to an exploit. The attacker utilized forged messages to manipulate administrative permissions of the Polkadot token contract on the Ethereum network. By unauthorized minting and liquidating 1 billion tokens, the attacker realized a profit of roughly $237,000. On April 16, it was reported that according to an official announcement from Hyperbridge, its token gateway was attacked on April 13. The estimated losses have been revised from approximately $237,000 to about $2.5 million, mainly affecting incentive liquidity pools on Ethereum, Base, BNB Chain, and Arbitrum.
Amount of loss: $ 2,500,000 Attack method: Smart Contract Vulnerability
Description of the event: Aethir's cross-chain bridge contracts (primarily AethirOFTAdapter and Ethereum-related bridging contracts) were targeted in an exploit. The attacker attempted to drain funds by exploiting access control or ownership transfer vulnerabilities (e.g., transferOwnership issues), involving chains like BNB Chain. The Aethir team quickly detected the anomaly, promptly disconnected the compromised contracts, and collaborated with major exchanges (Binance, Upbit, Bithumb, etc.) to blacklist attacker wallets, effectively containing further damage. The main ATH token supply on Ethereum remained intact, and other bridges like ETH-ARB on Squid were unaffected. Initial estimates put potential losses around $400,000, but user impact was limited to under $90,000. The project promised a full compensation plan.
Amount of loss: $ 90,000 Attack method: Smart Contract Vulnerability
Description of the event: A user mistakenly approved the SquidMulticall contract (instead of the intended Squid Router contract) with unlimited token allowances. An attacker then called the permissionless run() function on SquidMulticall with crafted calldata to execute transferFrom() from the victim’s approved tokens across multiple chains (ETH, BSC, Arbitrum, Avalanche, etc.). This drained approximately $517K.
Amount of loss: $ 517,000 Attack method: Approval Exploit
Description of the event: DGLD (Swiss physical gold-backed tokenized asset) was exploited due to a legacy edge case in the Ethereum contract’s transferFrom behavior. Attackers minted large amounts of unbacked fake DGLD on Base and dumped them on DEXes. The team promptly paused contracts, froze illicit tokens, and contained the incident. Physical gold was never at risk, all pre-exploit holders retained their backed tokens, with ~$250k economic impact mostly borne by the project.
Amount of loss: $ 250,000 Attack method: Smart Contract Vulnerability
Description of the event: The IoT-focused public chain IoTeX suffered a professional hacker attack caused by a private key compromise of the ioTube bridge’s Ethereum-side validator owner. This allowed the attacker to gain administrative privileges and illicitly extract assets from the token safe. According to the official confirmation on February 24, the incident resulted in approximately $4.4 million in asset losses (including USDC, USDT, IOTX, and WBTC). The hacker converted most of the stolen funds into roughly 2,183 ETH and bridged them to the Bitcoin network via THORChain (with approximately 66.6 BTC currently tracked). The IoTeX team has implemented security enhancements and address blacklisting via the v2.3.4 mainnet upgrade. They have also issued an on-chain ultimatum: the attacker can receive a 10% white-hat bounty (approx. $440,000) and be exempted from legal liability if the funds are returned within 48 hours. A compensation plan for affected users is currently being finalized.
Amount of loss: $ 4,400,000 Attack method: Private Key Leakage
Description of the event: The cross-chain liquidity protocol CrossCurve (formerly EYWA) has confirmed that its cross-chain bridge protocol is under attack, due to a vulnerability in its smart contract that was exploited, resulting in the theft of approximately USD 3 million across multiple networks. Blockchain security firm Defimon Alerts identified that the attack vector exploited a gateway verification bypass vulnerability in CrossCurve’s ReceiverAxelar contract. Analysis shows that anyone could use a forged cross-chain message to call the contract’s expressExecute function, thereby bypassing the intended gateway verification and triggering unauthorized token unlocks on the protocol’s PortalV2 contract. Subsequently, CrossCurve issued a security update regarding the $EYWA token, stating that the exploitation has been successfully contained.
Amount of loss: $ 3,000,000 Attack method: Smart Contract Vulnerability
Description of the event: According to CertiK Alert, the Garden attacker has transferred 501 BNB and 1,910 ETH (worth approximately $6.65 million) to Tornado Cash.The address starting with 0x98BC still holds around $910,000 in assets.It is reported that Garden Finance suffered an attack on October 31, resulting in a loss of about $10.8 million, after its solver was compromised.
Amount of loss: $ 10,800,000 Attack method: Unknown
Description of the event: 402Bridge posted on X to alert users that a token theft incident had occurred. The technical team is investigating the entire process and advised all users to immediately revoke existing authorizations and transfer their assets out of their wallets. According to available information, the x402 cross-chain protocol 402Bridge was likely compromised after the contract ownership was transferred by the original creator to address 0x2b8F.... More than 200 users lost their remaining USDC due to excessive token approval amounts, with the attacker’s address (starting with 0x2b8F9) stealing a total of 17,693 USDC. The stolen funds were then swapped for ETH and bridged to Arbitrum through multiple cross-chain transactions. 402Bridge later confirmed that, due to a private key leak, several of the team’s test wallets and the main wallet were also compromised.
Amount of loss: $ 17,693 Attack method: Private Key Leakage
Description of the event: Meta Alchemist, founder of the Web3 incubator and launchpad platform Seedify, announced on X that one of its SFUND bridges was recently hacked. According to Seedify’s official account, a DPRK-affiliated group known for multiple Web3 exploits gained access to a developer’s private key. Using this access, the attackers were able to mint a large number of SFUND tokens through a bridge contract that had previously passed audit.As a result, the OFT contract was compromised, allowing the attackers to alter its settings and mint unauthorized tokens on Avalanche.Subsequently, the hacker transferred the minted tokens across multiple chains, including BNB, where they sold most of the SFUND tokens. In response, Binance founder Changpeng Zhao stated that he had communicated with several security experts in the industry, who successfully tracked and froze approximately $200,000 of the stolen funds on the HTX exchange.
Amount of loss: $ 1,700,000 Attack method: Private Key Leakage