60 hack event(s)
Description of the event: Decentralized cross-chain aggregation protocol Transit Finance suffered an exploit on its deprecated (2022-era) TRON smart contract, resulting in approximately $1.88 million in DAI being drained. The stolen funds were transferred to an Ethereum address. The team confirmed it was isolated to legacy code, stated that current contracts are secure, completed remediation on May 12, and promised full user compensation. They sent an on-chain message to the attacker offering a bug bounty for return within 48 hours, or they would pursue legal action.
Amount of loss: $ 1,880,000 Attack method: Contract Vulnerability
Description of the event: Following a security incident, TAC identified an exploit on the TON side of its cross-chain layer carried out by an external attacker. The incident resulted in a loss of approximately $2.8M across USDT, BLUM, and tsTON. The TAC token, TON, and all ERC-20 tokens bridged from Ethereum are NOT affected. The bridge remains paused while forensic analysis and remediation are ongoing. A post-mortem will be published soon. The team is working with law enforcement and security partners to trace funds and plans to make users whole via a structured sale of Foundation TAC token reserves.
Amount of loss: $ 2,800,000 Attack method: Contract Vulnerability
Description of the event: Syndicate Labs’ Commons cross-chain bridge was compromised due to a private key leak. The attacker used the leaked upgrade key to maliciously upgrade the bridge contracts, draining approximately 18.5 million SYND tokens (worth ~$330,000) and ~$50,000 in user assets, for a total loss of $380,000. The incident was limited to specific chains, and the project pledged full compensation to affected users.
Amount of loss: $ 380,000 Attack method: Private Key Leakage
Description of the event: LayerZero issued a statement saying that on April 18, Kelp DAO suffered an attack resulting in approximately $290 million in losses. The incident is initially assessed to have been carried out by a highly sophisticated nation-state actor, suspected to be the TraderTraitor subgroup of North Korea’s Lazarus Group. The attack was completely isolated to Kelp DAO’s rsETH configuration and was caused by its use of a single DVN (Decentralized Verifier Network) setup. The LayerZero protocol itself was not exploited, and no other cross-chain assets or applications were affected. The core of the attack involved the hacker compromising downstream RPC infrastructure used by LayerZero’s DVN. The attacker obtained the RPC node list used by the DVN, then infiltrated two independent RPC nodes. They replaced the op-geth binary and used a custom payload to forge messages. This setup allowed the attacker to display false data only to the DVN, while showing correct data to other observers, including LayerZero Scan. The attacker then launched a DDoS attack against the uncompromised RPC nodes, forcing a failover to the poisoned RPC nodes. As a result, the DVN accepted the falsified messages, enabling the attack to succeed. After the attack was completed, the attacker removed the malicious binaries, logs, and configuration files. LayerZero has since decommissioned all affected RPC nodes, replaced them, and confirmed that the DVN has returned to normal operation.
Amount of loss: $ 293,000,000 Attack method: Infrastructure-level attack
Description of the event: Based on monitoring by CertiK Alert, the Hyperbridge gateway contract fell victim to an exploit. The attacker utilized forged messages to manipulate administrative permissions of the Polkadot token contract on the Ethereum network. By unauthorized minting and liquidating 1 billion tokens, the attacker realized a profit of roughly $237,000. On April 16, it was reported that according to an official announcement from Hyperbridge, its token gateway was attacked on April 13. The estimated losses have been revised from approximately $237,000 to about $2.5 million, mainly affecting incentive liquidity pools on Ethereum, Base, BNB Chain, and Arbitrum.
Amount of loss: $ 2,500,000 Attack method: Forged Cross-Chain State Proof
Description of the event: Aethir's cross-chain bridge contracts (primarily AethirOFTAdapter and Ethereum-related bridging contracts) were targeted in an exploit. The attacker attempted to drain funds by exploiting access control or ownership transfer vulnerabilities (e.g., transferOwnership issues), involving chains like BNB Chain. The Aethir team quickly detected the anomaly, promptly disconnected the compromised contracts, and collaborated with major exchanges (Binance, Upbit, Bithumb, etc.) to blacklist attacker wallets, effectively containing further damage. The main ATH token supply on Ethereum remained intact, and other bridges like ETH-ARB on Squid were unaffected. Initial estimates put potential losses around $400,000, but user impact was limited to under $90,000. The project promised a full compensation plan.
Amount of loss: $ 90,000 Attack method: Contract Vulnerability
Description of the event: The cross-chain liquidity protocol CrossCurve (formerly EYWA) has confirmed that its cross-chain bridge protocol is under attack, due to a vulnerability in its smart contract that was exploited, resulting in the theft of approximately USD 3 million across multiple networks. Blockchain security firm Defimon Alerts identified that the attack vector exploited a gateway verification bypass vulnerability in CrossCurve’s ReceiverAxelar contract. Analysis shows that anyone could use a forged cross-chain message to call the contract’s expressExecute function, thereby bypassing the intended gateway verification and triggering unauthorized token unlocks on the protocol’s PortalV2 contract. Subsequently, CrossCurve issued a security update regarding the $EYWA token, stating that the exploitation has been successfully contained.
Amount of loss: $ 3,000,000 Attack method: Smart Contract Vulnerability
Description of the event: According to CertiK Alert, the Garden attacker has transferred 501 BNB and 1,910 ETH (worth approximately $6.65 million) to Tornado Cash.The address starting with 0x98BC still holds around $910,000 in assets.It is reported that Garden Finance suffered an attack on October 31, resulting in a loss of about $10.8 million, after its solver was compromised.
Amount of loss: $ 10,800,000 Attack method: Unknown
Description of the event: 402Bridge posted on X to alert users that a token theft incident had occurred. The technical team is investigating the entire process and advised all users to immediately revoke existing authorizations and transfer their assets out of their wallets. According to available information, the x402 cross-chain protocol 402Bridge was likely compromised after the contract ownership was transferred by the original creator to address 0x2b8F.... More than 200 users lost their remaining USDC due to excessive token approval amounts, with the attacker’s address (starting with 0x2b8F9) stealing a total of 17,693 USDC. The stolen funds were then swapped for ETH and bridged to Arbitrum through multiple cross-chain transactions. 402Bridge later confirmed that, due to a private key leak, several of the team’s test wallets and the main wallet were also compromised.
Amount of loss: $ 17,693 Attack method: Private Key Leakage
Description of the event: Meta Alchemist, founder of the Web3 incubator and launchpad platform Seedify, announced on X that one of its SFUND bridges was recently hacked. According to Seedify’s official account, a DPRK-affiliated group known for multiple Web3 exploits gained access to a developer’s private key. Using this access, the attackers were able to mint a large number of SFUND tokens through a bridge contract that had previously passed audit.As a result, the OFT contract was compromised, allowing the attackers to alter its settings and mint unauthorized tokens on Avalanche.Subsequently, the hacker transferred the minted tokens across multiple chains, including BNB, where they sold most of the SFUND tokens. In response, Binance founder Changpeng Zhao stated that he had communicated with several security experts in the industry, who successfully tracked and froze approximately $200,000 of the stolen funds on the HTX exchange.
Amount of loss: $ 1,700,000 Attack method: Private Key Leakage
Description of the event: The Shibarium bridge, connecting the Layer 2 network of the same name to Ethereum, was targeted in a flash loan attack, resulting in a loss of approximately $2.4 million. The attacker used a flash loan to purchase 4.6 million BONE tokens and obtained validator signing keys, gaining control of the majority of validator power, and ultimately signed a malicious state to drain assets from the bridge.
Amount of loss: $ 2,400,000 Attack method: Flash Loan Attack
Description of the event: ZKSwap’s Ethereum Layer 1 bridge suffered an exploit in which the attacker leveraged its emergency withdrawal mechanism, resulting in a loss of approximately $5 million. Analysis revealed that the component responsible for verifying zero-knowledge proofs had failed to actually perform the verification. This critical oversight allowed the attacker to forge arbitrary withdrawal proofs, effectively bypassing the bridge’s core security guarantees.
Amount of loss: $ 5,000,000 Attack method: Contract Vulnerability
Description of the event: The Force Bridge, a cross-chain bridge on the Nervos Network, is suspected to have been compromised, with approximately $3.7 million in assets stolen. The Nervos team has urgently suspended all contracts and is actively investigating the incident. According to the incident investigation report, malicious code was discovered in one of the Docker images. The code had been injected into Ethereum-related modules and was not part of the public source code — instead, it was embedded through a locally built Docker image.
Amount of loss: $ 3,700,000 Attack method: Supply Chain Attack
Description of the event: The Ronin Bridge project experienced unusual cross-chain asset withdrawals, suggesting a potential attack. According to the SlowMist security team, the vulnerability was caused by the modification of weight to an unexpected value, allowing funds to be withdrawn without passing any multi-signature threshold checks. The attacker extracted approximately 4,000 ETH and 2 million USDC from the bridge, amounting to a value of around $12 million. As of August 7th, white hats have returned $12 million worth of assets and received a $500,000 bug bounty.
Amount of loss: $ 12,000,000 Attack method: Contract Vulnerability
Description of the event: Bitcoin DeFi application ALEX Lab was drained of over $4.3 million in various tokens after a suspected private key compromise attacked its bridging service. Hackers transferred over $300,000 USD worth of BTC, $3.3 million USD worth of stablecoins, and $75,000 USD worth of Sugar Kingdom (SKO) tokens.
Amount of loss: $ 4,300,000 Attack method: Private Key Leakage
Description of the event: The cross-chain bridge project XBridge was exploited due to a smart contract vulnerability on the Ethereum Mainnet and the BNB chain, resulting in a loss of approximately $1.44 million.
Amount of loss: $ 1,440,000 Attack method: Contract Vulnerability
Description of the event: The cross-chain bridge X Bridge has experienced multiple suspicious transactions, which are still ongoing. A suspicious address was recently funded by Tornado Cash on BNBChain, then bridged to ETH, and subsequently deposited 0.15 ETH into 'OwnedUpgradeabilityProxy.' Shortly after, a withdrawal of 482M STC totaling $824K was made from your 'OwnedUpgradeabilityProxy' contract.
Amount of loss: $ 824,000 Attack method: Unknown
Description of the event: The Twitter account of the cross-chain bridge Meson Finance posted a tweet containing a phishing link. Meson Finance tweeted that the relevant content has been deleted and confirmed that the issue originated from a third-party API rather than a direct attack on the account.
Amount of loss: - Attack method: Account Compromise
Description of the event: The @GoDaddy account for the L2 cross-chain bridge LayerSwap's domain http://layerswap[.]io was compromised. The compromise of the domain led to a phishing site being displayed, resulting in approximately 50 users losing ~$100K worth assets. To address this, Layerswap is refunding the affected users in full plus and an additional 10% as a compensation for the caused inconvenience.
Amount of loss: $ 100,000 Attack method: DNS Attack
Description of the event: OrdiZK advertized themselves as a privacy bridge between the Ethereum network and Bitcoin, has exited, resulting in approximately $1.4 million in losses.
Amount of loss: $ 1,400,000 Attack method: Rug Pull