188 hack event(s)
Description of the event: Upbit CEO Lee Seok-woo issued a public statement apologizing to users for the recent network intrusion incident, acknowledging that the breach stemmed from shortcomings in Upbit’s internal security management. He emphasized that user assets will not incur any losses. Upbit has reported the incident to the relevant regulators in accordance with applicable laws and is currently investigating the cause and scope of the breach. Upbit discovered abnormal withdrawals from its Solana-based wallets on the morning of the 27th, immediately conducted a comprehensive inspection of the affected networks and wallet systems, and, during the analysis of multiple on-chain transactions involving Upbit wallets, identified a security vulnerability that could potentially expose private keys. The issue has since been fixed. Upbit stated that it will continue to closely cooperate with regulators and will provide transparent updates to users as permitted. To protect user funds, Upbit has suspended deposits and withdrawals of digital assets and has begun tracing and freezing the outflowing assets. According to current statistics, the affected assets amount to approximately 44.5 billion KRW (around 30.3 million USD), of which about 38.6 billion KRW (around 26.33 million USD) belong to users. Roughly 2.3 billion KRW (around 1.57 million USD) of these assets have been frozen. Upbit’s own assets were impacted by approximately 5.9 billion KRW (around 4.02 million USD).
Amount of loss: $ 30,300,000 Attack method: -
Description of the event: According to Arkham’s monitoring, an attacker allegedly carried out a deliberate exploit against HLP (Hyperliquidity Provider) on Hyperliquid. The attacker used 19 wallets and $3 million in principal to open a leveraged long position worth $20–30 million on POPCAT with 5× leverage, while placing large buy walls to support the price. Subsequently, the attacker suddenly removed the buy walls, causing a flash crash in POPCAT’s price and triggering the liquidation of their $3 million collateral to zero. Due to the lack of liquidity, HLP was forced to absorb the position, ultimately resulting in a bad debt loss of $4.9 million. Analyst @mlmabc noted that losing $3 million within seconds was not a mistake or negligence, but rather a deliberate attack targeting both HLP and Hyperliquid.
Amount of loss: $4,950,000 Attack method: Price Manipulation
Description of the event: Swiss crypto platform SwissBorg suffered a security incident in which approximately 192,600 SOL (~$41.5M) was stolen on Solana. According to SwissBorg’s official statement, the incident was caused by a compromised partner API, impacting its SOL Earn program.
Amount of loss: $ 41,500,000 Attack method: Third-party Vulnerability
Description of the event: Bunni, a DEX built on Uniswap v4, was exploited on Ethereum and UniChain, with total losses of approximately $8.4 million.
Amount of loss: $ 8,400,000 Attack method: Flash Loan Attack
Description of the event: The Turkish cryptocurrency exchange BtcTurk has reportedly suffered another hack. BtcTurk acknowledged “unusual activity” in its hot wallets and has suspended deposits and withdrawals. However, the exchange did not disclose further details regarding the scale of the attack.
Amount of loss: $ 54,000,000 Attack method: Unknown
Description of the event: Crypto trading platform WOO X suffered an attack resulting in a loss of approximately $14 million. According to the official disclosure, the incident stemmed from a targeted phishing attack that compromised a team member’s device, allowing the attacker to gain access to the development environment.
Amount of loss: $ 14,000,000 Attack method: Phishing Attack
Description of the event: On July 19, on-chain investigator ZachXBT posted on his personal channel: “Looks like the India centralized exchange 'CoinDCX' was likely drained for ~$44.2M almost 17 hours ago and has yet to disclose the incident to the community.” Shortly afterward, the company confirmed the breach on X, describing it as a “sophisticated server breach” and stating that only corporate funds were affected.
Amount of loss: $ 44,200,000 Attack method: Security Vulnerability
Description of the event: According to monitoring by the SlowMist security team, cryptocurrency exchange BigONE has suffered a supply chain attack, with losses exceeding $27 million. The attacker breached the production network and altered the operating logic of servers related to account management and risk control, enabling unauthorized fund withdrawals. Notably, no private keys were leaked in this incident.
Amount of loss: $ 27,000,000 Attack method: Supply Chain Attack
Description of the event: On July 9, according to monitoring by MistTrack’s MistEye security system, the well-known decentralized trading platform GMX (@GMX_IO) suffered an attack, resulting in asset losses exceeding $42 million. Analysis indicates that the core of this attack lies in the exploitation of two features: the use of leverage when the Keeper system executes orders, and the update mechanism where the global average price adjusts during shorting operations but does not update when closing short positions. Leveraging these mechanics, the attacker conducted a reentrancy attack to create large short positions, manipulating the global short average price and the size of the global short position. This, in turn, artificially inflated the price of GLP, which the attacker then redeemed for profit. Following negotiation, the attacker returned all stolen funds and received a $5 million bounty.
Amount of loss: $ 42,000,000 Attack method: Reentrancy Attack
Description of the event: The Iran-based Nobitex cryptocurrency exchange suffered a $90 million hack, and the attacker has also promised to imminently release data and source code from the platform. The hacking group appears to have burned the crypto assets, effectively destroying them rather than taking them for their own profits. Gonjeshke Darande (also "Predatory Sparrow"), a hacking group with links to Israel, claimed responsibility for the theft, accusing the platform of serving as a "key regime tool" to finance terror and violate sanctions.
Amount of loss: $ 90,000,000 Attack method: Unknown
Description of the event: On May 22, according to community reports, the SUI ecosystem’s liquidity provider Cetus Protocol was reportedly attacked. Liquidity pool depth dropped sharply, and multiple token pairs on Cetus experienced significant price declines. The estimated losses exceed $230 million. The project announced shortly after that $162 million of the funds had been frozen.
Amount of loss: $ 230,000,000 Attack method: Contract Vulnerability
Description of the event: On May 16th, Demex's lending market Nitron was exploited, resulting in a loss of $950,559 in user funds. According to Demex's post-incident analysis, the root cause of the exploit was a donation-based oracle manipulation attack targeting the deprecated dGLP vault.
Amount of loss: $ 950,559 Attack method: Oracle Attack
Description of the event: According to on-chain investigator ZachXBT, crypto exchange BitoPro was reportedly hacked on May 8, 2025, resulting in losses of approximately $11.5 million. The attacker drained assets from BitoPro’s hot wallets on Tron, Ethereum, Solana, and Polygon, then sold them via DEXs. The stolen funds were subsequently laundered through Tornado Cash or bridged via Thorchain to the Bitcoin network, eventually ending up in a Wasabi Wallet. BitoPro stated that the tactics used in this incident closely resemble those seen in several major international cases, attributing the attack to the North Korean hacking group Lazarus.
Amount of loss: $ 11,500,000 Attack method: Malicious Software
Description of the event: Hyperliquid's X account is suspected to have been compromised. Please do not trust any content it posts or click on any links, to avoid potential losses.
Amount of loss: - Attack method: Account Compromise
Description of the event: The decentralized perpetual futures exchange KiloEx was attacked, involving assets across multiple chains including BNB and Base. According to an analysis by the SlowMist Security Team, the root cause of the incident was the lack of access control checks in KiloEx's top-level contract (MinimalForwarder), which allowed the manipulation of oracle prices. Thanks to the active response from the project team and collaboration with SlowMist and others, all stolen assets were successfully recovered after 3.5 days of effort.
Amount of loss: $ 8,440,000 Attack method: Contract Vulnerability
Description of the event: An attacker exploited a smart contract belonging to the 1inch DEX aggregator, stealing $5 million in the USDC stablecoin and wETH. According to the platform, the vulnerability existed in "smart contracts using the obsolete Fusion v1 implementation", and the stolen funds belonged to resolvers (that is, entities that fulfill 1inch orders) rather than users.
Amount of loss: $ 5,000,000 Attack method: Contract Vulnerability
Description of the event: On February 21, 2025, on-chain investigator ZachXBT revealed a large-scale outflow of funds from the Bybit platform, resulting in the theft of over $1.46 billion.
Amount of loss: $ 1,460,000,000 Attack method: Supply Chain Attack
Description of the event: JupiterDAO confirmed on X that the official Jupiter X account (@JupiterExchange) has been compromised. Users are advised not to click on any links or copy-paste any contract addresses.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Singapore-based Phemex cryptocurrency exchange's hot wallets were hacked, resulting in a loss of approximately $70 million.
Amount of loss: $ 70,000,000 Attack method: Unknown
Description of the event: The peer-to-peer cryptocurrency trading platform NoOnes suffered a major security breach earlier this month. CEO Ray Youssef explained that the breach occurred on January 1st due to an exploit involving their Solana bridge.
Amount of loss: $ 7,900,000 Attack method: Security Vulnerability