190 hack event(s)
Description of the event: SlowMist has issued a security alert to the cryptocurrency exchange ICRYPEX Global, stating that a potentially critical vulnerability has been identified.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: SlowMist sent a security alert to the cryptocurrency exchange Azbitm, stating that a potential vulnerability has been detected.
Amount of loss: - Attack method: Unknown
Description of the event: Upbit CEO Woo Kyung-sik issued a public statement regarding the recent security breach and apologized to users, noting that the incident resulted from shortcomings in Upbit’s internal security management. On the morning of the 27th, Upbit detected abnormal withdrawals from its Solana-based wallets, prompting an immediate full-scale inspection of related networks and wallet systems. During the investigation, the team identified a vulnerability that could potentially be exploited to infer private keys, which has since been patched. To safeguard user assets, Upbit suspended all cryptocurrency deposits and withdrawals and initiated on-chain tracking and asset-freezing procedures for funds transferred externally. On December 6, after completing the replacement of all virtual asset wallets and strengthening security controls, Upbit restored full deposit and withdrawal services. According to current estimates, the total value affected by the incident is approximately KRW 44.5 billion (about USD 30.3 million). Of this amount, approximately KRW 38.6 billion (about USD 26.33 million) belongs to users, and KRW 2.3 billion (about USD 1.57 million) has been successfully frozen. Upbit’s own funds affected total approximately KRW 5.9 billion (about USD 4.02 million). On December 8, Upbit’s operating company Dunamu provided an update, stating that an additional KRW 2.6 billion (approximately USD 1.77 million) in compromised assets has now been frozen. Recovery procedures are currently in progress to ensure the secured funds can be safely reclaimed.
Amount of loss: $ 30,300,000 Attack method: Unknown
Description of the event: According to Arkham’s monitoring, an attacker allegedly carried out a deliberate exploit against HLP (Hyperliquidity Provider) on Hyperliquid. The attacker used 19 wallets and $3 million in principal to open a leveraged long position worth $20–30 million on POPCAT with 5× leverage, while placing large buy walls to support the price. Subsequently, the attacker suddenly removed the buy walls, causing a flash crash in POPCAT’s price and triggering the liquidation of their $3 million collateral to zero. Due to the lack of liquidity, HLP was forced to absorb the position, ultimately resulting in a bad debt loss of $4.9 million. Analyst @mlmabc noted that losing $3 million within seconds was not a mistake or negligence, but rather a deliberate attack targeting both HLP and Hyperliquid.
Amount of loss: $ 4,950,000 Attack method: Price Manipulation
Description of the event: Swiss crypto platform SwissBorg suffered a security incident in which approximately 192,600 SOL (~$41.5M) was stolen on Solana. According to SwissBorg’s official statement, the incident was caused by a compromised partner API, impacting its SOL Earn program.
Amount of loss: $ 41,500,000 Attack method: Third-party Vulnerability
Description of the event: Bunni, a DEX built on Uniswap v4, was exploited on Ethereum and UniChain, with total losses of approximately $8.4 million.
Amount of loss: $ 8,400,000 Attack method: Flash Loan Attack
Description of the event: The Turkish cryptocurrency exchange BtcTurk has reportedly suffered another hack. BtcTurk acknowledged “unusual activity” in its hot wallets and has suspended deposits and withdrawals. However, the exchange did not disclose further details regarding the scale of the attack.
Amount of loss: $ 54,000,000 Attack method: Unknown
Description of the event: Crypto trading platform WOO X suffered an attack resulting in a loss of approximately $14 million. According to the official disclosure, the incident stemmed from a targeted phishing attack that compromised a team member’s device, allowing the attacker to gain access to the development environment.
Amount of loss: $ 14,000,000 Attack method: Phishing Attack
Description of the event: On July 19, on-chain investigator ZachXBT posted on his personal channel: “Looks like the India centralized exchange 'CoinDCX' was likely drained for ~$44.2M almost 17 hours ago and has yet to disclose the incident to the community.” Shortly afterward, the company confirmed the breach on X, describing it as a “sophisticated server breach” and stating that only corporate funds were affected.
Amount of loss: $ 44,200,000 Attack method: Security Vulnerability
Description of the event: According to monitoring by the SlowMist security team, cryptocurrency exchange BigONE has suffered a supply chain attack, with losses exceeding $27 million. The attacker breached the production network and altered the operating logic of servers related to account management and risk control, enabling unauthorized fund withdrawals. Notably, no private keys were leaked in this incident.
Amount of loss: $ 27,000,000 Attack method: Supply Chain Attack
Description of the event: On July 9, according to monitoring by MistTrack’s MistEye security system, the well-known decentralized trading platform GMX (@GMX_IO) suffered an attack, resulting in asset losses exceeding $42 million. Analysis indicates that the core of this attack lies in the exploitation of two features: the use of leverage when the Keeper system executes orders, and the update mechanism where the global average price adjusts during shorting operations but does not update when closing short positions. Leveraging these mechanics, the attacker conducted a reentrancy attack to create large short positions, manipulating the global short average price and the size of the global short position. This, in turn, artificially inflated the price of GLP, which the attacker then redeemed for profit. Following negotiation, the attacker returned all stolen funds and received a $5 million bounty.
Amount of loss: $ 42,000,000 Attack method: Reentrancy Attack
Description of the event: The Iran-based Nobitex cryptocurrency exchange suffered a $90 million hack, and the attacker has also promised to imminently release data and source code from the platform. The hacking group appears to have burned the crypto assets, effectively destroying them rather than taking them for their own profits. Gonjeshke Darande (also "Predatory Sparrow"), a hacking group with links to Israel, claimed responsibility for the theft, accusing the platform of serving as a "key regime tool" to finance terror and violate sanctions.
Amount of loss: $ 90,000,000 Attack method: Unknown
Description of the event: On May 22, according to community reports, the SUI ecosystem’s liquidity provider Cetus Protocol was reportedly attacked. Liquidity pool depth dropped sharply, and multiple token pairs on Cetus experienced significant price declines. The estimated losses exceed $230 million. The project announced shortly after that $162 million of the funds had been frozen.
Amount of loss: $ 230,000,000 Attack method: Contract Vulnerability
Description of the event: On May 16th, Demex's lending market Nitron was exploited, resulting in a loss of $950,559 in user funds. According to Demex's post-incident analysis, the root cause of the exploit was a donation-based oracle manipulation attack targeting the deprecated dGLP vault.
Amount of loss: $ 950,559 Attack method: Oracle Attack
Description of the event: According to on-chain investigator ZachXBT, crypto exchange BitoPro was reportedly hacked on May 8, 2025, resulting in losses of approximately $11.5 million. The attacker drained assets from BitoPro’s hot wallets on Tron, Ethereum, Solana, and Polygon, then sold them via DEXs. The stolen funds were subsequently laundered through Tornado Cash or bridged via Thorchain to the Bitcoin network, eventually ending up in a Wasabi Wallet. BitoPro stated that the tactics used in this incident closely resemble those seen in several major international cases, attributing the attack to the North Korean hacking group Lazarus.
Amount of loss: $ 11,500,000 Attack method: Malicious Software
Description of the event: Hyperliquid's X account is suspected to have been compromised. Please do not trust any content it posts or click on any links, to avoid potential losses.
Amount of loss: - Attack method: Account Compromise
Description of the event: The decentralized perpetual futures exchange KiloEx was attacked, involving assets across multiple chains including BNB and Base. According to an analysis by the SlowMist Security Team, the root cause of the incident was the lack of access control checks in KiloEx's top-level contract (MinimalForwarder), which allowed the manipulation of oracle prices. Thanks to the active response from the project team and collaboration with SlowMist and others, all stolen assets were successfully recovered after 3.5 days of effort.
Amount of loss: $ 8,440,000 Attack method: Contract Vulnerability
Description of the event: An attacker exploited a smart contract belonging to the 1inch DEX aggregator, stealing $5 million in the USDC stablecoin and wETH. According to the platform, the vulnerability existed in "smart contracts using the obsolete Fusion v1 implementation", and the stolen funds belonged to resolvers (that is, entities that fulfill 1inch orders) rather than users.
Amount of loss: $ 5,000,000 Attack method: Contract Vulnerability
Description of the event: On February 21, 2025, on-chain investigator ZachXBT revealed a large-scale outflow of funds from the Bybit platform, resulting in the theft of over $1.46 billion.
Amount of loss: $ 1,460,000,000 Attack method: Supply Chain Attack
Description of the event: JupiterDAO confirmed on X that the official Jupiter X account (@JupiterExchange) has been compromised. Users are advised not to click on any links or copy-paste any contract addresses.
Amount of loss: - Attack method: Account Compromise