374 hack event(s)
Description of the event: According to PeckShieldAlert, the stablecoin project USPD has suffered a major security breach, resulting in approximately $1 million in losses. The USPD team later confirmed that the protocol had been exploited, with the attacker minting tokens without authorization and draining liquidity. The official team has urgently advised users to revoke all token approvals granted to the USPD contract. According to the project’s confirmation, the incident was identified as a “CPIMP” attack. During the deployment phase, the attacker used Multicall3 to preemptively initialize the proxy and seize administrator privileges, while disguising the malicious implementation as an audited contract. The hidden logic remained dormant for several months before being activated, allowing the attacker to upgrade the proxy, mint approximately 98 million USPD tokens, and transfer around 232 stETH. The USPD team has disclosed the attacker addresses (Infector: 0x7C97…9d83, Drainer: 0x0833…215A) and stated that they are working with law enforcement and white-hat partners to trace the funds. The team has also offered a 10% bounty if the attacker returns the stolen assets.
Amount of loss: $ 1,000,000 Attack method: "CPIMP" (Clandestine Proxy In the Middle of Proxy) attack
Description of the event: According to cybersecurity firm Blockaid, the official website of the meme coin PEPE was compromised by attackers, who modified the website’s front-end code, causing users visiting the site to be redirected to a malicious page.
Amount of loss: - Attack method: Supply Chain Attack
Description of the event: The decentralized AI data network Port3 Network disclosed on X that its token PORT3 was maliciously minted by a hacker exploiting a cross-chain bridge vulnerability. According to on-chain analyst Yujin, the attacker used a contract flaw in the BridgeIn cross-chain bridge to mint 1 billion PORT3 tokens. The hacker then sold 162.75 million of these tokens on-chain, receiving 199.5 BNB (approximately USD 166,000) and causing the PORT3 price to plunge by 76%. Port3 Network later released an incident report explaining that the root cause stemmed from its use of NEXA Network’s CATERC20 cross-chain token solution. CATERC20 contains a boundary-condition validation vulnerability: after token ownership is renounced, a key function returns a value of 0, which unintentionally satisfies the ownership check condition. This results in permission verification failure, allowing attackers to perform privileged operations—including unauthorized token minting—without proper authorization. Notably, this issue was not identified in the CATERC20 audit report. Since Port3 had previously renounced ownership of the token to achieve greater decentralization, it remained vulnerable to this flaw. Following the incident, the Port3 team urgently removed the remaining on-chain liquidity, and several centralized exchanges suspended PORT3 deposits. Unable to continue selling, the attacker burned the remaining 837.25 million unsold PORT3 tokens approximately 40 minutes earlier.
Amount of loss: $ 166,000 Attack method: Contract Vulnerability
Description of the event: According to a WLFI announcement, prior to the platform’s official launch, some user wallets were compromised due to phishing attacks or mnemonic phrase leaks. WLFI emphasized that the incident was not caused by any platform or smart contract vulnerability, but originated from third-party security issues. The team has developed new smart contract logic that allows assets to be reassigned to secure new wallets after completing KYC verification. Wallets that have not submitted a request or failed verification will remain frozen, though users can initiate the recovery process through customer support. According to Emmett Gallic, World Liberty Fi burned a total of 166.67 million WLFI tokens (worth approximately $22.14 million) from a suspected compromised wallet and reallocated an equal amount of tokens to a new secure address.
Amount of loss: - Attack method: Phishing Attack & Private Key Leakage
Description of the event: SlowMist founder Cos reminded users of the NOFX AI open-source automated trading system to be aware of potential security risks. Although the NOFX AI open-source work has shown good intentions, real theft incidents have already occurred, and some users’ wallet private keys as well as CEX/DEX API keys have been leaked as a result. Cos confirmed that this vulnerability also affects the wallet private key security of Aster users. He stated that SlowMist has collaborated with relevant security teams to notify affected users as much as possible to help reduce risks, and advised users to stay vigilant and take timely security measures.
Amount of loss: - Attack method: Private Key Leakage
Description of the event: Sui’s official X account issued a reminder stating that the X account of Aftermath, a liquid staking protocol in the Sui ecosystem, has been compromised. Users are advised not to interact with the account until the team regains control.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to CertiK Alert, the Garden attacker has transferred 501 BNB and 1,910 ETH (worth approximately $6.65 million) to Tornado Cash.The address starting with 0x98BC still holds around $910,000 in assets.It is reported that Garden Finance suffered an attack on October 31, resulting in a loss of about $10.8 million, after its solver was compromised.
Amount of loss: $ 10,800,000 Attack method: -
Description of the event: GMGN co-founder Haze posted on X (Twitter):"We have noticed a deliberate external phishing attack targeting GMGN. The attacker induced users to click by forging a third-party token website, triggering unauthorized transactions not initiated by the users themselves.Currently, this issue has been completely resolved, affected accounts have been restored to safety, and similar phishing attacks have been fully blocked.This incident affected approximately 107 users.For losses caused by unauthorized control of accounts, we will provide 100% full compensation and distribute it to GMGN accounts within today."
Amount of loss: - Attack method: Phishing Attack
Description of the event: On October 27, GMGN Co-founder Haze posted on X, stating that the team has completed compensation payments to users affected by the MEV attack. He noted that 48 hours earlier, GMGN had suffered an MEV attack involving 729 affected transactions. The team has since finished calculating the losses and distributed compensation to the affected users’ wallets yesterday.
Amount of loss: - Attack method: Sandwich Attack
Description of the event: Astra Nova announced on X that its third-party managed account was compromised, allowing the attacker to take control and liquidate assets. The team stated that they are taking necessary measures and will involve law enforcement once evidence collection is complete. They also emphasized that the smart contracts and infrastructure remain secure. According to monitoring by @ai_9684xtpa, the attacker associated with Astra Nova dumped tokens and gained at least $9.09 million in profit. Among them, the addresses beginning with 0x9E6 and 0x643 profited more than $6.18 million. Except for address 0x643, which used Zerion to sell, most of the sales were executed through 1inch.
Amount of loss: $ 9,090,000 Attack method: -
Description of the event: According to Typus Finance’s post-incident analysis report, on October 15, 2025, an attacker exploited a critical vulnerability in the project’s oracle module to drain funds from the TLP contract. The stolen assets include 588,357.9 SUI, 1,604,034.7 USDC, 0.6 xBTC, and 32.227 suiETH, with an estimated total value of approximately USD 3.44 million.
Amount of loss: $ 3,440,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol dTRINITY suffered an exploit targeting its swap adapter contracts, resulting in the loss of approximately $56,000 belonging to core team members.
Amount of loss: $ 56,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol Hyperdrive, built on the Hyperliquid chain, was exploited. The attacker repeatedly abused an arbitrary call vulnerability in the router, resulting in a loss of approximately $782,000.
Amount of loss: $ 782,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol HyperVault, built on the Hyperliquid chain, has executed a rug pull, making off with approximately $3.61 million.
Amount of loss: $ 3,610,000 Attack method: Rug Pull
Description of the event: According to on-chain investigator ZachXBT, Japan’s financial giant SBI Group may have experienced a security breach involving its cryptocurrency mining subsidiary, SBI Crypto. Wallet addresses associated with the company reportedly saw approximately USD 21 million in suspicious outflows on September 24. The stolen funds included multiple cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Dogecoin (DOGE), and Bitcoin Cash (BCH). The attacker transferred the funds through five instant exchange platforms before ultimately depositing them into the Tornado Cash mixing protocol.
Amount of loss: $ 21,000,000 Attack method: 未知
Description of the event: The DeFi project Corepound, built on the Core DAO blockchain, has carried out a rug pull, making off with approximately $400,000.
Amount of loss: $ 400,000 Attack method: Rug Pull
Description of the event: On September 14, the stablecoin protocol Yala disclosed that a recent security incident occurred when a hacker abused a temporary deployment key during the setup of an authorized cross-chain bridge. The attacker deployed an unauthorized bridge and extracted 7.64 million USDC (approximately 1,636 ETH). On October 29, the suspect involved in the case was arrested by law enforcement in Bangkok, Thailand, and most of the affected funds have been successfully recovered.
Amount of loss: $ 7,640,000 Attack method: Security Vulnerability
Description of the event: Kame Aggregator suffered an exploit due to a design flaw in the swap() function, which allowed arbitrary executor calls. This vulnerability enabled attackers to transfer tokens authorized to the AggregationRouter by users, particularly those with unlimited or oversized approvals. The total value of affected assets was approximately $1.32 million, of which around $946,000 was recovered by the Kame team from the primary exploiter, and about $22,000 was recovered by white-hat hackers.
Amount of loss: $ 1,320,000 Attack method: Contract Vulnerability
Description of the event: Nemo Protocol, a DeFi protocol on Sui, was attacked, resulting in a loss of approximately $2.4 million.
Amount of loss: $ 2,400,000 Attack method: Unknown
Description of the event: The PulseChain-based defi project BetterBank was exploited by an attacker who took advantage of a vulnerability that allowed them to mint arbitrary tokens, some of which they then swapped for ETH. The attacker later returned around $2.7 million of the stolen assets, having cashed out around $1.4 million.
Amount of loss: $ 5,000,000 Attack method: Contract Vulnerability