362 hack event(s)
Description of the event: The DeFi protocol dTRINITY suffered an exploit targeting its swap adapter contracts, resulting in the loss of approximately $56,000 belonging to core team members.
Amount of loss: $ 56,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol Hyperdrive, built on the Hyperliquid chain, was exploited. The attacker repeatedly abused an arbitrary call vulnerability in the router, resulting in a loss of approximately $782,000.
Amount of loss: $ 782,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol HyperVault, built on the Hyperliquid chain, has executed a rug pull, making off with approximately $3.61 million.
Amount of loss: $ 3,610,000 Attack method: Rug Pull
Description of the event: The DeFi project Corepound, built on the Core DAO blockchain, has carried out a rug pull, making off with approximately $400,000.
Amount of loss: $ 400,000 Attack method: Rug Pull
Description of the event: Stablecoin protocol Yala announced that a recent security incident occurred due to a hacker abusing temporary deployment keys during an authorized cross-chain bridge deployment, setting up an unauthorized bridge and extracting 7.64M USDC (approximately 1,636 ETH).
Amount of loss: $ 7,640,000 Attack method: Security Vulnerability
Description of the event: Kame Aggregator suffered an exploit due to a design flaw in the swap() function, which allowed arbitrary executor calls. This vulnerability enabled attackers to transfer tokens authorized to the AggregationRouter by users, particularly those with unlimited or oversized approvals. The total value of affected assets was approximately $1.32 million, of which around $946,000 was recovered by the Kame team from the primary exploiter, and about $22,000 was recovered by white-hat hackers.
Amount of loss: $ 1,320,000 Attack method: Contract Vulnerability
Description of the event: Nemo Protocol, a DeFi protocol on Sui, was attacked, resulting in a loss of approximately $2.4 million.
Amount of loss: $ 2,400,000 Attack method: Unknown
Description of the event: The PulseChain-based defi project BetterBank was exploited by an attacker who took advantage of a vulnerability that allowed them to mint arbitrary tokens, some of which they then swapped for ETH. The attacker later returned around $2.7 million of the stolen assets, having cashed out around $1.4 million.
Amount of loss: $ 5,000,000 Attack method: Contract Vulnerability
Description of the event: The Bitcoin-based memecoin launchpad ODIN.FUN suffered an exploit, losing approximately 58.2 BTC (around $7 million). The attacker allegedly manipulated the prices of several tokens and then withdrew bitcoin based on the inflated values. On August 17, ODIN.FUN co-founder Bob Bodily stated: “Made great progress on funds today (as many of you already saw). 30+ BTC back into Odin. More funds in progress too.”
Amount of loss: $ 7,000,000 Attack method: Price Manipulation
Description of the event: The AI agent protocol Swarms disclosed on the X platform that its community Discord account had been compromised. Earlier today, a team member’s Discord account was breached after receiving a malicious direct message from a user. As a result, the attacker deleted several channels and removed over 300 community members.
Amount of loss: - Attack method: Account Compromise
Description of the event: The @synthetix_io main X(Twitter) account has been hacked. Please DO NOT interact with links from this account while we work to regain control.
Amount of loss: - Attack method: Account Compromise
Description of the event: The @PANewsCN X account has been compromised. Do not click on any recent links or interact with its posts. Please wait for an official update.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by Scam Sniffer, the front end of CoinTelegraph has been hacked—exercise caution. Reportedly, clicking the CoinTelegraph website triggers a pop-up containing “airdrop” information that cannot be closed within the page.
Amount of loss: - Attack method: Frontend Attack
Description of the event: According to monitoring by Scam Sniffer, the front end of CoinMarketCap has been compromised. Users are advised to remain vigilant. Following an investigation, CoinMarketCap confirmed that a total of 76 accounts were affected, with losses amounting to $21,624.47. The platform has pledged to fully reimburse the impacted users.
Amount of loss: $ 21,624 Attack method: Frontend Attack
Description of the event: The private key of a wallet with minting privileges for Web3 security firm Hacken’s native token, HAI, was leaked. According to Hacken, the incident was caused by “human error during architectural changes.” After gaining access to the key, the attacker minted approximately 900 million HAI tokens on Ethereum and BNB Chain—nearly doubling the total supply. While the attacker only profited around $250,000, the exploit caused the token price to plummet by roughly 97%.
Amount of loss: $ 250,000 Attack method: Private Key Leakage
Description of the event: a16z stated on social media:“Earlier today, our X account was briefly compromised. During that time, the account promoted a token and other fake content — none of which originated from a16z. Apologies for any confusion caused by the clowns who temporarily took over our account."
Amount of loss: - Attack method: Account Compromise
Description of the event: Mehdi Farooq, a partner at crypto VC firm Hypersphere, disclosed on X that he fell victim to a fake Zoom meeting phishing attack, resulting in the draining of six crypto wallets and the loss of his savings accumulated over several years. The attack began when an acquaintance, “Alex Lin,” reached out via Telegram to schedule a meeting. Citing compliance reasons, the attacker convinced Farooq to switch to Zoom Business and tricked him into downloading a malicious update.
Amount of loss: - Attack method: Social Engineering
Description of the event: Echo Protocol, a project built on the Bitcoin ecosystem, has experienced a compromise of its official X (formerly Twitter) account. Users are advised to refrain from interacting with any recent posts or links and to await official updates through verified channels.
Amount of loss: - Attack method: Account Compromise
Description of the event: On June 6, 2025, ALEX Protocol was attacked due to a vulnerability in its on-chain self-listing verification logic, which is constrained by limitations on Stacks. As a result, multiple asset pools were drained, with total losses amounting to approximately $8.37 million.
Amount of loss: $ 8,370,000 Attack method: Contract Vulnerability
Description of the event: The vulnerability originated in the Migrator.sol contract. The contract allowed the Mendi Comptroller address to be passed dynamically, rather than being hardcoded. This enabled the attacker to supply their own malicious Comptroller, mint a synthetic position on Malda, and withdraw approximately $285,000.
Amount of loss: $ 285,000 Attack method: Contract Vulnerability