1856 hack event(s)
Description of the event: According to an announcement from blockchain payment platform UPCX, unauthorized activity was detected in its management accounts. As a precaution, the platform has urgently suspended UPC deposits and withdrawals. The official statement assures that user assets remain unaffected, and an active investigation is underway to determine the cause of the incident, with further updates to follow. Earlier reports suggested that an unauthorized party had accessed UPCX’s official addresses. The attacker allegedly transferred a total of 18.4 million UPC (approximately $70 million) from three management accounts.
Amount of loss: $ 70,000,000 Attack method: Unknown
Description of the event: According to the SlowMist MistEye security monitoring system, the leveraged trading project SIR.trading (@leveragesir) on the Ethereum chain has been attacked, resulting in a loss of over $300,000 in assets. The root cause of this hack is that the transiently stored value set using tstore in the function was not cleared after the function call ended. This allowed the attacker to exploit this characteristic by constructing specific malicious addresses to bypass permission checks and transfer tokens.
Amount of loss: $ 355,000 Attack method: Contract Vulnerability
Description of the event: An attacker using a flash loan attack stole $13 million in the Magic Internet Money token from the Abracadabra project. The attack was enabled by a bug in the platform's smart contracts, and the hacker ultimately made off with around 6,262 ETH.
Amount of loss: $ 13,000,000 Attack method: Contract Vulnerability
Description of the event: RWA restaking platform Zoth suffered a $8.29 million hack after an attacker gained access to admin privileges that allowed them to modify the platform's smart contracts. The hacker "upgraded" the contract to a malicious version, then withdrew $8.45 million in USD0++, a token issued by the Usual protocol. After swapping the assets into various other tokens, they were left with 4,223 ETH (~$8.29 million).
Amount of loss: $ 8,290,000 Attack method: Private Key Leakage
Description of the event: The media platform Watcher.Guru, which focuses on cryptocurrency and financial market news, posted on X that its account was hacked today. Watcher.Guru is still investigating the specific method of the breach and has contacted X's official team for further clarification.
Amount of loss: - Attack method: Account Compromise
Description of the event: BNB-based memecoin launchpad Four.Meme was attacked. According to the SlowMist security team’s analysis, the attacker purchased a small amount of tokens before launch through the 0x7f79f6df function of Four.Meme, and used this feature to send tokens to a specified PancakeSwap Pair address that had not yet been created. This allowed the attacker to create the Pair and add liquidity without needing to transfer the yet-to-be-launched tokens to the Pair, bypassing the transfer restrictions (MODE_TRANSFER_RESTRICTED) that applied before the Four.Meme Token launch. Ultimately, the attacker was able to add liquidity at an unintended price to steal pool liquidity.
Amount of loss: $ 130,000 Attack method: Price Manipulation
Description of the event: On March 18, the Simple Staking pools of Voltage Finance, a DeFi platform built on the Fuse Network, suffered an unauthorized withdrawal, resulting in a total loss of $171,027.20 in USDCE and $151,085.87 in WETH.
Amount of loss: $ 320,000 Attack method: Contract Vulnerability
Description of the event: Kaito official representative Sandra (@sandraaleow) posted on X that Kaito AI founder Yu Hu and Kaito's X account have been compromised. However, no KAITO wallets have been affected.
Amount of loss: - Attack method: Account Compromise
Description of the event: Berally, a platform for social trading using AI agents within the Berachain ecosystem, is suspected to have been hacked. The official statement reads: “Partial information of the deployer's key was leaked, leading to the sell-off of all vesting tokens and withdrawal of funds from the liquidity pool. The dApp contract remains secure and unaffected by the hack, but please temporarily revoke access to the dApp and Staking. An investigation is underway, and an update will be provided as soon as possible.”
Amount of loss: $ 90,000 Attack method: Private Key Leakage
Description of the event: Zoth, a restaking platform for "real world assets" (or RWAs), was hacked for around $ 285,000 when an exploiter discovered a bug in the platform's collateral calculations.
Amount of loss: $ 285,000 Attack method: Contract Vulnerability
Description of the event: Jupiter co-founder Meow's X account was reportedly hacked and posted token CA-related content, which has now been deleted. Users are advised to stay vigilant.
Amount of loss: - Attack method: Account Compromise
Description of the event: An attacker exploited a smart contract belonging to the 1inch DEX aggregator, stealing $5 million in the USDC stablecoin and wETH. According to the platform, the vulnerability existed in "smart contracts using the obsolete Fusion v1 implementation", and the stolen funds belonged to resolvers (that is, entities that fulfill 1inch orders) rather than users.
Amount of loss: $ 5,000,000 Attack method: Contract Vulnerability
Description of the event: According to Pond.fun's official disclosure, the Linea-based meme coin launchpad Pond.fun was hacked this morning. Initial on-chain and off-chain evidence suggests that Pond.fun’s lead software engineer was behind the attack. The attacker drained liquidity from the Pond.fun smart contract and sold off the project tokens.
Amount of loss: $ 145,000 Attack method: Insider Manipulation
Description of the event: According to Yonhap News Agency, Kim Seok-hwan, a representative of Wemix Foundation, a blockchain subsidiary of Wemade, admitted at an emergency meeting that they lost approximately 8.65 million WEMIX tokens (worth about $6.22 million) due to a hack. On February 28, the hacker stole the authentication key of the NFT platform "Nile" and attacked the Play Bridge Vault system.
Amount of loss: $ 6,220,000 Attack method: Security Vulnerability
Description of the event: Pumpfun's X account has been hacked, and the attacker is using it to promote fake tokens.
Amount of loss: - Attack method: Account Compromise
Description of the event: Suji Yan, the founder of the Mask Network, suffered the loss of more than $4 million in various cryptocurrency assets to an apparent wallet hack.
Amount of loss: $ 4,000,000 Attack method: Unknown
Description of the event: The crypto-focused stablecoin neobank Infini was attacked, with the attacker gaining access to a wallet with admin rights and stealing nearly $50 million from the company.
Amount of loss: $ 50,000,000 Attack method: Lack of Strict Access Control
Description of the event: On February 21, 2025, on-chain investigator ZachXBT revealed a large-scale outflow of funds from the Bybit platform, resulting in the theft of over $1.46 billion.
Amount of loss: $ 1,500,000,000 Attack method: Wallet Stolen
Description of the event: On February 18, 2025, Abstract discovered a security incident involving the Cardex app within The Portal, affecting approximately 9,000 wallets with a total loss of around $400,000 in ETH. A leaked key in Cardex's frontend code led to the compromise of the session signer wallet. Since this wallet was shared across all sessions, all users who had created sessions on Cardex were impacted.
Amount of loss: $ 400,000 Attack method: Private Key Leakage
Description of the event: According to community reports, the X account of ai16z founder Shaw has allegedly been compromised by hackers. Users are advised to exercise caution and avoid interacting with suspicious links.
Amount of loss: - Attack method: Account Compromise