2025 hack event(s)
Description of the event: An attacker exploited a vulnerability in the Venus Protocol, utilizing flash loans to acquire a substantial amount of assets. In this attack, the attacker’s address (0x1a35...6231) successfully obtained 20 BTC, 1.5 million CAKE, and 200 BNB, with a total value exceeding $3.7 million. To execute the operation, the attacker used a large quantity of THE tokens as collateral to borrow CAKE, BTCB, and BNB, triggering continuous liquidations of THE tokens. According to the latest investigation by Allez Labs, the risk management team for Venus Protocol, the attack originated from manipulation of the supply cap in the BNB Chain core pool. Starting in June 2025, the attacker gradually accumulated THE tokens, increasing their holdings over nine months to 84% of the supply cap (approximately 14.5 million THE). Subsequently, the attacker bypassed the normal deposit process by directly transferring tokens to the protocol contracts, completely circumventing the supply cap and ultimately establishing a position of 53.2 million THE—3.67 times the designated limit. Exploiting the low on-chain liquidity of THE tokens, the attacker manipulated the TWAP oracle, driving THE’s price from $0.27 to $0.53, thereby borrowing significant amounts of other assets. At its peak, the attacker used 53.2 million THE as collateral to borrow 6.67 million CAKE, 2,801 BNB, 1,970 WBNB, 1.58 million USDC, and 20 BTCB. To prevent further losses, Venus Protocol has suspended borrowing and withdrawal functionalities for markets involving THE assets, as well as other markets with highly concentrated liquidity, such as BCH, LTC, UNI, AAVE, FIL, and TWT. However, other Venus markets remain unaffected and continue to operate normally. Venus stated it will continue collaborating with security partners to conduct a thorough investigation of the incident and provide timely updates.
Amount of loss: $ 2,150,000 Attack method: Flash Loan assisted Oracle Manipulation Attack
Description of the event: Tom, a member of the Bonk.fun team, issued an urgent warning on X, advising users not to use the bonk.fun domain for the time being, as hackers have taken over a team account and forcibly injected a wallet-draining script into the website.
Amount of loss: - Attack method: Domain Hijacking
Description of the event: According to monitoring by BlockSec Phalcon, the DBXen contract was attacked this morning, with estimated losses of approximately $150,000.The root cause lies in a sender identity inconsistency within the ERC-2771 meta-transaction mechanism.
Amount of loss: $ 150,000 Attack method: Logic Vulnerability
Description of the event: The AM/USDT pool on the BSC chain was exploited several hours ago, with estimated losses of approximately $131,000. The root cause lies in a vulnerability within the burn mechanism, which was exploited to manipulate the AM reserves in the pool and artificially inflate the token price. The attacker first manipulated the toBurnAmount and then triggered the burn logic after the AM balance in the pool had been adjusted. This drove the AM reserves down to an unnaturally low level, allowing the attacker to sell AM back to the pool at an inflated price to realize a profit.
Amount of loss: $ 131,000 Attack method: Leveraging flash loans for reserve manipulation
Description of the event: The NFT platform Gondi recently suffered a smart contract vulnerability attack, resulting in the theft of approximately 78 NFTs, with losses of about $230,000. According to an official announcement from Gondi, the attack is related to the new Sell & Repay contract deployed on February 20. Its Purchase Bundler function contained a logical flaw and failed to properly verify whether the caller was the legitimate owner or borrower of the NFT. The stolen NFTs include 44 Art Blocks, 10 Doodles, and 2 Beeple artworks, among others.
Amount of loss: $ 230,000 Attack method: Contract Vulnerability
Description of the event: The Bitcoin staking protocol Solv Protocol stated on X that its BRO Vault experienced a limited exploit. Fewer than 10 users were affected, with a loss of 38.0474 SolvBTC (approximately $2.7 million). Other vaults and user funds were not impacted, and mitigation measures have already been implemented to prevent similar incidents. The team has committed to fully covering the losses of the affected users. They also told the attacker that a 10% white-hat bounty will be offered if the funds are returned promptly. The attacker can contact the team via direct message or by sending an on-chain message to a designated address.
Amount of loss: $ 2,700,000 Attack method: Contract Vulnerability
Description of the event: According to BlockSec Phalcon’s monitoring, its system detected a suspicious transaction targeting an Inverse Finance contract on Ethereum several hours ago, resulting in a loss of approximately $240,000. The incident appears to involve DOLA price manipulation, which forced multiple users to liquidate their positions.
Amount of loss: $ 240,000 Attack method: Unknown
Description of the event: Stake Nova suffered a loss of approximately $137,014, representing about 95% of user deposits. The root cause was an unchecked validation issue in the RedeemNovaSol() function, which led to a flash-loan exploit that drained the liquidity pool. The vulnerability has now been fixed, the dApp has been taken offline, and the website is currently under maintenance. The team is offering a 10% on-chain bounty to the attacker; otherwise, they stated they will continue to pursue accountability.
Amount of loss: $ 137,014 Attack method: Business Logic Vulnerability
Description of the event: The privacy gaming platform FOOMCASH was attacked on Base and Ethereum, resulting in a loss of 24,283,773,519,600 $FOOM (approximately $2.26 million). The vulnerability was caused by a misconfiguration of the verification key, which the attacker exploited to forge zkSNARK proofs and subsequently extract a massive amount of $FOOM from the compromised contracts.
Amount of loss: $ 2,260,000 Attack method: Contract Vulnerability
Description of the event: The Holdstation team has confirmed on X that its DeFAI Smart Wallet product experienced a security incident. According to the latest update, the total loss has been confirmed at approximately 462,000 USDT. The team stated that they are currently investigating the root cause of the incident and strengthening multiple layers of security protections. They have also begun formulating a compensation plan, with detailed arrangements and an execution timeline to be announced to the community at a later stage.
Amount of loss: $ 462,000 Attack method: Unknown
Description of the event: WLFI announced on X that USD1 experienced an organized attack this morning. The attackers reportedly compromised the accounts of several WLFI co-founders, paying influencers to spread FUD (Fear, Uncertainty, and Doubt) and heavily shorting $WLFI in an attempt to profit from artificially created market chaos. WLFI stated that the operation failed. Thanks to USD1’s robust minting and redemption mechanisms and its 100% 1:1 asset backing, USD1 remains stable and is currently trading near its par value. The team emphasized that no bad actors can shake their long-term commitment to USD1. Meanwhile, WLFI reminded users to obtain accurate information only through officially verified channels and to be wary of misleading content.
Amount of loss: - Attack method: Social Engineering
Description of the event: The IoT-focused public chain IoTeX suffered a professional hacker attack caused by a private key compromise of the ioTube bridge’s Ethereum-side validator owner. This allowed the attacker to gain administrative privileges and illicitly extract assets from the token safe. According to the official confirmation on February 24, the incident resulted in approximately $4.4 million in asset losses (including USDC, USDT, IOTX, and WBTC). The hacker converted most of the stolen funds into roughly 2,183 ETH and bridged them to the Bitcoin network via THORChain (with approximately 66.6 BTC currently tracked). The IoTeX team has implemented security enhancements and address blacklisting via the v2.3.4 mainnet upgrade. They have also issued an on-chain ultimatum: the attacker can receive a 10% white-hat bounty (approx. $440,000) and be exempted from legal liability if the funds are returned within 48 hours. A compensation plan for affected users is currently being finalized.
Amount of loss: $ 4,400,000 Attack method: Private Key Leakage
Description of the event: According to Decrypt, the DeFi lending protocol Moonwell incurred approximately $1.78 million in bad debt due to an oracle configuration error.
Amount of loss: $ 1,780,000.00 Attack method: Oracle Misconfiguration
Description of the event: Arbitrum has issued a security alert: The official X account for Arbitrum Governance (@arbitrumdao_gov) has been compromised. Do not click on any links posted by this account or engage with it. The team is working to restore access and will provide further updates soon.
Amount of loss: - Attack method: Account hacked
Description of the event: The cross-chain liquidity protocol CrossCurve (formerly EYWA) has confirmed that its cross-chain bridge protocol is under attack, due to a vulnerability in its smart contract that was exploited, resulting in the theft of approximately USD 3 million across multiple networks. Blockchain security firm Defimon Alerts identified that the attack vector exploited a gateway verification bypass vulnerability in CrossCurve’s ReceiverAxelar contract. Analysis shows that anyone could use a forged cross-chain message to call the contract’s expressExecute function, thereby bypassing the intended gateway verification and triggering unauthorized token unlocks on the protocol’s PortalV2 contract. Subsequently, CrossCurve issued a security update regarding the $EYWA token, stating that the exploitation has been successfully contained.
Amount of loss: $ 3,000,000 Attack method: Smart Contract Vulnerability
Description of the event: Step Finance has issued a statement on X regarding a recent exploit, disclosing that approximately $40 million was stolen from its treasury due to a compromise of an executive's device. Upon detecting the vulnerability, Step Finance launched an investigation in collaboration with cybersecurity researchers and relevant authorities, and has notified law enforcement. While certain operations were temporarily suspended during this period, the team has successfully recovered approximately $3.7 million in Remora assets and $1 million in other positions.
Amount of loss: $ 40,000,000 Attack method: Supply Chain Attack
Description of the event: According to BlockSec monitoring, an unknown contract on the BSC network was exploited. The attacker leveraged a design flaw in the “burn pair” mechanism to execute two reverse swaps, resulting in losses of approximately $100,000. The attacker first drained PGNLZ tokens, then triggered PGNLP burns and price manipulation, ultimately siphoning off most of the USDT from the liquidity pool.
Amount of loss: $100,000 Attack method: Contract Vulnerability
Description of the event: Solar, the official Solana Mandarin community, highly suspects its official X account (@Solana_zh) has been hacked. The team currently lacks access and is working urgently with X support to resolve the issue. Recovery time is TBD.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to PeckShield, Matcha Meta reported that SwapNet suffered a security breach, with losses reaching $16.8 million. The attacker swapped approximately 10.5 million USDC for around 3,655 ETH on Base, and has begun bridging the funds to Ethereum. BlockSec’s analysis indicates that the affected contract is not open-sourced and appears to contain an arbitrary call vulnerability. The attacker abused existing token approval mechanisms to execute transferFrom operations and steal assets. The cumulative losses are estimated at $13.37 million on Base, $3.53 million on Ethereum, $125,000 on Arbitrum, and $15,000 on BSC.
Amount of loss: $ 16,800,000 Attack method: Contract Vulnerability
Description of the event: Aperture Finance posted on X stating that it has detected an exploit affecting Aperture V3/V4 contracts. To prevent new approvals, core functionalities have been suspended in the front-end application, and the team is working with security partners to investigate the root cause of the incident. Previously, Aperture Finance suffered an attack with losses totaling approximately $3.67 million. On February 5, according to monitoring by PeckShield, a labeled attacker address related to Aperture Finance has deposited 1,242.7 ETH (approximately $2.4 million) into the privacy protocol Tornado Cash.
Amount of loss: $ 3,670,000 Attack method: Contract Vulnerability