2009 hack event(s)
Description of the event: According to BlockSec monitoring, an unknown contract on the BSC network was exploited. The attacker leveraged a design flaw in the “burn pair” mechanism to execute two reverse swaps, resulting in losses of approximately $100,000. The attacker first drained PGNLZ tokens, then triggered PGNLP burns and price manipulation, ultimately siphoning off most of the USDT from the liquidity pool.
Amount of loss: $100,000 Attack method: Contract Vulnerability
Description of the event: Solar, the official Solana Mandarin community, highly suspects its official X account (@Solana_zh) has been hacked. The team currently lacks access and is working urgently with X support to resolve the issue. Recovery time is TBD.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to PeckShield, Matcha Meta reported that SwapNet suffered a security breach, with losses reaching $16.8 million. The attacker swapped approximately 10.5 million USDC for around 3,655 ETH on Base, and has begun bridging the funds to Ethereum. BlockSec’s analysis indicates that the affected contract is not open-sourced and appears to contain an arbitrary call vulnerability. The attacker abused existing token approval mechanisms to execute transferFrom operations and steal assets. The cumulative losses are estimated at $13.37 million on Base, $3.53 million on Ethereum, $125,000 on Arbitrum, and $15,000 on BSC.
Amount of loss: $ 16,800,000 Attack method: Contract Vulnerability
Description of the event: Aperture Finance posted on X stating that it has detected an exploit affecting Aperture V3/V4 contracts. To prevent new approvals, core functionalities have been suspended in the front-end application, and the team is working with security partners to investigate the root cause of the incident. Previously, Aperture Finance suffered an attack with losses totaling approximately $3.67 million.
Amount of loss: $ 3,670,000 Attack method: Contract Vulnerability
Description of the event: Scroll alerted on X that the X account of co-founder @shenhaichen has been compromised. They are actively working to recover the account and advise users not to interact with any links or direct messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to an official announcement from Saga, the SagaEVM chain has suffered an attack involving a series of malicious contract deployments, cross-chain operations, and liquidity withdrawals. The attacker transferred approximately $7 million worth of USDC, yUSD, ETH, and tBTC, which have since been consolidated into ETH and sent to the address 0x2044…6ecb. Following the incident, SagaEVM was halted at block height 6,593,800. The Saga team is currently working with exchanges and cross-chain bridge providers to block the attacker’s address. A comprehensive technical post-mortem will be released in due course. The Saga SSC mainnet and other chains remain unaffected.
Amount of loss: $7,000,000 Attack method: Unknown
Description of the event: According to an announcement from Paradex, the internal systems of the Mithril trading bot were compromised by an attacker, resulting in the exposure of approximately 57 user subkeys. While these subkeys do not allow withdrawals, they grant trading permissions and are commonly used to connect third-party applications and trading bots. Paradex has suspended all XP transfers and revoked all subkeys associated with Mithril. The affected users are limited to accounts that had previously authorized the Mithril bot. The team also reminded users to exercise caution when authorizing third-party services and to independently assess the associated risks.
Amount of loss: - Attack method: Unknown
Description of the event: According to a BlockSec alert, the SynapLogic contract lacked critical parameter validation in the swapExactTokensForETHSupportingFeeOnTransferTokens function, allowing attackers to manipulate the whitelist logic and designate arbitrary recipient addresses. In addition, the contract failed to verify whether the total amount of native tokens distributed exceeded the actual payment made, enabling attackers to withdraw excess native tokens while simultaneously receiving newly minted SYP, resulting in losses of approximately $186,000.
Amount of loss: $ 186,000 Attack method: Smart Contract Vulnerability
Description of the event: According to PeckShieldAlert monitoring, the Makinafi protocol was exploited by hackers, resulting in a loss of approximately 1,299 ETH (about $4.13 million). The stolen funds are currently held in two addresses: 0xbed2...dE25 (around $3.3 million) and 0x573d...910e (around $880,000). News on January 23: Makina, a DeFi execution engine, posted on X stating that at 21:15 on January 22, the MEV Builder returned funds according to the SEAL Safe Harbor, deducting a 10% bounty. Approximately 920 ETH (out of 1,023 ETH collected) was returned, accounting for a portion of the total ~1,299 ETH stolen. The funds have been transferred to the recovery multi-sig address 0xc22F...8AB9. The team is continuing to pursue the remaining funds and is seeking to contact the RocketPool validator address 0x573D...910E, which received approximately 276 ETH.
Amount of loss: $ 4,130,000 Attack method: Oracle Price Manipulation Attack via Flash Loan
Description of the event: The FutureSwap protocol deployed on Arbitrum was exploited again via a reentrancy vulnerability, following its first attack four days ago, resulting in a loss of approximately $74,000. The attacker had previously abused the reentrancy function 0x5308fcb1 three days earlier to over-mint LP tokens, and after the cooldown period expired, redeemed the excess collateralized assets to realize profit.
Amount of loss: $ 74,000 Attack method: Reentrancy Attack
Description of the event: The blockchain verification protocol Truebit was suspected to have been hacked, losing 8,535 ETH, valued at approximately $26.44 million.
Amount of loss: $ 26,440,000 Attack method: Unknown
Description of the event: The Polymarket-based trading bot project Polycule has been hacked. The Polycule team stated that approximately $230,000 in user funds were affected in this incident. The related bots have been taken offline, and patching and security audits are expected to be completed before the end of this week.
Amount of loss: $ 230,000 Attack method: Contract Vulnerability
Description of the event: CertiK Alert tweeted that the X account of Darren Lau, founder of The Daily Ape, has been compromised by hackers. The CertiK security team warns users not to click any links or approve any transactions before control of the account is restored, and to remain vigilant.
Amount of loss: - Attack method: The X account was hacked
Description of the event: According to CertiK Alert, a vulnerability involving a contract related to TMX on Arbitrum has been detected, with estimated losses of around $1.4 million. During the exploit loop, the attacker minted and staked TMX LP tokens using USDT, then swapped USDT for USDG, unstaked, and sold even more USDG.
Amount of loss: $ 1,400,000 Attack method: Contract vulnerability
Description of the event: Fusion has released a security update stating that its IPOR USDC Fusion Optimizer contains a vulnerability in the Arbitrum Vault. The IPOR team was notified and confirmed on January 6 that the vulnerability had resulted in a loss of approximately $336,000 USDC. This exploit only affected a specific older version of the Fusion Vault, and due to its unique configuration, it was the only vault susceptible to this particular attack vector. According to further analysis by SlowMist, the root cause of the incident lies in the underlying contract delegated by the EOA account controlled via EIP‑7702, which contained a security flaw allowing arbitrary external calls. The attacker exploited this flaw to create and configure a malicious circuit-breaker contract targeting the Plasma Vault, thereby illicitly extracting funds from the vault. The official statement noted that the loss represents less than 1% of the total funds secured by Fusion. The team is currently working with Security Alliance to track the funds and attempt recovery. IPOR DAO will cover the deficit from its treasury, and all affected depositors will receive full compensation. Additionally, according to CertiK, approximately $267,000 of the stolen funds have been cross‑chain transferred to the Ethereum network and subsequently moved into Tornado Cash. On January 7, the IPOR team announced on X that the funds have been recovered, and a 10% bounty agreement has been reached with the white-hat party, which will be covered by the IPOR DAO. The incident has now been concluded as a good-faith white-hat security event.
Amount of loss: $ 336,000 Attack method: Contract Vulnerability
Description of the event: The X (formerly Twitter) account of Bitlight Labs, a Bitcoin RGB protocol and Lightning Network stablecoin payment infrastructure provider, was suspected of being compromised and posted content related to a meme token.
Amount of loss: - Attack method: Account Compromise
Description of the event: Multiple suspicious transactions involving proxy contracts were detected on Arbitrum (ARB), with estimated losses of approximately $1.5 million. Preliminary analysis indicates that the sole deployer of the USDGambit and TLP projects may have lost access to their account. Subsequently, the attacker deployed a new contract and updated the ProxyAdmin permissions to seize control. The stolen funds were then bridged to the Ethereum network and deposited into Tornado Cash.
Amount of loss: $ 1,500,000 Attack method: Access control vulnerability
Description of the event: According to TenArmorAlert, a sandwich attack involving OLY has been detected on BSC, causing estimated losses of around $63,400.
Amount of loss: $ 63,400 Attack method: Sandwich attack
Description of the event: SlowMist team has issued a security advisory stating that it has identified a potentially critical vulnerability on the HitBTC exchange platform. The issue has been responsibly disclosed to HitBTC in advance via private channels; however, no response has been received so far. The team urges HitBTC to make contact as soon as possible to coordinate follow-up remediation efforts.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: The Unleash Protocol project deployed on Story Protocol suffered an unauthorized contract upgrade, followed by the malicious transfer of user assets. The attacker manipulated the project’s multisig governance privileges to perform the upgrade, resulting in the theft and cross-chain transfer of assets including WIP, USDC, WETH, stIP, and vIP to external addresses. The currently confirmed loss is approximately USD 3.9 million. Unleash has suspended all operations and initiated a full investigation and audit process, urging users to refrain from interacting with its contracts. Story Protocol itself remains unaffected.
Amount of loss: $ 3,900,000 Attack method: Privilege compromise