1903 hack event(s)
Description of the event: According to monitoring by Scam Sniffer, the front end of CoinTelegraph has been hacked—exercise caution. Reportedly, clicking the CoinTelegraph website triggers a pop-up containing “airdrop” information that cannot be closed within the page.
Amount of loss: - Attack method: Frontend Attack
Description of the event: According to monitoring by Scam Sniffer, the front end of CoinMarketCap has been compromised. Users are advised to remain vigilant. Following an investigation, CoinMarketCap confirmed that a total of 76 accounts were affected, with losses amounting to $21,624.47. The platform has pledged to fully reimburse the impacted users.
Amount of loss: $ 21,624 Attack method: Frontend Attack
Description of the event: The private key of a wallet with minting privileges for Web3 security firm Hacken’s native token, HAI, was leaked. According to Hacken, the incident was caused by “human error during architectural changes.” After gaining access to the key, the attacker minted approximately 900 million HAI tokens on Ethereum and BNB Chain—nearly doubling the total supply. While the attacker only profited around $250,000, the exploit caused the token price to plummet by roughly 97%.
Amount of loss: $ 250,000 Attack method: Private Key Leakage
Description of the event: According to reports from social media users, the official X account of Abstract Chain appears to have been compromised. The attacker is impersonating the project to promote a fake “official token” scam.
Amount of loss: - Attack method: Account Compromise
Description of the event: a16z stated on social media:“Earlier today, our X account was briefly compromised. During that time, the account promoted a token and other fake content — none of which originated from a16z. Apologies for any confusion caused by the clowns who temporarily took over our account."
Amount of loss: - Attack method: Account Compromise
Description of the event: The Iran-based Nobitex cryptocurrency exchange suffered a $90 million hack, and the attacker has also promised to imminently release data and source code from the platform. The hacking group appears to have burned the crypto assets, effectively destroying them rather than taking them for their own profits. Gonjeshke Darande (also "Predatory Sparrow"), a hacking group with links to Israel, claimed responsibility for the theft, accusing the platform of serving as a "key regime tool" to finance terror and violate sanctions.
Amount of loss: $ 90,000,000 Attack method: Security Vulnerability
Description of the event: An attacker exploited a vulnerability in the staking contract for Meta Pool, which is a liquid staking project. This allowed them to mint 9,700 mpETH, the project's liquid staking token, which is notionally worth $27 million. However, very low liquidity for the token meant that the attacker was only able to swap 10 ETH (~$25,000) of tokens.
Amount of loss: $ 25,000 Attack method: Contract Vulnerability
Description of the event: Echo Protocol, a project built on the Bitcoin ecosystem, has experienced a compromise of its official X (formerly Twitter) account. Users are advised to refrain from interacting with any recent posts or links and to await official updates through verified channels.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official ether.fi Discord was hacked, and fraudulent messages containing scam links were posted. ether.fi urges users not to interact with any links within the Discord.
Amount of loss: - Attack method: Account Compromise
Description of the event: On June 6, 2025, ALEX Protocol was attacked due to a vulnerability in its on-chain self-listing verification logic, which is constrained by limitations on Stacks. As a result, multiple asset pools were drained, with total losses amounting to approximately $8.37 million.
Amount of loss: $ 8,370,000 Attack method: Contract Vulnerability
Description of the event: The Force Bridge, a cross-chain bridge on the Nervos Network, is suspected to have been compromised, with approximately $3.7 million in assets stolen. The Nervos team has urgently suspended all contracts and is actively investigating the incident.
Amount of loss: $ 3,700,000 Attack method: Unknown
Description of the event: MegaETH stated that its X (formerly Twitter) account has been compromised, warning users not to click on any links or view recent posts.
Amount of loss: - Attack method: Account Compromise
Description of the event: Lending protocol Malda tweeted that one of its contracts has been compromised and all contracts have been paused. Users are advised not to interact with any contracts until further notice.
Amount of loss: $ 281,000 Attack method: Contract Vulnerability
Description of the event: On May 28, SlowMist detected potential suspicious activity related to Cork Protocol. According to the SlowMist security team’s analysis, the root cause of the attack was the lack of strict validation on user-supplied data, allowing the protocol’s liquidity to be manipulated and transferred to unintended markets, which attackers then exploited to perform unauthorized redemptions and profit illegally.
Amount of loss: $ 12,000,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by SlowMist, Usual Protocol suffered a sophisticated arbitrage attack. The attacker exploited a price discrepancy between the protocol’s internal mechanisms and external markets. The core issue lay in the Vault system, which allowed a fixed 1:1 exchange between USD0++ and USD0—despite the two tokens trading at different prices on decentralized exchanges. The attacker strategically created a custom liquidity pool and manipulated the transaction path to trick the Vault into releasing USD0 tokens without receiving the expected sUSDS collateral. These USD0 tokens were then sold on external markets at prices higher than the internal rate, allowing the attacker to profit through arbitrage.
Amount of loss: $ 42,800 Attack method: Contract Vulnerability
Description of the event: On May 22, according to community reports, the SUI ecosystem’s liquidity provider Cetus Protocol was reportedly attacked. Liquidity pool depth dropped sharply, and multiple token pairs on Cetus experienced significant price declines. The estimated losses exceed $230 million. The project announced shortly after that $162 million of the funds had been frozen.
Amount of loss: $ 230,000,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, the digital asset wealth management platform Nexo suffered a sandwich attack due to a lack of access control in one of its contracts, resulting in a loss of approximately $31,000.
Amount of loss: $ 31,535 Attack method: Contract Vulnerability
Description of the event: On May 16th, Demex's lending market Nitron was exploited, resulting in a loss of $950,559 in user funds. According to Demex's post-incident analysis, the root cause of the exploit was a donation-based oracle manipulation attack targeting the deprecated dGLP vault.
Amount of loss: $ 950,559 Attack method: Oracle Attack
Description of the event: Zunami Protocol has reported a hack in which the collateral for zunUSD and zunETH was stolen, resulting in a loss of approximately $500,000. The attacker has transferred the stolen funds to Tornado Cash.
Amount of loss: $ 500,000 Attack method: Unknown
Description of the event: ZKsync Developers posted on X that the official X accounts of both ZKsync and Matter Labs have been compromised. Please do not interact with these accounts or click on any related links.
Amount of loss: - Attack method: Account Compromise