1909 hack event(s)
Description of the event: The @PANewsCN X account has been compromised. Do not click on any recent links or interact with its posts. Please wait for an official update.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by the MistEye system, decentralized stablecoin protocol Resupply appears to have suffered an exploit, with estimated losses of around $9.5 million. The attacker manipulated the cvcrvUSD exchange rate by making donation transactions to the cvcrvUSD Controller contract, ultimately stealing a large amount of reUSD tokens.
Amount of loss: $ 9,500,000 Attack method: Contract Vulnerability
Description of the event: A suspicious attack involving MEV bot 0xb5cb occurred on BSC, resulting in losses of approximately $2 million.
Amount of loss: $ 2,000,000 Attack method: Contract Vulnerability
Description of the event: According to Silo Labs' postmortem report, an unreleased leverage feature smart contract deployed on Ethereum mainnet and Sonic was exploited during its testing phase. The affected contract was separate from Silo’s core infrastructure. The attacker manipulated the _swapArgs parameter within the contract to execute unauthorized borrowing, leveraging user approvals granted during testing. The exploit resulted in a loss of 224 ETH, which belonged to SiloDAO. No user funds were at risk, as the feature had not yet been made public.
Amount of loss: $ 542,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by Scam Sniffer, the front end of CoinTelegraph has been hacked—exercise caution. Reportedly, clicking the CoinTelegraph website triggers a pop-up containing “airdrop” information that cannot be closed within the page.
Amount of loss: - Attack method: Frontend Attack
Description of the event: According to monitoring by Scam Sniffer, the front end of CoinMarketCap has been compromised. Users are advised to remain vigilant. Following an investigation, CoinMarketCap confirmed that a total of 76 accounts were affected, with losses amounting to $21,624.47. The platform has pledged to fully reimburse the impacted users.
Amount of loss: $ 21,624 Attack method: Frontend Attack
Description of the event: The private key of a wallet with minting privileges for Web3 security firm Hacken’s native token, HAI, was leaked. According to Hacken, the incident was caused by “human error during architectural changes.” After gaining access to the key, the attacker minted approximately 900 million HAI tokens on Ethereum and BNB Chain—nearly doubling the total supply. While the attacker only profited around $250,000, the exploit caused the token price to plummet by roughly 97%.
Amount of loss: $ 250,000 Attack method: Private Key Leakage
Description of the event: According to reports from social media users, the official X account of Abstract Chain appears to have been compromised. The attacker is impersonating the project to promote a fake “official token” scam.
Amount of loss: - Attack method: Account Compromise
Description of the event: a16z stated on social media:“Earlier today, our X account was briefly compromised. During that time, the account promoted a token and other fake content — none of which originated from a16z. Apologies for any confusion caused by the clowns who temporarily took over our account."
Amount of loss: - Attack method: Account Compromise
Description of the event: Mehdi Farooq, a partner at crypto VC firm Hypersphere, disclosed on X that he fell victim to a fake Zoom meeting phishing attack, resulting in the draining of six crypto wallets and the loss of his savings accumulated over several years. The attack began when an acquaintance, “Alex Lin,” reached out via Telegram to schedule a meeting. Citing compliance reasons, the attacker convinced Farooq to switch to Zoom Business and tricked him into downloading a malicious update.
Amount of loss: - Attack method: Social Engineering
Description of the event: The Iran-based Nobitex cryptocurrency exchange suffered a $90 million hack, and the attacker has also promised to imminently release data and source code from the platform. The hacking group appears to have burned the crypto assets, effectively destroying them rather than taking them for their own profits. Gonjeshke Darande (also "Predatory Sparrow"), a hacking group with links to Israel, claimed responsibility for the theft, accusing the platform of serving as a "key regime tool" to finance terror and violate sanctions.
Amount of loss: $ 90,000,000 Attack method: Unknown
Description of the event: An attacker exploited a vulnerability in the staking contract for Meta Pool, which is a liquid staking project. This allowed them to mint 9,700 mpETH, the project's liquid staking token, which is notionally worth $27 million. However, very low liquidity for the token meant that the attacker was only able to swap 10 ETH (~$25,000) of tokens.
Amount of loss: $ 25,000 Attack method: Contract Vulnerability
Description of the event: Echo Protocol, a project built on the Bitcoin ecosystem, has experienced a compromise of its official X (formerly Twitter) account. Users are advised to refrain from interacting with any recent posts or links and to await official updates through verified channels.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official ether.fi Discord was hacked, and fraudulent messages containing scam links were posted. ether.fi urges users not to interact with any links within the Discord.
Amount of loss: - Attack method: Account Compromise
Description of the event: On June 6, 2025, ALEX Protocol was attacked due to a vulnerability in its on-chain self-listing verification logic, which is constrained by limitations on Stacks. As a result, multiple asset pools were drained, with total losses amounting to approximately $8.37 million.
Amount of loss: $ 8,370,000 Attack method: Contract Vulnerability
Description of the event: The Force Bridge, a cross-chain bridge on the Nervos Network, is suspected to have been compromised, with approximately $3.7 million in assets stolen. The Nervos team has urgently suspended all contracts and is actively investigating the incident. According to the incident investigation report, malicious code was discovered in one of the Docker images. The code had been injected into Ethereum-related modules and was not part of the public source code — instead, it was embedded through a locally built Docker image.
Amount of loss: $ 3,700,000 Attack method: Supply Chain Attack
Description of the event: MegaETH stated that its X (formerly Twitter) account has been compromised, warning users not to click on any links or view recent posts.
Amount of loss: - Attack method: Account Compromise
Description of the event: Lending protocol Malda tweeted that one of its contracts has been compromised and all contracts have been paused. Users are advised not to interact with any contracts until further notice.
Amount of loss: $ 281,000 Attack method: Contract Vulnerability
Description of the event: The vulnerability originated in the Migrator.sol contract. The contract allowed the Mendi Comptroller address to be passed dynamically, rather than being hardcoded. This enabled the attacker to supply their own malicious Comptroller, mint a synthetic position on Malda, and withdraw approximately $285,000.
Amount of loss: $ 285,000 Attack method: Contract Vulnerability
Description of the event: On May 28, SlowMist detected potential suspicious activity related to Cork Protocol. According to the SlowMist security team’s analysis, the root cause of the attack was the lack of strict validation on user-supplied data, allowing the protocol’s liquidity to be manipulated and transferred to unintended markets, which attackers then exploited to perform unauthorized redemptions and profit illegally.
Amount of loss: $ 12,000,000 Attack method: Contract Vulnerability