366 hack event(s)
Description of the event: GMGN co-founder Haze posted on X (Twitter):"We have noticed a deliberate external phishing attack targeting GMGN. The attacker induced users to click by forging a third-party token website, triggering unauthorized transactions not initiated by the users themselves.Currently, this issue has been completely resolved, affected accounts have been restored to safety, and similar phishing attacks have been fully blocked.This incident affected approximately 107 users.For losses caused by unauthorized control of accounts, we will provide 100% full compensation and distribute it to GMGN accounts within today."
Amount of loss: - Attack method: Phishing Attack
Description of the event: On October 27, GMGN Co-founder Haze posted on X, stating that the team has completed compensation payments to users affected by the MEV attack. He noted that 48 hours earlier, GMGN had suffered an MEV attack involving 729 affected transactions. The team has since finished calculating the losses and distributed compensation to the affected users’ wallets yesterday.
Amount of loss: - Attack method: Sandwich Attack
Description of the event: According to Typus Finance’s post-incident analysis report, on October 15, 2025, an attacker exploited a critical vulnerability in the project’s oracle module to drain funds from the TLP contract. The stolen assets include 588,357.9 SUI, 1,604,034.7 USDC, 0.6 xBTC, and 32.227 suiETH, with an estimated total value of approximately USD 3.44 million.
Amount of loss: $ 3,440,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol dTRINITY suffered an exploit targeting its swap adapter contracts, resulting in the loss of approximately $56,000 belonging to core team members.
Amount of loss: $ 56,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol Hyperdrive, built on the Hyperliquid chain, was exploited. The attacker repeatedly abused an arbitrary call vulnerability in the router, resulting in a loss of approximately $782,000.
Amount of loss: $ 782,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol HyperVault, built on the Hyperliquid chain, has executed a rug pull, making off with approximately $3.61 million.
Amount of loss: $ 3,610,000 Attack method: Rug Pull
Description of the event: According to on-chain investigator ZachXBT, Japan’s financial giant SBI Group may have experienced a security breach involving its cryptocurrency mining subsidiary, SBI Crypto. Wallet addresses associated with the company reportedly saw approximately USD 21 million in suspicious outflows on September 24. The stolen funds included multiple cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Dogecoin (DOGE), and Bitcoin Cash (BCH). The attacker transferred the funds through five instant exchange platforms before ultimately depositing them into the Tornado Cash mixing protocol.
Amount of loss: $21,000,000 Attack method: 未知
Description of the event: The DeFi project Corepound, built on the Core DAO blockchain, has carried out a rug pull, making off with approximately $400,000.
Amount of loss: $ 400,000 Attack method: Rug Pull
Description of the event: Stablecoin protocol Yala announced that a recent security incident occurred due to a hacker abusing temporary deployment keys during an authorized cross-chain bridge deployment, setting up an unauthorized bridge and extracting 7.64M USDC (approximately 1,636 ETH).
Amount of loss: $ 7,640,000 Attack method: Security Vulnerability
Description of the event: Kame Aggregator suffered an exploit due to a design flaw in the swap() function, which allowed arbitrary executor calls. This vulnerability enabled attackers to transfer tokens authorized to the AggregationRouter by users, particularly those with unlimited or oversized approvals. The total value of affected assets was approximately $1.32 million, of which around $946,000 was recovered by the Kame team from the primary exploiter, and about $22,000 was recovered by white-hat hackers.
Amount of loss: $ 1,320,000 Attack method: Contract Vulnerability
Description of the event: Nemo Protocol, a DeFi protocol on Sui, was attacked, resulting in a loss of approximately $2.4 million.
Amount of loss: $ 2,400,000 Attack method: Unknown
Description of the event: The PulseChain-based defi project BetterBank was exploited by an attacker who took advantage of a vulnerability that allowed them to mint arbitrary tokens, some of which they then swapped for ETH. The attacker later returned around $2.7 million of the stolen assets, having cashed out around $1.4 million.
Amount of loss: $ 5,000,000 Attack method: Contract Vulnerability
Description of the event: The Bitcoin-based memecoin launchpad ODIN.FUN suffered an exploit, losing approximately 58.2 BTC (around $7 million). The attacker allegedly manipulated the prices of several tokens and then withdrew bitcoin based on the inflated values. On August 17, ODIN.FUN co-founder Bob Bodily stated: “Made great progress on funds today (as many of you already saw). 30+ BTC back into Odin. More funds in progress too.”
Amount of loss: $ 7,000,000 Attack method: Price Manipulation
Description of the event: The AI agent protocol Swarms disclosed on the X platform that its community Discord account had been compromised. Earlier today, a team member’s Discord account was breached after receiving a malicious direct message from a user. As a result, the attacker deleted several channels and removed over 300 community members.
Amount of loss: - Attack method: Account Compromise
Description of the event: The @synthetix_io main X(Twitter) account has been hacked. Please DO NOT interact with links from this account while we work to regain control.
Amount of loss: - Attack method: Account Compromise
Description of the event: The @PANewsCN X account has been compromised. Do not click on any recent links or interact with its posts. Please wait for an official update.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by Scam Sniffer, the front end of CoinTelegraph has been hacked—exercise caution. Reportedly, clicking the CoinTelegraph website triggers a pop-up containing “airdrop” information that cannot be closed within the page.
Amount of loss: - Attack method: Frontend Attack
Description of the event: According to monitoring by Scam Sniffer, the front end of CoinMarketCap has been compromised. Users are advised to remain vigilant. Following an investigation, CoinMarketCap confirmed that a total of 76 accounts were affected, with losses amounting to $21,624.47. The platform has pledged to fully reimburse the impacted users.
Amount of loss: $ 21,624 Attack method: Frontend Attack
Description of the event: The private key of a wallet with minting privileges for Web3 security firm Hacken’s native token, HAI, was leaked. According to Hacken, the incident was caused by “human error during architectural changes.” After gaining access to the key, the attacker minted approximately 900 million HAI tokens on Ethereum and BNB Chain—nearly doubling the total supply. While the attacker only profited around $250,000, the exploit caused the token price to plummet by roughly 97%.
Amount of loss: $ 250,000 Attack method: Private Key Leakage
Description of the event: a16z stated on social media:“Earlier today, our X account was briefly compromised. During that time, the account promoted a token and other fake content — none of which originated from a16z. Apologies for any confusion caused by the clowns who temporarily took over our account."
Amount of loss: - Attack method: Account Compromise