Incidents involving DeFi, DEX, NFT, and other smart contract projects. Subscribe to Blockchain Threat Intelligence for news of the latest incidents.
-
Project: yCredit Finance
Date: 2021-01-01
Summary: Minting vulnerability exploited
Impact: $11M lost
Type: Hack References:- Deposit Less, Get More: yCredit Attack Details by BlockSecTeam
- Exploit PoC by Banteg
-
Project: Saddle Finance
Date: 2021-01-19
Summary: Price arbirtrage due to high slippage.
Impact: 7.9 BTC ($275K) lost
Type: Hack References:- Saddle Finance - REKT by rekt
- 2021-1 Saddle Finance Arbitrage by Origin Security
-
Project: SushiSwap
Date: 2021-01-19
Summary: Misconfiguration exploited to manipulate DIGG-WETH price.
Impact: 81 ETH ($100K) attacker profit Type: Hack References:- SushiSwap was attacked for the second time by SlowMist
- Badgers DIGG SUSHI by rekt
- Replaying Ethereum Hacks - Sushiswap BadgerDAO's Digg by cmichel
-
Project: Yearn
Date: 2021-02-04
Summary: Yearn V1 yDAI vault exploited.
Impact: $11M lost Type: Hack References:- Vulnerability disclosure 2021-02-04 by Yearn Security
- The yDAI Incident Analysis: Forced Investment by PeckShield
- A brief analysis of yearn finance being hacked by SlowMist
- Inside the Yearn v1 yDAI Hack (Feb 2021) by Halborn
- Yearn - REKT by rekt
- Yearn Exploit by Origin Security
- Attacker TX on Etherscan
- Tether Freezes $1.7 Million in Profits From Yearn Finance Hack by Robert Stevens (Decrypt)
-
Project: Growth DeFi
Date: 2021-02-09
Summary: rAAVE pool exploited by forcing an LP with a fake token.
Impact: $1.3M (ETH) stolen. Type: Hack References:- rAAVE Farming Contract Exploit explained by Growth DeFi
- The Big Combo (Growth DeFi - REKT) by rekt
- Growth DeFi Exploit by Origin Security
-
Project: BT Finance
Date: 2021-02-09
Summary: Exploit similar to Yearn hack.
Impact: $1.7M stolen. Type: Hack References:- BT.Finance Exploit analysis report by BT Finance
- BT.Finance Exploit by Origin Security
-
Project: Alpha Homora
Date: 2021-02-12
Summary: Smart contract exploited.
Impact: $38M (USDC, DAI, USDT, WETH) stolen. Type: Hack References:- Alpha Homora V2 Post Mortem by Alpha Homora
- Alpha Finance - REKT by rekt
-
Project: CryptoPunks
Date: 2021-02-24
Summary: Auction was front-run using flash loans.
Impact: Punk #1737 won for 1 Wei. Type: Hack References: -
Project: Furucombo
Date: 2021-02-27
Summary: Exploited by tricking it to use fake AAVE implementation.
Impact: $15M stolen. Type: Hack References:- Furucombo Post-Mortem March 2021 by Furucombo
- Analysis of the Furucombo Hack by SlowMist
- Furucombo - REKT by rekt
- Furucombo exploit internals by Kurt Barry
- Replaying Ethereum Hacks - Furucombo by Cmichel
- 2021-2-27 Furucombo Attack by Origin Security
-
Project: Yield Finance
Date: 2021-02-27
Summary: Whitehat hack, $166K DAI lost and later recovered.
Impact: N/A. Type: Hack References: -
Project: Zerion
Date: 2021-03-04 Summary: Tricked into listing a malicious Balancer clone.
Impact: $30K
Type: Hack References:- Post mortem on Zerion’s asset phishing attack by Evgeny Yurtaev
-
Project: PAID Network
Date: 2021-03-05
Summary: Private keys compromised Impact: $160M (PAID) minted and sold. Type: Hack References:- PAID Network Attack Postmortem, March 7, 2021 by PAID
- Analysis of Paid Network’s Hacked Event by SlowMist
-
Project: Kava
Date: 2021-03-05
Summary: Flaw in accounting logic exploited. Impact: No funds were lost. Type: Hack References:- Kava 5 Launch Post-Mortem by Kava
-
Project: DODO
Date: 2021-03-09
Summary: Initialization function was left callable. Impact: $3.8M lost
Type: Hack References:- DODO Pool Incident Postmortem: With a Little Help from Our Friends by DODO Breeder
- DODO - REKT by rekt
-
Project: True Seigniorage Dollar
Date: 2021-03-13
Summary: Upgrade forced by taking over DAO. Impact: 11.8B TSD minted and sold
Type: Hack References: -
Project: Roll
Date: 2021-03-14
Summary: Private keys compromised. Impact: $5.7M lost
Type: Hack References:- Roll - REKT by rekt
- A $5.7 Million Crypto Heist Sent Social Tokens into Free Fall by Tim Hakki (Decrypt)
-
Project: Cream Finance
Date: 2021-03-15
Summary: DApp attacked by hijacking DNS
Impact: Unknown
Type: Hack References: -
Project: PancakeSwap Finance
Date: 2021-03-15
Summary: DApp attacked by hijacking DNS
Impact: Unknown
Type: Hack References: -
Project: Nifty Gateway
Date: 2021-03-15
Summary: Account hijacking
Impact: NFTs stolen
Type: Hack References: -
Project: Iron Finance
Date: 2021-03-16
Summary: vFarm reward misconfiguration
Impact: 170K SIL lost
Type: Hack References:- Iron Finance vFarms incident Post-mortem (16 March 2021) by Iron Finance
-
Project: SIL Finance
Date: 2021-03-18
Summary: Contract permissions exploited.
Impact: $12.1M lost and later returned
Type: Hack References:- Follow Up on the Service Outage & All Funds Are SAFU by SIL finance
-
Project: Uniswap Info
Date: 2021-03-30
Summary: Transaction volume spam by Delta Finance.
Impact: N/A
Type: Hack References:- $11 Billion in ‘Fake’ Uniswap Volume Causes DeFi Project and DEX to Clash by Jeff Benson (Decrypt)
- Exploit analysis by Igor Igamberdiev
-
Project: ForceDAO
Date: 2021-04-04
Summary: Insufficient validation on the deposit function.
Impact: $367K stolen. Whitehat saved $9.6M
Type: Hack References:- xFORCE Exploit Post Mortem by ForceDAO
- Exploit analysis by Igor Igamberdiev
-
Project: Polkatrain
Date: 2021-04-04
Summary: Rebate mechanism exploited.
Impact: $3M (57K DOT) stolen
Type: Hack References: -
Project: Uranium Finance
Date: 2021-04-07
Summary: Logic bug exploited.
Impact: $1.5M stolen
Type: Hack References:- Uranium : post-mortem, v2, compensations by Uranium Finance
- Exploit analysis by @ret2jazzy
-
Project: Uranium Finance
Date: 2021-04-27
Summary: Logic bug exploited.
Impact: $51M stolen
Type: Hack References:- Hack announcement
- Exploit post-mortem by Uranium Finance
- SlowMist: Analysis of Uranium Finance’s Hacked Event by SlowMist
- Exploit analysis by @FrankResearcher
- Uranium Finance - REKT by rekt
-
Project: Spartan Protocol
Date: 2021-05-02
Summary: Logic bug exploited.
Impact: $30M stolen
Type: Hack References:- The Spartan Incident: Root Cause Analysis by PeckShield
- Exploit analysis by @FrankResearcher
-
Project: Value DeFi
Date: 2021-05-06
Summary: Reinitialized pool.
Impact: $10M stolen
Type: Hack References:- Value DeFi - Rekt 2 by rekt
- Exploit analysis by @FrankResearcher
-
Project: Value DeFi
Date: 2021-05-08
Summary: Incorrect use of exponents.
Impact: $11M stolen
Type: Hack References:- Value DeFi - Rekt 3 by rekt
- ValueDeFi Incident: Incorrect Weighted Constant Product Invariant Calculation by PeckShield
- Exploit analysis by @FrankResearcher
-
Project: Meebits
Date: 2021-05-08
Summary: Flawed NFT generation.
Impact: Rare $700K NFT generated
Type: Hack References:- Ultra-rare Meebit NFT minted via exploit sells for $765,000 by Liam Frost (Cryptoslate)
-
Project: Rari Capital
Date: 2021-05-08
Summary: Composability vuln.
Impact: $10M stolen
Type: Hack References:- 5/8/2021: Rari Capital Ethereum Pool — Post-Mortem by Davic Lucid (Rari Capital)
- (5/8/21) Rari Capital Exploit Timeline & Analysis by Nipun Pitimanaaree (Alpha Finance)
- Exploit Analysis by Igor Igamberdiev (@FrankResearcher)
- Price manipulation attack in reality (again): RariCapital incident by BlockSecTeam
- Rari Capital - REKT by rekt
- Hacker mocking Rari Capital by @dudesahn and @bantg
- ETH and BSC attacker addresses.