Q1 2026 · SCH Research

SCH Quarterly Exploit Report - Q1 2026

57 smart contract incidents, $243M in disclosed losses, mapped against the OWASP Smart Contract Top 10 (2026).

$243.1M
Disclosed losses
57
Smart-contract incidents
$40M
Largest incident: Step Finance
10
OWASP 2026 categories

Published May 17, 2026. Sources: SCH hack DB, DefiLlama Hacks, Web3HackHub.

The quarter at a glance

Q1 2026 closed with $243M lost across 57 smart-contract incidents. That is -34% versus the previous quarter and -67% versus the same quarter last year. No single incident dominated; the largest losses were spread across 10 protocols. OWASP SC02 (business logic) drove 40% of losses this quarter.

Top incidents

# Protocol Date Loss Chain Attack class
1 Step Finance Jan 31 $40M Solana Access Control Attacks
2 Aave V3 Mar 12 $27.8M Ethereum Oracle Manipulation Attacks
3 Truebit Jan 8 $26.5M Ethereum Protocol Logic / Other
4 Resolv Mar 21 $25M Ethereum Access Control Attacks
5 SwapNet Jan 26 $17M Base Protocol Logic / Exchange (DEX)
6 Matcha Jan 26 $16.8M Base Protocol Logic
7 Blend Pools V2 Feb 22 $11.0M Stellar Oracle Manipulation Attacks
8 Blend Protocol Feb 22 $10.9M - Oracle Manipulation Attacks
9 IoTeX Feb 21 $8M Ethereum Access Control Attacks
10 Saga Jan 21 $7M Saga Protocol Logic / Other

Inside the named incidents

  • Step Finance - $40M. Compromised executive devices exposed treasury and fee multisig private keys; ~261,854 SOL was unstaked straight from the privileged wallets. No on-chain contract bug was involved. Around $4.7M was clawed back through Solana Token-22 freeze authority; the remaining ~$35M is unrecovered. Step Finance, SolanaFloor, and Remora Markets all wound down their core platforms in February. Source: Halborn.

  • Aave V3 - $27.8M. CAPO (Correlated Asset Price Oracle) for wstETH drifted out of sync because snapshotRatio and snapshotTimestamp could not be updated atomically. The capped wstETH/ETH rate landed ~2.85% below the live ratio, dropping 34 high-leverage E-Mode positions below liquidation and producing ~$27.78M of unfair liquidations. Aave DAO compensated affected users from protocol resources. Chaos Labs published the post-mortem and exited as Aave's risk manager weeks later. Source: CoinDesk.

  • Truebit - $26.5M. Integer overflow in the TRU bonding-curve purchase pricing logic of a contract compiled with Solidity 0.6.10 (no built-in arithmetic checks). For an unusually large buy, the price function wrapped around and returned zero; the attacker minted arbitrary quantities of TRU for nothing and sold straight back into the bonding curve's ETH reserve. The exploited contract had been live for over five years and was closed-source, which is why the bug sat undetected so long. Halborn estimates an exhaustive AI-driven scan of a contract that age now costs roughly $1.22. Source: BlockSec.

  • Resolv - $25M. AWS KMS environment compromise gave attackers a privileged minting key. The minting contract had no max-mint cap, oracle check, or rate limiter, so attackers minted ~80M unbacked USR against ~$200K of USDC collateral and cashed out ~$25M on Curve and other DEXes. Resolv had reportedly undergone 18 audits of its Solidity code; none of them were in scope to look at AWS IAM. Resolv has committed to 1:1 redemption of pre-exploit USR from treasury. Source: Chainalysis.

  • SwapNet - $17M. Arbitrary-call vulnerability in the SwapNet router (the contract holding user allowances behind the Matcha aggregator). Insufficient input validation let an attacker pass a target, calldata, and from triple that ran transferFrom using the router's own caller permissions against any token a user had granted it allowance for. Only users who had manually disabled Matcha's default "one-time approval" and granted persistent unlimited allowances were exposed; default-setting users were unaffected. The exploited router was closed-source. Source: BlockSec.

  • Blend Pools V2 - $11.0M. Oracle manipulation in an illiquid market. The YieldBlox DAO Pool on Blend V2 (Stellar) used the Reflector oracle configured to read a spot VWAP for USTRY directly from the on-chain DEX. With market-maker liquidity withdrawn, a single ~$5 trade pushed USTRY from ~$1 to ~$106, dominating the VWAP window. The attacker supplied tiny amounts of inflated USTRY and borrowed ~$1M USDC plus 61M XLM against them. Stellar tier-1 validators coordinated to freeze ~$7.5M before bridge exit, the only meaningful mid-incident recovery this quarter. Source: Halborn.

Note: Matcha and SwapNet are the same arbitrary-call exploit reported by different aggregators. We have left them as separate rows for parity with the source dataset.

Note: Blend Pools V2 and Blend Protocol both refer to the YieldBlox DAO Pool oracle manipulation on Stellar; different sources reported slightly different totals.

Losses by chain

Ethereum led the quarter with $99.4M across 11 incidents (41% of dollar losses).

Chain Losses Incidents
Ethereum $99.4M 11
Base $41.3M 10
Solana $40.3M 2
Chain not disclosed $31.9M 22
Stellar $11.0M 1
BSC $9.7M 4

Losses by attack class

Access Control Attacks led with $74.6M across 10 incidents, followed by oracle manipulation & price manipulation ($55.3M) and protocol logic / other.

Attack class Losses Incidents
Access Control Attacks $74.6M 10
Oracle Manipulation & Price Manipulation $55.3M 9
Protocol Logic / Other $33.5M 2
Protocol Logic $32.8M 15
Protocol Logic / Exchange (DEX) $17M 1
Flash Loans Attacks $9.1M 8

Through the OWASP 2026 lens

Mapped against the OWASP Smart Contract Top 10 (2026), SC02 (business logic) was the highest-loss category this quarter at $98.4M. The table below shows the categories that drove the most dollar damage; each link leads to the SCH category page with the full 2025 backdrop, detection tooling, and an AI-vs-human auditor breakdown.

OWASP category Quarter losses Incidents
SC02 Business Logic Vulnerabilities $98.4M 29
SC01 Access Control Vulnerabilities $74.3M 10
SC03 Price Oracle Manipulation $48.4M 9
SC04 Flash Loan-Facilitated Attacks $6.4M 8
SC07 Arithmetic Errors (Rounding & Precision) $133K 2

Patterns this quarter

Holdstation appeared more than once. Repeat incidents in a single quarter usually point to an unfixed root cause or an unaddressed monitoring gap; both are auditable.

Losses are down 67% versus the same quarter last year. Worth noting before declaring victory: the incident count tells you whether attacks got rarer or just got cheaper.

Prevention takeaways

  • SC02 Business Logic Vulnerabilities. The highest-impact class to harden against this quarter, by a clear margin ($98.4M across 29 incidents). Prevention checklist and detection tools at SC02 on the OWASP 2026 hub. Attack mechanics in SCH's deep dive on business logic.

  • SC01 Access Control Vulnerabilities. Second on the list at $74.3M over 10 incidents, and one that frequently chains with the leader above. Prevention checklist and detection tools at SC01 on the OWASP 2026 hub. Attack mechanics in SCH's deep dive on access control.

  • SC03 Price Oracle Manipulation. Worth a focused review because it produced $48.4M of losses across 9 incidents in a single quarter. Prevention checklist and detection tools at SC03 on the OWASP 2026 hub. Attack mechanics in SCH's deep dive on oracle manipulation.

The off-chain thread

31% of disclosed dollar losses this quarter ran through off-chain attack surfaces, not Solidity bugs. Step Finance ($40M), Resolv ($25M), and IoTeX ($8M) lost funds through some combination of private-key compromise, cloud-IAM compromise, or admin-account social engineering. The pattern dovetails with what Chainalysis recorded for 2025: 76% of all 2025 service compromises by value came through operational rather than code-level vectors. A Solidity audit of these contracts would not have caught the bug, because the bug was not in the contract. Resolv's post-mortem made this point most directly: eighteen prior code audits did not cover AWS IAM. The 2026 lesson is that smart-contract security and operational security are increasingly the same job, and that the surface the next attacker is shopping for is the laptop, the signer, the deploy key, and the KMS, not the function modifier.

AI as a force multiplier - on both sides

The most consequential trend touching every category in this report is not a new vulnerability class. It is the cost curve of finding them.

OpenAI, Paradigm, and OtterSec published EVMbench in February 2026: a 117-vulnerability test suite drawn from Code4rena audits and the Tempo L1. GPT-5.3-Codex exploited 71% of those vulnerabilities. Six months earlier, GPT-5 had managed 33%. The same model patches roughly 42% and detects roughly 40% of the same bugs (Paradigm, Hypernative analysis). The asymmetry is the story: today's frontier models are roughly twice as good at attacking as defending. Anthropic's December 2025 SCONE-Bench study replicated the trajectory on a different corpus: ten frontier models tested against 405 historically exploited contracts produced a 51% aggregate success rate and 65% on the most recent contracts, at an average run cost of $1.22 per agent and a total experimental spend of $3,476. Two of the runs produced novel zero-days on live (low-value) contracts.

The economic version of that asymmetry has a name. Gervais et al. (arXiv 2507.05558) modelled the cost-benefit explicitly: attackers reach break-even at exploit values of $6,000; defenders, who only capture a fractional bug bounty against the same scan cost, need exploits worth $60,000 to justify the work. The paper's sharpest framing is a ratio: "a single $100K exploit funds 33,000 future attack scans but only 3,300 defensive scans." On legacy contracts the discontinuity is sharper still. Halborn estimates an exhaustive LLM scan of an old contract at roughly $1.22 today, falling 22% every two months. Truebit's $26.5M loss this quarter, on a Solidity 0.6.10 contract that had been live for over five years, is exactly the kind of bug that pencil-and-paper review would never have re-examined and an automated agent will now find for the cost of lunch.

Nation-state actors are operating on that side of the math. The FBI attributed the $1.5B Bybit theft of February 2025 to Lazarus's TraderTraitor subunit (IC3 PSA-250226). Chainalysis reports that DPRK-linked actors stole $2.02B across 2025, a 51% year-over-year jump and 76% of all 2025 service compromises by value (Chainalysis). TRM Labs' read on 2026 to date is that DPRK is responsible for 76% of all crypto hack value in the year so far, driven by two incidents that straddle the Q1/Q2 line: the $285M Drift Protocol drain (a six-month social-engineering operation where operators posed as a quant trading firm, onboarded a real $1M Ecosystem Vault, and tricked Drift Security Council members into signing transactions whose actual instructions transferred admin control) and the ~$292M Kelp DAO bridge drain. Anthropic disclosed in its August 2025 threat report that DPRK-linked accounts attempted to register for Claude before being banned, and that AI was used by the same operator population to "fabricate professional identities and pass technical assessments" at Fortune 500 companies. South Korean intelligence has documented Kimsuky operatives using ChatGPT to generate deepfake military ID images for spear-phishing. The pattern across these reports is consistent: AI does not exploit the contract for them. It removes the language barrier, accelerates target reconnaissance, and lets a small operator project the social presence of a real engineering team for as long as the operation needs.

The phishing layer is now industrial. Chainalysis' 2026 Crypto Crime Report records $17B stolen via crypto scams in 2025, with impersonation up 1,400% year over year and AI-enabled operations averaging $3.2M per scheme - 4.5x more profitable than non-AI variants. ScamSniffer's 2025 wallet-drainer report shows the opposite direction at the small end of the market (phishing losses down 83% to ~$84M); both readings are correct because the median victim is being protected better while the high-value target is being hunted harder.

The defender side is not standing still. Trail of Bits published a March 2026 retrospective on rebuilding its audit practice around 84 specialised agents and 201 skills; the firm reports going from ~15 reviewed bugs per week to ~200, with roughly 20% initially surfaced by AI before human triage. Coinbase shipped Frosty, a multi-phase agentic auditor it claims runs ~100x cheaper than a manual review. OpenZeppelin launched a Continuous Security Program in May 2026 backed by 900+ audits of internal record. Cyfrin's Aderyn ships with an MCP server so any LLM agent can drive it. Cecuro published a benchmark in February 2026 showing its purpose-built agent catching 92% of vulnerabilities across $228M of historically exploited contracts, several of which had previously passed manual audits. On the monitoring side, Hypernative reports 99.5% detection of 2025 hacks at sub-0.001% false-positive rates across 75+ chains; Forta has screened 600M+ transactions; GoPlus reports blocking 2.3M scam transactions in April 2026 alone.

The honest read is that AI is closing the gap on the categories that already had good tooling - reentrancy, integer overflow, missing access modifiers - and widening it on the categories that depend on protocol-specific reasoning. OWASP's 2026 revision is the institutional acknowledgement: business logic moved up to #2 and proxy / upgradeability arrived as a brand-new SC10, precisely the two categories where SCH's AI-vs-human detection breakdown records the widest gap in favour of humans. Cecuro's own benchmark missed 8% on a corpus designed to favour it - which is the defensible version of "AI is not enough on its own."

The practical implication for protocol teams is short. Assume your contracts will be scanned by an automated agent at lunch-money cost within months of deployment. Anything that survives needs the defences in depth that AI scanners do not price into the offence: an in-house invariant suite, continuous on-chain monitoring, multisig and timelock discipline on every privileged path, and a deployment process that does not leave the AWS KMS or signing-laptop layer as the soft underbelly. The largest dollar losses this quarter went through exactly those soft underbellies, not through code.

2026 in context

The Q1 numbers do not sit in isolation. A few moves elsewhere this year are worth carrying into next quarter's analysis.

Code4rena announced wind-down in May 2026, less than two years after its acquisition by Zellic. Immunefi is absorbing the bug-bounty customers and researchers (The Block). The competitive-audit model is consolidating around Sherlock, Cantina, and Cyfrin's Codehawks. Top-bounty ceilings have grown even as the platform count has shrunk: Usual on Sherlock at $16M is reportedly the largest in tech history, and Aave Labs proposed a $5M ceiling on its split program across Immunefi, Sherlock, and Cantina.

Regulation bifurcated geographically. The US dropped the Coinbase, Uniswap, and Binance enforcement matters in 2025 and signed the GENIUS Act stablecoin framework that July. The EU's MiCA transitional window closes on July 1, 2026, after which any unlicensed CASP serving EU clients is in breach. South Korea, after Bithumb's 60-trillion-won transfer error, mandated five-minute reconciliation and external audits for virtual-asset custody. Hong Kong's 2026 framework requires non-bank virtual-asset custodians to publish audited accounts and submit quarterly proof-of-reserves audits. The pattern: audit and security become compliance-required outside the US and discretionary inside it.

OWASP shipped Smart Contract Top 10 (2026) with SC10 Proxy & Upgradeability as a new category, SC02 Business Logic promoted to #2, and SC08 Reentrancy demoted to #8. It is the first time the list has been re-organised around governance and deployment discipline rather than just code-level bug classes. The full SCH breakdown of every category sits at /owasp-2026.

The post-quarter overhang is worth previewing, because both incidents started before Q1 ended. Drift Protocol lost $285M on April 1, 2026 to a six-month DPRK social-engineering operation; Kelp DAO's rsETH bridge was drained for ~$292M on April 18 through a 1-of-1 LayerZero verifier configuration (CoinDesk). Neither involved a contract bug. Q2 2026 will read very differently from Q1 because of them, and the prevention work belongs in the Q1 mind-set: transaction legibility for human signers, signing-tool integrity, and bridge-validator key handling.

Continuous formal verification has graduated from research to flagship DeFi. Aave V4 is the cleanest public case study: a six-year continuous formal-verification collaboration with Certora combining the Prover, directed fuzzing on SMT solvers, adversarial testing, and manual auditing throughout development. Trail of Bits' Feb 2025 call for invariant-driven development has become the most-cited methodological framing in 2026 audit writeups.

Notable mentions

  • Step Finance - $40M, no audit credited. Infrastructure / Other. Worth a closer look because there is no published review to compare against.

  • IPOR Fusion - $336K. Technique: EIP-7702 Delegation Exploit / Access Control. Smaller incidents like this are where new exploit patterns usually surface first.

Methodology

Data covers smart-contract incidents with a recorded date between 2026-01-01 and 2026-03-31, pulled from the SCH hack database which aggregates DefiLlama Hacks, Web3HackHub, SlowMist, and BlockSec records. Of 57 incidents in the window, 55 have a disclosed dollar amount; the totals on this page are based on those. Attack-class and OWASP 2026 mappings are SCH editorial overlays on top of the source data; incidents may legitimately appear in more than one category. When a single incident maps to multiple categories, its dollar amount is split evenly so per-category totals do not double-count. Editorial notes on individual incidents are sourced from Halborn, BlockSec, Chainalysis, Verichains, and protocol-team post-mortems linked inline.

Want the next quarter delivered when it ships?

SCH publishes one of these per quarter, plus deep dives on the highest-loss attack classes. You can also start the auditing course and learn the techniques behind every category in this report.