Most Expensive Crypto Hacks Leaderboard

The biggest Web3 and DeFi exploits ranked by amount lost. Track high-impact incidents, study attack patterns, and learn how security failures scale into multi-million dollar losses.

  • $101B+

    Total Value Lost

  • 3299

    Incidents Tracked

  • 74

    Chains Affected

  • 80

    $100M+ Incidents

Top 10 Biggest Hacks

Jump to full leaderboard
  1. 🥈

    Mantra

    $5.50B

  2. #4

    LuBian

    $3.50B

    bitcoin

  3. #8

    Thodex

    $2.00B

  4. #10

    Finiko

    $1.50B

Where the Largest Losses Concentrate

Top Chains by Losses

  • ethereum $8,051M
  • bitcoin $4,415M
  • bsc $2,657M
  • solana $1,605M
  • polygon $1,512M

Top Techniques by Losses

  • Other $61,553M
  • Rugpull $15,684M
  • Access Control $4,030M
  • Private Key Compromised (Brute Force) $3,500M
  • Safe Multisig wallet Phishing Exploit / Access Control $1,635M

Full Leaderboard

Showing 451–500 of 3299 ranked incidents

Largest Web3 incidents by USD amount lost
Rank Project Amount Lost Date Chain Technique Attack Guide Source
451 CrediX $4.5M sonic Private Key Compromised / Access Control Access Control Attacks View →
452 Gamma $4.5M arbitrum Price Manipulation Attack Oracle Manipulation & Price Manipulation View →
453 Radiant V2 $4.5M arbitrum Flashloan New Market Exploit Flash Loans Attacks View →
454 TEDDY DOGE $4.5M - Rugpull View →
455 xToken $4.5M ethereum Flashloan Price Oracle Attack / Flash Loan Attack Flash Loans Attacks View →
456 Eleven Finance $4.5M bsc Flashloan Burn Function Exploit / Other Flash Loans Attacks View →
457 Raydium AMM $4.4M solana Private Key Compromised (Unknown Method) / Access Control Access Control Attacks View →
458 Meter.io $4.4M - Other View →
459 ChainSwap $4.4M bsc, ethereum Exploit Weak Authentication Check View →
460 ChainSwap $4.4M - Other View →
461 $ALI, $PUSH Tokens Phishing $4.4M - Phishing Phishing Attacks View →
462 Radiant Capital $4.3M - Flash Loan Attack Flash Loans Attacks View →
463 ALEX $4.3M stacks Private Key Compromised (Phishing) / Access Control Access Control Attacks View →
464 AI Protocol $4.3M - Phishing Phishing Attacks View →
465 Link Drainer $4.2M - Phishing Phishing Attacks View →
466 DeFiAi $4.2M - Rugpull View →
467 Kokomo Finance $4.2M - Rugpull View →
468 Solfire $4.1M - Rugpull View →
469 Suji Yan $4.0M - Phishing Phishing Attacks View →
470 Ionic Protocol $4.0M mode Fake Collateral Exploit View →
471 Metawin $4.0M - Access Control Access Control Attacks View →
472 Onyx V2 $4.0M ethereum Liquidation Logic Exploit View →
473 Terraport Finance $4.0M - Other View →
474 Kokomo Finance $4.0M optimism Drained Contracts View →
475 GMX Phishing $4.0M - Phishing Phishing Attacks View →
476 Webaverse $4.0M - Other View →
477 DFX V2 $4.0M ethereum Reentrancy Reentrancy View →
478 Gala $4.0M - Other View →
479 Ola Finance $4.0M fuse Reentrancy / Other Reentrancy View →
480 DAO Maker Vesting $4.0M ethereum Access Control Exploit / Other Access Control Attacks View →
481 SurgeBNB $4.0M bsc Flashloan Reentrancy Attack Flash Loans Attacks View →
482 Maze Protocol $4.0M - Other View →
483 OneCoin $4.0M - Rugpull View →
484 GBL $4.0M - Rugpull View →
485 New Market Trading $4.0M - - View →
486 Unleash Protocol $3.9M story Multisig Governance Hack / Access Control Access Control Attacks View →
487 Flow Network $3.9M - Other View →
488 Flow $3.9M flow mint-and-dump Hack View →
489 ForceBridge $3.9M nervos Acces Control Exploit Access Control Attacks View →
490 XCarnival $3.8M - Other View →
491 OnyxDAO $3.8M - Flash Loan Attack Flash Loans Attacks View →
492 DODO AMM $3.8M ethereum Access Control Exploit / Other Access Control Attacks View →
493 Pink Drainer $3.7M - Phishing Phishing Attacks View →
494 YO Protocol $3.7M ethereum Slippage Exploit View →
495 Unknown User $3.7M - Phishing Phishing Attacks View →
496 Venus Protocol $3.7M - - View →
497 Venus Core Pool $3.7M bsc Donation Attack View →
498 Yo Yield $3.7M - Other View →
499 Moonwell $3.7M - Oracle Issue Oracle Manipulation & Price Manipulation View →
500 Nervos Network $3.7M - Access Control Access Control Attacks View →

Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.

Understanding the Pattern Behind Billion-Dollar Losses

The most expensive crypto hacks are not random. They cluster around repeating vulnerability patterns: access-control failures, flash-loan manipulation, oracle abuse, and unsafe external calls. Studying large-loss incidents helps security researchers prioritize high-impact threat models first.

For deeper context, explore the full Web3 Hacks Dashboard and our Smart Contract Attack Library for hands-on exploit and mitigation breakdowns.

Frequently Asked Questions

How is this leaderboard ranked?

Incidents are ranked by parsed USD amount lost in descending order. Records without parseable loss values are excluded from this ranking.

Does this include every attack type?

It includes all incidents with known loss values in the database. Use the full dashboard for broader filtering and lower-severity incidents.

How can I learn to prevent these exploits?

Study attack-class pages first, then practice in guided exercises inside the Smart Contract Hacking course.

Learn to Prevent High-Impact Smart Contract Hacks

$101B+ lost to preventable vulnerabilities. Master real exploit patterns and defense techniques with hands-on Web3 security training.