Terra Classic
$40.00B
The biggest Web3 and DeFi exploits ranked by amount lost. Track high-impact incidents, study attack patterns, and learn how security failures scale into multi-million dollar losses.
$101B+
Total Value Lost
3299
Incidents Tracked
74
Chains Affected
80
$100M+ Incidents
$40.00B
$5.50B
$3.60B
$3.50B
$3.36B
$2.90B
$2.80B
$2.00B
$2.00B
$1.50B
Showing 601–650 of 3299 ranked incidents
| Rank | Project | Amount Lost | Date | Chain | Technique | Attack Guide | Source |
|---|---|---|---|---|---|---|---|
| 601 | Nemo | $2.4M | - | Oracle Issue | Oracle Manipulation & Price Manipulation | View → | |
| 602 | Nemo Yield Trading | $2.4M | sui | Price Oracle Manipulation | Oracle Manipulation & Price Manipulation | View → | |
| 603 | CoinSpot | $2.4M | ethereum | Private Key Compromised (Unknown Method) | Access Control Attacks | View → | |
| 604 | Bunny | $2.4M | bsc | Flashloan Incentive Rewards Exploit | Flash Loans Attacks | View → | |
| 605 | PancakeBunny | $2.4M | - | Flash Loan Attack | Flash Loans Attacks | View → | |
| 606 | OKX | $2.4M | - | Access Control | Access Control Attacks | View → | |
| 607 | TempleDAO | $2.4M | ethereum | Exploit Lack of Input Authentication / Other | — | View → | |
| 608 | BitPay | $2.4M | - | Access Control | Access Control Attacks | View → | |
| 609 | Trinity Wallet | $2.4M | iota | Cloudflare Key Compromised | — | View → | |
| 610 | Evolved Apes | $2.3M | - | Rugpull | — | View → | |
| 611 | Turtledex | $2.3M | binance | Rugpull | — | View → | |
| 612 | Fairmoon | $2.3M | - | Rugpull | — | View → | |
| 613 | friesDAO | $2.3M | - | Access Control | Access Control Attacks | View → | |
| 614 | Aztec Connect | $2.3M | - | - | — | View → | |
| 615 | FOOM Cash | $2.3M | base, ethereum | Fake Proof Spam | Phishing Attacks | View → | |
| 616 | Bifrost | $2.2M | - | Other | — | View → | |
| 617 | PopcornSwap | $2.2M | binance | Rugpull | — | View → | |
| 618 | Texture | $2.2M | solana | - | — | View → | |
| 619 | ETHTrustFund | $2.2M | - | Rugpull | — | View → | |
| 620 | CoinStats | $2.2M | - | Private Key Compromised (Unknown Method) | Access Control Attacks | View → | |
| 621 | Platypus Finance | $2.2M | avalanche | Reentrancy | Reentrancy | View → | |
| 622 | Aztec Bridge | $2.2M | - | - | — | View → | |
| 623 | Venus | $2.2M | - | Other | — | View → | |
| 624 | Zunami Protocol | $2.2M | ethereum | Price Manipulation Attack / Flash Loan Attack | Flash Loans Attacks | View → | |
| 625 | Deriswap | $2.2M | ethereum | Rugpull | — | View → | |
| 626 | BitoPro | $2.2M | - | Other | — | View → | |
| 627 | Mobius Token | $2.2M | bsc | Decimal Miscalculation Exploit / Other | Arithmetic Overflows Underflows | View → | |
| 628 | ApolloX | $2.2M | - | Other | — | View → | |
| 629 | Onyx Protocol | $2.1M | ethereum | Flashloan Donate Function Logic Exploit / Flash Loan Attack | Flash Loans Attacks | View → | |
| 630 | Gatecoin | $2.1M | - | Access Control | Access Control Attacks | View → | |
| 631 | ETHTrustFund | $2.1M | base | Transferred Treasury to Mixers | — | View → | |
| 632 | Mozaic | $2.1M | - | Access Control | Access Control Attacks | View → | |
| 633 | Unizen | $2.1M | ethereum | External Call Vulnerability / Other | Delegatecall & Call Injection Attacks | View → | |
| 634 | YieldRobot | $2.1M | - | Rugpull | — | View → | |
| 635 | Dictum Exchange | $2.1M | - | Rugpull | — | View → | |
| 636 | Gym Network | $2.1M | bsc | Deposit Function Exploit / Other | — | View → | |
| 637 | stazie | $2.1M | - | Access Control | Access Control Attacks | View → | |
| 638 | Dexible | $2.0M | - | Access Control | Access Control Attacks | View → | |
| 639 | Aztec | $2.0M | - | Other | — | View → | |
| 640 | Aztec | $2.0M | - | Other | — | View → | |
| 641 | AFKSystems Finance | $2.0M | - | Rugpull | — | View → | |
| 642 | Revest Finance | $2.0M | ethereum | Reentrancy | Reentrancy | View → | |
| 643 | Rari Capital | $2.0M | ethereum | Uninitialized Proxy Hijack | Access Control Attacks | View → | |
| 644 | New Gold Protocol | $2.0M | - | Flash Loan Attack | Flash Loans Attacks | View → | |
| 645 | OlaXBT | $2.0M | bsc | Multisig wallet Social Engineering Exploit / Access Control | Access Control Attacks | View → | |
| 646 | MEV Bots | $2.0M | - | Access Control | Access Control Attacks | View → | |
| 647 | Sirio Finance | $2.0M | hedera | Flashloan Exploit | Flash Loans Attacks | View → | |
| 648 | GemPad | $2.0M | base, bsc, ethereum | Reentrancy / Other | Reentrancy | View → | |
| 649 | $2M Coin Poker | $2.0M | - | Access Control | Access Control Attacks | View → | |
| 650 | Bedrock | $2.0M | - | Other | — | View → |
Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.
The most expensive crypto hacks are not random. They cluster around repeating vulnerability patterns: access-control failures, flash-loan manipulation, oracle abuse, and unsafe external calls. Studying large-loss incidents helps security researchers prioritize high-impact threat models first.
For deeper context, explore the full Web3 Hacks Dashboard and our Smart Contract Attack Library for hands-on exploit and mitigation breakdowns.
Incidents are ranked by parsed USD amount lost in descending order. Records without parseable loss values are excluded from this ranking.
It includes all incidents with known loss values in the database. Use the full dashboard for broader filtering and lower-severity incidents.
Study attack-class pages first, then practice in guided exercises inside the Smart Contract Hacking course.
$101B+ lost to preventable vulnerabilities. Master real exploit patterns and defense techniques with hands-on Web3 security training.