Most Expensive Crypto Hacks Leaderboard

The biggest Web3 and DeFi exploits ranked by amount lost. Track high-impact incidents, study attack patterns, and learn how security failures scale into multi-million dollar losses.

  • $101B+

    Total Value Lost

  • 3299

    Incidents Tracked

  • 74

    Chains Affected

  • 80

    $100M+ Incidents

Top 10 Biggest Hacks

Jump to full leaderboard
  1. 🥈

    Mantra

    $5.50B

  2. #4

    LuBian

    $3.50B

    bitcoin

  3. #8

    Thodex

    $2.00B

  4. #10

    Finiko

    $1.50B

Where the Largest Losses Concentrate

Top Chains by Losses

  • ethereum $8,051M
  • bitcoin $4,415M
  • bsc $2,657M
  • solana $1,605M
  • polygon $1,512M

Top Techniques by Losses

  • Other $61,553M
  • Rugpull $15,684M
  • Access Control $4,030M
  • Private Key Compromised (Brute Force) $3,500M
  • Safe Multisig wallet Phishing Exploit / Access Control $1,635M

Full Leaderboard

Showing 601–650 of 3299 ranked incidents

Largest Web3 incidents by USD amount lost
Rank Project Amount Lost Date Chain Technique Attack Guide Source
601 Nemo $2.4M - Oracle Issue Oracle Manipulation & Price Manipulation View →
602 Nemo Yield Trading $2.4M sui Price Oracle Manipulation Oracle Manipulation & Price Manipulation View →
603 CoinSpot $2.4M ethereum Private Key Compromised (Unknown Method) Access Control Attacks View →
604 Bunny $2.4M bsc Flashloan Incentive Rewards Exploit Flash Loans Attacks View →
605 PancakeBunny $2.4M - Flash Loan Attack Flash Loans Attacks View →
606 OKX $2.4M - Access Control Access Control Attacks View →
607 TempleDAO $2.4M ethereum Exploit Lack of Input Authentication / Other View →
608 BitPay $2.4M - Access Control Access Control Attacks View →
609 Trinity Wallet $2.4M iota Cloudflare Key Compromised View →
610 Evolved Apes $2.3M - Rugpull View →
611 Turtledex $2.3M binance Rugpull View →
612 Fairmoon $2.3M - Rugpull View →
613 friesDAO $2.3M - Access Control Access Control Attacks View →
614 Aztec Connect $2.3M - - View →
615 FOOM Cash $2.3M base, ethereum Fake Proof Spam Phishing Attacks View →
616 Bifrost $2.2M - Other View →
617 PopcornSwap $2.2M binance Rugpull View →
618 Texture $2.2M solana - View →
619 ETHTrustFund $2.2M - Rugpull View →
620 CoinStats $2.2M - Private Key Compromised (Unknown Method) Access Control Attacks View →
621 Platypus Finance $2.2M avalanche Reentrancy Reentrancy View →
622 Aztec Bridge $2.2M - - View →
623 Venus $2.2M - Other View →
624 Zunami Protocol $2.2M ethereum Price Manipulation Attack / Flash Loan Attack Flash Loans Attacks View →
625 Deriswap $2.2M ethereum Rugpull View →
626 BitoPro $2.2M - Other View →
627 Mobius Token $2.2M bsc Decimal Miscalculation Exploit / Other Arithmetic Overflows Underflows View →
628 ApolloX $2.2M - Other View →
629 Onyx Protocol $2.1M ethereum Flashloan Donate Function Logic Exploit / Flash Loan Attack Flash Loans Attacks View →
630 Gatecoin $2.1M - Access Control Access Control Attacks View →
631 ETHTrustFund $2.1M base Transferred Treasury to Mixers View →
632 Mozaic $2.1M - Access Control Access Control Attacks View →
633 Unizen $2.1M ethereum External Call Vulnerability / Other Delegatecall & Call Injection Attacks View →
634 YieldRobot $2.1M - Rugpull View →
635 Dictum Exchange $2.1M - Rugpull View →
636 Gym Network $2.1M bsc Deposit Function Exploit / Other View →
637 stazie $2.1M - Access Control Access Control Attacks View →
638 Dexible $2.0M - Access Control Access Control Attacks View →
639 Aztec $2.0M - Other View →
640 Aztec $2.0M - Other View →
641 AFKSystems Finance $2.0M - Rugpull View →
642 Revest Finance $2.0M ethereum Reentrancy Reentrancy View →
643 Rari Capital $2.0M ethereum Uninitialized Proxy Hijack Access Control Attacks View →
644 New Gold Protocol $2.0M - Flash Loan Attack Flash Loans Attacks View →
645 OlaXBT $2.0M bsc Multisig wallet Social Engineering Exploit / Access Control Access Control Attacks View →
646 MEV Bots $2.0M - Access Control Access Control Attacks View →
647 Sirio Finance $2.0M hedera Flashloan Exploit Flash Loans Attacks View →
648 GemPad $2.0M base, bsc, ethereum Reentrancy / Other Reentrancy View →
649 $2M Coin Poker $2.0M - Access Control Access Control Attacks View →
650 Bedrock $2.0M - Other View →

Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.

Understanding the Pattern Behind Billion-Dollar Losses

The most expensive crypto hacks are not random. They cluster around repeating vulnerability patterns: access-control failures, flash-loan manipulation, oracle abuse, and unsafe external calls. Studying large-loss incidents helps security researchers prioritize high-impact threat models first.

For deeper context, explore the full Web3 Hacks Dashboard and our Smart Contract Attack Library for hands-on exploit and mitigation breakdowns.

Frequently Asked Questions

How is this leaderboard ranked?

Incidents are ranked by parsed USD amount lost in descending order. Records without parseable loss values are excluded from this ranking.

Does this include every attack type?

It includes all incidents with known loss values in the database. Use the full dashboard for broader filtering and lower-severity incidents.

How can I learn to prevent these exploits?

Study attack-class pages first, then practice in guided exercises inside the Smart Contract Hacking course.

Learn to Prevent High-Impact Smart Contract Hacks

$101B+ lost to preventable vulnerabilities. Master real exploit patterns and defense techniques with hands-on Web3 security training.