Terra Classic
$40.00B
The biggest Web3 and DeFi exploits ranked by amount lost. Track high-impact incidents, study attack patterns, and learn how security failures scale into multi-million dollar losses.
$101B+
Total Value Lost
3299
Incidents Tracked
74
Chains Affected
80
$100M+ Incidents
$40.00B
$5.50B
$3.60B
$3.50B
$3.36B
$2.90B
$2.80B
$2.00B
$2.00B
$1.50B
Showing 651–700 of 3299 ranked incidents
| Rank | Project | Amount Lost | Date | Chain | Technique | Attack Guide | Source |
|---|---|---|---|---|---|---|---|
| 651 | CoinStats | $2.0M | - | Phishing | Phishing Attacks | View → | |
| 652 | pump.fun | $2.0M | solana | Private Key Compromised (Unknown Method) / Flash Loan Attack | Access Control Attacks | View → | |
| 653 | MangoFarmSol | $2.0M | solana | Frontend Attack | — | View → | |
| 654 | Ovix | $2.0M | - | Flash Loan Attack | Flash Loans Attacks | View → | |
| 655 | 0vix | $2.0M | polygon | Flashloan Donate Function Logic Exploit | Flash Loans Attacks | View → | |
| 656 | FilDA | $2.0M | - | Other | — | View → | |
| 657 | Dexible V2 | $2.0M | arbitrum, ethereum | Arbitrary External Call | Delegatecall & Call Injection Attacks | View → | |
| 658 | Mirror Protocol | $2.0M | - | Oracle Issue | Oracle Manipulation & Price Manipulation | View → | |
| 659 | Mad Meerkat Finance | $2.0M | - | Other | — | View → | |
| 660 | MM Finance Cronos | $2.0M | cronos | DNS Spoofing | — | View → | |
| 661 | Revest | $2.0M | - | Other | — | View → | |
| 662 | AutoSharkFinance | $2.0M | - | Other | — | View → | |
| 663 | Circle | $2.0M | - | Access Control | Access Control Attacks | View → | |
| 664 | Akropolis | $2.0M | ethereum | Flashloan Reentrancy Attack / Flash Loan Attack | Flash Loans Attacks | View → | |
| 665 | MintPal | $2.0M | - | Access Control | Access Control Attacks | View → | |
| 666 | PancakeHunny | $2.0M | - | Other | — | View → | |
| 667 | MEV Bot | $2.0M | - | Other | — | View → | |
| 668 | Dough Finance | $2.0M | ethereum | Unvalidated call data exploit / Access Control | Access Control Attacks | View → | |
| 669 | Titano | $1.9M | - | Other | — | View → | |
| 670 | Coinis | $1.9M | - | Access Control | Access Control Attacks | View → | |
| 671 | BTER | $1.9M | - | Rugpull | — | View → | |
| 672 | XBridge | $1.9M | bsc, ethereum | Access Control | Access Control Attacks | View → | |
| 673 | Dolomite | $1.9M | ethereum | Acces Control Exploit / Other | Access Control Attacks | View → | |
| 674 | KLAYswap | $1.9M | - | Other | — | View → | |
| 675 | Omm Finance | $1.9M | - | Other | — | View → | |
| 676 | Percent Finance | $1.9M | - | Other | — | View → | |
| 677 | Balancer | $1.9M | - | Flash Loan Attack | Flash Loans Attacks | View → | |
| 678 | Omm | $1.9M | icon | Redeem Function Exploit | — | View → | |
| 679 | Transit Finance | $1.9M | - | Other | — | View → | |
| 680 | BT.Finance | $1.9M | ethereum | Flash Loan Attack | Flash Loans Attacks | View → | |
| 681 | Hope Finance | $1.9M | arbitrum | Router Exploit / Rugpull | — | View → | |
| 682 | IVY | $1.8M | - | Rugpull | — | View → | |
| 683 | Phishing | $1.8M | - | Phishing | Phishing Attacks | View → | |
| 684 | MERLIN DEX | $1.8M | zksync era | Drained Contracts / Access Control | Access Control Attacks | View → | |
| 685 | Nexera | $1.8M | ethereum | Ownership Override Attack / Access Control | Access Control Attacks | View → | |
| 686 | PancakeSwap | $1.8M | - | Other | — | View → | |
| 687 | Ledger | $1.8M | - | Access Control | Access Control Attacks | View → | |
| 688 | CoinTiger | $1.8M | - | Access Control | Access Control Attacks | View → | |
| 689 | BTER | $1.8M | - | Access Control | Access Control Attacks | View → | |
| 690 | Bent Finance | $1.8M | ethereum | User Balances Manually Updated / Other | — | View → | |
| 691 | Moonwell Lending | $1.8M | base | cbETH Collateral Exploit / Oracle Issue | Oracle Manipulation & Price Manipulation | View → | |
| 692 | USDC Permit Signature Phishing | $1.8M | - | Phishing | Phishing Attacks | View → | |
| 693 | 8ightDAO | $1.8M | harmony | Private Key Compromised (Unknown Method) | Access Control Attacks | View → | |
| 694 | Gate.io | $1.8M | - | Access Control | Access Control Attacks | View → | |
| 695 | EVODeFi | $1.7M | - | Flash Loan Attack | Flash Loans Attacks | View → | |
| 696 | DePo | $1.7M | - | Access Control | Access Control Attacks | View → | |
| 697 | Concentric | $1.7M | arbitrum | Private Key Compromised (Social Engineering) / Access Control | Access Control Attacks | View → | |
| 698 | Taiko | $1.7M | - | Other | — | View → | |
| 699 | Abracadabra Spell | $1.7M | ethereum | Sequential State Manipulation Exploit / Other | — | View → | |
| 700 | XT Exchange | $1.7M | ethereum | Access Control | Access Control Attacks | View → |
Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.
The most expensive crypto hacks are not random. They cluster around repeating vulnerability patterns: access-control failures, flash-loan manipulation, oracle abuse, and unsafe external calls. Studying large-loss incidents helps security researchers prioritize high-impact threat models first.
For deeper context, explore the full Web3 Hacks Dashboard and our Smart Contract Attack Library for hands-on exploit and mitigation breakdowns.
Incidents are ranked by parsed USD amount lost in descending order. Records without parseable loss values are excluded from this ranking.
It includes all incidents with known loss values in the database. Use the full dashboard for broader filtering and lower-severity incidents.
Study attack-class pages first, then practice in guided exercises inside the Smart Contract Hacking course.
$101B+ lost to preventable vulnerabilities. Master real exploit patterns and defense techniques with hands-on Web3 security training.