Web3 Hacks & DeFi Exploit Intelligence

$101B+
Total Value Lost
3299
Incidents Tracked
74
Chains Affected
15
Attack Classes

Search the Incident Console

Start with a project name, narrow by chain or exploit class, then open the incident write-up and sources.

# Project Date Amount Lost Chain Technique Links
331 MintPal Access Control Attacks $2.0M Access Control
332 PicoStocks Access Control Attacks $6.4M Access Control
333 Inputs.io Access Control Attacks $809K Access Control
334 Just-Dice Access Control Attacks $123K Access Control
335 PicoStocks Access Control Attacks $167K Access Control
336 Vircurex Access Control Attacks $342K Access Control
337 Bitmit Access Control Attacks $202K Access Control
338 ZigGap Access Control Attacks $169K Access Control
339 Bit LC Inc. Access Control Attacks $51K Access Control
340 Cdecker Access Control Attacks $113K Access Control
341 Bitcoinica Access Control Attacks $303K Access Control
342 Bitcoin Syndicate Access Control Attacks $12K Access Control
343 Betcoin Access Control Attacks $15K Access Control
344 Bitomat Access Control Attacks $236K Access Control

Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.

Live Feed Last 7 days

Hack Radar

Fresh DeFi incidents the moment they land in our database. Verified by trusted sources; auto-ingested entries are flagged for review.

Understanding Smart Contract Vulnerabilities

Smart contract vulnerabilities remain the leading cause of DeFi protocol losses, with over $10 billion stolen since 2016. Understanding attack vectors like reentrancy, flash loans, and oracle manipulation is essential for every blockchain developer and security researcher.

Each incident in our database is categorized by attack class and linked to our in-depth vulnerability guides, making this the most educational Web3 hacks tracker available. Want a quick ranking? See the most expensive crypto hacks leaderboard.

Learn how these hacks actually worked

Study the exploit patterns behind the incidents in this database, then practice finding them before attackers do.