Web3 Hacks & DeFi Exploit Intelligence
Search the Incident Console
Start with a project name, narrow by chain or exploit class, then open the incident write-up and sources.
| # | Project | Date | Amount Lost | Chain | Technique | Links |
|---|---|---|---|---|---|---|
| 61 | BigONE Access Control Attacks | $28.0M | — | Access Control | ||
| 62 | Pundi AI Access Control Attacks | $6.0M | — | Access Control | ||
| 63 | MEV Bots Access Control Attacks | $2.0M | — | Access Control | ||
| 64 | Hacken Token Access Control Attacks | $250K | — | Private Key Compromised / Access Control | ||
| 65 | Nobitex Access Control Attacks | $82.0M | arbitrum, avalanche… | Hot wallet hack / Access Control | ||
| 66 | ForceBridge Access Control Attacks | $3.9M | nervos | Access Control Exploit | ||
| 67 | Nervos Network Access Control Attacks | $3.7M | — | Access Control | ||
| 68 | Cork V1 Access Control Attacks | $12.0M | ethereum | Access control bypass via hook / Other | ||
| 69 | Zunami Access Control Attacks | $500K | — | Access Control | ||
| 70 | BitoPro BitoGroup Access Control Attacks | $11.5M | — | Access Control | ||
| 71 | The R0AR Access Control Attacks | $790K | — | Access Control | ||
| 72 | ZKsync Access Control Attacks | $5.0M | zksync era | Private Key Compromised (Unknown Method) / Access Control | ||
| 73 | KiloEx Access Control Attacks | $7.5M | base, bsc… | Price Oracle Manipulation / Access Control | ||
| 74 | UPCX Access Control Attacks | $70.0M | ethereum | Upgraded ProxyAdmin + withdrawByAdmin Hack / Access Control | ||
| 75 | Zoth ZeUSD Access Control Attacks | $8.8M | ethereum | Private Key Compromised (Unknown Method) | ||
| 76 | Zoth Access Control Attacks | $8.3M | — | Access Control | ||
| 77 | Arcade Access Control Attacks | $5K | — | Access Control | ||
| 78 | Berally Access Control Attacks | $90K | berachain | Private Key Compromised (Unknown Method) / Access Control | ||
| 79 | MAID Access Control Attacks | $166K | — | Access Control | ||
| 80 | Infini Access Control Attacks | $50.0M | ethereum | Dev Privilege Oversight Exploit / Access Control | ||
| 81 | Bybit Access Control Attacks | $1.4B | ethereum | Safe Multisig wallet Phishing Exploit / Access Control | ||
| 82 | Cardex Access Control Attacks | $400K | abstract | Private Key Compromised (Session signer) | ||
| 83 | DogWifTools Access Control Attacks | $10.0M | solana | Private Key Compromised (Malware) | ||
| 84 | Phemex Access Control Attacks | $85.0M | arbitrum, avalanche… | Private Key Compromised (Unknown Method) / Other | ||
| 85 | Orange Finance Access Control Attacks | $840K | arbitrum | Private Key Compromised (Unknown Method) / Access Control | ||
| 86 | Moby Access Control Attacks | $1.5M | arbitrum | Private Key Compromised (Unknown Method) | ||
| 87 | Moby Trade Access Control Attacks | $2.5M | — | Access Control | ||
| 88 | Fegex Access Control Attacks | $900K | base, bsc… | Missing Access Control | ||
| 89 | BTC24H Access Control Attacks | $86K | polygon | Access Control Exploit / Access Control | ||
| 90 | XT Exchange Access Control Attacks | $1.7M | ethereum | Access Control |
Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.
Hack Radar
Fresh DeFi incidents the moment they land in our database. Verified by trusted sources; auto-ingested entries are flagged for review.
Explore by Attack Type
Access Control Attacks
Arithmetic Overflows Underflows
Delegatecall & Call Injection Attacks
Flash Loans Attacks
Oracle Manipulation & Price Manipulation
Reentrancy
Dao Governance Attacks
Frontrunning & Sandwich Attacks
Phishing Attacks
Dos Attacks
Replay Attacks
Self Destruct Attacks
Sensitive On Chain Data
Weak Randomness Attacks
Unchecked Return Value Attacks
Understanding Smart Contract Vulnerabilities
Smart contract vulnerabilities remain the leading cause of DeFi protocol losses, with over $10 billion stolen since 2016. Understanding attack vectors like reentrancy, flash loans, and oracle manipulation is essential for every blockchain developer and security researcher.
Each incident in our database is categorized by attack class and linked to our in-depth vulnerability guides, making this the most educational Web3 hacks tracker available. Want a quick ranking? See the most expensive crypto hacks leaderboard.
Learn how these hacks actually worked
Study the exploit patterns behind the incidents in this database, then practice finding them before attackers do.