Web3 Hacks & DeFi Exploit Intelligence

$101B+
Total Value Lost
3299
Incidents Tracked
74
Chains Affected
15
Attack Classes

Search the Incident Console

Start with a project name, narrow by chain or exploit class, then open the incident write-up and sources.

# Project Date Amount Lost Chain Technique Links
91 Growth DeFi Flash Loans Attacks $1.4M ethereum Flashloan Price Oracle Attack / Rugpull
92 Yearn Finance Flash Loans Attacks $11.0M ethereum Flashloan Price Oracle Attack / Flash Loan Attack
93 Warp Protocol Flash Loans Attacks $7.8M ethereum Flashloan Price Oracle Attack
94 Compound Labs Oracle Manipulation & Price Manipulation $89.0M ethereum Oracle Issue
95 CheeseBank Flash Loans Attacks $3.3M ethereum Flashloan Price Oracle Attack
96 ValueDefi Flash Loans Attacks $7.0M ethereum Flashloan Price Oracle Attack / Flash Loan Attack
97 Harvest Finance Flash Loans Attacks $33.8M ethereum Flashloan Price Oracle Attack / Flash Loan Attack
98 Eminence Flash Loans Attacks $15.1M ethereum Flashloan Price Oracle Attack / Flash Loan Attack
99 Ooki Flash Loans Attacks $650K ethereum Flashloan Price Oracle Attack

Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.

Live Feed Last 7 days

Hack Radar

Fresh DeFi incidents the moment they land in our database. Verified by trusted sources; auto-ingested entries are flagged for review.

Understanding Smart Contract Vulnerabilities

Smart contract vulnerabilities remain the leading cause of DeFi protocol losses, with over $10 billion stolen since 2016. Understanding attack vectors like reentrancy, flash loans, and oracle manipulation is essential for every blockchain developer and security researcher.

Each incident in our database is categorized by attack class and linked to our in-depth vulnerability guides, making this the most educational Web3 hacks tracker available. Want a quick ranking? See the most expensive crypto hacks leaderboard.

Learn how these hacks actually worked

Study the exploit patterns behind the incidents in this database, then practice finding them before attackers do.