Web3 Hacks & DeFi Exploit Intelligence
Search the Incident Console
Start with a project name, narrow by chain or exploit class, then open the incident write-up and sources.
| # | Project | Date | Amount Lost | Chain | Technique | Links |
|---|---|---|---|---|---|---|
| 271 | KiloEx Access Control Attacks | $7.5M | base, bsc… | Price Oracle Manipulation / Access Control | ||
| 272 | Mantra Other | $5.5B | — | Other | ||
| 273 | Tenderize V2 Proxy Upgrade Skim | $11K | ethereum | Proxy Upgrade Skim | ||
| 274 | AIRWA Other | $34K | — | Other | ||
| 275 | UPCX Access Control Attacks | $70.0M | ethereum | Upgraded ProxyAdmin + withdrawByAdmin Hack / Access Control | ||
| 276 | SIR Transient storage collision / Other | $355K | ethereum | Transient storage collision / Other | ||
| 277 | Venus Core Pool Donation Attack | $902K | zksync era | Donation Attack | ||
| 278 | Vicuna Oracle Manipulation & Price Manipulation | $700K | — | Oracle Issue | ||
| 279 | Abracadabra Spell Other | $13.0M | arbitrum | Other | ||
| 280 | Zoth Access Control Attacks | $8.3M | — | Access Control | ||
| 281 | Zoth ZeUSD Access Control Attacks | $8.8M | ethereum | Private Key Compromised (Unknown Method) | ||
| 282 | BBX Token Other | $12K | — | Other | ||
| 283 | Arcade Access Control Attacks | $5K | — | Access Control | ||
| 284 | WebKeyDao Other | $737K | — | Other | ||
| 285 | Berally Access Control Attacks | $90K | berachain | Private Key Compromised (Unknown Method) / Access Control | ||
| 286 | MAID Access Control Attacks | $166K | — | Access Control | ||
| 287 | Phishing Phishing Attacks | $1.8M | — | Phishing | ||
| 288 | ModelpiToken Other | $107K | — | Other | ||
| 289 | 1inch Arithmetic Overflows Underflows | $5.0M | ethereum | Calldata underflow and resolver hijack | ||
| 290 | 1Inch Reentrancy | $2.6M | — | Reentrancy | ||
| 291 | Zoth Oracle Manipulation & Price Manipulation | $285K | — | Oracle Issue | ||
| 292 | Hegic(old contract) Unlimited repeated withdrawal exploit | $94K | ethereum | Unlimited repeated withdrawal exploit | ||
| 293 | Suji Yan Phishing Attacks | $4.0M | — | Phishing | ||
| 294 | Infini Access Control Attacks | $50.0M | ethereum | Dev Privilege Oversight Exploit / Access Control | ||
| 295 | StepHeroNFTs Reentrancy | $90K | — | Reentrancy | ||
| 296 | Bybit Access Control Attacks | $1.4B | ethereum | Safe Multisig wallet Phishing Exploit / Access Control | ||
| 297 | Cardex Access Control Attacks | $400K | abstract | Private Key Compromised (Session signer) | ||
| 298 | LIBRA Other | $286M | — | Other | ||
| 299 | OpenOcean Other | $22K | — | Other | ||
| 300 | zkLend Empty Market Exploit / Other | $9.6M | starknet | Empty Market Exploit / Other |
Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.
Hack Radar
Fresh DeFi incidents the moment they land in our database. Verified by trusted sources; auto-ingested entries are flagged for review.
Explore by Attack Type
Access Control Attacks
Arithmetic Overflows Underflows
Delegatecall & Call Injection Attacks
Flash Loans Attacks
Oracle Manipulation & Price Manipulation
Reentrancy
Dao Governance Attacks
Frontrunning & Sandwich Attacks
Phishing Attacks
Dos Attacks
Replay Attacks
Self Destruct Attacks
Sensitive On Chain Data
Weak Randomness Attacks
Unchecked Return Value Attacks
Understanding Smart Contract Vulnerabilities
Smart contract vulnerabilities remain the leading cause of DeFi protocol losses, with over $10 billion stolen since 2016. Understanding attack vectors like reentrancy, flash loans, and oracle manipulation is essential for every blockchain developer and security researcher.
Each incident in our database is categorized by attack class and linked to our in-depth vulnerability guides, making this the most educational Web3 hacks tracker available. Want a quick ranking? See the most expensive crypto hacks leaderboard.
Learn how these hacks actually worked
Study the exploit patterns behind the incidents in this database, then practice finding them before attackers do.