Web3 Hacks & DeFi Exploit Intelligence
Search the Incident Console
Start with a project name, narrow by chain or exploit class, then open the incident write-up and sources.
| # | Project | Date | Amount Lost | Chain | Technique | Links |
|---|---|---|---|---|---|---|
| 391 | Convergence Missing Input Validation / Other | $210K | ethereum | Missing Input Validation / Other | ||
| 392 | Terra Other | $6.5M | — | Other | ||
| 393 | Monoswap Access Control Attacks | $1.3M | blast | Private Key Compromised (Malware) | ||
| 394 | Terra 2.0 IBC hooks exploit | $5.0M | terra2 | IBC hooks exploit | ||
| 395 | Karastar Access Control Attacks | $69K | — | Access Control | ||
| 396 | MonoSwap Access Control Attacks | $1.3M | — | Access Control | ||
| 397 | DeltaPrime | $1.0M | arbitrum | — | ||
| 398 | ETHTrustFund Transferred Treasury to Mixers | $2.1M | base | Transferred Treasury to Mixers | ||
| 399 | Rho Markets Oracle Manipulation & Price Manipulation | $7.6M | scroll | Price Oracle Manipulation / Oracle Issue | ||
| 400 | WazirX: India Access Control Attacks | $235M | ethereum | Safe Multisig wallet Phishing Exploit / Access Control | ||
| 401 | ETHTrustFund Rugpull | $2.2M | — | Rugpull | ||
| 402 | NEVER Rugpull | $240K | — | Rugpull | ||
| 403 | LI.FI Other | $8.0M | — | Other | ||
| 404 | LiFi Finance Router Exploit via Infinite Approvals | $9.7M | linea, metis… | Router Exploit via Infinite Approvals | ||
| 405 | Minterest Reentrancy | $1.5M | mantle | Reentrancy / Other | ||
| 406 | CoinStats Access Control Attacks | $2.2M | — | Private Key Compromised (Unknown Method) | ||
| 407 | Dough Finance Access Control Attacks | $2.0M | ethereum | Unvalidated call data exploit / Access Control | ||
| 408 | Smart Bank Token Flash Loans Attacks | $56K | — | Flash Loan Attack | ||
| 409 | Bittensor Access Control Attacks | $8.0M | — | Private Key Compromised (Supply Chain Attack) / Access Control | ||
| 410 | CoinStats Phishing Attacks | $2.0M | — | Phishing | ||
| 411 | BtcTurk Access Control Attacks | $54.0M | — | Private Key Compromised (Unknown Method) / Access Control | ||
| 412 | Sportsbet.io Access Control Attacks | $3.5M | — | Access Control | ||
| 413 | OKX NFT Aggregator Access Control Attacks | $14K | bsc | Access Control Exploit | ||
| 414 | Farcana Access Control Attacks | $440K | — | Access Control | ||
| 415 | Pendle Phishing Attacks | $1.4M | — | Phishing | ||
| 416 | UwU Lend Flash Loans Attacks | $3.7M | ethereum | Flashloan Price Oracle Attack / Flash Loan Attack | ||
| 417 | Holograph Infinite Mint and Dump / Other | $14.4M | ethereum | Infinite Mint and Dump / Other | ||
| 418 | YOLO Games Access Control Attacks | $1.5M | blast | Access Control Exploit | ||
| 419 | UwU Lend Flash Loans Attacks | $20.0M | ethereum | Flashloan Price Oracle Attack | ||
| 420 | Loopring Access Control Attacks | $5.0M | loopring | Guardian 2FA service exploit / Access Control |
Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.
Hack Radar
Fresh DeFi incidents the moment they land in our database. Verified by trusted sources; auto-ingested entries are flagged for review.
Explore by Attack Type
Access Control Attacks
Arithmetic Overflows Underflows
Delegatecall & Call Injection Attacks
Flash Loans Attacks
Oracle Manipulation & Price Manipulation
Reentrancy
Dao Governance Attacks
Frontrunning & Sandwich Attacks
Phishing Attacks
Dos Attacks
Replay Attacks
Self Destruct Attacks
Sensitive On Chain Data
Weak Randomness Attacks
Unchecked Return Value Attacks
Understanding Smart Contract Vulnerabilities
Smart contract vulnerabilities remain the leading cause of DeFi protocol losses, with over $10 billion stolen since 2016. Understanding attack vectors like reentrancy, flash loans, and oracle manipulation is essential for every blockchain developer and security researcher.
Each incident in our database is categorized by attack class and linked to our in-depth vulnerability guides, making this the most educational Web3 hacks tracker available. Want a quick ranking? See the most expensive crypto hacks leaderboard.
Learn how these hacks actually worked
Study the exploit patterns behind the incidents in this database, then practice finding them before attackers do.