Web3 Hacks & DeFi Exploit Intelligence
Search the Incident Console
Start with a project name, narrow by chain or exploit class, then open the incident write-up and sources.
| # | Project | Date | Amount Lost | Chain | Technique | Links |
|---|---|---|---|---|---|---|
| 121 | XPlayer Flash Loans Attacks | $717K | — | Flash Loan Attack | ||
| 122 | PGNLZ token Flash Loans Attacks | $100K | — | Flash Loan Attack | ||
| 123 | Matcha Unlimited Approval Exploit | $16.8M | base, ethereum | Unlimited Approval Exploit | ||
| 124 | SwapNet Unlimited Approval Exploit / Other | $17.0M | base, ethereum | Unlimited Approval Exploit / Other | ||
| 125 | Aperture Finance Other | $3.7M | — | Other | ||
| 126 | HypurrFi Other | $84K | — | Other | ||
| 127 | Aperture LM | $3.2M | base, bsc… | — | ||
| 128 | Saga Infinite Mint and Dump / Other | $7.0M | saga | Infinite Mint and Dump / Other | ||
| 129 | SynapLogic Access Control Attacks | $186K | — | Access Control | ||
| 130 | Makina Flash Loans Attacks | $5.0M | ethereum | Flashloan Price Oracle Attack / Flash Loan Attack | ||
| 131 | Yo Yield Other | $3.7M | — | Other | ||
| 132 | NYC Memecoin Rugpull | $3.4M | — | Rugpull | ||
| 133 | YO Protocol Slippage Exploit | $3.7M | ethereum | Slippage Exploit | ||
| 134 | Social Engineering Scam Phishing Attacks | $282M | — | Phishing | ||
| 135 | Truebit Bonding Curve Exploit / Other | $26.5M | ethereum | Bonding Curve Exploit / Other | ||
| 136 | PMX Other | $230K | — | Other | ||
| 137 | Polycule | $230K | polygon | — | ||
| 138 | Fusion by IPOR EIP-7702 Delegation Exploit | $336K | arbitrum | EIP-7702 Delegation Exploit | ||
| 139 | TMX Other | $1.4M | — | Other | ||
| 140 | IPOR Fusion Access Control Attacks | $336K | arbitrum | EIP-7702 Delegation Exploit / Access Control | ||
| 141 | TMX TRIBE Mint & Stake Loop Exploit | $1.4M | arbitrum | Mint & Stake Loop Exploit | ||
| 142 | Valinity Oracle Manipulation & Price Manipulation | $63K | — | Oracle Issue | ||
| 143 | PRXVT Sybil Attack with CREATE2 Addresses | $97K | base | Sybil Attack with CREATE2 Addresses | ||
| 144 | Unleash Protocol Access Control Attacks | $3.9M | story | Multisig Governance Hack / Access Control | ||
| 145 | MSCST Frontrunning & Sandwich Attacks | $130K | bsc | Atomic Sandwich Attack | ||
| 146 | Flow Network Other | $3.9M | — | Other | ||
| 147 | Flow mint-and-dump Hack | $3.9M | flow | mint-and-dump Hack | ||
| 148 | Trust Wallet Access Control Attacks | $7.0M | bitcoin, ethereum… | Private Key Compromised (Supply Chain Attack) / Access Control | ||
| 149 | Address Poisoning Attack Phishing Attacks | $50.0M | — | Phishing | ||
| 150 | Rari Capital Access Control Attacks | $2.0M | ethereum | Uninitialized Proxy Hijack |
Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.
Hack Radar
Fresh DeFi incidents the moment they land in our database. Verified by trusted sources; auto-ingested entries are flagged for review.
Explore by Attack Type
Access Control Attacks
Arithmetic Overflows Underflows
Delegatecall & Call Injection Attacks
Flash Loans Attacks
Oracle Manipulation & Price Manipulation
Reentrancy
Dao Governance Attacks
Frontrunning & Sandwich Attacks
Phishing Attacks
Dos Attacks
Replay Attacks
Self Destruct Attacks
Sensitive On Chain Data
Weak Randomness Attacks
Unchecked Return Value Attacks
Understanding Smart Contract Vulnerabilities
Smart contract vulnerabilities remain the leading cause of DeFi protocol losses, with over $10 billion stolen since 2016. Understanding attack vectors like reentrancy, flash loans, and oracle manipulation is essential for every blockchain developer and security researcher.
Each incident in our database is categorized by attack class and linked to our in-depth vulnerability guides, making this the most educational Web3 hacks tracker available. Want a quick ranking? See the most expensive crypto hacks leaderboard.
Learn how these hacks actually worked
Study the exploit patterns behind the incidents in this database, then practice finding them before attackers do.