Web3 Hacks & DeFi Exploit Intelligence

$101B+
Total Value Lost
3299
Incidents Tracked
74
Chains Affected
15
Attack Classes

Search the Incident Console

Start with a project name, narrow by chain or exploit class, then open the incident write-up and sources.

# Project Date Amount Lost Chain Technique Links
1 Summer.fi Flash Loans Attacks $6.0M Flash Loan Attack
2 ATM Token Other $244K Other
3 BYToken Flash Loans Attacks $87K Flash Loan Attack
4 DxSale Access Control Attacks $7.3M
5 Tessera DAO Access Control Attacks $2.4M Access Control
6 New Market Trading $4.0M
7 WUSD.fi Flash Loans Attacks $207K Flash Loan Attack
8 Third-party SquidRouterModule Access Control Attacks $3.2M Access Control
9 Renegade Access Control Attacks $209K Access Control
10 TrustedVolumes Other $6.7M Other
11 Ekubo Protocol Access Control Attacks $1.4M Access Control
12 SubQuery Network Access Control Attacks $60K base Access Control Exploit
13 BCE Token Other $679K Other
14 Venus Other $2.2M Other
15 Stake DAO Oracle Manipulation & Price Manipulation $176K arbitrum, base Oracle Message Spoofing
16 Curve LlamaLend Donation Attack $240K ethereum Donation Attack
17 LAXO Token Flash Loans Attacks $191K Flash Loan Attack
18 Makina Flash Loans Attacks $5.0M ethereum Flashloan Price Oracle Attack / Flash Loan Attack
19 Truebit Bonding Curve Exploit / Other $26.5M ethereum Bonding Curve Exploit / Other
20 PRXVT Sybil Attack with CREATE2 Addresses $97K base Sybil Attack with CREATE2 Addresses
21 FutureSwap Flash Loans Attacks $270K ethereum Flashloan Governance Attack
22 Moonwell Lending Oracle Manipulation & Price Manipulation $1.0M base, optimism Oracle Price Feed Manipulation
23 Sharwa.Finance Oracle Manipulation & Price Manipulation $147K arbitrum Price Manipulation Attack / Other
24 Abracadabra Spell Sequential State Manipulation Exploit / Other $1.7M ethereum Sequential State Manipulation Exploit / Other
25 Coinbase Frontrunning & Sandwich Attacks $300K ethereum MEV composability attack
26 SuperRare Access Control Attacks $730K ethereum updateMerkleRoot Access Control Exploit / Access Control
27 Resupply Oracle Manipulation & Price Manipulation $9.6M ethereum Price Oracle Manipulation / Other
28 Usual Arbitration Exploit / Other $43K ethereum Arbitration Exploit / Other
29 ZKsync Access Control Attacks $5.0M zksync era Private Key Compromised (Unknown Method) / Access Control
30 SIR Transient storage collision / Other $355K ethereum Transient storage collision / Other

Data sourced from DefiLlama & SunWeb3Sec/DeFiHackLabs . Thank you for keeping Web3 security data open.

Live Feed Last 7 days

Hack Radar

Fresh DeFi incidents the moment they land in our database. Verified by trusted sources; auto-ingested entries are flagged for review.

Understanding Smart Contract Vulnerabilities

Smart contract vulnerabilities remain the leading cause of DeFi protocol losses, with over $10 billion stolen since 2016. Understanding attack vectors like reentrancy, flash loans, and oracle manipulation is essential for every blockchain developer and security researcher.

Each incident in our database is categorized by attack class and linked to our in-depth vulnerability guides, making this the most educational Web3 hacks tracker available. Want a quick ranking? See the most expensive crypto hacks leaderboard.

Learn how these hacks actually worked

Study the exploit patterns behind the incidents in this database, then practice finding them before attackers do.