Hack
Hacks and exploits
Forensic records of every major protocol or bridge exploit: attack vector, on-chain flow of stolen funds, recovery outcomes. 31 records.
Summer Finance exploit linked to flash-loan redemption
A single contemporaneous report said Summer Finance’s Lazy Summer Protocol was exploited for about $6 million, with analysts attributing the loss to a $65.4 million flash loan and a $70.9 million redemption sequence.
$6.0MEdel Finance Lending Pause After wGOOGLx Mispricing
Edel Finance halted its version-one lending system after a wrapped tokenized Google stock was mispriced at about 78x, producing roughly $403,000 in bad debt despite correct Chainlink reference pricing.
$403000Polymarket Wallet Theft After Frontend Script Injection
About $3.1 million in PUSD was taken from 11 user wallets after Polymarket said a compromised third-party vendor injected malicious code into parts of its frontend; full refunds were promised.
$3.1MSecondFi Cardano Wallet Exploit and Address-Level Flaw
SecondFi attributed a Cardano wallet exploit to an address-level defect in wallet generation and signing, reporting 374 affected addresses, about 16 million ADA impacted, and emergency custody of roughly 129 million ADA.
$2.4Mjaredfromsubway.eth Drain via Fake Route Approvals
A reported exploit of the Ethereum MEV bot jaredfromsubway.eth used fabricated trading routes, fake token infrastructure, and standing approvals to remove more than $7.5 million.
$7.5MAztec Connect Deprecated Contract Exploit on Ethereum
A deprecated Aztec Connect contract was drained on 2026-06-15 after a verification-settlement mismatch was reportedly exploited, with Aztec Labs stating the current Aztec network was unaffected.
$2.1MHumanity Protocol: $36M Social-Engineering Token Theft
Quantstamp attributed Humanity Protocol’s loss of $36 million in H tokens to a phishing email impersonating Bithumb, subsequent malware-based laptop compromise, and theft of MetaMask credentials and private keys.
$36.0MRaydium Retired AMM Exploit Drained Five Inactive Pools
Raydium said a retired Solana AMM program was exploited on 2026-06-10, draining roughly $1.34 million from five inactive liquidity pools, with the treasury designated to compensate affected users.
$1.3MHumanity Protocol Wallet Drain Exceeded $32 Million
On 2026-06-09, reporting based on an on-chain analyst’s findings indicated that wallets linked to Humanity Protocol were drained for more than $32 million, with most of the value reportedly converted into ETH and the H token falling 89%.
$32.0MGnosis Pay Delay Module Exploit — June 2026
Gnosis Pay disclosed an active exploit affecting its delay module and card wallet infrastructure on June 1, 2026, then said the issue was being contained and all affected users would be reimbursed in full.
$0Gravity Bridge Halted After Reported $5.4M Exploit
Gravity Bridge, a Cosmos-Ethereum bridge, was reported exploited on 2026-05-31 for about $5.4 million; public reporting and analyst commentary pointed to a possible signing-key or contract-key compromise, after which the bridge was halted.
$5.4MDxSale BNB Chain Liquidity Exploit on May 29, 2026
DxSale lost about $7.3 million in a BNB Chain locker exploit that reportedly affected roughly 1,400 liquidity providers, after a prior ownership transfer and a withdrawal-loop abuse were identified by analysts.
$7.3MStakeDAO vsdCRV Key Compromise on Arbitrum
A suspected StakeDAO deployer-key compromise let an attacker redirect vsdCRV bridge settings, mint more than 5.4 trillion tokens on Arbitrum, and extract roughly $91,000 before liquidity constraints halted further selling.
$91000Safe Wallet Third-Party Module Exploit in May 2026
A suspected external module tied to Safe wallet integrations drained about $3.2 million from 86 accounts across Ethereum and Base, while Safe Labs and Squid said their core systems were not the source of the breach.
$3.2MTHORChain Trading Resumed After $10.7M Vault Exploit
THORChain resumed trading after a five-week halt that followed a reported $10.7 million multichain exploit in May 2026 affecting an Asgard vault; the present record remains sparse on mechanism, attribution, and recovery.
$10.7MBybit Cold-Wallet Hack — February 2025
During a routine multi-sig transfer from an Ethereum cold wallet, malicious code injected into the signing UI tricked three Bybit executives into approving the transfer of approximately 401,000 ETH to a Lazarus-controlled address — at $1.46 billion, the largest cryptocurrency theft on record.
$1.46BWazirX Multi-Sig Hack — July 2024
India's largest cryptocurrency exchange lost approximately $235M from a multi-sig wallet compromise attributed to North Korea's Lazarus Group. Singapore restructuring proceedings remain open.
$235.0MDMM Bitcoin Hack — May 2024
The Japanese exchange lost approximately $305M of BTC to a private-key compromise attributed by the FBI to North Korea's TraderTraitor (Lazarus). DMM covered customer balances and wound down operations in 2025.
$305.0MStake.com Hot-Wallet Hack — September 2023
The Australian-licensed crypto-betting platform lost ~$41M to a hot-wallet compromise attributed by the FBI to North Korea's Lazarus Group. Customer balances were unaffected.
$41.0MAtomic Wallet Hack — June 2023
Approximately 5,500 users of the Estonian non-custodial Atomic Wallet lost a combined ~$100M in June 2023, in an attack attributed by Elliptic and US law enforcement to North Korea's Lazarus Group.
$100.0M