$4M Drained: Mozaic Insider Attack, Blueberry Oracle Fail, xPet, and Miner ExploitsMozaic lost $2M to an insider with stolen keys. Blueberry bled $1.3M after deploying a borrow contract using the wrong oracle decimals…3d ago3d ago
$301M Breached: PlayDapp, Seneca, Duelbits, and ERC404 ExploitedPlayDapp lost $290M after minter access was hijacked. Seneca bled $6.5M due to a logic flaw that allowed arbitrary calldata execution…3d ago3d ago
$17M Drained: Axie Co-Founder, Abracadabra, Goledo, and Citadel ExploitedJihoz lost $8.4M after hot wallet access was compromised. Abracadabra bled $6.5M due to a rounding error that zeroed debt but left base…3d ago3d ago
$123M Lost: Ripple Co-Founder Hacked, Socket and GMEE BreachedChris Larsen’s XRP wallets were drained for $112M. GMEE lost $7M after token contracts were compromised via GitLab. Socket Protocol got hit…4d ago4d ago
Orbit, Radiant, Concentric: $88M Lost to Keys and Cold StartsOrbit Chain lost $81.6M after its owner key signed off on withdrawals. Concentric’s deployer key let the attacker mint and drain. Radiant…5d ago5d ago
Gamma, TelCoin, Pine: Same Bugs, New ChainsGamma Strategies’ $6.2M loss came down to a 200% price change threshold that ignored flash loan realities. TelCoin’s proxy setup reused…5d ago5d ago
Published inDevSecOps & AIPrisma’s $11.6M Exploit Wasn’t a Flaw in Logic. It Was a Flaw in Trust.On March 28, 2024, Prisma Finance was exploited for over $11.6M through a vulnerability in its MigrateTroveZap contract, code designed to…6d ago6d ago
OKX, Time Token, FCN-TRUST: Another Week, Another Set of Unchecked AssumptionsOKX’s $2.7M exploit came from a familiar vector: private key compromise post-contract upgrade. Time Token burned supply without sender…6d ago6d ago
Cork, ResupplyFi, Meta Pool: Hookless, Priceless, and Permissionless LossesCork Protocol dropped $12M from an unguarded Uniswap V4 hook. ResupplyFi let 1 wei unlock $9.6M via a vault price trick. Meta Pool’s…6d ago6d ago
Ledger, Heco, Kronos, Raft: Exploits in the Supply Chain, Keys, and MathLedger’s $610K exploit wasn’t on-chain — it was in the supply chain, via a poisoned NPM package. Heco Bridge lost $86.8M to key compromise…Jul 3Jul 3
