Smart Contract Bug

Rhea Finance on NEAR lost $18.4M after a two-day setup of fake tokens, 423 wallets and 8 Ref pools exploited a slippage-summing flaw in margin trading.

Solv Protocol's BRO vault lost $2.73M when an ERC-3525 double-mint bug let the attacker turn 135 BRO into ~567M BRO over 22 deposits, then swap for 38 SolvBTC.

SagaEVM lost $7M in 11 minutes when an Ethermint bug let crafted messages bypass validation, minting Saga Dollar (D) without collateral and bridging to ETH.

TMXTribe, a staking/rewards protocol, lost ~$1.4M when a distribution accounting flaw let an attacker repeatedly over-claim, draining the reward reserve.

Truebit lost $26.4M when an integer overflow in TRU's five-year-old bonding-curve contract let the attacker mint TRU near-free and sell back for 8,500 ETH.

An oracle upgrade created an 18-vs-8 decimal precision mismatch in Aevo's legacy Ribbon DOV vaults, draining $2.7M. Aevo shut down vaults hours later.

USPD, a newer decentralized stablecoin, lost ~$1M via a mint/collateral flaw that allowed minting against insufficient backing, briefly depegging the token.

Yearn's yETH StableSwap pool minted 235 septillion yETH from a 16-wei deposit after a liquidity removal reset supply to zero but left cached virtual balances.

Access-control oversight and rounding error in Balancer v2's invariant logic drained ~$120M across stable pools, the largest DeFi exploit of 2025.

Rounding error in Bunni DEX's withdraw function drained $8.4M on Ethereum and Unichain after devs misjudged how idle balances would move. Protocol shut down.

Odin.fun, a Bitcoin memecoin launchpad, lost ~$7M when attackers manipulated bonding-curve liquidity accounting to drain BTC pools. Founder paused trading.

A fee/reward-distribution flaw let an attacker repeatedly extract value from BetterBank's PulseChain liquidity pools, draining $5M with partial recovery later.

A flaw in Credix Finance's credit-token minting logic on BNB Chain let an attacker mint and redeem against fabricated positions, draining $4.5M from the pool.

Reentrancy-adjacent flaw in GMX v1's GLP pricing logic let an attacker drain ~$42M, most returned within days in exchange for a white-hat bounty.

$9.8M drained from Resupply in under 90 minutes when a $4,000 flash loan exploited a 2-hour-old wstUSR vault via an ERC-4626 donation attack.

A self-listing verification flaw drained $8.37M (up to $16.2M with ALEX tokens) from ALEX Protocol on Stacks, the team's second major incident in 13 months.

Attacker drained $12M (3,761 wstETH) from Cork Protocol by creating a market referencing another's DS, bypassing auth via a malicious Uniswap v4 hook.

Overflow-guard flaw in Sui's largest DEX let an attacker inject a tiny liquidity position that read as gigantic, draining $223M before validators intervened.

$2.15M drained from MobiusDAO on BNB Chain after a double 10^18 scaling let the attacker mint 9.73 quadrillion MBU from 0.01 BNB; laundered via Tornado Cash.

$355K (entire TVL) drained from leveraged-trading protocol SIR.trading via transient-storage misuse that spoofed the uniswapV3SwapCallback caller check.

Attacker drained $13M (6,260 ETH) from Abracadabra's GM Cauldrons by engineering a failing GMX deposit, self-liquidating, then reborrowing the collateral.

A legacy Fusion v1 resolver bug let an attacker craft calldata to drain $5M from 1inch resolver TrustedVolumes. Core protocol and user funds were unaffected.

ZeroLend lost ~$371K to a classic empty-market share-inflation donation attack on a freshly-listed market that lacked a protective initial deposit.

$9.5M drained from zkLend on Starknet via a precision-rounding bug in its safeMath library; repeated rounding inflated raw_balance until pools emptied.

The Idols NFT lost ~$324K when a staking-rewards accounting flaw let an attacker repeatedly claim weighted rewards far beyond entitlement, draining the pool.

$11.6M drained from users who granted infinite approvals to LI.FI; a freshly deployed facet skipped a validation, letting any caller invoke arbitrary contracts.

A flaw in Holograph's operator contract let an attacker mint 1 billion HLG tokens, worth $14.4M nominal at first mint. HLG dropped 80% within nine hours.

Velocore's CPMM pools on zkSync and Linea lost $6.8M when a fee-multiplier overflow let the attacker mint huge LP supply against a tiny single-token withdrawal.

Sonne Finance lost $20M on Optimism to a 'donation attack', a well-known Compound v2 fork exploit hitting the gap between deploying and seeding a new market.

$1.9M drained from Pike Finance after uninitialized upgradeable contracts let an attacker seize ownership and drain CCIP-bridged assets.

Hedgey Finance vesting lost $44.7M when missing parameter validation let the attacker craft campaigns whose claimLockup callback approved arbitrary transfers.

$4.8M drained from Super Sushi Samurai on Blast after a transfer-function bug doubled the sender's balance on self-transfer. A white-hat saw it first.

$2.1M drained from Unizen's DEX aggregator via an unsafe external-call vulnerability in a recent upgrade that hit users with token approvals.

$6.4M drained from Seneca users via unlimited approvals to its Chamber contract, which had no pause function. Attacker returned 80% for a 20% bounty.

$3.3M drained from Socket/Bungee bridge aggregator users via an unvalidated SocketGateway route that called transferFrom on infinite-approval wallets.

$54.7M drained from KyberSwap Elastic after a rounding error in concentrated-liquidity math let an attacker trick pools into recognising double the liquidity.

$3.3M of R stablecoin minted via a rounding/share-mint bug in Raft's collateral logic, but the attacker botched cash-out, burning ~1,570 ETH. R depegged.

$640K drained from Unibot users via a token-approval bug in the Telegram trading bot's new router contract. Unibot reimbursed affected users.

~$2.2M drained from Platypus Finance in a cluster of October exploits hitting the Avalanche stableswap via flawed solvency/withdrawal logic.

$2.9M drained from Stars Arena, an Avalanche friend.tech-style SocialFi app, via a share-price/withdrawal logic flaw at the peak of the SocialFi hype.

Attacker passed a fake market and forged permit to Exactly Protocol's DebtManager on Optimism; leverage() validated neither, draining $7.3M from 117 accounts.

DEUS DAO's third incident drained $6.5M across BNB, Arbitrum and Ethereum via a flaw in DEI's burnFrom/approval logic that let attackers abuse allowances.

Level Finance on BNB Chain lost $1.1M because LevelReferralControllerV2 paid out referral rewards without marking the epoch claimed, allowing repeated claims.

Hundred Finance on Optimism lost $7M to a donation-attack variant: a rounding bug in the Compound v2 fork's exchange-rate code let tiny hWBTC drain the pool.

A misconfigured legacy Yearn iEarn contract pointing at the wrong Fulcrum token minted 1.2Q yUSDT and drained $11M from Aave v1 before anyone noticed.

A missing access check in Sushi's RouteProcessor2 router let bots drain $3.3M in WETH from users with token approvals before a white-hat rescue.

SafeMoon lost $8.9M from its WBNB pool after an upgrade left burn() public, letting anyone burn other users' SFM. Burning pool LP pumped SFM, then drained WBNB.

A missing health check on Euler's donateToReserves function let an attacker create a self-liquidatable position and walk away with $197M — most of it returned.

Hedera Hashgraph pools lost ~$515K to a Smart Contract Service decompiler bug that let an attacker pull HTS tokens from accounts. Hedera paused the network.

Dexible users lost $2M after selfSwap made arbitrary external calls with user-supplied data, letting the attacker transferFrom any wallet that had approved it.

$3.2M drained from Skyward Finance on NEAR via a treasury accounting flaw that let the attacker redeem SKYWARD repeatedly against the same balance.

Team Finance lost $15.8M in a Uniswap v2-to-v3 migration: locked tokens moved to a skewed v3 pair and refunded as 'leftover' for $2,700 in gas. $7M returned.

$2.3M drained from TempleDAO's StaxLPStaking after migrateStake() failed to validate the caller, letting anyone migrate another staker's full position.

Transit Swap users with infinite approvals lost $21M when claimTokens failed to validate which token to call transferFrom on. 70% returned after on-chain talks.

A fake tick account bypassed Crema's owner check and harvested fictitious fees via CLMM accounting, draining $9.6M on Solana. $8M returned in white-hat deal.

Gym Network on BNB Chain lost $2.1M after a deposit function accepted a referrer signature without validating it, letting the attacker mint huge GYMNET rewards.

Saddle's sUSDv2 metapool lost $11.9M when a known MetaSwapUtils bug was redeployed by mistake; BlockSec's bots front-ran $3.97M to safety, cutting the net loss.

Two missing collateral checks let an attacker mint 2 billion fake CASH stablecoins on Cashio, dropping TVL from $48M to zero in one transaction.

~$1.4M of NFTs stolen from TreasureDAO's marketplace after the buy function failed to check that quantity produced a non-zero price, enabling free buys.

$8.7M drained from Superfluid after a malicious 'context' passed to its host contract let the attacker spoof the caller and execute privileged streams.

~$3M drained from Tinyman, Algorand's main AMM, via a swap/burn logic flaw in pool-token operations that let attackers extract assets across many pools.

A reward-distribution accounting flaw in Bent Finance let one address claim ~$1.7M in rewards far beyond its entitlement before the bug was caught and paused.

$31M drained from MonoX's single-token pools after the attacker swapped a token with itself, pumping MONO in the protocol's own oracle until pools emptied.

$90M drained from Terra-based Mirror Protocol via duplicate-ID collateral unlocks; the loss went unnoticed for seven months until Terra's collapse exposed it.

A bug in Compound's Proposal 62 governance upgrade paid out up to $147M of unintended COMP rewards. Most was returned voluntarily; a portion was kept by users.

An unprotected init() function in DAO Maker's vesting contracts let an attacker seize ownership and call emergencyExit, draining $4M across multiple user pools.

Cross-chain manager contract bug allowed an attacker to swap the keeper public key and withdraw $611M from three chains — eventually returned in full.

$9M drained from Punk Protocol minutes after launch via a delegatecall to Initialize setting the attacker as forge address; $5M recovered by white-hats.

~$248K drained from SafeDollar on Polygon via a reward-calculation flaw that emptied SDO/USDC reserves and broke the algorithmic stablecoin's peg.

Flaw in Eleven Finance's nerveBUSD vault emergencyBurn/withdraw path let funds be withdrawn without burning shares, draining ~$4.5M on BNB Chain.

~$3.7M drained from Impossible Finance on BNB Chain via a swap-router flaw that let an attacker repeatedly swap against stale reserves in one tx.

A deployment script bug created phantom Alchemix vaults that misdirected $6.5M in rewards to pay off users' debts. The team froze minting within 15 minutes.

$57.2M extracted from Uranium Finance via a misplaced constant in v2.1 migration contracts (1,000,000 vs 10,000), letting 1 wei swap for 98% of pools.

DODO's V2 Crowdpools lost $3.8M after the attacker re-called init() with a fake token; the pools had no re-initialization guard. MEV bots front-ran ~$1.9M.

Furucombo users lost $14M after the attacker tricked the proxy into delegatecalling a malicious 'Aave v2 implementation' that swept every approved balance.

Saddle Finance lost ~$276K within an hour of launch when a flawed stableswap let arbitrageurs swap at badly mispriced rates, draining LP value day one.

A Solidity storage/memory bug in Cover's Blacksmith contract minted 40 quintillion COVER, crashing price from $700 to under $5. A white-hat returned all funds.

$19.76M DAI drained from Pickle Finance after the attacker created two fake 'Jar' contracts and exploited a missing whitelist check in swapExactJarForJar.

Two incidents four months apart: a public initWallet flaw drained $30M, then a user 'accidentally' suicided the library, freezing $150M+ across 151 multi-sigs.