Base — hacks & exploits

Wasabi Protocol's perp vaults across Ethereum, Base, Berachain and Blast lost $5M when a compromised deployer EOA with sole ADMIN_ROLE allowed UUPS upgrades.

1B bridged DOT minted on Hyperbridge after a missing bounds check in VerifyProof let an attacker forge MMR proofs; realised loss ~$2.5M.

~$1.78M drained from Moonwell on Base after a newly listed market used a price feed with a decimals mismatch, mis-valuing collateral so attackers borrowed out.

A hot-wallet compromise across 7 chains drained $48M from Turkish exchange BtcTurk, its second major hack in 14 months. Cold storage was untouched.

$7.5M extracted from KiloEX perps on Base, opBNB and BSC after the MinimalForwarder skipped signature checks; positions opened at $100, closed at $10,000.

A reentrancy in Clober DEX's Rebalancer withdraw path on Base let an attacker re-enter before LP accounting settled, draining $500K in excess liquidity.

Grand Base, an RWA project on Base, lost $2M after its deployer key was compromised or abused; the attacker minted unlimited GB and drained the liquidity pool.

$54.7M drained from KyberSwap Elastic after a rounding error in concentrated-liquidity math let an attacker trick pools into recognising double the liquidity.

$869K drained from RocketSwap on Base after a server breach yielded both the encrypted private keys and the automation script's decryption logic.

The BALD memecoin developer pulled liquidity from Coinbase's Base testnet, netting $5.9M in dev profit and $23M in investor losses while denying any rug pull.