2021The year in breaches

Rug pull drained ~$1.75M from 8ight Finance after operators used privileged contract authority to empty pooled deposits, then deleted all presence.

A reward-distribution accounting flaw in Bent Finance let one address claim ~$1.7M in rewards far beyond its entitlement before the bug was caught and paused.

Visor Finance's staking contract lost $8.2M to a reentrancy in the delegateTransferERC20 path. VISR fell 95% same-day; Visor migrated to a new token.

Grim Finance vaults on Fantom lost $30M to a 5-loop reentrancy in depositFor that faked extra deposits mid-call. TVL collapsed from $98.9M to $4.2M.

148 Vulcan Forged user wallets lost 4.5M PYR ($140M) after attackers compromised Venly custody holding their private keys. Refunded in full from treasury.

Attacker drained $77.7M across 78 ERC-20 tokens from AscendEX hot wallets on Ethereum, BSC and Polygon, tied to a third-party hardware-level vulnerability.

Single private-key compromise drained $196M from two Bitmart hot wallets on Ethereum and BNB Chain; CEO Sheldon Xia compensated users from reserves.

Compromised Cloudflare API key let attackers inject malicious approvals into BadgerDAO's frontend for two weeks, draining $120M from users' wallets.

$31M drained from MonoX's single-token pools after the attacker swapped a token with itself, pumping MONO in the protocol's own oracle until pools emptied.

Avalanche memecoin SDOG lost $18M to insiders who knew the 'challengeKey' needed to trade on its DEX during the buyback, draining it before retail could react.

Phishing email with a malicious Word macro on a dev's machine let Lazarus-linked attackers drain $55M from bZx's Polygon and BSC deployments.

An admin private-key compromise let the attacker withdraw $139M of pooled DEX liquidity from BXH on BSC, one of 2021's largest yet under-remembered losses.

Flash-loan price manipulation of yUSD let an attacker borrow against $1B in fake collateral and drain $130M from Cream, its third successful exploit of 2021.

$16M drained from DEFI5 and CC10 index pools via a flash-loan exploit of the rebalancing math; the teen attacker mounted a 'code is law' defense in Canada.

$90M drained from Terra-based Mirror Protocol via duplicate-ID collateral unlocks; the loss went unnoticed for seven months until Terra's collapse exposed it.

A bug in Compound's Proposal 62 governance upgrade paid out up to $147M of unintended COMP rewards. Most was returned voluntarily; a portion was kept by users.

JayPegs Automart, an Ethereum NFT 'automated trading' scheme, exit-scammed users for ~$3.1M when operators drained deposits and vanished during the NFT mania.

Vee Finance on Avalanche lost $35M a week after launch when Pangolin price manipulation bypassed a slippage check with a decimals bug SlowMist had pre-flagged.

An unprotected init() function in DAO Maker's vesting contracts let an attacker seize ownership and call emergencyExit, draining $4M across multiple user pools.

$18.8M drained from Cream Finance v1 lending markets via a reentrancy bug in the AMP token's ERC-777 transfer hook — the second of Cream's three 2021 exploits.

~$97M drained from Japan-based Liquid Global's warm wallets across ETH, XRP, BTC and stablecoins; FTX extended a $120M emergency loan, then acquired it.

Cross-chain manager contract bug allowed an attacker to swap the keeper public key and withdraw $611M from three chains — eventually returned in full.

$9M drained from Punk Protocol minutes after launch via a delegatecall to Initialize setting the attacker as forge address; $5M recovered by white-hats.

$20.7M drained from Popsicle's Sorbetto Fragola pool after flash loans plus share transfers tricked the contract into owing the attacker rewards equal to TVL.

~$1.5M drained from Levyathan Finance on Fantom after the team's deployer key was leaked (reportedly to a public repo), letting an attacker mint unlimited LEV.

$13M+ drained from THORChain across two attacks one week apart, both exploiting fake-deposit flaws in the Bifrost Ethereum bridge weeks into Chaosnet.

Compromised deployer key let an attacker mint ~373M BONDLY (~$5.9M) and dump into liquidity, collapsing the token before the team migrated contracts.

Vulnerability in ChainSwap's Ethereum-BSC bridge let an attacker mint arbitrary amounts of 20+ supported tokens; $4M drained, affected tokens crashed 95%+.

Attacker detected a repeated k-value in two BSC signatures, back-calculated Anyswap V3's MPC private key, and drained $7.9M from its cross-chain router pools.

~$248K drained from SafeDollar on Polygon via a reward-calculation flaw that emptied SDO/USDC reserves and broke the algorithmic stablecoin's peg.

Flaw in Eleven Finance's nerveBUSD vault emergencyBurn/withdraw path let funds be withdrawn without burning shares, draining ~$4.5M on BNB Chain.

~$3.7M drained from Impossible Finance on BNB Chain via a swap-router flaw that let an attacker repeatedly swap against stale reserves in one tx.

A deployment script bug created phantom Alchemix vaults that misdirected $6.5M in rewards to pay off users' debts. The team froze minting within 15 minutes.

Wault Finance on BNB Chain lost ~$1M when a flash-loan manipulation of WUSD/WEX pricing let the attacker mint and redeem at skewed rates, draining reserves.

Flash loans of $385M manipulated one Belt Finance beltBUSD strategy, distorting share-price calculation to extract $6.23M of $50M total vault losses.

BurgerSwap on BNB Chain didn't validate swap-path tokens, letting a fake token's transfer callback re-enter the pool mid-swap and drain $7.2M in reserves.

Multiple 2021 exploits (~$680K+) of Merlin Labs on BNB Chain, a yield optimizer whose strategy and reward pricing were repeatedly manipulated via flash loans.

A flash-loan SHARK/BNB price manipulation inflated AutoShark's minted reward, draining ~$745K on BSC in a near-exact replay of the PancakeBunny pattern.

$45M extracted from PancakeBunny when a $704M flash loan manipulated the BUNNY/BNB oracle and minted ~7M BUNNY from thin air; BUNNY fell 95% in minutes.

xToken lost $24M when xSNXa and xBNTa priced from manipulable pools; a flash loan let the attacker mint strategy tokens cheaply and redeem the real underlying.

2,600 ETH ($10M, 60% of pool) drained from Rari's Ethereum Pool after its Alpha Finance ibETH integration allowed arbitrary external calls enabling reentrancy.

Spartan Protocol lost $30M on BSC via a flawed liquidity-share calculation, the first major flash-loan attack on BSC and a turning point for its DeFi sector.

$57.2M extracted from Uranium Finance via a misplaced constant in v2.1 migration contracts (1,000,000 vs 10,000), letting 1 wei swap for 98% of pools.

Attackers compromised the CEO's machine, pulled keys from his MetaMask admin wallet, then minted EASY and drained $80M+ from liquidity pools on Polygon.

Flash loan manipulated TRUNK/BUSD and ELEPHANT pricing in Elephant Money's BNB-Chain buy/sell mechanism, letting attacker mint/redeem for ~$22M at skewed rates.

$5.7M drained from Roll's hot wallet, collapsing dozens of independent 'social money' creator tokens at once via a single private-key compromise.

DODO's V2 Crowdpools lost $3.8M after the attacker re-called init() with a fake token; the pools had no re-initialization guard. MEV bots front-ran ~$1.9M.

PAID Network had $27M+ minted after a compromised deployer key re-minted ~59M PAID; the attacker dumped ~2.5M for $3M before the team paused. PAID fell ~85%.

Furucombo users lost $14M after the attacker tricked the proxy into delegatecalling a malicious 'Aave v2 implementation' that swept every approved balance.

Flash-loan manipulation of gToken/stkToken pricing in Growth DeFi's yield strategy let an attacker extract ~$1.3M of reserves at skewed rates ('The Big Combo').

A custom 'spell' contract exploited a borrow-share rounding bug to accrue zero shares against real cySUSD debt, draining $37.5M from Alpha Homora and Iron Bank.

Yearn's yDAI vault lost $11M (attacker netted $2.8M) when an 11-tx flash-loan sequence skewed Curve 3pool DAI price, forcing bad cycles. Tether froze $1.7M.

Saddle Finance lost ~$276K within an hour of launch when a flawed stableswap let arbitrageurs swap at badly mispriced rates, draining LP value day one.