The attacker targeted the ResupplyPair contract which uses the manipulated rate, just hours after its deployment. The root cause was an exchange rate manipulation bug triggered via a classic ERC4626 “first donation” vault attack, resulting in a division-by-large-value scenario that collapsed the exchangeRate to zero. This manipulated rate was used to compute the borrower’s LTV in the _isSolvent() check. Since ltv = 0 when exchangeRate = 0, the attacker bypassed the solvency check and borrowed $10 million reUSD using just 1 wei of collateral.

The exploit pertained to an smart contract for an unreleased leverage feature deployed for testing purposes. It targeted a peripheral contract using fillQuote to call silo.borrow(), manipulating parameters to target a Silo Core Team test wallet.

Hacken bridge exploited. A private key associated with an account with minting rights was exposed, allowing attackers to mint huge amounts of HAI tokens and then quickly sell them on decentralized exchanges. The private key was associated with minting roles on the Ethereum and BNB Chain networks. The attackers were able to mint around 900 million HAI tokens.

Nobitex, Iran’s largest cryptocurrency exchange, was the target of a significant cyberattack claimed by the pro-Israel hacking group Gonjeshke Darande, also known as Predatory Sparrow. The group alleged that Nobitex supported Iran’s military activities and helped users bypass international sanctions, framing the act as a symbolic message related to escalating tensions between Israel and Iran. The hack involved the theft of cryptocurrency from Nobitex’s hot wallets across multiple Ethereum Virtual Machine (EVM) and Tron-compatible blockchains. The hacking group appears to have burned the crypto assets, effectively destroying them rather than taking them for their own profits.

The attacker exploited critical integer underflow vulnerability in BankrollNetworkStack.sell() function to manipulate dividend accounting and drain funds from users who had previously interacted with or approved the contract.

The vulnerability stemmed from the failure to override or restrict the publicly exposed base mint() function inherited from OpenZeppelin’s ERC4626Upgradeable standard, which allowed attackers to mint 9701 mpETH without providing any ETH.

The exploit originated from a vulnerability within the verification logic of the self-listing feature. The attacker exploited a critical flaw in the create2 function's verification logic by referencing a failed transaction, allowing a malicious token to bypass checks and transfer funds from liquidity pools.

The attacker carried out a supply chain attack to exfiltrate private keys. The leaked keys were then used to unlock funds from bridge smart contracts. The supply chain attack targeted the validator code, the malicious code was injected into the Docker image at build time.

A Mendi-to-Malda migrator contract was exploited. The contract allowed the Mendi Comptroller address to be passed dynamically, rather than being hardcoded. The attacker used a feature that was designed solely to allow Mendi protocol users to migrate directly to Malda. The attacker deployed a fake Mendi Comptroller contract, allowing him to create a fraudulent Malda position and withdraw funds against it.

The core issue behind the exploit stems from two critical flaws in the Cork protocol. First, the protocol’s configuration contract (CorkConfig) allowed users to create markets with arbitrary redemption assets (RA), enabling the attacker to designate DS as the RA. Second, the CorkHook contract’s beforeSwap function lacked proper access control and input validation, allowing anyone to invoke it with custom hook data for CorkCall operations. By leveraging these weaknesses, the attacker created a malicious market using DS as the RA and used valid DS tokens from a legitimate market to deposit into this fake market. In return, they received both DS and CT tokens. Due to the absence of restrictions on RA types and insufficient validation of the caller and input data, the attacker was able to manipulate liquidity and perform unauthorized redemptions draining the original market. This manipulation allowed them to acquire a large quantity of derivatives, which they ultimately redeemed for 3,761 wstETH. The fundamental cause of the exploit lies in the protocol's failure to strictly validate user-supplied data and enforce proper restrictions on market creation.

The attacker exploited a situational vulnerability in the deposit path of the usUSDS++ vault, a beta vault built on top of the Sky Protocol. The vulnerability centered around the unwrap process, where USD0++ is converted to USD0 during deposits. By manipulating vault’s deposit route, specifically the capped and limited conversion from USD0++ to USD0, the attacker executed an arbitrage strategy and made a profit of approximately $42,800. The vault has undergone 4 security audits in recent months. The exploit was not due to faulty logic. Instead, it took advantage of a behavioral edge case in the system.

The lack of validation of the Chainlink Oracle price feeds allowed the attacker to use an old, but still cryptographically valid price signature to open a position. The attacker used a significantly outdated ETH price of around $1,816, while the real market price was closer to $2,520. The difference in the asset prices was extracted as profit.

A bug in the integer overflow check method allowed an attacker to mint unsecured SUI.

A smart contract that was bugged and deprecated was still used as an oracle for the token price before the attack. The attacker used the donation to exploit the vulnerability in the code and artificially inflated the price of dGLP. The attacker then used the overvalued dGLP as collateral for borrowing.

The attack sequence relied on extensive administrative privileges obtained. An admin role was granted to an attacker’s address by the Zunami Protocol Deployer Wallet. Later the attacker executed the exploit by directly calling the withdrawStuckToken() function on Zunami's strategy, a function designed for emergency withdrawals. This single call allowed the attacker to transfer 296,456 LP tokens, representing the collateral for zunUSD and zunETH, directly to their address.

The unaudited smart contract contained a simple logical error that allowed the attacker to drain all liquidity. The root cause was the excess of the 1e18 multiplier in the deposit evaluation function.

The incident was traced to a developer unknowingly hired by the team whom turned out to be a undercover DPRK IT worker. This individual/team unlawfully accessed the project’s administrative keys and executed a series of unauthorized transactions. The attacker had deployed a modified version of the AToken & VariableDebtToken contracts. In this version, the onlyPool access control modifier was altered to permit not only the Pool contract, but also any address with the Pool Admin role to execute functions that were originally restricted. The attacker used the compromised deployer wallet to initiate the draining of all pools.

Exploiting flawed protocol code, the attacker created a liquidity pool away from current price and generated substantial fees through wash swaps. These fees were then used to inflate the collateral's valuation, leveraging flawed smart contract mathematics. The attacker subsequently borrowed against this overvalued collateral. However, reinvestment later reduced the collateral's value, resulting in an under-collateralized debt. This debt was then restructured without liquidation, enabling the attacker to retain the illicit funds.

Loopscale was targeted in an attack that exploited the protocol’s pricing logic for RateX-issued tokens. By spoofing the RateX PT market programs, the attacker was able to take out a series of undercollateralized loans. The exploited code path was deployed as part of a new integration with RateX and had not yet undergone a formal third-party audit.

During an internal update to the tETH oracle, a mismatch in decimal precision between oracle components was introduced. This inconsistency caused incorrect price outputs for tETH. An anonymous liquidator executed liquidations during the window when the incorrect tETH price was live.

The Oxya Origin deployer wallet appears to have been compromised, resulting in the ownership of the $OXYZ token being transferred to a suspicious address (0x2a00d9941ab583072bcf01ec2e644679e4579272). The attacker minted 9b $OXYZ, swapped $45K, and bridged the funds via Stargate.

A vulnerability in the overPaper function of the BTCMapp smart contract allowed an attacker to extract 1,311 ETH, which is equivalent to $2,228,700.

The attacker manipulated the price of the $NUMA token, while simultaneously opening large short and long positions, removing deposited collateral by liquidating themselves, and exiting through the vault.

The malicious developer had injected code into the staking smart contract, allowing them to execute an emergency drain of the liquidity pool, resulting in around 490 ETH worth of tokens being stolen.

The vulnerability originated in the TrustedForwarder contract, which inherited OpenZeppelin’s MinimalForwarderUpgradeable but did not override the execute method. As a result, the method remained permissionless and exposed to misuse. The attacker took advantage of this oversight by directly calling the original execute function from MinimalForwarderUpgradeable. In a single transaction, the attacker opened a position at an artificially low price and then closed it at a higher price, generating an illegitimate profit through this exploit.

The attacker used compromised admin account to mint the remaining unclaimed tokens from the ZK token Merkle distributors used for the ZKsync June 17th 2024 airdrop. The hacker successfully took control of 111881122 ZK tokens.

The private keys were compromised. The attacker then used these keys to update a function in the contract to a malicious one, allowing him to withdraw funds.