ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACAD
1
Protocol Auditor Amount DateURLTypeChain(s)Cause(s)TLDRLessonsCurrent StatusFlashloan?Oracle?Tornado?Other
2
Ronin NetworkUnaudited $ 624.00 2022-03-23https://rekt.news/ronin-rekt/BridgeRoninOpsec FailureCompromised 5 validators to withdraw funds from bridge contractRevoke unnecessary access, require greater than 5/9 sigsSome funds withdrawn, most remain in wallet
3
Poly NetworkUnaudited $ 611.00 2021-08-11https://rekt.news/polynetwork-rekt/BridgeEthereum, BSC, PolygonContract ExploitSpoofed cross chain contract call exploiting code flawCross chain contracts need severe limitations and checksHacker purportedly in process of returning funds
4
WormholeNeodyme $ 326.00 2022-02-03https://rekt.news/wormhole-rekt/BridgeSolanaContract ExploitSpoofed signature to bypass checks on contractProcess for signature verification was insufficientLiquidated some, most still in Ethereum wallet
5
BitmartN/A $ 196.00 2021-12-04https://rekt.news/bitmart-rekt/CEXCEXUncertain - Compromised KeysSomehow gained access and drained a Bitmart walletSome washed, some still in wallet
6
Nomad BridgeQuanstamp $ 190.00 2022-08-01https://rekt.news/nomad-rekt/BridgeMoonbeam, EVMOS, MilkomedaContract ExploitFree-for-all exploiting a flaw allowing root privileges after a contract "upgrade"Peer review + audits important part of upgradeSpread to four corners of cryptoQuanstamp audit in June?
7
BeanstalkOmniscia $ 181.00 2022-04-17https://rekt.news/beanstalk-rekt/StablecoinEthereumFlashloan ExploitUsed flash loan to push through governance proposal to transfer all assets to themselfNeed a delay of on-chain governance proposalsTornadoedYYOmniscia audit but they claim attack was outside their scope of audit
8
CompoundUnaudited $ 147.00 2021-09-29https://rekt.news/compound-rekt/LendingEthereumContract ExploitAn error on their contract was called and exploited multiple times before it could be fixed
9
Vulcan ForgedUnaudited $ 140.00 2021-12-13https://rekt.news/vulcan-forged-rekt/GameFiEthereum, PolygonUncertain - Compromised KeysIntegrated wallets' private keys compromised and drainedPYR tanked and funds seem largely held in wallets
10
Cream FinanceUnaudited $ 130.00 2021-10-21https://rekt.news/cream-rekt-2/LendingEthereumContract ExploitUse flash loan to manipulate pricing oracle and repay at a depressed priceDon't piss off insiders and really think through edge cases with pricing oraclesTornado, renBridge for BTC, stake CRETH2 in UniswapYYCompound fork
11
BadgerUnaudited $ 120.00 2021-12-02https://rekt.news/badger-rekt/Yield AggregatorEthereumFront-End HackFront-end attack, potentially via compromised Cloudflare account, to approve spending unlimited fundsPause activity good idea, but needed to take user report of sus activity soonerBTC bridged back to Bitcoin and ERC20 remain on Ethereum
12
Harmony BridgeN/A $ 100.00 2022-06-23https://rekt.news/harmony-rekt/BridgeHarmony One, Ethereum, BSCUncertain - Compromised KeysEntire bridge drained from 2 compromised addressesNeed more than 2 signers + better opsecCould be Lazarus Group
13
Mirror ProtocolUnaudited $ 92.00 2021-10-08https://rekt.news/mirror-rekt/DerivativesTerraContract ExploitLock contract didn't check for duplicate calls allowing attacker to unlock collateral deposited multiple timesAmount monitoring, contract audit and definitely better communications
14
Fei RariUnaudited $ 80.00 2022-05-01https://rekt.news/fei-rari-rekt/Yield AggregatorEthereumContract ExploitUse a flashloan to borrow 2K ETH, reentrant call bypassing checks, and never recorded borrowed amountStop forking Compound, and watch those re-entrancy conditionsTornadoed $15M and remaining in walletYYCompound fork
15
Qubit FinanceTheori $ 80.00 2022-01-28https://rekt.news/qubit-rekt/BridgeBSC, EthereumContract ExploitLending protocol with bridge; exploited flaw to bypass need to deposit funds to withdraw on other chainEliminate vestigial functions, cross-chain is hardRemains in BSC walletTheori audit 2021-12-13; lending platform with built-in bridge that was hacked
16
AscendexUnaudited $ 77.70 2021-12-12https://rekt.news/ascendex-rekt/CEXCEXUncertain - Compromised KeysFunds drained from compromised hot walletDon't trust CEX with your funds
17
EasyFiUnaudited $ 59.00 2021-04-19https://rekt.news/easyfi-rekt/LendingPolygonOpsec FailureCompromised machine but maybe sus?
18
Uranium FinanceUnaudited $ 57.20 2021-04-28https://rekt.news/uranium-rekt/DEXBSCContract ExploitExploited a simple math that allowed swapping 1 token for 98% of the total balance but also susModify forked contracts as your own riskMost taken out through TornadoY
19
bZxUnaudited $ 55.00 2021-11-05https://rekt.news/bzx-rekt/LendingPolygon, BSC, EthereumOpsec FailureDev phished leading to compromised wallet phraseProtocols with user funds need to take opsec much more seriously
20
CashioUnaudited $ 48.00 2022-03-23https://rekt.news/cashio-rekt/PaymentsSolanaContract ExploitBypassed validation by creating fake root contract that is never validated and chain of fake accountsValidation checks are critical. Audit?Majority of funds bridged back to Ethereum and sitting in wallet
21
Pankcake BunnyHaechi $ 45.00 2021-05-19https://rekt.news/pancakebunny-rekt/Yield AggregatorBSCContract ExploitUsed flash loans to manipulate price on pools via a bug and claim massive rewardDamn bugs, maybe guard against edge cases in pools?Cashed out BUNNY token reking price and TVLY
22
KucoinInternal $ 45.00 2020-09-29https://rekt.news/epic-hack-homie/CEXEthereumOpsec FailureHot wallet private key used to remove fundsArticle lists $150M, maybe as high as $280M
23
Alpha FinanceQuanstamp, Peckshield $ 37.50 2021-02-13https://rekt.news/alpha-finance-rekt/YieldEthereumContract ExploitMost likely an insider exploted contract mechanisms and bugs in unannounced contractsLarge number of people involved means more difficult to chase down inside jobsFunds distributed to pools, Tornado, and moreYY
24
Vee FinanceSlowmist, Certik $ 34.00 2021-09-21https://rekt.news/veefinance-rekt/LendingAvalancheContract ExploitCreated fresh trading pairs, leveraged trading, manipulate prices from single source oracleAvoid projects from pump groups, avoid projects that ignore their auditorsBridged back to Ethereum and held in walletY
25
Crypto.comDeloitte $ 33.70 2022-01-18https://rekt.news/cryptocom-rekt/CEXCEXUnknownCrypto has not acknowledged but much ETH and BTC moved from user wallets to tumblers
26
Meerkat FinanceUnaudited $ 32.00 2021-03-04
https://rekt.news/meerkat-finance-bsc-rekt/
Yield AggregatorBSCContract ExploitSus rug; exploited permissionless init function allowing them to become vault owner, drained vaultsCrtiical to use checks and extra care when using proxy contracts
27
MonoXHalborn, Peckshield $ 31.40 2021-11-30https://rekt.news/monox-rekt/DEXPolygon, EthereumContract ExploitManipulated native token price via a bug, used to swap for all other toeknsBugs suck esp when they get prices wrong, tokenIn and tokenOut could be same token...Appears to be mostly gone
28
Spartan ProtocolCertik $ 30.50 2021-05-02https://rekt.news/spartan-rekt/DEXBSCContract ExploitTook advantage of flawed logic for calculating liquidity shares enabling a much larger claim of assetsSubtle but critical difference in current balance vs cached balanceHeld in wallet or moved through 1inch to AnyswapY
29
Grim FinanceSolidity Finance $ 30.00 2021-12-18https://rekt.news/grim-finance-rekt/Yield AggregatorFantomContract ExploitExploited reentrancy in depositFor() functionIf you modify existing codebase (Beefy), be sure to pay attention to common exploits such as reentrancyAppears to be mostly goneFork of Beefy
30
WintermuteN/A $ 27.60 2022-06-05https://rekt.news/wintermute-rekt/N/AOptimismOpsec FailureWintermute provided incorrect address and exploiter managed to reverse engineer proxy addressDon't delay under assumption that only original wallet owner could get access1/20th of OP sold, 1/20 sent to Vitalik, rest remainingY
31
StableMagnetTechrate $ 27.00 2021-06-23https://rekt.news/stablemagnet-rekt/DEXBSCRugpullDevs swapped in different library than source code allowing them to steal user fundsCan't trust Techrate, dev reputation mattersAppears to be mostly gone
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100