DeFiLlama

Bitcoin Mission is an entity that has been flagged by on-chain investigator ZachXBT, though the specific nature, founding, and full scope of the entity could not be independently verified through publicly available Tier 1 or Tier 2 sources at the time of this investigation. Multiple unrelated legitimate entities share the name 'Bitcoin Mission' (including a Christian-focused Bitcoin podcast and a GitHub organization), making disambiguation difficult. The trust score of 25 reflects the ZachXBT flag combined with the absence of verifiable public transparency about the entity.

[MERGED] This page has been consolidated into the canonical 'drift' investigation. Original content preserved in investigation_logs. Merged on 2026-05-10.

SafeMoon was a BNB Chain-based DeFi token launched in March 2021 that rapidly attracted retail investors through celebrity endorsements and social media hype, reaching a peak market capitalization of approximately $17 billion. Federal prosecutors and the SEC charged the project's founders and executives in November 2023 with securities fraud, wire fraud, and money laundering, alleging they secretly misappropriated over $200 million from the liquidity pool for personal enrichment. CEO Braden John Karony was convicted on all counts in May 2025 and sentenced to 100 months in prison in February 2026; CTO Thomas Smith pleaded guilty in February 2025; founder Kyle Nagy remained a fugitive as of early 2026.

FTX was a Bahamas-headquartered cryptocurrency exchange founded in May 2019 by Sam Bankman-Fried and Gary Wang that grew to a peak valuation of $32 billion before collapsing in November 2022 amid revelations that customer funds had been systematically misappropriated and funneled to affiliated trading firm Alameda Research. The collapse, one of the largest financial frauds in U.S. history, resulted in an estimated $8 billion shortfall in customer deposits, a Chapter 11 bankruptcy filing covering more than 130 affiliated entities, and criminal convictions for multiple executives including a 25-year prison sentence for founder Sam Bankman-Fried. Recovery proceedings under successor CEO John Ray III have since distributed more than $10 billion to creditors, with 98% of creditors slated to receive 119% of their November 2022 claim values.

Swaprum was an Arbitrum-based decentralized exchange (DEX) that launched in early 2023 and operated briefly before its anonymous development team executed a deliberate exit scam on May 18, 2023. The team exploited a backdoor function embedded in an upgraded smart contract to drain approximately 1,628 ETH (roughly $3 million) from user liquidity pools, then laundered the proceeds through Tornado Cash and deleted all official communication channels. No funds have been recovered and no arrests have been publicly reported.

ETHTrustFund (ticker: ETF) was a decentralized autonomous organization (DAO) built on Coinbase's Base layer-2 network that marketed itself as an OHM (Olympus DAO) fork and decentralized crypto hedge fund. On July 20, 2024, the pseudonymous lead developer known only as 'Peng' drained approximately 607 ETH (worth ~$2.1–2.2 million) from the project treasury and laundered the funds through the privacy protocols Tornado Cash and Railgun before disappearing entirely. ZachXBT has flagged this entity as a fraudulent project. The project's website, Twitter, and Telegram accounts were permanently deleted following the exit.

RiskOnBlast was a GambleFi (gambling and exchange) platform launched on the Blast Layer-2 network in February 2024. Its anonymous team executed an exit scam (rug pull) on February 24, 2024, draining approximately 420 ETH (~$1.3 million) from over 750 investor wallets immediately after the IDO cap was reached. The project is linked by on-chain evidence to a serial fraud group responsible for more than $20 million in losses across multiple DeFi protocols.

TurtleDex (TTDX) was a Binance Smart Chain decentralized file-storage protocol that conducted a confirmed exit scam on March 19, 2021, approximately 72 hours after its presale closed. The anonymous development team drained 9,000 BNB (approximately $2.5 million) from liquidity pools on PancakeSwap and ApeSwap, converted the proceeds to ETH split across nine wallets, and routed the funds to Binance exchange addresses before deleting all official channels. No funds are known to have been recovered and no perpetrators have been publicly identified.

MangoFarmSOL was a purported yield-farming protocol on the Solana blockchain that executed an exit scam in January 2024, draining approximately $1.32 million from users who had deposited SOL tokens in anticipation of a promised MANGO token airdrop. The perpetrators deployed a malicious frontend under the guise of an 'emergency migration,' bridged stolen funds to Ethereum, and laundered proceeds through privacy tools including Railgun and instant exchanges before all social media accounts, the project website, and the Telegram channel were abandoned. No perpetrators have been publicly identified and no regulatory or law enforcement actions are known to have followed.

Arbix Finance was a yield farming protocol on Binance Smart Chain (BSC) that executed a deliberate rug pull on January 4, 2022, draining approximately $10 million in user funds. The anonymous development team minted 10 million unbacked ARBX tokens, dumped them on PancakeSwap to collapse the price, drained all user vaults, bridged the stolen assets to Ethereum via AnySwap, laundered them through Tornado Cash, and deleted the project website, Twitter, and Telegram accounts. Despite holding a CertiK audit from November 2021, the exploited contract fell entirely outside the audit scope.

Compounder Finance was an Ethereum-based DeFi yield aggregator that launched in November 2020 and executed a deliberate rug pull approximately 22 days later, stealing between $10.8 million and $12.5 million from investors. Anonymous developers embedded hidden 'Evil Strategy' smart contracts behind a publicly visible but unmonitored 24-hour timelock, then drained all user funds and deleted the project's website and social media accounts. No funds were recovered and the perpetrators have never been publicly identified.

Grinex is a Kyrgyzstan-registered cryptocurrency exchange widely assessed by blockchain intelligence firms and U.S. regulators as a direct successor to Garantex, a sanctioned Russian exchange seized in March 2025. Grinex was formally sanctioned by OFAC in August 2025 for facilitating billions in cryptocurrency transactions linked to ransomware groups, darknet markets, and Russian sanctions evasion. In April 2026, the exchange suspended operations following a reported $13.7 million hack it attributed to Western intelligence agencies — a claim for which no technical evidence was presented and which analysts have suggested may mask an internal exit scam.

SQUID was a BEP-20 token on the Binance Smart Chain launched in late October 2021 that exploited the viral popularity of the Netflix series 'Squid Game.' On November 1, 2021, anonymous developers executed a rug pull, draining at least $3.38 million in liquidity and abandoning the project, causing the token price to collapse from a peak of $2,861.80 to effectively zero within minutes. More than 43,000 investors suffered losses, with no arrests made and the perpetrators remaining unidentified as of mid-2026.

Blur Finance (ticker: BLR) was a yield aggregator DeFi protocol that operated on BNB Chain and Polygon in mid-2022. In August 2022, developers allegedly executed a textbook rug pull, withdrawing approximately $600,000 from user-deposited funds before deleting all social media channels and abandoning the project. The BLR token collapsed 99%, and the protocol's smart contracts on both chains have since been formally flagged on BscScan and PolygonScan as rug pull addresses.

StableMagnet was a stablecoin yield and DEX protocol launched on Binance Smart Chain (BSC) that executed a deliberate rug pull on June 23-24, 2021, stealing approximately $27 million in USDT, USDC, and BUSD from over 1,000 users. The team concealed a malicious backdoor by substituting an unverified SwapUtils library for the one shown in publicly audited source code — a novel attack vector that exposed a critical gap in how block explorers verify linked library code. Following an anonymous white-hat investigation and Manchester police arrests, most of the stolen funds were eventually returned by late 2022.

Magnate Finance was a DeFi lending and borrowing protocol deployed on Coinbase's Base Layer 2 network that executed an exit scam on August 25, 2023, stealing approximately $6.4–6.5 million in user funds by manipulating its price oracle. On-chain investigator ZachXBT issued a public warning hours before the rug pull, having traced the deployer address to at least two prior exit scams: Solfire ($4.8M, January 2022) and Kokomo Finance ($5.5M, March 2023), establishing this as the work of a repeat-offender scam ring responsible for over $16.7 million in total losses.

SudoRare was an anonymous NFT automated market maker (AMM) protocol launched on August 23, 2022, presented as a fork of SudoSwap and LooksRare. Approximately six hours after launch, the anonymous development team executed a premeditated rugpull via a backdoored smart contract, draining approximately 519 ETH (valued at $815,000–$852,000) from user deposits before deleting all online presence. Blockchain security firms PeckShield and CertiK traced a funding wallet to Kraken, but no public arrests or legal proceedings have been reported.

HyperVault (also known as HyperVaultFi, ticker @hypervaultfi) was a yield optimization protocol built on the Hyperliquid Layer 1 blockchain that marketed itself as a multichain DeFi hub offering APRs of up to 95%. On September 26, 2025, approximately $3.6 million in user funds were drained from the protocol, bridged to Ethereum, converted to approximately 752 ETH, and funneled into Tornado Cash; the team then deleted all social media accounts and the website went offline, in what blockchain security firm PeckShield and multiple crypto news outlets characterized as a rug pull. No founders have been publicly identified by name; at least one team member operated under the pseudonym 0xnick.

ArbiSwap was a decentralized exchange (DEX) launched on the Arbitrum network in February 2023 that executed a rug pull on March 2, 2023, approximately six days after launch, stealing roughly 84 ETH (over $100,000) from users and moving the proceeds through Tornado Cash. The anonymous developer exploited a hidden 'recoverToken' function in a swapped smart contract to drain liquidity pools while the ARBI governance token collapsed more than 99% in value. The project attracted $4.4 million in total value locked by advertising unsustainable yields above 1,000% APY before abandoning the protocol and going silent.

Kokomo Finance was a purported non-custodial lending and borrowing protocol launched on the Optimism blockchain on March 25, 2023. Within approximately 24 hours of launch, its developers executed a deliberate exit scam, stealing approximately $4 to $4.5 million in user funds through smart contract manipulation. The project was subsequently linked by on-chain investigator ZachXBT to a serial scam ring responsible for over $20 million in losses across multiple DeFi protocols.

AnubisDAO was an OlympusDAO fork that launched on October 28, 2021, and raised approximately 13,556 WETH (roughly $60 million) in under 20 hours through a Copper Liquidity Bootstrapping Pool. Before the sale concluded, the entire pool was drained to an external wallet, wiping investors to zero; on-chain investigator ZachXBT later identified two pseudonymous actors — Beerus and Ersan — as the likely perpetrators, and traced the stolen funds through Tornado Cash in 2023. No criminal charges have been publicly confirmed, no investor recovery has occurred, and the ANKH token is worthless.

Dragoma was a move-to-earn GameFi project built on the Polygon network whose native DMA token collapsed 99.8% within hours of its MEXC exchange listing on August 8, 2022, in what blockchain security firm PeckShield identified as a rug pull. Approximately $3.5 million in investor funds were allegedly drained by the development team and deposited into centralized exchanges. The project's website and all social media channels were subsequently deleted, and no known recovery or law enforcement action against the responsible parties has been publicly confirmed.

Kannagi Finance was a decentralized yield aggregation protocol launched on zkSync Era in June 2023. On July 29, 2023, the project's anonymous team executed an exit scam, draining approximately $2.13 million in user funds and reducing TVL from $2.13 million to $0.17. The stolen funds were subsequently laundered through the Tornado Cash crypto mixer, and all project infrastructure — website, Twitter, and GitHub repositories — was deleted.

Meerkat Finance was a Binance Smart Chain yield-vault protocol that launched on March 3, 2021 and was drained of approximately $31.56 million in BUSD and BNB less than 24 hours later. On-chain evidence indicates the project's own deployer address executed the exploit, pointing to an intentional exit scam rather than an external hack. A developer identifying as 'Jamboo' subsequently claimed the drain was a 'trial' testing user greed, promised full refunds, and approximately 95% of funds were eventually recovered under heavy pressure from Binance and the BSC community.

BALD was a memecoin launched on Coinbase's Base Layer 2 network on July 29, 2023, allegedly named as a reference to Coinbase CEO Brian Armstrong's appearance. After attracting over $66 million in ETH to its liquidity pool through aggressive liquidity additions and a price surge of approximately 4,000,000% within 24 hours, the anonymous deployer removed approximately $25.6 million in liquidity on July 31, 2023, causing the token price to collapse by roughly 90%. On-chain investigators linked the deployer's wallet to addresses with documented interactions with Alameda Research, with Wintermute's head of research publicly identifying former Alameda co-CEO Sam Trabucco as the most likely suspect — though no conclusive proof of identity was ever established.

Merlin DEX was a decentralized exchange built on zkSync Era that was drained of approximately $1.82 million on April 26, 2023, during its public MAGE token liquidity generation event. Security investigators, including auditor CertiK, concluded the incident was an insider rug pull executed by the protocol's own back-end development team, who had embedded a backdoor granting themselves unlimited withdrawal rights over all liquidity pools. The rogue developers, allegedly a group of Serbian nationals, have never been publicly identified or prosecuted, and no meaningful recovery of stolen funds has been confirmed. This entity is distinct from Merlin Chain, an unrelated Bitcoin Layer 2 protocol.

Safe Dollar (SDO) was an algorithmic stablecoin launched on the Polygon network in June 2021 that collapsed to zero within two weeks of its initial DEX offering. The protocol suffered two separate exploits in rapid succession, with the second draining approximately $248,000 in USDC and USDT from its liquidity pools by exploiting a reward-calculation flaw that allowed unlimited SDO minting. The project was flagged as a high-risk entity by on-chain investigators and DeFi security researchers, and its stablecoin peg was never restored.

Uranium Finance was a Binance Smart Chain-based automated market maker (AMM) that was exploited twice in April 2021, resulting in total losses of approximately $54.7 million. The larger exploit on April 28, 2021, drained roughly $53.3 million across 26 liquidity pools due to a mathematical error in its forked Uniswap v2 pair contracts; the protocol subsequently shut down permanently. In March 2026, U.S. authorities indicted Jonathan Spalletta, a Maryland resident, on computer fraud and money laundering charges in connection with both attacks, after previously seizing approximately $31 million in cryptocurrency in February 2025.

Hope Finance was an Arbitrum-based DeFi protocol that launched in January 2023, positioning itself around an algorithmic stablecoin pegged to 0.001 ETH. On February 20, 2023 — the same day the platform went live — approximately $2 million (1,095 ETH) was drained from its Genesis Rewards Pool in what blockchain security firms CertiK and PeckShield assessed as an insider-orchestrated exit scam, making it the largest exit scam recorded on Arbitrum at that time. Stolen funds were bridged to Ethereum and routed through Tornado Cash; the protocol's website subsequently went offline and the team became unreachable.

The LML/USDT staking protocol was a yield-bearing staking contract deployed on Binance Smart Chain (BSC) that suffered a catastrophic price manipulation exploit on April 1, 2026, resulting in approximately $950,000 in losses. An attacker aggregated flash loans totaling 309,529,000 USDT, artificially inflated the LML token price by purchasing nearly the entire circulating supply and burning it, then claimed outsized staking rewards against the manipulated price. Stolen funds — converted to 450.6 ETH — were subsequently laundered through Tornado Cash, and no public team response or recovery effort has been documented.

DogWifTools is a Solana-based memecoin tooling platform that markets features explicitly designed to simulate artificial trading volume, conceal supply concentration across hundreds of wallets, and inflate engagement metrics on pump.fun — capabilities that security researchers and blockchain analysts characterize as enabling wash trading and coordinated pump-and-dump schemes. In January 2025, the platform suffered a supply-chain attack in which threat actors trojaned versions 1.6.3 through 1.6.6 with a Remote Access Trojan, draining an estimated $10 million from users' wallets; the attacker group framed the theft as vigilante justice against scammers. No known regulatory action has been taken against DogWifTools operators, who remain anonymous.

CrediX Finance was a DeFi lending protocol launched in July 2025 on the Sonic blockchain that suffered a $4.5 million exploit on August 4, 2025, less than one month after launch. The exploit involved a compromised or insider-controlled admin wallet that minted unbacked synthetic tokens to drain liquidity pools; the team subsequently vanished, deleted all official channels, and failed to honor public recovery promises, prompting widespread allegations of a premeditated exit scam. Note: CrediX Finance (Sonic, 2025) is a distinct entity from Credix Finance (Solana, founded 2021), which is a separate legitimate RWA protocol.

Kalax (ticker: KALA) was a non-custodial yield aggregator deployed on the Blast and Scroll blockchains in 2024 that marketed itself as an auto-compounding protocol for DEXs and lending markets. Despite commissioning a Beosin security audit and publishing promotional security guarantees, the project's founders are alleged to have executed an exit scam on October 14, 2024, abandoning the protocol and deleting all official social media accounts after draining user funds from protocol vaults. The kalax.io domain subsequently redirected to an unrelated gambling site, with no team communications issued to affected depositors.

Parity Multisig was a multi-signature wallet implementation developed by Parity Technologies, founded by Ethereum co-founder Gavin Wood. The software suffered two catastrophic security failures in 2017: a July hack in which 153,037 ETH (approximately $30–32 million at the time) was stolen from three Ethereum project wallets via an unguarded initialization function, and a November incident in which GitHub user devops199 accidentally triggered a self-destruct on the shared library contract, permanently freezing 513,774 ETH (approximately $150–280 million at the time) across 587 wallets. The frozen funds have never been recovered, and the July 2017 attacker resumed laundering stolen ETH through the exchange eXch in May 2024 after seven years of inactivity.

Grand Base was a decentralized real-world asset (RWA) synthetic trading protocol launched on Coinbase's Base layer-2 blockchain in early 2024. On April 15, 2024, the protocol suffered a critical security incident in which its deployer wallet was compromised, allowing an attacker to mint approximately 32.5 million unauthorized GB tokens and drain roughly $2 million in liquidity. The GB token subsequently lost over 99% of its value; no verified recovery or compensation plan has been confirmed, and the project's long-term operational status remains uncertain.

Cashio was a Solana-based algorithmic stablecoin protocol that issued the CASH token, collateralized by Saber LP tokens. On March 23, 2022, an attacker exploited a critical missing validation flaw in the smart contract to mint approximately 2 billion CASH tokens backed by worthless fake collateral, draining roughly $52 million in real assets and permanently destroying the token's USD peg. The protocol was unaudited, never compensated victims in full, and its pseudonymous creator later admitted the code was rushed and insecure.

Snowdog (SDOG) was an Avalanche-based OlympusDAO fork launched in November 2021 as a self-described '8-day decentralized reserve meme coin experiment' by the anonymous team behind Snowbank DAO. The project accumulated a $44 million MIM treasury before a planned token buyback on November 25, 2021, collapsed the token price by over 90% within seconds, with alleged insiders exploiting a hidden 'challengeKey' mechanism to extract approximately $20 million in profits while ordinary holders were locked out. The team declined to acknowledge deliberate wrongdoing, characterizing the event as a 'game-theory experiment gone wrong,' and subsequently renounced ownership, leaving investors with near-total losses.

Mirror Protocol was a Terra-based DeFi platform enabling synthetic assets (mAssets) that tracked prices of US stocks. The protocol suffered a $90 million exploit in October 2021 that went undetected for seven months, a governance attack campaign in December 2021 targeting $40 million in community funds, and a second $2 million oracle exploit in May 2022. It became permanently inactive in August 2022 following the catastrophic collapse of the Terra/LUNA/UST ecosystem, which was orchestrated by its parent company Terraform Labs under Do Kwon, who was subsequently convicted of fraud and sentenced to 15 years in prison.

Nobitex is Iran's largest cryptocurrency exchange, founded in 2017, claiming over 11 million users and handling approximately 70% of Iran's on-chain crypto volume. A March 2025 Reuters investigation identified its founders as brothers Ali and Mohammad Kharrazi — members of a family with documented ties to Iran's Supreme Leaders and the founding of the Islamic Revolutionary Guard Corps — who operated the exchange under an alternative surname. Blockchain analytics firms including Elliptic, Chainalysis, and TRM Labs have documented billions of dollars in flows through Nobitex connected to sanctioned Iranian state entities including the Central Bank of Iran and the IRGC, making the platform a critical node in Iran's sanctions evasion infrastructure.

Ooki Protocol (formerly bZx Protocol) is a decentralized margin trading and lending protocol on Ethereum that was the subject of the first-ever CFTC enforcement action against a DAO, resulting in a 2023 default judgment ordering the protocol to cease operations and pay $643,542 in penalties. The protocol suffered four separate security incidents between 2020 and 2021 totaling over $64 million in losses, including a $55 million phishing-based hack attributed by Kaspersky to the North Korean state-linked BlueNoroff group. Following the CFTC judgment, the Ooki DAO's website was ordered shut down and the protocol has been effectively defunct.

LuBian (lubian.com) was a China-based Bitcoin mining pool that briefly ranked among the world's six largest before ceasing operations in early 2021. The pool is alleged to have functioned as a money laundering vehicle for Chen Zhi's Prince Group, a transnational criminal organization that operated forced-labor pig-butchering scam compounds in Cambodia. In October 2025, the U.S. Department of Justice announced the largest forfeiture in its history — approximately 127,271 BTC (~$15 billion) — directly linked to LuBian and Chen Zhi's criminal enterprise.

Heco Bridge was the official cross-chain bridge connecting the HECO Chain (HTX Eco Chain) to Ethereum, operated by HTX (formerly Huobi) and associated with Justin Sun. On November 22, 2023, the bridge operator's private key was compromised, resulting in the theft of approximately $86.6 million in crypto assets; combined with a simultaneous HTX hot wallet breach, total losses reached approximately $99 million. Blockchain analytics firm Elliptic attributed the attack to North Korea's Lazarus Group, which subsequently laundered over $100 million of the proceeds through Tornado Cash. The HECO Network was permanently shut down on January 15, 2025.

GANA Payment was a BNB Smart Chain payment-focused DeFi project (BEP-20 token) that launched on November 11, 2025 and was exploited nine days later on November 20, 2025, resulting in losses exceeding $3.1 million. On-chain investigator ZachXBT confirmed the attack, which involved a compromised deployer private key combined with abuse of EIP-7702 to drain the project's staking contract; stolen funds were subsequently laundered through Tornado Cash on both BSC and Ethereum. The GANA token lost over 90% of its value within 24 hours of the exploit.

Merlin DEX was a decentralized exchange built on zkSync Era that suffered a confirmed insider rug pull on April 26-27, 2023, during its MAGE token Liquidity Generation Event. Rogue backend developers exploited excessive smart contract permissions granted to a privileged 'Feeto' address to drain approximately $1.82 million in user funds. Despite a prior CertiK audit, centralization risks flagged during review were not effectively remediated; CertiK subsequently acknowledged partial responsibility and launched a compensation plan, recovering only $160,000 of the stolen amount.

Nirvana V1 was a Solana-based algorithmic stablecoin and yield protocol that operated twin tokens: ANA (an algorithmic metastable wealth token) and NIRV (a decentralized stablecoin). On July 28, 2022, the protocol was catastrophically exploited via a flash loan attack that drained approximately $3.5 million — representing nearly all protocol reserves — causing both tokens to collapse and forcing a permanent shutdown. The attacker, Shakeeb Ahmed, was later identified, arrested, and convicted in the first-ever U.S. criminal prosecution for hacking a smart contract, and was sentenced to three years in prison in April 2024.

Terra 2.0 (LUNA) is a replacement blockchain launched in May 2022 by Terraform Labs following the catastrophic collapse of the original Terra network and its algorithmic stablecoin TerraUSD (UST), which erased approximately $40–60 billion in market value in one week. The project's founder, Do Kwon, was arrested in March 2023, found liable for securities fraud in a U.S. civil trial in April 2024, pleaded guilty to wire fraud and conspiracy in August 2025, and was sentenced to 15 years in federal prison in December 2025. Terraform Labs itself filed for Chapter 11 bankruptcy in January 2024 and received court approval to wind down operations by September 2024, leaving Terra 2.0 as a severely diminished chain with minimal developer activity and an approximately 79% year-over-year decline in token value.

Grim Finance was a Fantom-based DeFi yield optimizer (fork of Beefy Finance) that suffered a devastating reentrancy exploit on December 19, 2021, resulting in approximately $30 million in user funds stolen. The vulnerability — a missing reentrancy guard in the depositFor() function — had existed in an audited codebase and was classified by security researchers as an entirely preventable, well-understood attack class. The protocol has since collapsed to a near-zero TVL of roughly $29,000 and its proposed compensation plan yielded no meaningful restitution for affected users.

Rari Capital was a DeFi yield-aggregation and lending protocol launched in July 2020 by teenage co-founders Jai Bhavnani, Jack Lipstone, and David Lucid. It suffered two major security exploits — a $11 million hack in May 2021 and an $80 million reentrancy hack in April 2022 — and subsequently merged with Fei Protocol to form Tribe DAO before winding down in 2022. In September 2024, the SEC secured final court judgments against the company and all three co-founders for misleading investors and operating as unregistered brokers.

Sunray Finance was a perpetual-trading DEX protocol on Arbitrum that suffered a critical exploit on October 30, 2024, resulting in approximately $2.7–2.9 million in losses. An attacker — using what the team attributed to a compromised private key — upgraded the protocol's management contract and minted 200 sextillion SUN tokens, then swapped a portion for USDT before the token price collapsed to zero. The project website subsequently went offline with no confirmed fund recovery, and the protocol's pre-exploit marketing included unverified claims of SoftBank backing and unsustainable 299% annual yield promises.

Hector Lending is a defunct DeFi lending protocol built on the Fantom blockchain and operated by Hector Network (also known as Hector DAO). It was one of several products in an ecosystem whose treasury declined from approximately $110 million to near zero through a combination of alleged team mismanagement, three separate security incidents, and a court-ordered receivership. The broader Hector Network entered BVI receivership in February 2024 and subsequently obtained US Chapter 15 bankruptcy recognition — the first DAO ever to do so — in July 2024.

Hundred Finance was a multi-chain DeFi lending protocol forked from Compound V2 that suffered at least two major security exploits totaling approximately $13.6 million in direct losses, alongside a related $11 million joint attack with Agave Finance on Gnosis Chain. The protocol was unable to recover stolen funds and shut down in August 2023 following a governance vote, with remaining treasury funds allocated toward partial victim compensation. Stolen funds remained unrecovered as of 2024, with the April 2023 attacker moving assets through decentralized exchanges more than a year after the exploit.

pump.fun (operated by Baton Corporation Ltd., also listed on AVOID.NET as 'pumpdotfun') is a Solana-based meme token launchpad that launched in January 2024 and rapidly became one of the most-used token creation platforms in crypto, generating over $800 million in cumulative revenue and more than 11.9 million tokens. The platform is subject to an active RICO class action lawsuit in the SDNY alleging up to $5.5 billion in retail losses, a UK FCA regulatory ban, a $1.9 million insider flash loan exploit, documented use by North Korea's Lazarus Group for money laundering, and independent research classifying 98.6% of its tokens as rug pulls or fraud.

Value DeFi (formerly YFValue/YFV) was a DeFi yield aggregation and AMM protocol that suffered three documented security exploits between August 2020 and May 2021, resulting in combined losses of approximately $24 million. Beyond the technical failures, the project was found to have used a paid actress from Fiverr to impersonate a co-founder named 'Anna Tanaka,' raising severe concerns about team identity, transparency, and intent. The VALUE token is effectively defunct, trading at a fraction of a cent with a near-zero market cap.

pump.fun (operated by Baton Corporation Ltd., also listed on AVOID.NET as 'pumpdotfun') is a Solana-based meme token launchpad that launched in January 2024 and rapidly became one of the most-used token creation platforms in crypto, generating over $800 million in cumulative revenue and more than 11.9 million tokens. The platform is subject to an active RICO class action lawsuit in the SDNY alleging up to $5.5 billion in retail losses, a UK FCA regulatory ban, a $1.9 million insider flash loan exploit, documented use by North Korea's Lazarus Group for money laundering, and independent research classifying 98.6% of its tokens as rug pulls or fraud.

Truebit is an Ethereum-based protocol for verifiable off-chain computation, co-founded by mathematician Jason Teutsch and Solidity creator Christian Reitwiessner. On January 8, 2026, an integer overflow vulnerability in a five-year-old, closed-source legacy Purchase contract was exploited, draining 8,535 ETH (approximately $26.44 million) and causing the TRU token to collapse by over 99.9%; the attacker subsequently laundered all stolen funds through Tornado Cash.

Rivus DAO was a Bittensor-focused liquid staking protocol on Ethereum that raised approximately $4.23 million in an April 2024 IDO before suffering a rugpull classified by DefiLlama as a Third-party Dev Backdoor Exploit on September 16, 2024. The incident effectively drained protocol TVL from its operational peak to under $2,500, and the RIVUS governance token lost more than 99.8% of its all-time high value. On-chain investigator ZachXBT has flagged this entity; the project attempted a relaunch in October 2024 but is currently listed as inactive with no trading activity.

Cork V1 is a DeFi depeg protection protocol built on Ethereum that launched its public beta on March 4, 2025 and was exploited for approximately $12 million on May 28, 2025, less than three months after launch. The exploit resulted from a lack of input validation in the CorkHook smart contract and permissionless market creation logic, a vulnerability that slipped past four separate security audits from Quantstamp, Cantina, Sherlock, and Runtime Verification — three of which explicitly excluded the vulnerable contract from scope. All protocol functions were paused following the incident, stolen funds were laundered through Tornado Cash, and no user compensation plan has been publicly confirmed.

Eminence Finance (EMN) was an unfinished, unaudited NFT gaming protocol being developed by Yearn Finance founder Andre Cronje that was exploited on September 29, 2020, resulting in the theft of approximately $15 million in DAI from its bonding curve contracts. The contracts had never been officially announced or released to the public, but community members discovered and deposited into them after Cronje's cryptic tweets; the attacker returned $8 million to Cronje's deployer address but $7 million was never recovered. The incident became a defining case study in DeFi's 'degen' culture and the risks of deploying unaudited smart contracts to Ethereum mainnet.

The DAO was a decentralized autonomous organization launched on the Ethereum blockchain in April 2016 that raised approximately $150 million in Ether — the largest crowdfunding to date at the time — before being drained of 3.6 million ETH (roughly $50–60 million) on June 17, 2016, via a reentrancy vulnerability in its smart contract code. The hack triggered an acrimonious debate over blockchain immutability and led to a contentious hard fork of the Ethereum network on July 20, 2016, splitting it into Ethereum (ETH) and Ethereum Classic (ETC). In 2017 the U.S. SEC concluded that DAO tokens constituted unregistered securities, marking a landmark regulatory precedent for the entire crypto industry.

xToken (XTK) was a DeFi protocol offering wrapped staking tokens and liquidity management on Ethereum, founded by Michael J. Cohen in 2020. The protocol suffered two major flash loan exploits in 2021 — a $24.5 million attack in May and a $4.5 million attack in August — resulting in total losses exceeding $29 million and the permanent retirement of its flagship xSNX product. The XTK governance token subsequently lost approximately 99.84% of its value, and compensation paid to victims was significantly below the amounts stolen.

Inverse Finance Frontier (originally called Anchor) was a variable-rate lending market on Ethereum operated by Inverse Finance DAO, founded by Nour Haridy in 2020. The protocol suffered two separate oracle manipulation exploits in 2022 — one in April resulting in $15.6 million in losses and a second in June resulting in $5.8 million in bad debt — both attributed to vulnerabilities in how Frontier priced collateral assets. The protocol is now deprecated in favor of Inverse Finance's FiRM fixed-rate market, and the DAO continues to work down residual bad debt from both incidents.

Polter Finance was a decentralized lending protocol on the Fantom blockchain that suffered a critical oracle price manipulation exploit on November 16, 2024, resulting in losses estimated between $8.7 million and $12 million. The protocol was an unaudited fork of Geist Finance that relied on spot prices from SpookySwap liquidity pools as its oracle, a fundamental design flaw that allowed an attacker using funds originating from Tornado Cash to drain nearly all protocol TVL. The platform ceased operations following the hack, with no confirmed recovery of stolen assets as of mid-2026.

Mixin Network is a Hong Kong-based layer-2 cross-chain payment protocol that suffered the largest single crypto hack of 2023 when attackers compromised its cloud service provider's database and drained approximately $200 million in ETH, BTC, and USDT. The network remains operational but has only partially compensated users, the majority of stolen funds remain unrecovered, and a dormant attacker wallet moved funds to Tornado Cash in February 2026.

Orbit Bridge is a cross-chain interoperability protocol developed by South Korean blockchain firm Ozys that suffered one of the largest bridge exploits in crypto history on December 31, 2023, losing approximately $81.5 million in ETH, WBTC, USDT, USDC, and DAI. The attacker allegedly compromised seven of ten multisig signatories after a former chief information security officer allegedly weakened the company firewall before departing, and blockchain analysts have linked the attack's patterns to North Korea's Lazarus Group, though no formal attribution has been confirmed by authorities. As of 2025, the majority of stolen funds remain unrecovered, with the attacker having laundered over 17,000 ETH through Tornado Cash.

Furucombo is an Ethereum-based DeFi composability protocol launched in March 2020 that enables users to batch complex multi-protocol transactions via a drag-and-drop interface. On February 27, 2021, the protocol suffered a critical 'evil contract' exploit in which an attacker spoofed a new Aave v2 implementation via Furucombo's proxy, draining approximately $14–15 million in ETH and ERC-20 tokens from 22 users who had granted standing token approvals to the platform. The team responded with a compensation plan issuing iouCOMBO tokens subject to a 360-day vesting schedule, but the incident exposed fundamental risks in delegatecall-based proxy architectures and broad token approval models.

Munchables is a Blast-chain NFT game that suffered a $62.5 million exploit on March 26, 2024, when a contractor later attributed to North Korea exploited a backdoor they had embedded in the project's upgradeable smart contracts before launch. The developer surrendered private keys and the full sum was recovered within approximately 24 hours, but the incident exposed fundamental failures in contractor due diligence and smart contract architecture.

MonoX was a decentralized exchange protocol built on Ethereum and Polygon using a novel single-token liquidity model, which raised $5M in September 2021 and launched mainnet shortly before suffering a critical smart contract exploit on November 30, 2021. The attacker exploited a missing validation check in the swap function — using the MONO token as both input and output — to artificially inflate its price and drain approximately $31M in user funds across both chains. The protocol attempted a relaunch via MonoX 2.0 with a debt-token compensation mechanism, but MONO has since collapsed to near-zero value with negligible trading activity.

Elephant Money is a Binance Smart Chain DeFi protocol offering the ELEPHANT reward token and TRUNK stablecoin that suffered a $22.2 million flash loan price-manipulation exploit in April 2022, with stolen funds laundered through Tornado Cash. Independent analysts have additionally alleged that the protocol's yield mechanics constitute a structurally unsustainable Ponzi scheme dependent on continuous new capital inflows.

Multichain (formerly AnySwap) was a cross-chain bridge protocol that collapsed in mid-2023 following the arrest of its CEO Zhaojun by Chinese police in May 2023, which resulted in the seizure of private keys controlling over $1.5 billion in user assets. On July 7, 2023, approximately $126–127 million was drained from Multichain bridge reserves in transfers widely attributed to Chinese authorities or insiders with access to the CEO's confiscated key material. The protocol formally ceased operations on July 14, 2023, leaving users with unrecoverable losses.

AlphaPo is a cryptocurrency payment processor incorporated in Panama and operating primarily in the online gambling sector, serving clients such as HypeDrop, Bovada, and Ignition. On July 22, 2023, attackers drained approximately $60 million in ETH, BTC, and TRX from its hot wallets via a private key compromise, disrupting withdrawals across multiple dependent platforms. On-chain investigator ZachXBT and subsequently the FBI attributed the attack to the DPRK-affiliated Lazarus Group (also designated TraderTraitor and APT38), placing the incident within a broader 2023 North Korean cryptocurrency theft campaign that totaled over $200 million.

GDAC was a South Korean cryptocurrency exchange operated by Peertec Co., Ltd. that launched in May 2018 and was registered as a Virtual Asset Service Provider (VASP) with Korea's Financial Intelligence Unit (KoFIU). On April 9, 2023, attackers drained approximately $13–14 million from its hot wallets — representing 23% of total custodial assets — causing the exchange to permanently shut down with no compensation offered to affected users.

Dego Finance is a multi-chain NFT and DeFi aggregator protocol launched in September 2020 by an anonymous team. On February 10, 2022, an attacker compromised the team's deployer private keys and drained approximately $10 million from liquidity pools on Uniswap and PancakeSwap across Ethereum, Binance Smart Chain, and Cronos. No stolen funds were recovered; the project responded with a token migration but offered no direct restitution to affected liquidity providers.

Curio (CurioDAO) is a multi-chain real-world asset (RWA) DeFi protocol that suffered a critical smart contract exploit on March 23, 2024, resulting in approximately $16 million in losses after an attacker exploited a voting-power privilege escalation vulnerability to mint approximately 1 billion unauthorized CGT governance tokens. The protocol had no known third-party security audits prior to the exploit and relied on internal reviews. Curio announced a recovery plan including a new CGT 2.0 token and a phased compensation program, though independent verification of full compensation delivery remains limited.

DEXX is a Solana-based on-chain memecoin trading terminal that suffered a catastrophic private key compromise on November 16, 2024, resulting in approximately $30 million in user losses across more than 8,600 wallets. Despite marketing itself as non-custodial, DEXX stored user private keys in plaintext on its own servers — a centralization risk that CertiK had flagged as unresolved prior to the breach. A partial compensation initiative led by LBank was announced in early 2025, but full recovery of stolen funds remains unlikely as the attacker laundered substantial ETH through Tornado Cash.

DEUS Finance is a decentralized derivatives and synthetic asset protocol built primarily on Fantom, co-founded by Lafayette Tabor and Mohammad Abrishami. The protocol suffered three separate security exploits between March 2022 and May 2023, resulting in combined losses exceeding $22 million across flash loan oracle attacks and a smart contract implementation flaw, with stolen funds routed through Tornado Cash in the 2022 incidents. Repeated security failures across distinct vulnerability classes raise severe concerns about the protocol's security practices and long-term viability.

Phemex is a centralized cryptocurrency derivatives exchange founded in November 2019 by former Morgan Stanley executives and registered in the British Virgin Islands. In January 2025, the exchange suffered one of the largest crypto hacks of that year, with an estimated $69–85 million drained from hot wallets across 16 blockchains, subsequently attributed to North Korea's Lazarus Group through on-chain evidence linking the same wallets to the February 2025 Bybit hack. Phemex has also faced formal regulatory enforcement actions in Ontario, Canada, and operates without authorization in the United Kingdom.

Penpie is a yield-boosting DeFi protocol built on Pendle Finance by the Magpie DAO ecosystem, allowing users to earn boosted yields on Pendle liquidity pools without directly locking PENDLE tokens. On September 3, 2024, an attacker exploited a reentrancy vulnerability in Penpie's staking contract to drain approximately $27.3 million across Ethereum and Arbitrum, subsequently laundering all stolen funds through Tornado Cash and ignoring recovery appeals. The protocol filed reports with the FBI and Singapore Police but recovered no funds; a partial community compensation plan was proposed but not fully executed.

Poly Network was a cross-chain interoperability protocol launched in August 2020 by Neo, Ontology, and Switcheo. It suffered two major security breaches: a $610 million exploit in August 2021 (the largest DeFi hack at the time, with funds ultimately returned) and a second exploit in July 2023 in which attackers minted billions in notional value of tokens, extracting an estimated $10–20 million in real assets. The protocol permanently terminated all services on September 30, 2024.

Bunni V2 was a decentralized exchange and liquidity layer built on Uniswap v4, developed by Timeless Finance. On September 1-2, 2025, the protocol suffered a critical exploit draining approximately $8.4 million across Ethereum and Unichain through a rounding-direction vulnerability in its withdrawal mechanism. The team permanently shut down the protocol on October 23, 2025, citing inability to finance a secure relaunch after the exploit erased 97% of TVL.

Abracadabra.money is a multi-chain DeFi lending protocol that allows users to mint the MIM (Magic Internet Money) USD-pegged stablecoin using interest-bearing tokens as collateral. The protocol has been compromised three times since January 2024, losing a combined total of over $21 million, and its founding ecosystem was shaken in January 2022 when co-founder Daniele Sestagalli's associate — Wonderland's pseudonymous treasury manager known as 0xSifu — was publicly identified as Michael Patryn, a convicted felon and co-founder of the fraudulent exchange QuadrigaCX. The SPELL token has declined approximately 99.5% from its November 2021 all-time high, and the protocol's total value locked has collapsed from over $776 million to under $30 million.

Radiant Capital is a decentralized cross-chain lending protocol built on LayerZero that suffered two significant security incidents in 2024: a $4.5 million flash loan exploit in January 2024 and a far more devastating $50 million multisig compromise in October 2024. The October hack, attributed by Mandiant with high confidence to North Korean state-sponsored group UNC4736 (Citrine Sleet / AppleJeus), involved a months-long social engineering campaign, macOS malware deployment on developer devices, and manipulation of hardware wallet signing interfaces to drain funds across BNB Chain and Arbitrum.

Blizz Finance was a decentralized lending protocol on Avalanche, forked from Aave v2, that launched in November 2021 and was rendered insolvent in May 2022 when the Terra LUNA collapse triggered a Chainlink oracle circuit breaker that froze the LUNA price at $0.10 while the token's actual market price fell to near zero. Attackers exploited the stale price feed to borrow approximately $8.3 million in protocol assets using nearly worthless LUNA as collateral, draining the protocol entirely. The team announced permanent shutdown shortly after, recovering and distributing only approximately $1.5 million to affected users.

PancakeBunny (Bunny Finance) was a Binance Smart Chain yield-optimizer developed by the anonymous team MOUND (Mound Inc.), which received a $1.6 million seed round led by Binance Labs in April 2021. The protocol suffered three separate exploits across 2021–2022 totaling over $127 million in losses, including a $45 million flash loan attack in May 2021, a $2.4 million polyBUNNY exploit on Polygon in July 2021, and an $80 million hack of its affiliated lending protocol Qubit Finance in January 2022. The BUNNY token has lost more than 99% of its all-time high value, the protocol transitioned to a DAO structure in early 2022, and no stolen funds from any exploit were publicly confirmed as recovered.

Prisma Finance is a Liquity-forked, Ethereum-based DeFi protocol that allowed users to mint overcollateralized stablecoins (mkUSD and ULTRA) against liquid staking tokens (LSTs) such as wstETH, rETH, sfrxETH, and cbETH. On March 28, 2024, a critical vulnerability in the protocol's MigrateTroveZap helper contract was exploited for approximately $11.6 million, with a total loss across all attacker wallets of roughly $12.3 million; the primary exploiter sent the majority of stolen funds through Tornado Cash while claiming a 'whitehat rescue,' and as of 2026 the protocol's TVL has collapsed from a pre-exploit peak of approximately $220 million to under $300K.

UwU Lend is an Ethereum-based DeFi lending protocol forked from Aave V2, launched in September 2022 and operated by Michael Patryn (known pseudonymously as 0xSifu), a co-founder of the collapsed Canadian crypto exchange QuadrigaCX and a convicted felon. In June 2024, the protocol was exploited twice by the same attacker — first for approximately $19.3 million on June 10 and again for $3.7 million on June 13 — via oracle price manipulation using flash loans, bringing combined losses to approximately $23 million.

FixedFloat (ff.io) is a non-custodial, no-KYC cryptocurrency swap exchange launched in 2018 that suffered two confirmed security breaches in 2024 totaling approximately $28.9 million in stolen assets. Both attacks were attributed to the same threat actor exploiting vulnerabilities in FixedFloat's third-party hosting provider, Time4VPS, and stolen funds were routed through the eXch mixer — a service subsequently shut down by German authorities for laundering proceeds from major crypto thefts. The platform resumed operations after a two-month suspension but has faced ongoing scrutiny for its anonymity-first model, opaque team structure, and inadequate incident disclosure.

Qubit Finance was a Binance Smart Chain lending and cross-chain bridge protocol developed by South Korean firm Mound Inc., the same team behind PancakeBunny. On January 27, 2022, an attacker exploited a logic error in the QBridge Ethereum-BSC bridge to mint approximately 77,162 qXETH tokens without depositing any ETH, then drained roughly $80 million in protocol assets; no funds were ever recovered and the attacker was never identified.

KyberSwap Elastic is the concentrated liquidity automated market maker (AMM) component of Kyber Network, a decentralized exchange protocol deployed across more than a dozen EVM-compatible blockchains. On November 22–23, 2023, it suffered the largest DeFi exploit of that year — approximately $48–56 million drained via a precision rounding bug in its tick-crossing swap logic — after which the alleged attacker issued an on-chain ultimatum demanding full executive control of the company. Canadian national Andean Medjedovic was indicted by U.S. prosecutors in February 2025 on charges including wire fraud, computer hacking, and extortion; he remains a fugitive as of mid-2026.

Poloniex is a cryptocurrency exchange founded in 2014 and acquired in 2019 by an investor group led by Tron founder Justin Sun. On November 10, 2023, the exchange suffered one of the largest hot wallet compromises in crypto history, with attackers draining approximately $126 million across Ethereum, TRON, and Bitcoin networks in an attack attributed by multiple blockchain security firms to North Korea's Lazarus Group. The exchange has also faced significant regulatory enforcement actions, including a $7.59 million OFAC sanctions settlement and a $10.4 million SEC settlement for operating an unregistered national securities exchange.

Euler Finance V1 was a permissionless DeFi lending protocol on Ethereum that launched in December 2021 and was exploited for approximately $197 million on March 13, 2023, in what was the largest DeFi hack of that year. The attack exploited a missing health check in the donateToReserves function introduced in EIP-14, despite the codebase having undergone multiple external audits. In a highly unusual outcome, the pseudonymous attacker known as 'Jacob' returned all recoverable funds by April 3, 2023, with the total recovered value reaching approximately $240 million due to ETH price appreciation during the recovery period.

Mango Markets V3 was a Solana-based decentralized margin trading protocol that suffered a $116 million oracle manipulation attack in October 2022 executed by Avraham Eisenberg, who artificially inflated the MNGO token price to extract funds against fabricated collateral. The protocol subsequently reached a partial recovery settlement, faced SEC and CFTC enforcement actions, and formally wound down operations by January 2025.

Badger DAO is a decentralized autonomous organization and DeFi protocol launched in December 2020 focused on generating yield on Bitcoin-backed assets via Ethereum-based vaults. In December 2021, a front-end attack exploiting a compromised Cloudflare API key resulted in approximately $120–130 million in user funds being drained across roughly 500 wallets. As of 2025, the protocol has seen significant decline: its flagship eBTC product was sunset, BADGER was delisted from Binance, and total value locked has fallen to low single-digit millions.

Binance Bridge (BSC Token Hub) was the official cross-chain bridge connecting the BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20), operated by Binance. On October 6-7, 2022, an attacker exploited a critical flaw in the bridge's IAVL Merkle proof verification logic inherited from Cosmos SDK, forging deposit proofs to mint 2 million BNB (approximately $586 million at time of exploit). Although the BNB Chain was halted by validators to contain the damage — trapping roughly $430 million on-chain — approximately $110–137 million escaped to other networks before the halt took effect.

Nomad was a cross-chain messaging bridge operated by Illusory Systems, Inc. that suffered one of the largest DeFi exploits in history on August 1–2, 2022, when a smart contract initialization bug allowed approximately $190 million in user funds to be drained in a chaotic free-for-all involving over 300 wallet addresses. The protocol never recovered meaningful user adoption after a December 2022 relaunch, faced a class action lawsuit and an FTC enforcement action, and in December 2025 agreed to a settlement requiring repayment of $37.5 million to affected users.

Harmony's Horizon Bridge is a cross-chain bridge connecting the Harmony (ONE) blockchain to Ethereum and Binance Smart Chain, launched in October 2020. In June 2022, it was exploited for approximately $100 million by the Lazarus Group, a North Korea-affiliated state-sponsored hacking collective, through compromise of a 2-of-5 multisig scheme controlling bridge funds. The FBI formally confirmed Lazarus Group attribution in January 2023; as of 2025, full victim restitution has not been achieved.

Saddle Finance was an Ethereum-based automated market maker (AMM) optimized for pegged-value assets such as stablecoins and wrapped BTC, founded in 2020 and launched in January 2021. The protocol suffered a critical exploit on April 30, 2022, when an attacker leveraged an unpatched MetaSwapUtils library bug to drain approximately $11 million via flash-loan-assisted price manipulation, with $3.8 million subsequently rescued by security firm BlockSec. The protocol formally wound down in September 2023 following a DAO vote (SIP-54) triggered in part by the broader DeFi security climate after the Curve Finance hack.

Zunami Protocol is an Ethereum-based DeFi yield aggregator and stablecoin issuer (UZD, zETH) that suffered at least four separate security incidents between January 2023 and May 2025, losing a combined estimated $2.86 million or more in user funds. The protocol is notable for ignoring a prior warning from SlowMist before its largest smart contract exploit, and for a May 2025 incident in which an admin key compromise allegedly drained $500,000, with the team subsequently going silent for weeks and development activity having ceased months prior.

The US government holds one of the largest concentrations of seized cryptocurrency in the world, accumulated through major law enforcement actions including the 2016 Bitfinex hack and the Silk Road darknet marketplace. In October 2024, a government-controlled wallet linked to Bitfinex seizure funds was drained of approximately $20 million in what was subsequently attributed to alleged insider theft by John Daghita, son of a US Marshals Service contractor, who was arrested in Saint Martin in March 2026 after a blockchain investigation by ZachXBT exposed the scheme.

Poly Network was a cross-chain interoperability protocol launched in August 2020 by Neo, Ontology, and Switcheo. It suffered the largest DeFi hack in history in August 2021 (~$611M stolen, nearly all returned), followed by a second exploit in July 2023 (~$10M realized losses) attributed to compromised multisig private keys. The protocol permanently shut down all services on September 30, 2024.

C.R.E.A.M. Finance (Crypto Rules Everything Around Me) is a decentralized lending and borrowing protocol launched in August 2020, forked from Compound Finance. The protocol suffered three major exploits in 2021 totaling approximately $185 million in losses, making it one of the most frequently and severely hacked DeFi protocols in history. On-chain investigator ZachXBT flagged the protocol and its founders, and the CREAM token has collapsed more than 99% from its all-time high.

EasyFi was a Layer 2 DeFi lending protocol operating on Polygon Network, forked from Compound Finance, that suffered one of the largest DeFi hacks of 2021 when an attacker compromised the CEO's MetaMask admin keys on April 19, 2021, stealing approximately $81 million in EASY tokens and stablecoins. The protocol attempted a hard fork and compensation plan, but a significant portion of token holders on decentralized exchanges alleged they remained uncompensated, and community members raised concerns about transparency, censorship of dissent, and the fundamental security failure of managing over $100 million in assets through a single admin key held in a browser extension. ZachXBT has flagged EasyFi as a high-risk entity.

Tapioca DAO is an omnichain DeFi money market built on LayerZero, offering a CDP stablecoin (USDO) and isolated lending markets (Singularity/Big Bang) across Arbitrum and BNB Chain. On October 18, 2024, the protocol suffered a critical security breach when a team member was targeted by a social engineering attack attributed to North Korea's Contagious Interview campaign, resulting in private key compromise, drainage of TAP token vesting contracts, and the minting of 5 quintillion USDO. Approximately $4.4–4.7 million was stolen before a partial counter-exploit recovered roughly 996 ETH (~$2.7 million), leaving the protocol treasury down approximately 45% and the TAP token price collapsed over 95%.

BSC TMM/USDT is a Binance Smart Chain token pair that was exploited on April 4, 2026, via a flash loan-based reserve manipulation attack, resulting in an estimated loss of $1.665 million USDT. The attacker burned TMM tokens to a dead address to artificially skew pool reserves, then extracted USDT through a Constant Product Market Maker (CPMM) pricing imbalance. The TMM token contract lacked reserve synchronization on burn operations and had no verified third-party security audit on file.

Uwerx (WERX) was a purported decentralized freelancing platform that conducted a multi-stage token presale in 2023 before suffering a flash loan exploit on August 2, 2023, one day after its Uniswap listing, resulting in the loss of approximately 176 ETH (~$324,000). Despite two prior smart contract audits by SolidProof and InterFi Network, neither audit identified the exploited vulnerability. The project subsequently relaunched on Polygon in October 2023 but has since been listed as abandoned on CoinSniper, with the token trading at effectively zero value and only six recorded holders as of early 2026.

Beanstalk is an Ethereum-based algorithmic stablecoin protocol that on April 17, 2022 suffered one of DeFi's largest governance exploits, losing approximately $182 million after an attacker used flash loans to acquire a supermajority vote and pass a malicious proposal draining the protocol's treasury. The protocol relaunched in August 2022 following a community fundraiser called the Barn Raise, but its BEAN stablecoin has never recovered its peg and total value locked remains a fraction of pre-exploit levels.

XBridge is a cross-chain bridge protocol built by SaitaChain (formerly Saitama Inu), designed to connect Ethereum Mainnet and BNB Chain. On April 24, 2024, the protocol suffered a $1.44 million exploit caused by a critical access-control vulnerability in its smart contracts, with stolen funds subsequently routed through Tornado Cash. The parent company, Saitama LLC, faces U.S. federal charges of wire fraud and market manipulation, with CEO Manpreet Kohli arrested in the UK in October 2024 and facing extradition proceedings.

Gym Network (GYMNET) is a Binance Smart Chain-based DeFi protocol launched in March 2022 that operates an affiliate investment scheme with hallmarks of a Ponzi structure, requiring continuous recruitment to sustain promised returns of up to 250% annually. The project was founded by Claudio Catrini, who has prior involvement in the OneCoin fraud, and suffered a $2.1 million smart contract exploit in June 2022. The GYMNET token has declined approximately 99.8% from its all-time high of $1.90 to under $0.004 as of 2026.

PAID Network is an Ethereum-based DeFi launchpad and legal-contract protocol whose native PAID token suffered a catastrophic infinite mint exploit on March 5, 2021, resulting in approximately 59.5 million tokens being minted and ~2,040 ETH (~$3 million at the time) extracted before the team intervened. Significant on-chain evidence and community investigators raised allegations that the attack was an insider job or was enabled by gross negligence over a known vulnerability, though the team maintained it was an external private-key compromise. The token has since declined over 99% from its all-time high and retains a negligible market capitalization as of 2025-2026.

Indexed Finance was an Ethereum-based decentralized protocol offering passively managed index pools, launched in late 2020. On October 14, 2021, the protocol suffered a sophisticated $16 million flash loan exploit targeting its DEFI5 and CC10 pools, destroying most user funds. The alleged attacker, Canadian mathematics prodigy Andean Medjedovic, was later charged by U.S. prosecutors in February 2025 in connection with $65 million in combined DeFi thefts and remains a fugitive as of early 2026.

Atlantis Loans was a decentralized lending and borrowing protocol built on BNB Chain (BSC) that was abandoned by its development team in April 2023 due to financial distress. Despite the abandonment, active smart contracts and unrevoked user approvals remained on-chain, which an attacker exploited in June 2023 through a malicious governance proposal, ultimately draining an estimated $2.5 million from users. The protocol is now defunct, its website is down, and its TVL has collapsed to near zero.

Infini is a Hong Kong-based stablecoin neobank offering yield-bearing accounts and a global payment card. On February 24, 2025, a former developer who had covertly retained administrative privileges over Infini's smart contracts drained approximately $49.5 million in USDC from the Morpho MEVCapital vault, converting the funds to ETH and routing them through Tornado Cash. As of May 2026, no funds have been recovered, and the attacker's wallet remained active through at least February 2026.

Ploutos Money was a multi-chain DeFi lending and leveraged farming protocol, forked from Aave v3.0.2, that operated across Ethereum, Arbitrum, Hemi, Hyperliquid, Avalanche, Polygon, Base, Plasma, and Katana. On February 26, 2026, the protocol lost approximately $388,000 (187.36 ETH) after its USDC price oracle was misconfigured to reference Chainlink's BTC/USD feed instead of the correct USDC/USD feed. Immediately following the exploit, the team deleted its website, GitHub repository, and all social media accounts without issuing any warning or post-mortem, prompting on-chain security firms CertiK and BlockSec to conclude that the incident was an inside job rather than an external attack.

Popsicle Finance is a cross-chain automated yield optimization protocol, launched in March 2021, that suffered a critical $20.7 million exploit in August 2021 due to a reward-tracking vulnerability in its Sorbetto Fragola pools. The protocol is part of Daniele Sestagalli's 'Frog Nation' ecosystem alongside Wonderland (TIME) and Abracadabra Money (MIM), which was later engulfed in a major scandal when the treasury manager of Wonderland was revealed to be Michael Patryn, a convicted felon and co-founder of the fraudulent QuadrigaCX exchange. The project subsequently rebranded as WAGMI in 2023 but remains a high-risk entity given the severity of the 2021 exploit, the laundering of stolen funds through Tornado Cash, and the broader Frog Nation governance failures.

Rodeo Finance was an Arbitrum-based leveraged yield protocol that allowed users to open leveraged positions in DeFi yield strategies using borrowed USDC from an integrated lending pool. The protocol suffered two separate security exploits in July 2023 within six days of each other, with the second — a TWAP oracle manipulation attack — draining approximately 472 ETH (roughly $888,000 net) and collapsing its total value locked from $20 million to under $500. The attacker bridged stolen funds to Ethereum, routed 150 ETH through Tornado Cash, and the protocol never fully recovered operationally.

LND (lnd.fi) was a non-custodial, multichain DeFi lending protocol built on Sonic (a high-performance EVM chain) as a fork of Aave V3. On May 9, 2025, the protocol was drained of approximately $1.27–1.42 million by a developer who gained Pool Admin credentials and introduced a malicious access control modification 41 days before executing the exploit; the official postmortem attributed the attacker to a DPRK (North Korea) IT worker embedded in the team under false pretenses. As of mid-2025, the lnd.fi domain is no longer operated by the team and appears listed for resale, indicating the protocol ceased operations following the incident.

Cypher Protocol was a Solana-based cross-margin decentralized exchange (DEX) and perpetuals trading platform that suffered a critical smart contract exploit in August 2023 resulting in approximately $1 million in losses. Following the exploit, an insider contributor known as 'Hoak' systematically drained over $314,000 from the community redemption fund established to reimburse hack victims, admitting publicly to gambling the funds away. The protocol appears effectively defunct, having failed to deliver meaningful restitution to users who received roughly 31 cents on the dollar from the original exploit fund before that fund itself was embezzled.

Velocore V2 was a ve(3,3) decentralized exchange (DEX) deployed on the Linea and zkSync Era layer-2 blockchains. On June 2, 2024, the protocol suffered a critical smart contract exploit that drained approximately $6.8 million in ETH from its volatile liquidity pools. The attacker laundered stolen funds through Tornado Cash, no recovery was achieved, and the team subsequently announced a treasury liquidation rather than a protocol relaunch.

Dough Finance was an Ethereum-based DeFi lending and margin-trading protocol co-founded by Chase Herro and Zachary Folkman. On July 12, 2024, the protocol was exploited via a flash loan attack that drained approximately $2.1–2.5 million in user funds due to unvalidated calldata in its ConnectorDeleverageParaswap smart contract. The protocol's website is shut down, the vast majority of the approximately 2,700 affected users have received no meaningful compensation, and the co-founders have since launched World Liberty Financial alongside Donald Trump, earning an alleged $65 million in revenues from that new venture.

Vee Finance is a decentralized lending and leveraged trading protocol deployed on the Avalanche blockchain that launched its mainnet on September 14, 2021. Within one week of launch, on September 20-21, 2021, an attacker exploited price oracle manipulation and a decimal calculation error in the protocol's smart contracts, draining approximately $35 million in ETH and BTC — a hack that ranks among the largest DeFi exploits on Avalanche. The protocol relaunched as V2 with improved security measures including Chainlink oracle integration, but the stolen funds were never recovered, and activity and token value have declined precipitously since the incident.

bEarn.fi (BearnFi) is a Binance Smart Chain-based cross-chain yield farming and algorithmic stablecoin protocol that launched in late 2020. On May 16, 2021, an attacker exploited a smart contract denomination mismatch to drain approximately $10.85 million in BUSD from the protocol's bVaults via a flash loan attack. The project subsequently became inactive, with its native BFI token recording no price data after mid-2023 and a market capitalization of effectively zero. The entity has been flagged by ZachXBT.

pNetwork is a cross-chain bridge and interoperability protocol built on the pTokens architecture, enabling assets to move between Bitcoin, Ethereum, BNB Chain, and other networks via wrapped synthetic tokens. The protocol has suffered two major security incidents — a September 2021 pBTC-on-BSC hack losing approximately $12 million, and a November 2022 pGALA incident that triggered a $28 million lawsuit by Gala Games and Huobi alleging pNetwork's own engineers caused the vulnerability through a leaked private key, then allegedly profited from a self-described 'white hat' rescue. As of 2025, the PNT governance token trades at a fraction of its 2021 peak and the protocol operates with negligible market capitalization and trading volume.

MyAlgo was a non-custodial web browser wallet for the Algorand blockchain, developed by Rand Labs. Between January and March 2023, a supply-chain attack via a compromised CDN (content delivery network) resulted in the theft of approximately $9.6 million in ALGO and USDC across at least five distinct attack waves. The wallet was officially shut down on January 30, 2024, following the incident and subsequent user attrition.

Solareum was a Solana-based Telegram trading bot that shut down on March 30, 2024 following a security exploit that drained approximately $523,000 (2,800+ SOL) from over 300 user wallets. Prosecutors later revealed in a January 2025 court filing that the Solareum team had unknowingly hired a North Korean (DPRK) developer in December 2023, who subsequently facilitated the theft of 6,045 SOL worth roughly $1.4 million; the FBI seized approximately $950,000 in USDT two months after the hack. The project offered no compensation to victims, deleted its website and community channels, and is no longer operational.

Spartan Protocol is a decentralized liquidity and synthetic-asset protocol that launched on Binance Smart Chain (BSC) in 2020 and was operated by a fully anonymous, community-driven team. On May 2, 2021, a critical vulnerability in the protocol's liquidity-share calculation logic was exploited via flash loan, resulting in approximately $30 million in stolen funds — ranking it among the largest DeFi exploits of that era. The protocol attempted a v2 rebuild with re-audited contracts but has since fallen to near-zero TVL and market cap, with no meaningful development activity recorded after 2024.

AutoShark Finance was a Binance Smart Chain-based yield optimizer and AMM that suffered two separate economic exploits in 2021, resulting in total losses exceeding $1.4 million in BNB across its SHARK and JAWS tokens. The protocol underwent multiple failed recovery attempts — including token migrations from SHARK to JAWS and a new reserve-currency token ATLAS — before formally shutting down in March 2022 after all three tokens had lost 97–99.75% of their peak value. AutoShark has been flagged by ZachXBT in the context of the wider BSC flash loan attack wave that targeted PancakeBunny forks.

ARA Finance is an Avalanche-based DeFi project that launched in December 2021, combining a yield farm (Goose/Masterchef fork) with a decentralized reserve currency protocol modeled on Olympus DAO (OHM). The project underwent a failed v1 launch, published a postmortem acknowledging market collapse, and pivoted to a v2 with minimal transparency. As of 2026, the protocol is effectively defunct with a TVL of approximately $1,500, a token classified as a dead coin, and an anonymous team that ceased meaningful communication.

Garden Finance (garden.finance) is a Bitcoin cross-chain bridge and swap protocol launched in December 2023 by former Ren Protocol core team members, using Hashed Timelock Contracts (HTLCs) and an intents-based solver network to enable non-custodial Bitcoin swaps across chains. In October 2025, a compromised solver operator lost approximately $11.4 million in a security incident attributed by forensic investigators to a North Korea-linked threat actor. Prior to the exploit, blockchain investigator ZachXBT alleged that a substantial portion of Garden's volume — with estimates ranging from 25% to over 75% — originated from illicit sources including funds stolen in the $1.46 billion Bybit hack by Lazarus Group, allegations the team disputed but did not fully refute.

Alpha Finance Lab (later rebranded to Alpha Venture DAO, then Stella) is a DeFi protocol best known for its leveraged yield farming product Alpha Homora. On February 13, 2021, Alpha Homora V2 was exploited for approximately $37.5 million via a sophisticated attack that required insider knowledge of an unannounced smart contract, draining funds from its Iron Bank (Cream Finance) integration. By March 2023, the protocol had repaid less than 2% of the resulting $32 million debt to Iron Bank despite a formal repayment agreement, triggering a second crisis in which user funds were frozen.

AscendEX (formerly BitMAX) is a Singapore-based cryptocurrency exchange founded in 2018 that suffered one of the largest centralized exchange hot wallet hacks on record in December 2021, with approximately $77.7 million stolen across Ethereum, Binance Smart Chain, and Polygon networks. The exchange operates without regulatory authorization in major jurisdictions including the UK (FCA warning issued) and France (AMF blacklisted), and has accumulated a Trustpilot rating of 1.3/5 driven by user reports of frozen funds, unannounced token delistings, and unresponsive customer support. The exchange received a $50 million Series B investment in November 2021 — just weeks before the hack — from backers including Alameda Research, a firm later implicated in the collapse of FTX.

Hedgey is a token vesting, lockup, and claims protocol that served over 100 on-chain projects before suffering a critical smart contract exploit on April 19, 2024, resulting in the theft of approximately $44.7 million across Ethereum and Arbitrum. The vulnerability — a missing input validation check in the ClaimCampaigns.sol contract — was present despite two prior audits by ConsenSys Diligence. No confirmed recovery of stolen funds has been reported; Hedgey was subsequently acquired by Anchorage Digital in late 2025.

Cetus Protocol is a concentrated liquidity market maker (CLMM) and the dominant decentralized exchange on the Sui Network, launched in 2023. On May 22, 2025, an arithmetic overflow vulnerability in its fixed-point math library enabled an attacker to drain approximately $223 million from liquidity pools in the largest DeFi exploit of 2025, of which roughly $162 million was subsequently frozen by Sui validators and later returned to affected users via an on-chain governance vote. The incident raised significant concerns about smart contract security, audit effectiveness, and the degree of decentralization on the Sui network.

Mobius Token (ticker: MBU) is a DeFi token that operated on BNB Chain. On May 11, 2025, an attacker exploited a critical decimal-precision bug in the project's unaudited smart contract, minting approximately 9.73 quadrillion MBU tokens with a deposit of only 0.001 BNB and draining $2.15 million in USDT from the protocol's liquidity pools. The stolen funds were laundered through Tornado Cash, no official team response was issued, and no funds have been recovered.

TMX TRIBE (also marketed as Tribe DEX) is a decentralized perpetual futures exchange operating on Arbitrum and Optimism that launched its TMX token in mid-2025. On January 5-7, 2026, an attacker exploited a critical logic flaw in unverified, unaudited smart contracts to drain approximately $1.4 million in user funds over 36 hours, with stolen assets subsequently bridged to Ethereum and laundered via Tornado Cash. The team deployed no emergency pause during the attack, issued no public statement for days afterward, and produced no post-mortem or user compensation plan, raising serious concerns about operational competence and transparency. ZachXBT has flagged the entity.

Pando Rings is an algorithmic lending and borrowing protocol built on the Mixin Network by Fox One, modeled on Compound Finance. On November 5, 2022, an attacker exploited a price oracle vulnerability tied to the sBTC-WBTC LP token on 4swap to drain approximately $21.9 million in ETH, BTC, and EOS from the protocol; an additional ~$50 million remained frozen in the attacker's wallets. The protocol subsequently suffered further losses in the September 2023 Mixin Network infrastructure breach, and as of late 2023 remained in a limited operational state with interest accrual and liquidations suspended.

Cyrus Finance is a decentralized yield-optimizer protocol operating on the BNB Smart Chain that markets itself as a high-yield DeFi platform utilizing PancakeSwap liquidity pairs and single-sided vaults. On March 22, 2026, the protocol suffered a $5 million flash loan exploit attributed to flawed pool-share accounting in its smart contracts, with no reported fund recovery. Multiple secondary domains (cyrusfinance.xyz) associated with the Cyrus Finance brand have been independently flagged as potentially malicious fake-broker sites that simulate trading activity and block user withdrawals.

Kelp (also known as Kelp DAO) is a liquid restaking protocol built on Ethereum and EigenLayer that issues rsETH, a liquid restaked token. In April 2026 the protocol suffered the largest DeFi exploit of 2026 to date when attackers, attributed to North Korea's Lazarus Group, drained approximately $292 million in rsETH through a compromised LayerZero cross-chain bridge configuration. The protocol and an industry coalition dubbed DeFi United are actively working to restore collateral and resume operations as of May 2026.

Concentric (Concentric.fi) was an automated liquidity management protocol built on Camelot v3 on the Arbitrum network, offering vault-based yield optimization for concentrated liquidity positions. On January 22, 2024, the protocol suffered a critical security breach when a team member's deployer wallet was compromised through a targeted social engineering attack, resulting in approximately $1.85 million in losses and a 57% crash in the CONE token price. The protocol was subsequently halted entirely, and blockchain forensics firm CertiK linked the exploiter's wallets to prior incidents targeting OKX, UnoRe, and LunaFi, suggesting a sophisticated and recurring threat actor.

BTC24H is an ERC-20 token and associated DAO platform launched on Polygon in late 2024, marketed as a mechanism for continuous Bitcoin distribution through high-yield daily payouts. The platform's Lock contract suffered a critical access-control vulnerability in December 2024 that allowed any caller to drain tokens, resulting in an estimated $85,700 loss. Multiple independent scam-detection services rate associated BTC24H web domains as high-risk or outright malicious, and the project's tokenomics — 5% daily returns for 30 days via a multi-level referral structure — exhibit structural characteristics consistent with unsustainable high-yield investment programs.

Cheese Bank was an Ethereum-based DeFi lending protocol that launched in September 2020 and suffered a $3.3 million exploit on November 6, 2020, caused by a flash loan attack combined with price oracle manipulation on Uniswap. The anonymous team claimed to have patched the vulnerability, but the protocol never recovered meaningful activity, the CHEESE token collapsed in value, and the project is widely considered abandoned. ZachXBT has flagged the entity as a high-risk project.

MoonHacker is an independently deployed DeFi vault protocol built on Optimism that was designed to interact with the Moonwell lending protocol. On December 23, 2024, MoonHacker vault contracts suffered a flash loan exploit due to improper input validation and absent access controls in the executeOperation function, resulting in the loss of approximately $320,000 USDC. The Moonwell team confirmed no affiliation with MoonHacker, the vault deployers remain anonymous, and stolen funds were converted to DAI and routed through Tornado Cash, complicating recovery efforts.

Bitrue is a Singapore-incorporated centralized cryptocurrency exchange founded in 2018 that suffered a confirmed $23 million hot wallet exploit in April 2023, with stolen funds subsequently laundered through Tornado Cash as recently as June 2025. The exchange holds no license from Singapore's Monetary Authority (MAS) and relies on a VASP registration in Lithuania — a lower-tier regulatory framework — while accumulating a persistent record of user complaints alleging unjustified account freezes and asset seizures.

SIREN is a BNB Chain-based token launched in early 2025, marketed as an on-chain AI agent analyst. In March 2026, blockchain investigator ZachXBT and analytics firm Bubblemaps identified that a single wallet cluster controlled nearly 50% of the circulating supply and linked those wallets on-chain to DWF Labs, alleging coordinated market manipulation. The token subsequently crashed over 70% from its all-time high within 24 hours. The SIREN name is also shared by a separate, earlier Ethereum-based DeFi options protocol (Siren Markets) that suffered a $3.5 million reentrancy exploit in September 2021.

Transit Swap is a cross-chain DEX aggregator incubated by TokenPocket, supporting swaps across Ethereum, BNB Chain, Polygon, Tron, Solana, and other networks. On October 1–2, 2022, an attacker exploited an input validation vulnerability in the platform's swap contract, draining approximately $21–28.9 million in user funds across Ethereum and BNB Chain. The attacker subsequently returned roughly 70% of stolen assets after security firms identified the exploiter's IP address and email, though an estimated 30% of funds — including amounts routed through Tornado Cash — remain unrecovered.

JUDAO is a deflationary BEP-20 token deployed on BNB Smart Chain and trading primarily on PancakeSwap, with a self-described 'T3 JUDAO' iteration launched in January 2026 and a separate 'JUDAO 3.0' variant announced as part of the JuCoin ecosystem via NordCore Labs. On April 28, 2026, the token's liquidity pool was drained of approximately $228,000 through a flash loan exploit that exploited a double-reserve-sync vulnerability in its custom transfer logic. The project's parent exchange JuCoin was independently flagged by on-chain investigator ZachXBT as 'sketchy' in March 2025, and JUDAO 3.0 has no verifiable audit, no identified founding team, and no smart contract security review on record.

Levyathan was a Binance Smart Chain DeFi protocol billing itself as the first crypto index fund on BSC, launching in mid-2021. On July 30, 2021, the project collapsed after private keys controlling the token minting contract were left exposed in a public GitHub repository for approximately four months, enabling an attacker to mint and dump a quadrillion LEV tokens. A concurrent bug in the emergencyWithdraw() function compounded losses for stakers, and stolen funds were bridged to Ethereum and routed through Tornado Cash; the project never recovered and effectively disbanded.

LendHub was a decentralized cross-chain lending protocol operating primarily on the Huobi Eco Chain (HECO) and Binance Smart Chain (BSC). On January 12, 2023, the protocol suffered an approximately $6 million exploit caused by an operational failure to remove a deprecated IBSV cToken from its market, allowing an attacker to drain funds by arbitraging the two coexisting token versions. The protocol's TVL collapsed to near zero following the exploit, stolen funds were laundered through Tornado Cash, and the protocol is no longer considered operational.

Convergence (CVG) is an Ethereum-based DeFi yield-aggregation protocol built on top of Curve and Convex Finance. On August 1, 2024, an attacker exploited a missing input-validation check in the CvxRewardDistributor contract — introduced by a post-audit gas-optimization change — to mint 58 million CVG tokens and sell them for approximately $212,000, collapsing the token price by 99%. The protocol never recovered; following a community DAO vote, the team pivoted operations to a successor project called Tangent Finance (TGN).

OcelotDex is a decentralized exchange (DEX) operating as an automated market maker (AMM) on ZetaChain, a cross-chain interoperability blockchain. The protocol has an extremely low total value locked of approximately $4.57 as of mid-2026, indicating near-total user abandonment. A security incident reportedly resulting in approximately $4.9 million in losses via an infinite mint and dump vulnerability was attributed to the protocol in September 2024, though independent Tier 1 or Tier 2 confirmation of this specific event remains limited.

Unleash Protocol is a decentralized intellectual property finance (IPFi) platform built on the Story Protocol blockchain, launched in early 2024. On December 30, 2025, the protocol suffered a confirmed $3.9 million exploit in which an attacker gained unauthorized administrative control through its multisignature governance system, executed an unauthorized smart contract upgrade, and laundered 1,337 ETH through Tornado Cash. The protocol subsequently paused all operations; as of early 2026 no recovery or user compensation plan has been publicly confirmed.

Atomic Wallet is a non-custodial, multi-currency cryptocurrency wallet founded in 2017 and headquartered in Tallinn, Estonia. In June 2023, attackers attributed to North Korea's Lazarus Group (TraderTraitor) stole approximately $100 million in cryptocurrency from an estimated 5,500 user wallets in one of the largest crypto theft events of that year. Prior to the hack, an independent security firm had publicly disclosed unresolved critical vulnerabilities in the wallet's cryptography implementation as early as February 2022, and Atomic Wallet did not adequately address those findings before the breach occurred.

Jimbos Protocol was an Arbitrum-based DeFi liquidity protocol designed to provide a semi-stable floor price for its native JIMBO token. On May 28, 2023, just three days after launching its V2, the protocol was exploited via a flash loan attack that drained approximately 4,090 ETH (~$7.5 million) by exploiting a lack of slippage control in the JimboController contract. The attacker rejected a $800,000 bounty offer, laundered the full amount through Tornado Cash, and remains unidentified; no funds have been recovered.

Paraluni is a metaverse DeFi yield-farming protocol deployed on Binance Smart Chain (BSC). On March 13, 2022, its MasterChef smart contract was exploited via a reentrancy vulnerability in the depositByAddLiquidity function, resulting in approximately $1.7 million in losses. The attacker laundered the proceeds through Tornado Cash and never returned funds despite a public appeal from the Paraluni team.

OKX DEX is the decentralized exchange aggregator operated by OKX (Aux Cayes FinTech Co. Ltd.), one of the world's largest centralized crypto exchanges. In December 2023, the DEX suffered a ~$2.7 million exploit caused by a suspected private key leak and a centralized proxy upgrade mechanism with no multi-signature protection. The broader OKX entity has faced severe regulatory sanctions including a $504 million U.S. DOJ settlement in February 2025 for operating an unlicensed money-transmitting business and facilitating over $5 billion in suspicious transactions, a €1.1 million Malta AML fine, and repeated scrutiny over its DEX aggregator being used by North Korea's Lazarus Group to launder stolen funds from the $1.5 billion Bybit hack in early 2025.

BonqDAO was a Polygon-based decentralized lending protocol that launched in December 2022, offering zero-interest borrowing against crypto collateral with a native euro-pegged stablecoin (BEUR). On February 1, 2023, the protocol suffered a critical oracle manipulation exploit in which an attacker staked approximately $175 worth of TRB tokens to manipulate the Tellor price feed for the WALBT collateral token, minting 100 million BEUR against near-zero collateral and liquidating other users for an additional 113 million WALBT, resulting in nominal losses of approximately $120 million. BonqDAO's TVL fell by over 99% following the attack; a successor protocol (3A DAO) was subsequently launched by the team but BonqDAO itself remains effectively defunct.

Defrost Finance was an Avalanche-based CDP (Collateralized Debt Position) DeFi protocol that allowed users to collateralize yield-bearing tokens to mint an H2O USD-pegged stablecoin. In December 2022 the protocol suffered a two-stage exploit resulting in approximately $12 million in losses; multiple blockchain security firms — including CertiK, PeckShield, and De.Fi Security — alleged the attack constituted an insider rug pull enabled by admin key access, a conclusion the team denied. Funds were subsequently returned and a refund contract was deployed in January 2023, but the protocol has since effectively ceased meaningful operations with under $100,000 in TVL, and the MELT governance token has lost nearly all of its value.

Skyward Finance was a permissionless token launchpad built on the NEAR Protocol, launched in June 2021. On November 2, 2022, a smart contract vulnerability in its treasury redemption function was exploited, resulting in the loss of approximately 1.1 million NEAR tokens (~$3.2 million USD). The exploit rendered the SKYWARD token and protocol treasury effectively worthless, and the team publicly advised users to withdraw all remaining funds and cease interacting with the platform.

Pickle Finance was an Ethereum-based DeFi yield aggregator launched in September 2020 that suffered a critical smart contract exploit on November 21, 2020, resulting in the theft of approximately 19.76 million DAI (roughly $19.7 million) from its pDAI PickleJar. The exploit, known as the 'Evil Jar Attack,' combined three design flaws in unaudited contract code and led to a 50% collapse in the PICKLE token price, with hack proceeds later laundered through Tornado Cash. The protocol subsequently merged with Yearn Finance but never meaningfully recovered; it officially announced its shutdown in 2025 with the UI disabled on October 1, 2025.

Ionic Protocol (also known as Ionic Money) is a decentralized non-custodial lending and borrowing protocol deployed on the Mode Network (OP Superchain). It is a rebrand of Midas Capital, which suffered two separate exploits in 2023 totaling approximately $1.26 million. In February 2025, Ionic itself was exploited via a social engineering attack involving a counterfeit LBTC token, resulting in losses estimated between $8.6 million and $12.3 million; funds were partially laundered through Tornado Cash and have not been recovered.

8ight Finance (also referred to as 8ightDAO) was an OHM fork launched on the Harmony blockchain in October 2021, positioning itself as a relief project for victims of the Snowdog DAO rug pull. In December 2021, approximately $1.75 million in treasury stablecoins was drained after the team admitted to transmitting private keys through Facebook group chat and Google Drive. The incident is disputed: community members alleged an intentional rug pull while the team claimed external compromise, but funds were sent to Tornado Cash making attribution impossible.

402bridge (also written x402bridge) was a short-lived cross-chain bridge protocol built on the x402 HTTP payment standard, operating at 402bridge.fun. On October 28, 2025, approximately 13 hours after deployment, an attacker exploited a leaked admin private key to drain $17,693 in USDC from 227 user wallets in under 30 minutes; the protocol ceased operations immediately afterward and no user compensation has been announced. Security firm SlowMist noted that while the incident appeared consistent with a private key leak, the possibility of insider involvement could not be ruled out.

Cover Protocol was a decentralized insurance marketplace on Ethereum, launched in November 2020 after a troubled rebrand from the failed SAFE token project. On December 28, 2020, a critical smart contract vulnerability in its Blacksmith farming contract allowed an attacker to mint approximately 40 quintillion COVER tokens and extract over $4 million in assets, crashing the token price by more than 97%. After a failed merger with Yearn Finance and the abrupt departure of core developers, the protocol permanently shut down on September 5, 2021, distributing remaining treasury funds to token holders.

MonoSwap is a decentralized exchange (DEX) and launchpad built on the Blast L2 network that launched in late February 2024. On July 24, 2024, the protocol was compromised via a social engineering attack in which a developer was tricked into installing infostealer malware disguised as a video conferencing app, allowing attackers to drain approximately $1.3 million in staked liquidity. The stolen funds were subsequently laundered through Tornado Cash, and the protocol has remained largely inactive with negligible TVL since the incident.

Fantasm Finance was a fractional-algorithmic synthetic token protocol on the Fantom Opera blockchain, designed to maintain a synthetic FTM token (XFTM) backed partially by FTM collateral and partially by the protocol's native FSM token. On March 9, 2022, within days of its public launch, the protocol suffered a critical smart contract exploit that drained approximately $2.62 million from its collateral reserve pool. The attacker laundered the stolen funds through Tornado Cash and was never publicly identified; the protocol has since ceased operations with zero TVL remaining.

Dexible V2 is a multichain DEX aggregator that suffered a critical smart contract exploit on February 17, 2023, resulting in approximately $2 million in user funds stolen across Ethereum and Arbitrum. The attack exploited an unvalidated router address in the selfSwap function of the v2 contracts, which had never undergone a formal third-party security audit. Stolen funds were laundered through Tornado Cash and have not been recovered; the protocol has since ceased operations.

Fortress Loans (fortress.loans) was an algorithmic money market and lending protocol on BNB Chain (Binance Smart Chain), launched in April 2021 by the JetFuel Finance team. On May 8, 2022, the protocol was drained of all funds — approximately $2.98 million — through a combined governance manipulation and oracle price manipulation attack. The protocol has been effectively inactive since, with DefiLlama recording a TVL of approximately $1,168 as of 2024, and the FTS governance token has lost effectively all of its value.

LaunchZone (LZ) was a Binance Smart Chain-based DeFi launchpad and IDO platform originally launched as BSCex in December 2020, later rebranded in March 2021. On February 27, 2023, the protocol suffered a critical smart contract exploit in its Bscex SwapX contract, resulting in approximately $700,000 drained from its liquidity pool and a total of nearly $7.8 million in cumulative losses as additional vulnerable contracts were identified. The platform ceased operations on March 26, 2023, with over 75,000 user wallets remaining exposed weeks after the initial attack. ZachXBT has flagged this entity as a risk.

UXLINK is a Singapore-based Web3 social infrastructure protocol that suffered a critical $11.3 million multisig exploit in September 2025, in which an attacker used deepfake video technology to socially engineer a team member, then minted up to 10 trillion unauthorized tokens — collapsing the token price by over 90%. The project has raised over $15 million from credible VCs including HashKey Capital and SevenX Ventures, but centralization risks in its smart contract architecture and persistent post-hack selling pressure have left the token trading at roughly 99% below its pre-hack highs as of May 2026.

Rhea Lend is the lending arm of Rhea Finance, a DeFi protocol on NEAR Protocol formed in early 2025 through the merger of Ref Finance and Burrow Finance. In April 2026, Rhea Lend suffered a major exploit in which an attacker drained approximately $18.4 million by exploiting a flaw in the protocol's slippage protection mechanism via a fake-token pool manipulation scheme. Partial recovery of approximately $9–13 million was achieved through voluntary returns and asset freezes, but the incident represents a critical security failure on an audited protocol.

ForceBridge is a cross-chain bridge operated by Magickbase on the Nervos Network (CKB), enabling transfers between Nervos and Ethereum and BNB Chain. On June 2, 2025, the bridge was exploited via an access control vulnerability — likely a compromised private key — resulting in approximately $3.7–3.9 million in user funds being stolen and laundered through Tornado Cash. The exploit occurred just one day after Magickbase announced the bridge's sunset, raising questions about the timing and origin of the attack.

zkLend was a decentralized money-market lending protocol built on Starknet (Ethereum Layer 2), founded in 2022 by Brian Fu and Jane Ma and backed by Delphi Digital, Three Arrows Capital, and StarkWare. On February 11–12, 2025, the protocol suffered a critical flash-loan exploit that drained approximately $9.57 million in user funds through manipulation of the lending_accumulator variable and precision-loss rounding errors. The protocol permanently ceased operations in June 2025, allocating a $200,000 treasury remnant to a user recovery fund — leaving the vast majority of affected users uncompensated.

Punk Protocol was an Ethereum-based DeFi project that positioned itself as a decentralized annuity and pension service. On August 10, 2021, it suffered a critical smart contract exploit due to a missing access-control modifier in its CompoundModel contract, resulting in approximately $8.95 million in stablecoin losses; roughly $5 million was partially recovered via a white-hat frontrunner who retained a $1 million bounty. The project launched without a security audit, has published no meaningful updates since late 2021, and its PUNK token currently trades at effectively zero volume, indicating the project is dormant or abandoned.

Arcadia Finance v1 was a decentralized margin lending protocol deployed on Ethereum and Optimism that suffered a critical reentrancy exploit on July 10, 2023, resulting in the loss of approximately $459,030 across both chains. The attack exploited a missing reentrancy guard in the vault liquidation function combined with absent untrusted-input validation, allowing the attacker to bypass collateral health checks and drain darcWETH and darcUSDC vaults. The stolen funds on Optimism were largely laundered through Tornado Cash; the protocol subsequently paused all contracts and issued a bounty ultimatum to the attacker that went unanswered.

ApeRocket is a DeFi yield farming aggregator and optimizer originally deployed on Binance Smart Chain (BSC) and Polygon in 2021. The protocol suffered two simultaneous flash loan exploits on July 14, 2021, resulting in combined losses of approximately $1.26 million and a 63% collapse in its native SPACE token price. The project attempted a V2 relaunch with improved security, but the SPACE token currently shows zero trading volume and effectively zero market capitalization, indicating the protocol is inactive.

ChainSwap was a cross-chain token bridge protocol connecting Ethereum, Binance Smart Chain, and Huobi Eco Chain, which raised $3 million in April 2021 from investors including Alameda Research and NGC Ventures. The platform suffered two separate smart contract exploits in July 2021 — the first on July 2 draining approximately $800,000, and the second on July 10-11 draining approximately $4.4 million (with some sources citing up to $8 million across affected partner token markets) — collectively devastating more than 20 partner projects. Following the exploits, ChainSwap offered partial compensation via token airdrops; the project's native CHAINS/ASAP token collapsed over 96% from its all-time high and the protocol has since become largely inactive under its original identity, with the @ChainSwapERC Twitter handle rebranding to ChainHub in early 2026.

BitMart is a centralized cryptocurrency exchange founded in 2017 by Sheldon Xia, incorporated in the Cayman Islands and operated by Bachi.Tech Corporation. In December 2021, the exchange suffered one of the largest crypto exchange hacks in history, with approximately $196 million in customer funds stolen after attackers compromised a private key to two hot wallets; reimbursement was promised but reported as slow and incomplete by many victims. The exchange has subsequently faced an FTC investigation, a UK FCA unauthorized-firm warning, an alleged 2025 data breach affecting 1.2 million users, recurring user complaints about frozen withdrawals, and its platform was used as a venue for DOJ-charged wash-trading schemes targeting retail investors.

Warp Protocol refers to two distinct but both risk-flagged entities: (1) Terraform Labs' Cosmos-based on-chain automation protocol, shut down by December 2024 following the $40 billion Terra/Luna collapse and a $4.47 billion SEC settlement against Do Kwon and Terraform Labs; and (2) Warp Finance, an Ethereum DeFi lending protocol that suffered a $7.76 million flash loan exploit in December 2020, which ZachXBT linked to Omar Zaki, a Yale graduate who had previously settled SEC fraud charges for $25,000 in 2019 while operating an unregistered hedge fund. ZachXBT's February 2022 investigation alleged that Zaki operated both Warp Finance and Force DAO under the pseudonym '0xbrainjar' while concealing his SEC enforcement history from the Composable Finance community.

BurgerSwap is a decentralized exchange (DEX) and automated market maker (AMM) protocol launched in September 2020 on Binance Smart Chain (BSC), built around the native BURGER governance token. On May 28, 2021, the protocol suffered a flash loan and reentrancy exploit that drained approximately $7.2 million in user funds across 14 transactions. Uniswap founder Hayden Adams publicly noted that a critical line of code enforcing the constant-product formula had been deliberately removed from BurgerSwap's fork of Uniswap v2, raising allegations of an intentional vulnerability or insider involvement by the anonymous development team.

DeltaPrime is a decentralized leveraged farming and lending protocol deployed on Arbitrum and Avalanche. The protocol suffered two major security exploits in 2024 — a $5.98 million private key compromise in September and a $4.8 million smart contract vulnerability in November — totaling over $10.7 million in losses. On-chain investigator ZachXBT alleged that DeltaPrime had previously employed North Korean IT workers with alleged ties to the DPRK-linked Lazarus Group, raising concerns about insider access as a contributing factor to the first exploit.

Resolv is a DeFi protocol issuing USR, a delta-neutral stablecoin backed by ETH with perpetual futures hedging, developed by Resolv Labs. On March 22, 2026, the protocol suffered a critical exploit in which an attacker compromised Resolv's AWS key management infrastructure to mint 80 million unbacked USR tokens, extracting approximately $23–25 million in ETH and triggering a severe stablecoin depeg. The protocol remains paused as of May 2026 while recovery and infrastructure remediation are underway.

DAO Maker Vesting refers to the smart contract infrastructure operated by DAO Maker, a crypto launchpad platform, that was compromised in two separate exploits in 2021 resulting in combined losses of approximately $11 million. The August 2021 incident drained $7 million in USDC from 5,251 user accounts via a compromised admin private key, and a second exploit in September 2021 extracted approximately $4 million from vesting contracts via an unauthenticated init() function vulnerability. Victims allege that DAO Maker has failed to honor its full compensation commitments over three years after the hacks, with governance manipulation alleged to have been used to cancel the USDR reimbursement program.

Seneca is a decentralized stablecoin lending protocol that allowed users to mint senUSD against collateral. On February 28, 2024, attackers exploited a critical arbitrary external-call vulnerability in its Chamber contract, draining approximately $6.4 million from user wallets across Ethereum and Arbitrum. Approximately 80% of stolen funds were recovered after an on-chain bounty offer; however, the vulnerability had been publicly identified months before the exploit and the team proceeded to launch without patching it.

RocketSwap is a decentralized exchange (DEX) launched on the Coinbase Base Layer 2 network in mid-2023 that suffered a $865,000 private key compromise exploit just days after Base's public launch, making it one of the first major exploits on the network. The attack, confirmed by security firms PeckShield and Certik as a private key compromise, was compounded by a separate $69,000 social engineering loss one week prior, and the hacker subsequently laundered stolen funds through Tornado Cash, Binance, OKX, and a self-created memecoin called LoveRCKT. The project has been flagged by ZachXBT and community analysts, with some alleging that pre-exploit proxy contract modifications and the team's decision to silence communications point to possible insider involvement, though this has not been conclusively proven.

Corepound (CORP) is an alleged yield aggregator protocol operating on the Core blockchain (Core DAO ecosystem), with its native CORP token traded primarily on Molten Finance V2. The protocol was flagged by on-chain investigator ZachXBT and has experienced an extreme price collapse exceeding 86% within a 24-hour window, consistent with a protocol logic incident or coordinated exit. The protocol's official website (corepound.xyz) is currently inaccessible, no independent security audit has been publicly identified, and the development team has not been publicly identified.

Purrlend is a non-custodial DeFi lending and borrowing protocol deployed on HyperEVM and MegaETH, operating as an Aave-style fork designed for leveraged yield farming. On April 25, 2026, the protocol suffered a multisig permission exploit that drained approximately $1.52 million across both networks, collapsing its TVL by roughly 70%. As of late May 2026, the protocol remains paused with no published post-mortem, recovery plan, or user compensation details.

Locus Finance is a DeFi yield-vault protocol launched in July 2023 by Iakov Levin, the founder of the defunct custodial crypto platform Midas Investments, which collapsed in December 2022 with a reported $63.3 million deficit. On December 30, 2023, Locus suffered a $320,964 exploit due to a developer private key leak during a CTO transition. The LOCUS token has declined over 99% from its all-time high, the protocol's TVL is near zero, and Levin is subject to regulatory enforcement actions in California and Wisconsin related to his prior venture.

Conic Finance was a DeFi liquidity-diversification protocol built on Curve Finance that allowed users to deposit assets into Omnipools across multiple Curve pools. On July 21, 2023, the protocol suffered two separate exploits totaling approximately $4.2 million — a $3.26 million read-only reentrancy attack on its ETH Omnipool and a subsequent $300,000 sandwich attack on its crvUSD Omnipool — after which TVL never recovered. In March 2025, the team formally shut down the protocol, citing an inability to fix critical security issues in a planned v2 upgrade.

Wise Lending V1 is the first version of the Wise Lending decentralized lending and yield-aggregation protocol deployed on Ethereum, built from scratch by WiseSoft LLC and founded by Peter Girr. The V1 deployment suffered two confirmed on-chain exploits within approximately three months, losing an estimated $700,000+ in total user funds across both incidents, with no publicly documented recovery or compensation plan. ZachXBT has flagged the entity, and post-exploit TVL collapsed effectively to zero.

Onyx Protocol is a DeFi lending protocol forked from Compound Finance v2, operating on Ethereum and issuing the XCN (Onyxcoin) token. The protocol suffered two major exploits in under twelve months — $2.1 million in October/November 2023 and $3.8 million in September 2024 — both stemming from the same known precision vulnerability in the Compound v2 codebase that the team had been warned about by auditor CertiK in February 2023 and chose not to remediate. Following the second hack the Ethereum-based lending market was shut down and the protocol relaunched as Onyx Core.

MSCST is a BSC-based DeFi auto-staking token associated with MSC Protocol (MetaSuperCoin), which advertised an implausible fixed APY of 38,585% over 400 days with no public team or audits. On December 29, 2025, a flash loan attacker exploited a missing access control vulnerability in the protocol's releaseReward() function, draining approximately $130,000 (149 BNB) from the GPC/WBNB PancakeSwap liquidity pool. The project has been flagged by ZachXBT and received no recovery response from an identifiable development team.

Palmswap was a decentralized perpetual futures exchange built on BNB Chain (Binance Smart Chain), launched in 2022 and offering up to 50x leverage trading via its PALM governance token and PLP liquidity provider token. On July 24–25, 2023, the protocol suffered a flash loan price manipulation exploit that drained approximately $901,455 USDT from its liquidity vault due to a critical smart contract logic flaw in the PlpManager contract. The exploiter ultimately returned $721,450 of the stolen funds after bounty negotiations, but the protocol's liquidity partner Gotbit was subsequently indicted and convicted by US federal prosecutors for market manipulation and wire fraud, raising additional integrity concerns about the project's ecosystem.

XT Exchange (XT.com), founded in 2018 and registered in Seychelles, is a centralized cryptocurrency exchange that has been flagged by multiple regulatory authorities — including the UK FCA, Dubai VARA, Thailand SEC, and the Seychelles FSA — for operating without proper licensing. The exchange suffered a $1.7 million hot wallet exploit in November 2024 due to a compromised private key, and has accumulated substantial user complaints alleging unjustified account freezing, asset seizure, and blocked withdrawals. Independent analysis has also raised concerns about inflated trading volumes and inadequate proof-of-reserves transparency.

Bondly Finance is a DeFi and NFT protocol launched in September 2020 that suffered a major exploit on July 14-15, 2021, in which 373 million BONDLY tokens were minted via owner-level credentials and sold into liquidity pools, causing an 82% token price collapse and approximately $5.9-7.5 million in losses. The exploit originated from the protocol owner's address, prompting blockchain security firm PeckShield to allege a potential rug pull, though the team attributed it to compromised credentials belonging to CEO Brandon Smith. Following acquisition by Animoca Brands in September 2021 and a rebrand to Forj in May 2022, the project has undergone significant leadership changes; the original founder departed under a cloud of unresolved questions about the exploit's true origin.

Harvest Finance is a decentralized yield-aggregation protocol (token: FARM) that suffered a landmark $33.8 million flash loan-based price manipulation attack on October 26, 2020, one of the largest DeFi exploits of that year. Pre-attack, the protocol held over $1 billion in TVL while being governed by a single anonymous admin key—a concentration of power flagged by multiple security auditors and researchers. The protocol continues to operate with substantially reduced TVL (~$12 million as of 2025), though the stolen funds were never recovered and the attacker was never publicly identified or charged.

Ratio Finance is a defunct Solana-based collateralized debt position (CDP) protocol that allowed users to mint the USDr stablecoin against yield-bearing LP token collateral. The protocol raised $8.4 million across multiple rounds from investors including Alameda Research, Solana Ventures, and CMS Holdings, then launched its RATIO governance token in March 2022 at an all-time high near $2.24. The project suffered a private key compromise on or around December 3, 2022, after which the protocol's TVL fell to zero, the RATIO token lost over 99.9% of its value, and all social media activity ceased by December 2023.

Onyx Protocol is a Compound Finance fork and DeFi lending platform on Ethereum that launched a V2 iteration in 2024 following two devastating exploits — one in November 2023 ($2.1M) and a second in September 2024 ($3.8M) — both exploiting the same known vulnerability in the Compound V2 codebase. After the second hack, the community voted to shut down the Ethereum lending market and relaunch as Onyx Core; V2 targeting compliance with the U.S. CLARITY Act launched in Q3 2025 on a new XCN Ledger infrastructure. Total confirmed losses across both exploits exceed $5.9 million.

Odin.Fun (ODIN•FUN) is a Bitcoin-based meme coin launchpad and automated market maker launched in January 2025 by Bioniq co-founder Bob Bodily, designed as a Pump.fun analogue for Bitcoin Runes tokens. The platform has suffered at least four confirmed security incidents within its first year of operation, including a critical $7 million (58.2 BTC) AMM liquidity manipulation exploit in August 2025 that left the treasury insolvent and unable to fully compensate affected users. As of the latest available reporting (August–September 2025), the platform remained halted pending security audits, with no committed reopening timeline.

WXETA (Wrapped Xeta) is an ERC-20 token deployed on Ethereum using a Diamond (EIP-2535) upgradeable proxy architecture, associated with XETA Capital / XETA Genesis — a DeFi yield platform incorporated in Belize that claimed up to 20% monthly returns via high-frequency trading algorithms. The underlying XETA ecosystem is named as a co-defendant in a federal civil RICO lawsuit filed in January 2025 alleging tens of millions of dollars in investor fraud, and ZachXBT has flagged the entity. The platform ceased onboarding new members at end of 2023 and converted member positions into non-liquid NFTs, leaving the withdrawal status of the bulk of investor funds disputed.

Minterest (formerly using the MNT token, later rebranded to MINTY) was a cross-chain DeFi lending and borrowing protocol founded by Josh Rogers and incorporated as Minterest Labs OÜ in Estonia. The protocol suffered a $1.4 million reentrancy exploit on July 14, 2024 — in a market that went live without a completed security audit — and subsequently announced the sunsetting of all operations in November 2025, explicitly stating that hack victims would receive no refund or token compensation as part of the wind-down.

Pike V1 (also known as Pike Beta) was a cross-chain DeFi lending protocol built by Nuts Finance that suffered two smart contract exploits within four days in April 2024, resulting in approximately $1.98 million in user losses. A vulnerability identified by auditing partner OtterSec prior to launch was never remediated, and a subsequent botched patch introduced even more severe vulnerabilities. The project's October 2024 token generation event further damaged investor trust after the team launched the $P token with only $10,000 in initial liquidity despite having raised $6.45 million in a presale.

Molt EVM (ticker: mEVM) is an ERC-20 token deployed on the Base blockchain and traded via the Aerodrome decentralized exchange. On March 7, 2026, the protocol suffered a critical access-control exploit in which an attacker bypassed the onlySpawnerToken minting guard by directly overwriting the unprotected setSpawnerToken() function, minting approximately 31.5 quintillion mEVM tokens and swapping them for roughly $127,000 in WETH. ZachXBT has flagged the entity, and the token price collapsed to near zero following the incident.

Raft is a decentralized Ethereum CDP lending protocol that issued the R stablecoin, collateralized by liquid staking tokens (stETH, rETH). On November 10, 2023, an attacker exploited a precision loss vulnerability to mint approximately $6.7 million in unbacked R tokens, draining 1,577 ETH from the protocol and causing the R stablecoin to depeg by up to 50%. Due to a coding error the attacker burned 1,570 of the stolen ETH to an inaccessible burn address, effectively losing money on the attack; the protocol subsequently implemented a partial recovery plan offering approximately 42% restitution to affected users and announced plans to phase out the current version.

Lodestar V0 is the original deployment of Lodestar Finance, an algorithmic money market lending protocol on Arbitrum. On December 10, 2022, the protocol suffered a critical flash loan exploit in which an attacker manipulated the plvGLP price oracle to drain approximately $6.9 million in user funds. The protocol was subsequently relaunched as Lodestar V1 in July 2023; V0 remains abandoned with negligible TVL (~$95K) and the attacker was never publicly identified.

FEGex is a decentralized exchange (DEX) and DeFi launchpad built around the FEG (Feed Every Gorilla) token ecosystem, operating on Ethereum and BNB Chain. The protocol has suffered three separate security exploits between 2022 and 2024, resulting in cumulative losses exceeding $3.6 million and a near-total collapse of token value following the most recent incident. The team operates anonymously and the protocol has demonstrated a repeated inability to prevent critical smart contract vulnerabilities despite multiple third-party audits.

Shido Network (SHIDO) is a Layer-1 proof-of-stake blockchain project founded in Sweden in 2021. On February 29, 2024, an attacker exploited the Ethereum-based SHIDO staking contract by transferring ownership to a new address and upgrading it with a hidden token-withdrawal function, draining over 4.3 billion tokens and causing the price to collapse 94% within 30 minutes. On-chain investigator ZachXBT linked the exploit to a serial hacker responsible for the OKX (December 2023) and Concentric Finance (January 2024) hacks, with the attack vector in each case being private key compromise via social engineering.

Local Traders (localtraders.finance) is a peer-to-peer cryptocurrency exchange and native token (LCT) project launched in 2021, headquartered in Chile and targeting Latin American and African markets. On May 23, 2023, the platform's smart contract was exploited due to a missing access-control check, resulting in approximately 379 BNB (~$119,000) stolen from its liquidity pool. The LCT token has since declined approximately 99.9% from its all-time high, the platform has shown limited trading volume, unverified team credentials, and a lack of regulatory registration, and the project was flagged by on-chain investigator ZachXBT.

Futureswap is a decentralized perpetual futures exchange built on Arbitrum and Avalanche that raised $12 million in 2021 but has been effectively dormant since 2023. The protocol suffered three separate exploits between December 2025 and January 2026, resulting in cumulative losses exceeding $1.3 million, while the team made no public response to any incident. ZachXBT flagged the entity as a risk, and the protocol's last known audit dates to 2021.

ElasticSwap was an Avalanche-first AMM protocol specializing in elastic supply tokens, which launched in May 2022 and was exploited in December 2022 for approximately $854,000 via flash loan attacks that exploited an accounting inconsistency between its addLiquidity and removeLiquidity functions. The vulnerability class that enabled the exploit had been identified in a Code4rena security audit conducted ten months earlier but was not adequately remediated before deployment. The protocol recovered approximately 55% of user funds through a bounty program and community vote, but the TIC governance token lost over 70% of its value and the protocol appears to have ceased meaningful activity.

SurgeBNB was a BEP-20 yield token on Binance Smart Chain operated by the XSurge DeFi project. On August 16–17, 2021, an attacker exploited a reentrancy vulnerability in the contract's sell() function via a flash loan, draining approximately 13,111 BNB (~$5 million USD) from the protocol. The project had publicly claimed to be 'rug-proof' prior to the exploit; post-hack, the team launched a 'SurgeFund' compensation scheme, though the extent and completion of repayment to victims remains unclear.

NowSwap is an Ethereum-based automated market maker (AMM) decentralized exchange that launched in July 2021, positioning itself as the first DEX optimized for small-size trades under $3,000. On September 15, 2021, the protocol suffered a smart contract exploit resulting in the loss of approximately $1.07 million in USDT and WETH, caused by an incomplete code update that left an invalid K-value check in the pair contract. Following the exploit, the protocol's total value locked effectively collapsed to near zero and has remained dormant, with no evidence of remediation, audit, or resumed operations.

Earning.Farm is an Ethereum-based DeFi yield aggregator that deployed leveraged yield strategies on top of Aave. The protocol suffered two distinct security incidents — a flash loan attack in October 2022 that drained approximately 750 ETH (~$950,000), followed by a reentrancy exploit in August 2023 that resulted in an additional ~$528,000 loss. The protocol has been flagged by ZachXBT and has shown no evidence of recovery, compensation to users, or resumed operations following either incident.

Giddy (also branded DefiQ, Inc.) was a Draper, Utah-based self-custody DeFi wallet and yield-farming platform that launched its GDDY token on the Polygon network in April 2022. The project raised over $15 million from VC investors including Pelion Venture Partners, but has since shut down — leaving the GIDDY token trading more than 99% below its all-time high of approximately $0.35 in May 2022. ZachXBT has flagged the entity as a concern in the crypto trust-intelligence space, and community reviews allege that team members sold tokens prior to the app's public launch and that advertised staking yields were never delivered.

CoinDash was an Israeli-founded cryptocurrency portfolio management and social trading platform that conducted an ICO in July 2017. Thirteen minutes into its token sale, an attacker compromised the company's website and substituted a fraudulent Ethereum address, diverting approximately 43,500 ETH (valued at roughly $7-10 million at the time) from over 2,000 investors before the sale was halted. The company later rebranded as Blox and has since ceased operations; the CDT token retains minimal trading volume.

0VIX was a DeFi lending protocol built on Polygon PoS and Polygon zkEVM, forked from the Compound v2 codebase, that launched as one of Polygon zkEVM's inaugural partners. On April 28, 2023, an attacker exploited a price oracle vulnerability in the protocol's vGHST market using a flash loan, draining approximately $2 million in user funds from a total TVL of $6.4 million. Stolen funds were bridged to Ethereum via Stargate Finance and deposited into Tornado Cash; the attacker did not respond to a $125,000 bounty offer. The protocol subsequently rebranded as Keom in August 2023.

Kinto was a KYC-enforced Ethereum Layer 2 built on the Arbitrum Nitro stack, marketing itself as a 'safety-first' DeFi protocol with built-in AML and identity verification. On July 10, 2025, an attacker exploited a CPIMP proxy vulnerability in the $K token contract on Arbitrum, minting 110,000 unauthorized tokens and draining approximately $1.55–1.9 million from Uniswap V4 and Morpho Blue liquidity pools. Despite a partial recovery effort dubbed 'Phoenix,' the project announced shutdown effective September 30, 2025, as fundraising options collapsed and the team ran unpaid for months.

Trinity Wallet was the official desktop and mobile software wallet for the IOTA cryptocurrency, developed and maintained by the IOTA Foundation. In February 2020, a supply chain attack exploiting a compromised MoonPay SDK delivered via CDN resulted in the theft of approximately 8.55 Ti (teraIOTA) worth roughly $2 million from 50 user seeds, forcing the IOTA Foundation to shut down the entire IOTA network for 27 days. Trinity was subsequently deprecated in April 2021 following the Chrysalis protocol upgrade, with the Firefly wallet introduced as its replacement.

Roe Finance is a decentralized lending protocol built on Ethereum that allows Uniswap v2 liquidity providers to lend LP tokens for additional yield. On January 11, 2023, the protocol suffered a flash loan-driven price oracle manipulation exploit that drained approximately $80,000 from its pools, with the majority of profits captured by a front-running MEV bot rather than the original attacker. The protocol issued no official post-mortem or public response to the incident, raising concerns about transparency and operational accountability.

Texture Finance is a Solana-based decentralized lending protocol founded in 2021 and backed by $5 million in venture funding from P2P Capital, Sino Global Capital, Wintermute, and Jane Street Capital. In July 2025, a missing ownership check in its USDC vault smart contract allowed an attacker to steal approximately $2.2 million in user funds; the protocol negotiated a 10% greyhat bounty and recovered roughly $1.98 million. User withdrawals remained disabled following the exploit, and a formal repayment timeline had not been published as of mid-2025.

Ola Finance is a multi-chain decentralized lending protocol offering a 'lending-as-a-service' platform that allows third parties to deploy isolated Compound-style lending pools across multiple blockchains. On March 31, 2022, the protocol's deployment on the Fuse Network was exploited via a reentrancy vulnerability in ERC677 token logic, resulting in approximately $4.67 million in stolen assets. The attacker used Tornado Cash to obscure initial funding, laundered proceeds through Ethereum and BNB Chain wallets, and was never publicly identified; a partial compensation plan was offered but fell materially short of full victim restitution.

Mars Perps was the perpetual futures product of Mars Protocol, deployed on the Neutron outpost of the Cosmos ecosystem. On December 14, 2025, the protocol suffered a mechanism design exploit that drained $973,079 USDC from lending depositors via skew-based same-block arbitrage. The exploit ultimately triggered a full protocol wind-down, which concluded in March 2026 with user funds returned and community channels closed.

ALEX (Automated Liquidity Exchange) is a decentralized finance protocol built on the Stacks blockchain, designed to bring DeFi capabilities to Bitcoin. The protocol has suffered two major security exploits: a $4.3 million hack in May 2024 attributed to North Korea's Lazarus Group via a private key compromise of its XLink bridge, and an $8.3 million exploit in June 2025 caused by a smart contract access control vulnerability. In both cases, ALEX Lab Foundation pledged full user reimbursement, though partial recovery of 2024 stolen funds remained ongoing as of mid-2025, and the native ALEX token has declined approximately 99.9% from its all-time high.

Truflation is a blockchain-based inflation data oracle protocol that provides real-time economic indices to DeFi applications via its Truflation Stream Network (TSN) and TRUF token. In September 2024, the project suffered a confirmed malware attack that compromised private keys across its treasury multisig and personal wallets, resulting in losses estimated between $4.6 million and $5.2 million — predominantly in TRUF tokens, ETH, and DAI. On-chain investigator ZachXBT was among the first to publicly identify and report the incident; the project subsequently initiated a full TRUF token migration as a remediation measure.

Singularity Finance (SFI) is an EVM-compatible Layer 2 blockchain protocol that emerged in late 2024 from a three-way token merger involving SingularityDAO, Cogito Finance, and SelfKey, positioning itself as a DeFAI (decentralized finance plus AI) platform within the Artificial Superintelligence Alliance ecosystem. The SFI token launched at an ICO price of approximately $0.123 in February 2025, reached an all-time high near $0.20 on launch day, and had declined approximately 97-98% to around $0.004 by May 2026. On-chain investigator ZachXBT has flagged Singularity Finance as a concern; independently verifiable risk indicators include a catastrophic post-ICO price collapse, an undelivered Q1 2025 mainnet promise, an unaudited smart contract, a reported CertiK Skynet score of 3.6 out of 10, and significant token supply overhang with only 31% of the 500 million maximum supply in circulation.

Shibarium is a layer-2 blockchain built on Ethereum, launched in August 2023 as the scaling solution for the Shiba Inu (SHIB) ecosystem. The network has faced a series of significant incidents including a failed initial launch that trapped $1.7 million in bridged funds, a September 2025 flash loan exploit that drained approximately $4.1 million from its cross-chain bridge via validator key compromise, persistent rug pull activity on its DeFi layer, allegations of code plagiarism, and ongoing transparency concerns stemming from fully pseudonymous leadership. Shibarium initiated a novel NFT-based restitution program following the 2025 exploit but as of early 2026 the recovery path remained unresolved.

Sirio Finance is a DeFAI lending and borrowing protocol built on the Hedera blockchain that launched on January 27, 2025 and suffered a flashloan exploit on February 1, 2025, resulting in an estimated $2–3 million in stolen funds. The exploit occurred within five days of mainnet launch, with post-incident analysis indicating the vulnerability was introduced when the team followed an audit directive from QuillAudits to remove a reentrancy guard from the protocol's smart contracts. The protocol's TVL collapsed to near zero following the hack, and no confirmed recovery of stolen funds or full user compensation has been publicly documented.

Crema Finance is a Solana-based concentrated liquidity market maker (CLMM) DEX protocol that launched in January 2022. On July 2, 2022, the protocol suffered a critical exploit in which an attacker used a fake tick account and flash loans to drain approximately $8.78 million from multiple liquidity pools. Following on-chain negotiations, the attacker returned roughly $7.1 million and retained approximately $1.68 million as an agreed white-hat bounty; Crema subsequently issued a CRM token compensation plan for affected users and submitted a revised codebase for re-audit by SlowMist before reopening.

MM Finance (also known as Mad Meerkat Finance) was the largest decentralized exchange on the Cronos blockchain. On May 4, 2022, the protocol suffered a frontend compromise in which an attacker injected a malicious router contract address, redirecting approximately $2 million in user funds to the attacker's wallet over roughly three hours. The stolen funds were laundered via Tornado Cash and routed through OKX; the team pledged reimbursement via trading fee airdrops, though full recovery of stolen assets was not confirmed. The MMF token subsequently lost approximately 99.9% of its value from its April 2022 all-time high.

Ribbon Finance is an Ethereum-based DeFi protocol that pioneered Theta Vaults (DeFi Options Vaults) for structured yield products, later expanding into the Aevo derivatives exchange. The protocol has experienced multiple serious incidents including a $2.7 million oracle exploit in December 2025 whose recovery plan drew widespread community condemnation, a 2021 Sybil attack on its token airdrop by a connected venture capital firm, and a DNS hijacking in 2022. Its native token RBN lost approximately 90% of its value in 2025 alone and sits more than 99% below its all-time high.

GMX V1 was a decentralized perpetual exchange on Arbitrum and Avalanche that operated from September 2021 until July 2025, when a reentrancy exploit drained approximately $42 million from its GLP liquidity pool. The protocol has since disabled all V1 trading and GLP minting; it is no longer an active product, with users directed to GMX V2, which was unaffected by the exploit.

WOOFi Swap is a decentralized exchange (DEX) built by WOO Network, operating on 12+ blockchain networks including Arbitrum, Avalanche, and Optimism, and using a proprietary synthetic Proactive Market Maker (sPMM) algorithm. On March 5, 2024, the protocol suffered a critical oracle manipulation exploit on Arbitrum in which an attacker used flash loans to manipulate WOO token pricing to near zero, stealing approximately $8.75 million; funds were not recovered. The parent platform WOO X also suffered a separate $14 million phishing-linked breach in July 2025 attributed to North Korean state-sponsored threat actors, compounding the ecosystem's security record.

Compound V2 is a legacy Ethereum-based decentralized lending protocol launched in May 2019 and formally deprecated in December 2025 in favor of Compound V3 (Comet). The protocol has experienced a series of material incidents including a ~$80M COMP token distribution bug in October 2021, a $89M oracle-driven liquidation cascade in November 2020, a confirmed website hijack flagged by ZachXBT in July 2024, a social media phishing hack in 2023 that resulted in $4.4M in losses, and an alleged governance attack in July 2024 in which a whale coordinated the passage of a $24M treasury transfer. V2 is now in wind-down mode with new borrows and mints paused.

Kronos Research is a Taipei-based cryptocurrency quantitative trading firm and market maker founded in 2018 by Mark Pimentel and Jack Tan. The firm experienced two serious security incidents within months of each other in 2023: an insider sabotage case in which two disgruntled engineers tampered with trading code causing $1.4 million in losses, and an external hack in November 2023 where compromised API keys led to the theft of approximately $25–26 million. The November hack cascaded onto WOO X, an exchange Kronos incubated and served as primary liquidity provider, causing a temporary trading halt and liquidations for 227 users.

BtcTurk is Turkey's oldest and largest centralized cryptocurrency exchange, founded in 2013 in Istanbul. The exchange has suffered two major hot wallet breaches in 14 months — approximately $55 million stolen in June 2024 and approximately $48–$49 million in August 2025 — both attributed to private key compromise, establishing a pattern of repeated critical security failures. Despite operating under Turkish regulatory frameworks (CMB and MASAK) and maintaining cold wallet protections, the exchange's inability to prevent a second near-identical attack within a year raises serious concerns about the adequacy of its security controls.

ParaSpace Lending V1 was an Ethereum-based cross-margin NFT and fungible token lending protocol launched in December 2022. In March 2023, a price manipulation exploit targeting the AutoCompoundApe contract nearly drained $5 million (2,909 ETH) from the protocol; blockchain security firm BlockSec intervened in a white-hat operation to recover the funds. In May 2023, a separate internal governance crisis erupted when over 19 team members accused CEO Yubo Ruan of misappropriating approximately 1,454.5 ETH (~$2.7M) from the recovered funds, allegations Ruan denied. The protocol subsequently rebranded through a merger with Parallel Finance, forming ParaX in August 2023, while the original V1 contracts were wound down and remain at minimal TVL as of 2026.

Cardex is an on-chain fantasy trading card game that launched on the Ethereum layer-2 network Abstract in February 2025, offering tokenized digital versions of collectible trading cards for competition in online tournaments. Within one week of launch, a critical operational security failure — the inadvertent exposure of a shared session signer private key on the application's frontend — allowed an attacker to drain approximately $400,000–$470,000 in ETH from roughly 9,000 user wallets over a seven-hour period. The project has been flagged by ZachXBT; user accusations of a rug pull circulated on Telegram, though Abstract core contributors attributed the incident to mishandled credentials rather than intentional fraud. No confirmed restitution fund or formal accountability measure had been publicly disclosed as of the most recent reporting.

Seedify (Seedify.fund) is a blockchain gaming incubator and IDO/IGO launchpad founded in February 2021 by Levent Cem Aydan, operating on BNB Chain, Ethereum, and Avalanche with its native SFUND token. The platform suffered a critical $1.2–1.7 million bridge exploit in September 2025 attributed by ZachXBT and CZ (Binance) to the North Korean DPRK-affiliated 'Contagious Interview' hacking campaign, causing SFUND to collapse approximately 80–99% and affecting approximately 64,000 token holders. The platform's SFUND token has declined more than 99% from its November 2021 all-time high of approximately $17.67, and the project has been flagged by ZachXBT in connection with the on-chain forensics tying the exploit to state-sponsored theft infrastructure.

Orange Finance is an Arbitrum-based automated liquidity management protocol designed for LPDfi (liquidity provider DeFi), enabling users to earn swap fees and options premiums via concentrated AMM vaults. On January 8, 2025, the protocol suffered a critical security breach in which an attacker compromised the admin private key, exploited a misconfigured multi-signature wallet that required only a single signature to execute, and drained approximately $843,556 across all active vaults. The protocol was flagged by ZachXBT and has not resumed normal operations since the incident.

Orion Pools is the automated market maker (AMM) and liquidity pool component of Orion Protocol, a DeFi liquidity aggregator founded in 2018 by Alexey Koloskov. On February 2, 2023, the protocol suffered a $3 million reentrancy exploit targeting its core exchange contract across Ethereum and BNB Chain, with stolen funds subsequently laundered through Tornado Cash. The project later rebranded to Lumia in late 2024, pivoting from a liquidity aggregator to a Layer 2 blockchain.

Level Finance (also marketed as Level Perps) is a decentralized perpetual derivatives exchange that launched on BNB Chain in Q4 2022 and later expanded to Arbitrum. In May 2023 the protocol suffered a $1.1 million exploit caused by a logic bug in its referral reward contract that was missed by two prior security audits. The protocol's LVL token has declined approximately 99.9% from its all-time high, and as of 2025-2026 the protocol shows near-zero TVL ($32K), zero fees, and zero revenue, indicating effective dormancy.

Team Finance is a DeFi token-locking and vesting platform operated by TrustSwap Inc. that suffered a critical $14.5 million exploit on October 27, 2022, when an attacker abused a validation flaw in its Uniswap V2-to-V3 migration function. The attacker ultimately returned approximately $7 million, retaining roughly 10% as a self-declared bug bounty; Team Finance subsequently switched auditors to CertiK and reported full user reimbursement by June 2023.

SBI Crypto is a cryptocurrency mining subsidiary of Japan's SBI Holdings, operating one of the top Bitcoin mining pools globally and offering related infrastructure services. On September 24, 2025, addresses linked to the company saw approximately $21–24 million in suspicious outflows across five cryptocurrencies; blockchain investigator ZachXBT and security firm Cyvers identified laundering patterns consistent with DPRK-affiliated Lazarus Group operations. SBI Group did not proactively disclose the breach and provided only minimal confirmation after independent researchers surfaced the incident publicly.

Omm (Open Money Market) is a decentralized lending and borrowing protocol built on the ICON blockchain, launched in August 2021 by Lydia Labs (formerly ICX Station), co-founded by Scott Smiley and Daeki Lee. On January 21, 2023, the protocol suffered a smart contract exploit in which an attacker deployed a malicious contract to drain approximately $1.9 million in user collateral across 18 transactions, exploiting a critical flaw in the Redeem function. Following the exploit, the protocol pivoted away from its money market model toward a liquid staking product, which launched in January 2024, though TVL and market activity remain minimal.

Harbor Protocol is a decentralized collateralized-debt-position (CDP) protocol built on the Comdex chain (Cosmos SDK / CosmWasm) that enabled users to mint the Composite stablecoin (CMST) against whitelisted collateral assets. The protocol suffered two distinct security incidents in 2023 — an oracle-manipulation liquidation event in June and a direct vault drain exploit in August — after which its total value locked collapsed to effectively zero. As of 2025 the protocol appears inactive, with the HARBOR governance token near worthless and no meaningful community or development activity detected.

Portal (PORTAL) is a Web3 gaming platform and cross-chain token project that launched on Binance Launchpool on February 29, 2024, reaching an all-time high of approximately $4.41 before collapsing over 99% to below $0.01 by late 2025. The project has been flagged due to concerns including extreme token holder concentration, a low audited code coverage percentage, a pre-seed investor price roughly 30x below the listing price creating immediate sell pressure, active phishing and wallet-drainer campaigns impersonating the project, and a partially anonymous founding team. No formal regulatory action by the SEC, CFTC, or DOJ has been publicly confirmed as of May 2026.

FOOM Cash (foom.cash) is a pseudonymous, privacy-focused decentralized lottery protocol built on Ethereum and Base, marketed as an 'upgraded Tornado Cash' using zk-SNARKs cryptography. On February 26, 2026, the protocol suffered a $2.26 million exploit caused by a critical deployment error in its Groth16 trusted setup — a flaw publicly known from an identical exploit on Veil Cash days earlier that the team failed to patch. The team had been silent for approximately three months prior to the attack and was subsequently flagged as a notable risk by AVOID.NET due to compounding concerns: anonymous founders, serious operational negligence, misleading post-incident communications, and unverifiable audit claims.

HTX (formerly Huobi Global) is one of the world's largest cryptocurrency exchanges, rebranded in September 2023 following the de facto acquisition of Huobi by interests linked to Justin Sun in late 2022. The exchange has suffered at least three significant security incidents totaling over $130 million in losses since September 2023, and in May 2026 was sanctioned by the UK government for alleged facilitation of Russian sanctions evasion — the first such crypto-exchange designation under the UK Russia sanctions framework. HTX also faces FCA legal proceedings over illegal financial promotions to UK consumers, has withdrawn its Hong Kong licensing applications twice, and has been publicly criticized for opaque reserve practices.

Stake.com is a Curaçao-licensed cryptocurrency gambling and sports betting platform co-founded in 2017 by Australians Ed Craven and Bijan Tehrani, operating as one of the largest crypto casinos globally with reported 2024 revenue of $4.7 billion. On September 4, 2023, the platform suffered a critical security breach in which approximately $41.35 million in cryptocurrency was drained from its hot wallets across Ethereum, BNB Smart Chain, and Polygon networks; the FBI formally attributed the attack to North Korea's Lazarus Group (APT38) within 48 hours. Stake.com restored full operations within five hours of the incident and stated that user funds were not affected, though the root cause — a likely hot wallet private key compromise — has never been officially confirmed by the company.

Typus Perp is a GMX-style perpetuals DEX operating on the Sui blockchain, developed by Typus Finance (founded by Tommy Chen). On October 15, 2025, the protocol suffered a $3.44 million oracle manipulation exploit that drained its TLP liquidity pool entirely — caused by an unaudited smart contract module that was excluded from the project's May 2025 MoveBit security audit. As of May 2026, the protocol has minimal TVL ($126K) and the stolen funds have not been recovered.

Huobi, rebranded to HTX in September 2023, is a major centralized cryptocurrency exchange founded in 2013 that came under the de facto control of Tron founder Justin Sun in late 2022. The exchange has suffered three significant security incidents since September 2023, faces extensive regulatory non-compliance across multiple jurisdictions, and its proof-of-reserves methodology has been subject to credible allegations of double-counting and asset manipulation by investigative outlets.

BitBNS (Bitbns) is an Indian cryptocurrency exchange founded in 2017 by Gaurav Dahake, Prashant Singh, and Srikanth Sethumadhavan, operating under Buyhatke Internet Private Limited and headquartered in Bengaluru. In February 2022 the exchange suffered a $7.5 million hack that it concealed from users under the guise of 'system maintenance' for over a year until on-chain investigator ZachXBT publicly exposed the breach in March 2023. The exchange subsequently froze user withdrawals for approximately two years, drawing multiple court actions in India and sustained criticism for withholding customer funds while continuing to accept new deposits.

THORChain is a decentralized cross-chain liquidity protocol that enables native asset swaps across blockchains without wrapped tokens, using its RUNE token as settlement collateral. Since its mainnet launch, the protocol has suffered three significant exploit events totaling over $25 million in losses, became the primary laundering conduit for North Korea's Lazarus Group following the 2025 Bybit hack ($1.2 billion routed through the network), and its THORFi lending product collapsed in January 2025 with approximately $200 million in user funds frozen. The protocol faces ongoing legal action from creditors, has lost key developers over ethical disputes about blocking illicit transactions, and experienced a further $10.8 million vault breach in May 2026.

EraLend (formerly Nexon Finance) is a decentralized lending protocol on zkSync Era that suffered a $3.4 million read-only reentrancy exploit on July 25, 2023, draining its USDC pool due to a vulnerability in inherited SyncSwap oracle code. The protocol's pre-hack audit by PeckShield explicitly assumed a trusted price oracle, leaving the vulnerable oracle mechanism unexamined. EraLend relaunched post-hack with a fee-based compensation plan but has seen its TVL decline sharply to approximately $138,000 as of 2025-2026.

Remitano is a peer-to-peer cryptocurrency exchange operated by Babylon Solutions Limited, incorporated in Seychelles and active since 2015. The platform suffered a confirmed hot wallet hack in September 2023 resulting in approximately $2.7 million in losses, with the Lazarus Group (North Korea-linked) alleged as a probable suspect. Regulatory authorities in Malaysia, the United Kingdom, and Seychelles have issued warnings or taken enforcement actions against Remitano for operating without authorization, and the operating entity Babylon Solutions Limited was dissolved and struck off as of January 1, 2023.

SharedStake is an Ethereum liquid staking protocol launched in January 2021 that allowed users to deposit ETH in exchange for the vETH2 liquid staking token. In June 2021, a co-founder using the pseudonym 'Kairos' exploited a critical timelock bypass vulnerability in the protocol's vesting contracts — a bug that had been disclosed to the team two months prior — draining approximately $128,000 from liquidity providers and sending 100 ETH through Tornado Cash. The protocol subsequently relaunched as SharedDeposit v2 under remaining team members, though the SGT governance token never recovered.

Griffin AI is a Web3 no-code AI agent builder on BNB Chain that launched its native GAIN token on Binance Alpha on September 24, 2025. Within hours of launch, an attacker exploited a misconfigured LayerZero cross-chain peer to mint 5 billion unauthorized GAIN tokens and dump approximately $3 million worth into the market, crashing the token 87-90% and erasing roughly $36 million in market capitalization. The team subsequently enacted a token migration, a $2.5 million recovery fund, and a re-launch on October 6, 2025, though GAIN continues to trade approximately 95% below its all-time high.

AzukiDAO is an informal decentralized autonomous organization formed in late June 2023 by a self-described group of 72 to 74 Azuki NFT holders in response to widespread community outrage over the Azuki Elementals NFT launch. Within days of its formation, AzukiDAO's BEAN governance token airdrop contract was exploited via a signature replay vulnerability, resulting in the theft of approximately 35 ETH ($68,000). On-chain investigator ZachXBT had previously flagged the Azuki project's founder Zagabond (Alex Xu) for alleged involvement in multiple prior abandoned NFT projects, and his findings were central to the community grievances that motivated AzukiDAO's creation.

KyberSwap is a decentralized exchange (DEX) and liquidity protocol operated by Kyber Network. In November 2023, KyberSwap Elastic — the protocol's concentrated liquidity layer — suffered one of the largest DEX exploits of the year, with approximately $48.9 million drained across thirteen chains via a sophisticated tick-manipulation and rounding-error attack. The alleged attacker, Canadian national Andean Medjedovic, was subsequently indicted by U.S. federal prosecutors on five felony counts and remains a fugitive as of mid-2026.

Rubic is a cross-chain DEX aggregator founded in 2020 by Vladimir Tikhomirov and Alexandra Korneva, supporting swaps across 90+ blockchains. The protocol suffered two significant security incidents within two months in late 2022: a private key compromise in November that drained approximately $1.2 million in RBC tokens, followed by a smart contract exploit on December 25, 2022 that stole roughly $1.4 million in user USDC. Both events caused severe token price collapses, though the platform subsequently implemented new security architecture and remained operational into 2025.

UPCX is a blockchain payment protocol that suffered a $70 million exploit on April 1, 2025, when an attacker compromised an administrative private key and used it to push a malicious smart contract upgrade, draining 18.4 million UPC tokens from management accounts. The attack was enabled by the absence of multisig controls on privileged protocol functions, despite having undergone CertiK and Cyberscope audits that did not catch the operational key management risk. Despite listing on a Japanese FSA-licensed exchange just 11 days prior, no recovery of stolen funds was reported.

Zoth is a Dubai-based real-world asset (RWA) restaking protocol and the issuer of ZeUSD, a CDP-style stablecoin backed by tokenized fixed-income assets including U.S. T-Bills and ETFs. In March 2025, the protocol suffered two separate security incidents within three weeks: a $285,000 logic-flaw exploit on March 1 and a critical $8.4–8.85 million admin key compromise on March 21, the latter resulting in the theft of 8.85 million USD0++ tokens. The stolen funds remain largely unrecovered as of mid-2025, with Zoth offering a $500,000 bounty and engaging Crystal Blockchain BV for forensic investigation.

Vulcan Forged is a UK-based blockchain gaming studio and NFT marketplace operating on Polygon and its own Elysium Layer-1 blockchain, best known for VulcanVerse and its native PYR token. In December 2021 the platform suffered one of the largest gaming-sector hacks on record: an attacker exploited Vulcan Forged's servers to extract private keys from 96 semi-custodial wallets, stealing approximately 4.5 million PYR tokens then valued at roughly $140 million. The platform subsequently refunded affected users from its treasury and pledged to migrate to non-custodial wallets, but the incident exposed fundamental centralization and custodial risks in its architecture.

Platypus Finance is an Avalanche-based stablecoin automated market maker (AMM) and issuer of the USP stablecoin that suffered three separate exploits in 2023, losing a combined total of approximately $11.75 million. The first and most severe attack in February 2023 exploited a logic flaw in the protocol's emergency withdrawal function, draining roughly $8.5–9.1 million and causing the USP stablecoin to lose its dollar peg. Two French brothers identified by blockchain investigator ZachXBT were arrested and later acquitted on criminal charges after one argued he was an 'ethical hacker'; as of 2024 the protocol's total value locked had collapsed from over $200 million at peak to below $100,000.

BetterBank is a DeFi lending and borrowing protocol built on PulseChain, launched in August 2025, offering a dual-token system (ESTEEM and FAVOR) with high-yield savings and LP-backed credit. Approximately three weeks after launch, the protocol suffered a $5 million exploit on August 26-27, 2025, caused by an unvalidated bonus reward minting function that had been flagged as a critical vulnerability by auditor Zokyo one month prior but was downgraded to 'Informational' severity and left unpatched by the team. The attacker returned approximately $2.7 million following on-chain negotiations, leaving a net loss of roughly $1.4 million; the protocol subsequently froze trading and announced relaunch plans.

Venus Core Pool is the primary lending market of Venus Protocol, the largest decentralized money market on BNB Chain. The protocol has accumulated over $112 million in cumulative losses across at least five separate security incidents since 2021, including oracle manipulation, a phishing attack draining $27 million from the Core Pool itself in September 2025, and a donation-attack exploit in March 2026 that left $2.15 million in unrecoverable bad debt. A critical vulnerability flagged during a 2023 Code4rena security audit was dismissed by the development team and subsequently exploited twice.

CrossCurve (formerly EYWA) is a cross-chain DeFi liquidity protocol built in partnership with Curve Finance, backed by $8.5 million in funding including a seed round led by Curve founder Michael Egorov. On February 1-2, 2026, the protocol suffered a critical smart contract exploit in its ReceiverAxelar bridge contract, resulting in an estimated $3 million in user losses across multiple chains; confirmed liquid losses were approximately $1.44 million after exchange freezes limited attacker liquidation. A subsequent Hashlock audit of separate OFT messaging contracts in March 2026 found and resolved additional vulnerabilities, and the protocol has not publicly confirmed full fund recovery from the February exploit.

DFX Finance is a decentralized foreign exchange protocol optimized for trading fiat-backed stablecoins such as CADC, EURS, and XSGD, backed by investors including Polychain Capital. On November 10, 2022, the V2 smart contracts were exploited via a reentrancy vulnerability in the flash loan function, resulting in approximately $7.5 million in total losses split between a primary attacker (~$4.3M) and an MEV front-running bot (~$3.2M). The stolen funds were funneled into Tornado Cash; the protocol subsequently paused all contracts, launched a DFX-token reimbursement plan, and later released V3, but TVL remains near zero as of 2024.

Revest Finance is an Ethereum DeFi protocol that tokenizes ERC-20 assets into Financial NFTs (FNFTs) using the ERC-1155 standard, allowing users to lock and manage assets with programmable release conditions. On March 27, 2022, the protocol suffered a reentrancy attack that resulted in approximately $2 million in user funds stolen, with the team publicly acknowledging it lacked the resources to fully reimburse victims. The protocol remains technically active with extremely low TVL and a token (RVST) that has declined over 99% from its all-time high.

Bent Finance is an Ethereum-based DeFi yield aggregator built on top of Curve Finance and Convex Finance, offering staking and liquidity pool boosting for the BENT token. In December 2021, the protocol suffered an insider exploit in which a rogue developer with access to the contract deployer private key inserted a backdoor into the cvxCRV and MIM pool contracts, resulting in the theft of approximately 440 ETH (~$1.75M). Stolen funds were ultimately returned by the attacker and reimbursed to users by late December 2021, but the incident caused a 73% BENT token price collapse and left the protocol with negligible TVL.

Slope Wallet (Slope Finance) was a Solana-based mobile cryptocurrency wallet that suffered a catastrophic security breach on August 2, 2022, in which over 9,200 wallets were drained of approximately $4–8 million in assets due to the app transmitting users' unencrypted seed phrases to a third-party telemetry service (Sentry). The root cause was a severe security misconfiguration by Slope Finance, in which the mobile application logged plaintext private key material without proper scrubbing. No formal victim compensation was established, the team declined to publicly accept responsibility, and founder Leal Cheung subsequently launched a new project (zkME) without resolution for affected users.

OlaXBT (ticker: AIO) is a BNB Smart Chain-based AI trading platform that raised $3.38 million in seed funding led by Amber Group and launched publicly in July 2025. The project suffered a confirmed multi-signature wallet breach on September 1, 2025 that resulted in the theft of approximately 32 million AIO tokens (estimated $2 million at the time), forcing an emergency token contract migration that several exchanges declined to support. Additional risk factors include extreme holder concentration (approximately 96% of supply held by two addresses per CertiK Skynet data), an anonymous founding team with unverifiable claimed credentials, and multiple exchange delistings citing security concerns.

KuCoin is a global cryptocurrency exchange founded in 2017 that has accumulated one of the most serious regulatory and security records in the industry. The exchange suffered a $285 million hot-wallet hack in September 2020 attributed to North Korea's Lazarus Group, and in January 2025 pleaded guilty to operating an unlicensed money transmitting business in the United States, agreeing to pay over $297 million in fines and forfeitures and exit the US market for at least two years. On-chain investigator ZachXBT has publicly alleged that KuCoin continues to enable illicit fund flows by ignoring victim and law enforcement requests.

Super Sushi Samurai (SSS) is a Telegram-based blockchain game launched on the Blast layer-2 network in March 2024. On March 21, 2024 — four days after launch — a critical infinite-mint vulnerability in the SSS token contract was exploited, draining approximately $4.6–4.8 million (1,310 ETH) from its liquidity pool and causing the token to lose over 99% of its value. The attacker claimed to be a white-hat actor, and most funds were returned minus a 5% bounty; however, approximately 40 ETH were separately stolen by a distinct black-hat actor and the failed audit by Verichains raises material security governance concerns.

GemPad is a multi-chain no-code token launchpad and crowdfunding platform operating primarily on BNB Smart Chain, Ethereum, and Base, launched around 2021. On December 17, 2024, a reentrancy vulnerability in its LP Locker V2 smart contract was exploited across three chains, draining approximately $1.9–$2.2 million in locked liquidity from at least 27 dependent projects. Stolen funds were routed through Tornado Cash, and GemPad issued no public compensation plan for affected projects.

Nemo Protocol is a Sui-based DeFi yield trading platform that suffered a $2.6 million exploit on September 7, 2025, caused by an unnamed developer who deployed unaudited code to mainnet while bypassing internal review processes. A security auditor had flagged a related vulnerability 27 days before the attack, which the team acknowledged it failed to address in time. The protocol's TVL has since collapsed to zero and it has been flagged as high-risk by trust intelligence sources.

Moola Market is a decentralized lending protocol built on the Celo blockchain, founded in 2020 by Patrick Baron and backed by Polychain Capital. In October 2022, the protocol suffered a price manipulation exploit draining approximately $9.1 million, making it one of the largest DeFi incidents on Celo; over 93% of funds were returned by the attacker within hours in exchange for a roughly $500,000 bounty. The protocol subsequently relaunched with reduced collateral thresholds, but its TVL and MOO token value have declined sharply since the incident.

Aperture LM (also marketed as Aperture Finance) is a multi-chain DeFi liquidity management protocol that launched in 2022 and raised $12 million at a reported $250 million valuation. On January 25, 2026, the protocol suffered a critical smart contract exploit due to insufficient input validation in its V3 and V4 helper modules, resulting in $3.67 million stolen from Aperture directly and contributing to a combined ~$17 million loss across a coordinated attack that also hit SwapNet. Stolen funds were laundered through Tornado Cash, no public compensation plan for affected users has been confirmed, and the protocol's closed-source contract architecture was identified as a compounding risk factor that hindered independent security review.

Belt Finance (belt.fi) is a multi-strategy yield aggregator and stableswap AMM built primarily on Binance Smart Chain (BSC), developed by South Korean blockchain firm Ozys. On May 29, 2021, the protocol was exploited via a flash loan attack that netted the attacker approximately $6.23 million in BUSD and caused an estimated $50 million in total pool losses. The protocol announced a phased compensation plan for affected users but full repayment status remains unverified; the protocol has continued operating in diminished form, with current TVL of approximately $12 million as of 2025.

Holograph is an omnichain tokenization protocol that enables cross-chain asset transfers, launched in 2022 by CXIP Labs with $6.5 million in seed funding. On June 13, 2024, a former technical contractor exploited admin-level access to the protocol's operator contract to mint 1 billion unauthorized HLG tokens worth approximately $14.4 million, crashing the token price by over 80%. Four suspects were subsequently arrested in Italy and extradited to France, where criminal proceedings are ongoing; approximately 80% of stolen tokens were reported recovered by law enforcement.

Arcadia V2 is a non-custodial leverage farming and liquidity management protocol operating primarily on Base, developed by Belgium-based Arcadia Finance (founded 2021, backed by Coinbase Ventures). The protocol has suffered two serious security exploits: a July 2023 reentrancy attack on its V1 codebase draining approximately $455K across Ethereum and Optimism, and a more severe July 2025 arbitrary calldata exploit on V2's Rebalancer contract that drained approximately $3.6M on Base despite multiple prior audits. ZachXBT has flagged the protocol as a high-risk entity given this pattern of repeated critical security failures.

Gala Games is a blockchain gaming platform founded in 2019 by Eric Schiermeyer and Wright Thurston whose GALA token has been at the center of two major controversies: a 2023 civil lawsuit alleging Thurston stole 8.6 billion GALA tokens (~$130M) from company wallets, and a separate May 2024 smart contract exploit in which an unauthorized minter minted 5 billion tokens worth approximately $200M. Both co-founders have filed competing civil suits alleging misappropriation of hundreds of millions of dollars, while Thurston also faces an unrelated SEC fraud action over a separate crypto mining venture.

Gamma Strategies is a DeFi active liquidity management (ALM) protocol built on Uniswap v3 and other concentrated-liquidity DEXs, formerly known as Visor Finance. The protocol suffered a significant flash loan exploit on January 4, 2024, resulting in losses of approximately $6.18 million across four vaults on Arbitrum; the attacker laundered the majority of stolen funds through Tornado Cash. This was not the protocol's first security incident: its predecessor Visor Finance lost approximately $8.2 million to an infinite mint vulnerability in December 2021, leading to a rebrand.

GNUS.AI (Genius Ventures, Inc.) is a decentralized AI computing platform that issues the GNUS token across Ethereum, Polygon, and Fantom networks. On May 5, 2024, the project suffered a $1.27 million exploit in which an attacker leveraged a Discord breach to steal private key material, mint 100 million counterfeit GNUS tokens, and sell them into live liquidity pools — causing the token price to collapse. The token has traded 98-99% below its all-time high and ZachXBT has flagged the entity as a concern in the crypto community.

Florence Finance is a DeFi real-world asset (RWA) lending protocol built on Arbitrum that tokenizes euro-denominated loans to European small and medium enterprises (SMEs). In November 2023 the protocol lost $1.45 million in USDC to an address poisoning attack, and notably failed to publicly acknowledge the theft for at least five days after it was reported by security firms. As of 2025-2026 the protocol's TVL has collapsed to approximately zero and the official website indicates the project is shutting down.

Moonwell is a decentralized, non-custodial lending and borrowing protocol deployed on Base, Optimism, Moonbeam, and Moonriver, operating as a fork of Compound v2. The protocol has suffered at least five distinct security incidents between 2022 and 2026, resulting in combined losses and bad debt exceeding $5 million, including repeated oracle failures, a flash loan exploit, a near-successful governance attack, and an AI-assisted smart contract misconfiguration. Despite multiple audits by Halborn and Code4rena, the pattern of recurring vulnerabilities and the removal of its Immunefi bug bounty program in early 2025 have raised significant security concerns.

US Permissionless Dollar (USPD) is a decentralized, over-collateralized stablecoin protocol built on Ethereum by Permissionless Technologies, the team behind the Morpher trading platform. In December 2025, the protocol suffered a critical exploit via a clandestine proxy deployment attack — later dubbed CPIMP — that had silently compromised admin privileges since September 2025, resulting in approximately $1 million in losses. The project has undergone audits by Nethermind and Resonance Security but the exploit bypassed audited code by targeting the deployment layer, raising unresolved questions about operational security and the viability of the planned V2 relaunch.

Growth DeFi is a Binance Smart Chain (BSC) yield aggregator and DeFi ecosystem founded in 2020, offering the GRO governance token, the WHEAT yield optimizer, and the MOR overcollateralized stablecoin. On February 8, 2021, the protocol suffered a flashloan price oracle exploit targeting its stkGRO/rAAVE staking contract, resulting in approximately $1.3–1.4 million in stolen funds with no full recovery. As of 2026, the protocol has an extremely low TVL of roughly $22,000 and the GRO token trades at near-zero valuations, indicating near-complete abandonment.

Indodax (formerly Bitcoin Indonesia) is Indonesia's largest licensed cryptocurrency exchange, founded in 2014 by Oscar Darmawan and William Sutanto and serving over 9.6 million users. In September 2024, the exchange suffered a major security breach attributed to North Korea's Lazarus Group, resulting in approximately $22–25 million in losses across multiple blockchains. The exchange pledged full reimbursement to affected users, resumed operations within roughly 80 hours, and has since undergone a leadership restructuring.

dForce Lending (operating as Lendf.Me) is a Chinese-founded DeFi lending protocol that suffered a landmark ~$25 million ERC-777 reentrancy exploit in April 2020 — one of the largest DeFi hacks of that year — and a second reentrancy attack in February 2023 that drained $3.65 million. In both incidents, stolen funds were ultimately returned after the attackers were identified or negotiated with. The protocol has also faced persistent allegations of plagiarizing Compound Finance's open-source smart contract code without attribution, and a 2021 ConsenSys Diligence audit flagged centralised owner controls capable of draining user funds. ZachXBT has flagged dForce as a high-risk entity.

YOLO Games is an on-chain gambling platform built on the Blast Layer 2 network, offering high-risk games such as YOLO, Moon or Doom, and Poke the Bear, with a native $YOLO token as its reward mechanism. In June 2024, an access control vulnerability in a third-party Liquidity Bootstrapping Pool (LBP) contract was exploited, resulting in the extraction of approximately $1.387 million, of which 90% was subsequently returned by the attacker acting as a whitehat. The $YOLO token has since collapsed approximately 99.6% from its all-time high and the protocol shows near-zero fee activity as of 2025-2026, suggesting severe user attrition or effective abandonment.

Meter (meter.io) is a layer-1 blockchain protocol and cross-chain bridge infrastructure founded in 2018, operating a dual-token system (MTR and MTRG) with an EVM-compatible sidechain and a multi-chain bridge product called Meter Passport. On February 5, 2022, Meter Passport suffered a critical smart contract exploit that drained approximately $4.4 million in wETH and BNB, with cascading losses of approximately $2.1–3.3 million to the Hundred Finance lending protocol. The team committed to a PASS token reimbursement scheme but full recovery for affected users remained contingent on foundation revenues, and stolen funds were partially laundered through Tornado Cash.

dYdX V3 was a decentralized perpetual futures exchange built on Ethereum using StarkWare's StarkEx Layer-2 technology, operated by dYdX Trading Inc. The platform suffered a $9 million insurance fund drain in November 2023 due to an alleged coordinated market manipulation attack targeting YFI and SUSHI markets, a DNS hijacking attack in July 2024, and a software supply chain compromise in September 2022. The V3 product was formally sunset on October 28, 2024, with trading migrated to the dYdX Chain (V4) on Cosmos.

Akropolis is an Ethereum-based DeFi protocol founded in 2017 by Ana Andrianova and Kate Kurbanova, offering yield aggregation and undercollateralized lending through its Delphi and Sparta products. On November 12, 2020, the protocol suffered a $2.03 million DAI exploit via a reentrancy and flash loan attack — a vulnerability that was missed across multiple third-party smart contract audits. The project subsequently rebranded to Kaon in early 2025, having never recovered the stolen funds or fully compensated affected users.

Lendf.me was a decentralized lending protocol built by dForce Network and launched in September 2019 as a fork of Compound v1. On April 19, 2020, an attacker exploited a reentrancy vulnerability involving ERC-777 tokens to drain approximately $25.2 million from the protocol — at the time representing 99.95% of its total value locked. The attacker returned nearly all funds within two days after inadvertently exposing identifying metadata, and the original Lendf.me contract was permanently deprecated following the incident.

Hegic is an anonymous-founded, Ethereum-based decentralized options trading protocol originally launched in April 2020. The original (v1) smart contract suffered a critical code defect within hours of mainnet deployment that permanently locked user funds, compounded by misrepresentation of the pre-launch security review. A separate deprecated contract from January 2022 was additionally exploited in February 2025, draining approximately $80,000 in WBTC. While affected users were reimbursed out of team funds in both incidents, the underlying contracts remain permanently compromised.

OKX NFT Aggregator is the NFT marketplace and aggregation layer of OKX, one of the world's largest crypto exchanges, supporting over 21 blockchains and 32 aggregated markets. The product has been implicated in a smart contract storage-collision exploit (June 2024), operates within an exchange that pleaded guilty to U.S. AML violations and agreed to a $504 million DOJ settlement (February 2025), and saw its parent DEX aggregator suspended in March 2025 after North Korea's Lazarus Group used the broader OKX Web3 infrastructure to launder approximately $100 million from the Bybit hack. ZachXBT has flagged the entity in the context of these broader OKX platform concerns.

zkFinance is a DeFi lending and borrowing protocol deployed on zkSync Era that also offers bridging, cross-chain swaps, and a concentrated-liquidity DEX. The protocol suffered a documented $200,000 protocol logic exploit attributed to an oracle misconfiguration in November 2024 and has since registered near-zero TVL ($24,990) with no active loans outstanding. The team is pseudonymous, no public founder identities have been verified, and the protocol's native ZGT token has attracted minimal exchange listing activity and negligible on-chain trading volume.

Hyperbridge is a cross-chain interoperability protocol built by Polytope Labs (founded by Nigerian engineers Seun Lanlege and David Salami) that uses cryptographic proofs to facilitate asset and message transfers across blockchains. On April 13, 2026, an attacker exploited a Merkle Mountain Range (MMR) proof verification vulnerability in the Token Gateway contract, minting 1 billion fraudulent bridged DOT tokens and extracting losses initially reported at $237,000 but later revised to approximately $2.5 million across Ethereum, Base, BNB Chain, and Arbitrum. The exploit occurred less than two weeks after the project publicly mocked the possibility of being hacked in an April Fools joke, and followed alleged dismissals of security researchers who had flagged vulnerabilities beforehand.

Gate.io (formerly Bter.com) is a centralized cryptocurrency exchange founded in 2013 by Han Lin, serving over 30 million users across 224 countries. The exchange has been flagged by on-chain investigator ZachXBT for allegedly concealing a $230 million hack attributed to North Korean state-sponsored hackers (Lazarus Group) that occurred in April 2018 and was never publicly disclosed to users. Additional concerns include a manipulated futures price feed incident causing millions in user losses in 2025, an AML-based ban by India's Financial Intelligence Unit in 2024, persistent user complaints about frozen withdrawals, and alleged wash trading activity inflating reported volumes.

GoonFi is a proprietary automated market maker (Prop AMM) operating on Solana, launched in June 2025 with no public team, no frontend, and no published smart-contract audit. On March 28, 2026, a protocol logic vulnerability was exploited via mispricing arbitrage, resulting in approximately $254,000 in losses with no recovery reported. The protocol has been flagged by ZachXBT and is cited by researchers as representative of a broader Solana centralization concern, wherein anonymous, closed-source market makers capture an outsized share of DEX volume with minimal accountability.

Saga is a Layer 1 blockchain protocol built on Cosmos that allows developers to deploy parallelized, VM-agnostic dedicated chains called Chainlets, with a primary focus on gaming applications. The SAGA token launched on April 9, 2024 at an all-time high of approximately $7.53, but had declined roughly 99% from that peak by late 2025. In January 2026, the protocol's SagaEVM chainlet suffered a $7 million smart contract exploit that drained bridged assets, caused the Saga Dollar stablecoin to depeg, and led to a 55% TVL crash.

BingX is a Singapore-headquartered centralized cryptocurrency exchange founded in 2018 (originally as Bingbon), operating across 160+ countries with over 10 million reported users. In September 2024, the exchange suffered a confirmed hot wallet breach totaling approximately $52 million across at least seven blockchain networks, with on-chain forensics subsequently linking the attack to North Korea's Lazarus Group. The exchange pledged full user compensation from reserves and resumed withdrawals within days, but independently unverified regulatory claims and initial opacity around the breach raise ongoing due-diligence concerns.

CoinEx is a centralized cryptocurrency exchange that suffered a major hot wallet breach on September 12, 2023, with losses estimated between $54 million and $70 million across multiple blockchains. On-chain investigators ZachXBT and Elliptic attributed the attack to the Lazarus Group (TraderTraitor), a North Korean state-sponsored threat actor, based on wallet address overlap with the contemporaneous Stake.com hack. Stolen proceeds were subsequently laundered in part through the Sinbad Bitcoin mixer, which was sanctioned by the U.S. Treasury's OFAC on November 29, 2023.

Blueberry Protocol is an Ethereum-based decentralized leveraged yield farming and prime brokerage protocol developed by Composable Corp. In February 2024, the protocol suffered a significant exploit caused by an oracle misconfiguration that allowed a flash loan attacker to drain approximately 457.7 ETH (~$1.35M) from three lending markets; most funds were rescued by white hat MEV operator c0ffeebabe.eth but ~91 ETH (~$265,000) was permanently lost to validator payments. Despite completing multiple Sherlock and Hacken audits and raising $2.5M in a June 2024 Series A, the protocol's security track record and history of audit findings raise material concerns for prospective users.

Balancer V2 is a decentralized automated market maker (AMM) protocol launched in 2021 on Ethereum and multiple chains that separates AMM logic from token custody via a central Vault architecture. The protocol has experienced at least four documented security incidents across its V1 and V2 deployments, including a November 2025 exploit that drained approximately $128 million and directly led to the dissolution of Balancer Labs, the corporate entity behind the protocol, announced in March 2026.

Midas Capital is a multichain DeFi isolated lending protocol that forked its codebase from Rari Capital's Fuse implementation. The protocol suffered two separate security exploits in 2023 totaling approximately $1.26 million in losses, with both incidents attributed to known smart contract vulnerabilities that had previously affected other Compound V2 forks. ZachXBT flagged the protocol, and the second exploit resulted in laundered funds routed through Tornado Cash.

Impermax V3 is the third major iteration of Impermax Finance, a DeFi leveraged yield-farming and lending protocol that allows liquidity providers to use Uniswap V3 LP tokens as collateral. The protocol suffered two separate critical exploits in 2025 — a ~$300,000 flash-loan collateral valuation attack in April and a ~$380,000 liquidation logic exploit in November — both on the Base chain, resulting in cumulative losses exceeding $680,000 and leaving lenders with unresolved bad debt. These incidents follow a 2022 private key compromise affecting the IMX token, representing a recurring pattern of security failures across the protocol's history.

uniBTC is a synthetic Bitcoin liquid restaking token issued by Bedrock protocol, enabling wBTC holders to earn BTC-native yield via the Babylon staking protocol while retaining liquidity. In September 2024, a critical minting vulnerability in multiple uniBTC vault smart contracts across eight blockchains was exploited for approximately $2 million after a third-party security firm disclosed the flaw hours before the attack. Post-incident forensics by Fuzzland, disclosed in June 2025, attributed the exploit to an insider threat — a former employee who embedded malware into Fuzzland's internal codebase and used privileged access to execute the attack; Bedrock has since integrated Chainlink Proof of Reserve and expanded to multiple new chains.

Banana Gun is a Telegram-based crypto trading bot launched in 2023 that allows users to snipe token launches on EVM chains and Solana. The project has experienced two major security incidents: a smart contract bug at token launch in September 2023 that caused the BANANA token to crash 99.7%, and a $3 million exploit in September 2024 in which attackers leveraged a Telegram message oracle vulnerability to drain 11 users. Separate, unresolved allegations from on-chain researchers claim the team arranged an exclusive order flow deal with block builder Titan that funneled millions of dollars in user bribe payments away from Ethereum validators.

LI.FI is a Berlin-based cross-chain bridge and DEX aggregation protocol founded in 2021 by Philipp Zentner and Max Klenk. The protocol has suffered two significant smart contract exploits — a $600,000 loss in March 2022 and an $11.6 million loss in July 2024 — both stemming from the same class of arbitrary-call vulnerability, prompting criticism from security researchers that lessons were not learned. Separately, blockchain investigator ZachXBT alleged in June 2025 that North Korean (DPRK) actors accounted for an estimated 15–25% of the protocol's volume during May 2025, using LI.FI to launder funds from the Bybit hack.

Dolomite is a decentralized money market and trading protocol originally launched on Ethereum in 2019 and migrated to Arbitrum in 2022. The protocol suffered a $1.8 million exploit in March 2024 due to a reentrancy vulnerability in a legacy 2019 Ethereum contract. The platform drew significant controversy in 2026 when Trump-affiliated World Liberty Financial (WLFI) used 5 billion WLFI tokens as collateral to borrow $75 million on Dolomite — a platform co-founded by WLFI's own chief technology officer — driving USD1 pool utilization to 93% and trapping ordinary depositors.

Unizen is a cross-chain DEX aggregator and smart exchange ecosystem operating on Ethereum and multiple other networks, with a native utility token ZCX. On March 8, 2024, the platform suffered a $2.1 million exploit caused by an unsafe external call vulnerability introduced during a smart contract upgrade; the attacker subsequently laundered the stolen funds through Tornado Cash in August 2024. Despite a CEO-funded reimbursement covering approximately 99% of affected users, the incident raised significant questions about upgrade security practices given that two prior audits (Halborn, Verichain 2022) had not caught the flaw.

Tender Finance (tender.fi) was an Arbitrum-based decentralized lending and borrowing protocol that suffered a $1.59 million oracle misconfiguration exploit on March 7, 2023. A white hat hacker exploited a decimal precision error in the GMX price oracle, depositing one GMX token worth approximately $71 to borrow nearly $1.6 million in assets. The hacker returned funds in exchange for a $97,000 bounty, and the project subsequently rebranded to GLend under the Gemach DAO umbrella, migrating its TND token to GLEND and later to GMAC.

DuelBits is a Curacao-licensed crypto casino and sportsbook operated by Liquid Entertainment N.V., launched in 2020. The platform suffered a confirmed $4.6 million private key compromise on February 13, 2024, affecting wallets on both the Ethereum and BNB Chain networks. DuelBits has also been flagged in broader contexts related to unlicensed gambling promotion, Twitch's 2022 ban on unlicensed gambling streams, and mixed user reports of withdrawal delays and account-closure disputes.

Levana Perps is a decentralized perpetual-swap protocol originally deployed on Osmosis (Cosmos ecosystem) and later expanded to Sei and Injective. In December 2023, the protocol suffered a confirmed oracle-manipulation exploit spanning 13 days that drained approximately $1.14 million (roughly 10% of liquidity provider funds). The protocol subsequently underwent a strategic rebrand and token migration into the Rujira (RUJI) ecosystem in 2025, effectively sunsetting the standalone LVN token.

LeetSwap was a decentralized exchange (DEX) launched on Coinbase's Base Layer 2 network in mid-2023 and briefly held the position of the network's largest DEX by trading volume and total value locked. On August 1, 2023, shortly after Base's mainnet opened to all users, an attacker exploited a publicly exposed smart contract function to drain approximately 342 ETH (~$630,000) from multiple liquidity pools. The protocol halted trading, partially recovered funds through white-hat rescue operations, and has since operated at a fraction of its pre-exploit TVL, with no public audit ever confirmed prior to the incident.

Resupply (resupply.fi / resupply.finance) is a decentralized stablecoin lending protocol built by contributors from Convex Finance and Yearn Finance, succeeding the hacked Prisma Finance protocol after a March 2024 governance vote. The protocol suffered a critical $9.6 million exploit on June 26, 2025, caused by a donation-attack vulnerability in a newly deployed ERC-4626 vault, with stolen funds laundered through Tornado Cash. The team's post-exploit governance response generated significant community controversy, including alleged silencing of critics and a disputed insurance-pool burn proposal, before the bad debt was eventually fully repaid in August 2025.

Nexera (formerly AllianceBlock) is a blockchain infrastructure protocol focused on compliant real-world asset tokenization, operating primarily on Ethereum. In August 2024, a threat actor later attributed to North Korea's Lazarus Group used social engineering and BeaverTail malware to steal smart contract management credentials, enabling unauthorized transfer of 47.24 million NXRA tokens valued at approximately $1.9 million. The team mitigated further losses by zeroing out and subsequently burning the 32.5 million tokens that remained in the attacker's wallet, limiting confirmed liquidated losses to roughly $449,000.

numa. (stylized with a period) is a non-custodial DeFi protocol on Arbitrum and Sonic that issues LST-backed synthetic assets (nuUSD, nuBTC, nuETH, nuGOLD) through a burn-and-mint tokenomics model. The protocol suffered two separate exploits in 2025 — a $506K price manipulation attack in April and a $313K collateral valuation exploit in August — resulting in cumulative losses exceeding $800K and a token price decline of approximately 99% from its peak. ZachXBT has flagged the entity in the context of trust intelligence monitoring.

TempleDAO is a DeFi yield protocol launched on Ethereum in August 2021, designed to offer low-volatility, fractionally backed yields on deposited assets. On October 11, 2022, an associated staking product, STAX Finance, suffered a smart contract exploit due to missing access control on the migrateStake() function, resulting in approximately $2.34 million in stolen funds that were subsequently laundered through Tornado Cash. The core TempleDAO vaults were not directly compromised, but the team's anonymous structure and the unrecovered stolen funds remain notable risk factors.

Roll (tryroll.com) is an Ethereum-based social token infrastructure platform that allows creators to mint, distribute, and manage branded personal tokens. On March 14, 2021, Roll suffered a critical security breach in which an attacker compromised the private keys of its hot wallet and liquidated approximately $5.7 million worth of social tokens across 42 different creator tokens, routing stolen ETH through Tornado Cash. Roll subsequently upgraded its security infrastructure via a Fireblocks MPC integration and raised a $10M Series A in September 2021, but the root cause of the private key compromise was never publicly confirmed.

Acala Network is a Polkadot-native DeFi hub offering a multi-collateralized stablecoin (aUSD), liquid staking, and an AMM DEX. On August 14, 2022, a misconfiguration in a newly deployed liquidity pool caused 3.022 billion aUSD to be erroneously minted, triggering a 99% depeg; approximately 98% of the erroneous tokens were subsequently recovered and burned via community governance votes. The incident raised significant concerns about the protocol's claimed decentralization after the team unilaterally placed the network in maintenance mode and froze token transfers without an on-chain vote.

Eleven Finance is a yield optimizer and leveraged yield farming protocol deployed on Binance Smart Chain (BSC) and Polygon. On June 22, 2021, attackers exploited a critical smart contract vulnerability in the protocol's Nerve-partnership vaults, draining approximately $4.5–4.8 million. The team published a recovery plan, repaid an initial 25% tranche from personal debt, and later announced full principal recovery; however, the ELE token has since lost over 99% of its value from its all-time high, and the protocol appears largely inactive.

TreasureDAO is an Arbitrum-based NFT gaming ecosystem and marketplace powered by the MAGIC token. In March 2022 its marketplace suffered a critical smart contract exploit that allowed attackers to acquire NFTs for free, resulting in approximately $1.4 million in losses across 153 NFTs. Separately, blockchain investigator ZachXBT raised concerns in February 2022 about a core team engineer's alleged prior involvement in failed NFT projects. The project has since experienced severe financial distress, shut down its Treasure Chain layer-2 network in May 2025 after five months of operation, and executed major layoffs in a pivot to AI-agent products.

Sentiment is an undercollateralized DeFi lending protocol originally deployed on Arbitrum, later migrating activity to HyperLiquid L1. On April 4, 2023, the protocol suffered a read-only reentrancy exploit resulting in approximately $1 million in losses, of which 90% was returned by the attacker following a negotiated $95,000 bounty. ZachXBT has flagged the entity for elevated risk; the protocol remains operational with a low TVL of roughly $518,000 as of 2025.

Zircon Gamma was a Moonriver-deployed automated market maker (AMM) built by Zircon Labs that pioneered single-sided liquidity provision via its Pylon risk-tranching mechanism. On March 18, 2023, an attacker exploited a vulnerability in the protocol's modified Uniswap V2 core across both its Moonriver and BNB Chain deployments, draining approximately $350,000 in user funds. Following the exploit, the ZRG token lost essentially all market value, development activity ceased by mid-2023, and the promised relaunch and debt-repayment plan have not been publicly demonstrated as fulfilled.

Arena SocialFi (originally Stars Arena, rebranded to The Arena) is an Avalanche-based SocialFi platform launched September 2023. The platform suffered a critical reentrancy exploit on October 7, 2023, losing approximately $2.9 million in AVAX; it subsequently recovered ~90% of stolen funds via a bounty agreement. Following the hack, the original team dissolved and the platform was acquired and rebuilt under new leadership, launching the ARENA token in 2024 and raising $2 million in pre-seed funding.

Berally is a SocialFi and AI-agent social trading platform built on the Berachain blockchain, issuing the BRLY token via a public presale on Fjord Foundry in late 2024. In March 2025, the project suffered a significant security incident in which its deployer private key was alleged to have been leaked, resulting in all vesting tokens being dumped into its liquidity pool and approximately $90,000 drained from the pool. The BRLY token subsequently collapsed to roughly 99% below its all-time high, trading has effectively ceased, and community members have alleged the incident was an inside job, though this has not been formally substantiated.

Blend Pools V2 is a modular, permissionless lending protocol built on the Stellar blockchain by Script3, launched as an upgrade to Blend V1 with additions including flash loans and a reduced backstop threshold. In February 2026, a community-managed pool built on top of the protocol (YieldBlox DAO Pool) suffered a $10.8 million oracle manipulation exploit; Script3 stated the core V2 contracts were not at fault, attributing the incident to pool-operator misconfiguration of the Reflector VWAP oracle.

Exactly Protocol is a decentralized, non-custodial fixed-rate and variable-rate lending protocol deployed on the Optimism Layer 2 network. On August 18, 2023, the protocol suffered a critical exploit resulting in approximately $7.3–$12 million in ETH stolen from 117 user accounts due to insufficient input validation in its DebtManager periphery contract. The protocol has since resumed operations, engaged law enforcement, offered a $700,000 bounty, and passed a governance proposal to compensate affected users with EXA tokens.

Goose Finance is an anonymous-team yield farming and decentralized exchange protocol launched on Binance Smart Chain in February 2021, best known for its EGG governance and reward token. The protocol achieved rapid early traction, reaching third-most-popular DeFi app on BSC within one month, before its EGG token collapsed more than 99% from an all-time high near $172. A post-audit smart contract exploit in March 2026 drained approximately $8,000 via a share accounting flaw, and independent analysts have flagged the layered farming tokenomics as structurally unsustainable.

Kame Aggregator is a decentralized exchange (DEX) aggregator protocol built on the Sei blockchain, launched in late May 2025, designed to route token swaps across multiple liquidity sources for optimal pricing. On September 13, 2025, the protocol suffered a critical smart contract exploit in which approximately $1.325 million was drained from 830 user wallets via an arbitrary external call vulnerability in its swap() function. The primary exploiter returned approximately $946,000 after negotiations, while secondary exploiters retained approximately $357,000; the team initiated a compensation program that reached over $1 million USDC in distributions by November 2025.

Themis Protocol is a DeFi lending and borrowing platform deployed on Arbitrum that allows users to collateralize Uniswap v3 LP positions and Balancer LP tokens to borrow stablecoins and blue-chip assets. On June 27, 2023, approximately eleven days after its beta launch, the protocol suffered a flash loan oracle manipulation exploit resulting in approximately $370,000 in losses. The attacker laundered the stolen funds via Tornado Cash, the protocol was suspended indefinitely, and TVL effectively dropped to near zero following the incident.

Vestra DAO is an Ethereum-based DeFi and SocialFi protocol operating the VSTR token, launched in late 2024. On December 4, 2024, the protocol suffered a critical smart contract exploit in its staking contract that drained approximately $480,000–$500,000 worth of VSTR tokens — an attack that occurred less than one month after the token began trading. Stolen funds were laundered through Tornado Cash, the token price collapsed by roughly 50%, and the project's ability to fully compensate affected users remains unresolved.

Scallop Lend is a DeFi lending and borrowing protocol deployed on the Sui blockchain, and the first DeFi project to receive an official grant from the Sui Foundation. On April 26, 2026, the protocol suffered a flash-loan exploit that drained approximately 150,000 SUI (roughly $142,000) from a deprecated rewards contract that had remained callable on-chain for approximately 17 months despite no longer being in active use. The protocol covered 100% of user losses from treasury reserves and resumed operations within two hours, though the incident raised questions about legacy contract hygiene and the completeness of prior audits by OtterSec, MoveBit, and Zellic.

Revert Lend is a decentralized lending protocol built by Revert Finance that allows Uniswap v3 liquidity providers to use their LP positions as collateral to borrow ERC-20 tokens. The protocol has experienced two confirmed security incidents: a 2023 exploit of the V3Utils contract resulting in approximately $30,000 in losses, and a January 2026 protocol logic exploit on Base chain resulting in approximately $50,000 in losses. The protocol has undergone multiple audits but the recurrence of exploits raises questions about smart contract security practices.

Clipper is a decentralized exchange (DEX) built by Shipyard Software and governed by AdmiralDAO, designed to offer retail traders the lowest per-transaction costs on trades under $10,000 using a novel Formula Market Maker (FMM) mechanism. On December 1, 2024, a protocol logic exploit drained approximately $457,878 from its Optimism and Base liquidity pools by manipulating a single-asset deposit and withdrawal function; the attacker voluntarily returned 104 ETH in January 2025. While the protocol has legitimate venture backing and a documented technical architecture, the exploit revealed a gap between audited and deployed code, and the protocol has been flagged by on-chain investigator ZachXBT.

Makina Finance is a non-custodial DeFi execution engine that launched in late 2025 on Ethereum, enabling automated yield strategies via tokenized vaults called Machines. On January 20, 2026, the protocol suffered a $4.13 million oracle manipulation exploit targeting its DUSD/USDC Curve stableswap pool, despite having completed six independent security audits in the months prior. The team recovered approximately $3.65 million (89% of user losses) within one week and resumed operations on January 26, 2026, though a residual 11% shortfall remained subject to a revenue-share restitution plan.

Steadefi is a decentralized leveraged yield farming protocol operating on Arbitrum and Avalanche. On August 7, 2023, an attacker exploited a compromised deployer private key to drain approximately $1.14 million from the protocol's lending vaults across both chains. The protocol subsequently relaunched with enhanced security measures and issued a token-based compensation plan for affected users, though roughly 70% of stolen funds were never recovered.

CoinStats is an Armenian-founded cryptocurrency portfolio tracking application with approximately 1.5 million users, founded in 2017 by Narek Gevorgyan. On June 22, 2024, the platform suffered a significant security breach in which 1,590 internally-hosted wallets were compromised and approximately $2.2 million in cryptocurrency was stolen, with attribution pointing to North Korea's Lazarus Group. The platform has since rebuilt its infrastructure and restored operations, but no confirmed compensation program for affected users has been publicly documented.

Aethir is a Singapore-based decentralized GPU cloud computing protocol operating as a Decentralized Physical Infrastructure Network (DePIN), founded in 2021 by Mark Rydon and Daniel Wang. The project raised approximately $109M across funding rounds and a $100M+ checker node sale, launched its ATH token in June 2024, and claims $147M+ ARR from enterprise AI and gaming clients. Risk factors include a 95% token price decline from its all-time high, a redirected Season 3 community airdrop, a cross-chain bridge exploit in April 2026 resulting in up to $400K in losses, heavy insider token allocation, and a ZachXBT flag whose specific basis has not been publicly detailed.

Tenderize V2 is a DeFi liquid staking protocol launched on January 29, 2024, enabling users to mint validator-specific liquid staked tokens (tTokens) for assets including MATIC, LPT, and GRT across Ethereum, Arbitrum, and Sei Network. The protocol suffered a protocol logic exploit on April 7, 2025, resulting in a loss of approximately $10,850 via a proxy upgrade skim technique on Ethereum; the incident was relatively small in dollar terms but raised concerns about smart contract integrity. ZachXBT has flagged this entity, and while the protocol holds multiple security audits including a Hacken audit scoring 9.8/10 and a Halborn audit, its current TVL of approximately $495,000 reflects limited adoption relative to the broader liquid staking market.

WOO X is a centralized cryptocurrency exchange founded in 2019 and incubated by Taiwanese quantitative trading firm Kronos Research, offering spot and derivatives trading with a focus on deep liquidity and low fees. The exchange has experienced two significant security events: a November 2023 liquidity crisis triggered by a $26 million hack of its primary market maker Kronos Research, and a July 2025 $14 million breach of nine user accounts attributed to a North Korean state-sponsored group (UNC4899/Lazarus) via phishing of a developer. Both incidents resulted in user compensation from company reserves, though the pattern of security failures and structural dependency on Kronos Research represent elevated counterparty and operational risk.

KiloEx is a decentralized perpetual futures exchange (DEX) backed by YZi Labs (formerly Binance Labs), deployed across opBNB, Base, BNB Chain, Taiko, and other networks. In April 2025, the platform suffered a $7.5–8.44 million oracle price manipulation exploit caused by an access control vulnerability in its TrustedForwarder contract; the attacker subsequently returned all stolen funds within 3.5 days after accepting a $750,000 white-hat bounty. The platform relaunched on April 24, 2025 after a partial security audit, with a full comprehensive audit still pending at that time.

Wise Lending V2 is a decentralized lending and yield-farm aggregator protocol deployed on Ethereum and Arbitrum that allows users to supply crypto assets and earn variable yields. The protocol suffered two confirmed exploits: a price manipulation attack in October 2023 that caused approximately $260,000 in losses, followed by a more severe flash loan and share-inflation attack on January 12, 2024 that drained approximately $464,000. The January 2024 attack exploited a precision flaw in the protocol's ERC-4626-style share accounting logic, and a subsequent Code4rena audit in February 2024 identified 5 high-severity and 17 medium-severity vulnerabilities in the codebase.

Polycule (ticker: PCULE) is a Telegram-based trading bot built for the Polymarket prediction market platform, operating on Solana and Polygon. Launched in May 2025 by a founder identified as 'krish' and backed by a $560,000 seed from AllianceDAO, the project gained significant traction before its bot was compromised in January 2026, resulting in approximately $230,000 in user funds stolen. Extended team silence following the incident generated widespread rug pull allegations, and ZachXBT has flagged the entity in connection with these concerns.

PRXVT (ticker: PRXVT) is a privacy-focused AI-agent token launched on the Base blockchain via the Virtuals Protocol launchpad. The project markets itself as the governance and utility token for px402, an alleged zero-knowledge payment SDK designed to enable anonymous USDC transactions for autonomous AI agents. In early January 2026 the project's staking contract was exploited via a reward-claiming vulnerability, causing the token price to crash to an all-time low and prompting a contested emergency removal of a liquidity pool that was publicly represented as locked for ten years.

Rain (rain.com / Rain Financial) is a Bahrain-headquartered cryptocurrency exchange founded in 2017, holding licenses from the Central Bank of Bahrain and the Abu Dhabi Global Market's Financial Services Regulatory Authority. In April 2024, the exchange suffered a confirmed security breach of approximately $14.8 million in BTC, ETH, SOL, and XRP, which went undisclosed for approximately two weeks until blockchain investigator ZachXBT publicly exposed it. Rain subsequently confirmed the incident and stated that all customer funds were covered from company reserves.

Sharwa.Finance is an on-chain portfolio margin trading protocol deployed on Arbitrum, enabling leveraged spot and options trading with cross-margin collateral. The protocol suffered a $147,000 exploit in October 2025 via a flash loan price-oracle manipulation attack, a vulnerability class that had been explicitly identified and reported by the Pashov Audit Group over one year prior to the incident. The protocol was flagged by on-chain security researchers including ZachXBT-adjacent monitoring networks, and a second oracle manipulation incident resulting in approximately $32,850 in losses was recorded in May 2026.

Amun refers to two related but distinct entities: Amun AG, a Swiss ETP issuer that rebranded to 21Shares in 2020 and lists regulated crypto exchange-traded products on the SIX Swiss Exchange; and Amun Ltd / Amun DeFi Tokens, a separate DeFi arm that issued leveraged tokens and on-chain index products on Ethereum and Polygon. The DeFi arm experienced a critical smart contract exploit on December 26, 2022 resulting in approximately $300,000 in losses, followed by the termination of multiple product lines. On-chain investigator ZachXBT has been cited in connection with flagging Amun, though a specific, verifiable public post could not be independently confirmed at the time of this investigation.

Yield Protocol was a decentralized finance protocol offering fixed-rate, fixed-term borrowing and lending on Ethereum and Arbitrum, launched in October 2020 and funded by Paradigm. It suffered multiple security incidents including collateral damage from the March 2023 Euler Finance hack and a critical smart contract vulnerability patched via Immunefi in April 2023, before announcing a full wind-down in October 2023 citing insufficient demand and regulatory pressure. After official operations ceased in December 2023, abandoned smart contracts on Arbitrum were exploited in April 2024 for approximately $181,000 via a flash loan attack on pool balance discrepancies.

Coincheck is a Tokyo-based cryptocurrency exchange that suffered what was, at the time, the largest cryptocurrency hack in history on January 26, 2018, when approximately 523 million NEM (XEM) tokens valued at roughly $534 million were stolen from a low-security hot wallet. The exchange was operating without a Financial Services Agency (FSA) license at the time of the breach, had failed to implement standard multisignature security for NEM holdings, and received multiple business improvement orders from Japanese regulators in the aftermath. Coincheck was subsequently acquired by Monex Group in April 2018, obtained its FSA license in January 2019, and listed on the Nasdaq in December 2024 via a SPAC merger under the ticker CNCK.

UniLend V2 is a permissionless DeFi lending and borrowing protocol deployed on Ethereum mainnet in February 2024, designed to support all ERC-20 tokens via isolated dual-asset pools. On January 12, 2025, the protocol suffered a smart contract exploit that drained approximately $197,000 from its stETH pool due to a logic flaw in health factor calculations during the asset redemption process. Despite having been audited by PeckShield and SlowMist prior to launch, the exploited vulnerability was not caught or fully remediated, and as of the last available reporting the attacker's 20% bounty offer had not yielded a fund recovery.

JayPegs Automart (also styled Jay Pegs Auto Mart) is an Ethereum-based NFT and token project launched in September 2021 by the anonymous team behind NGMI.global, themed as a satirical used-car dealership selling 2007 Kia Sedona NFTs. On September 17, 2021, a contractor injected malicious code into the SushiSwap MISO auction front end during the project's DONA token sale, redirecting approximately $3.1 million (864.8 ETH) to the attacker's wallet. Funds were fully recovered within 24 hours following public identification of the alleged attacker and threat of FBI referral.

Superfluid is an asset streaming and programmable cash flow protocol founded in 2020, deployed across Ethereum, Polygon, and multiple other EVM chains. On February 8, 2022, an attacker exploited a context serialization vulnerability in the protocol's host contract, draining approximately $8.7 million in assets from multiple projects including QiDAO, Stake DAO, Stacker Ventures, and Museum of Crypto Art. The protocol patched the vulnerability within hours, partially compensated affected parties, and has continued operating with additional audits and a native SUP token launch in 2025.

Sovryn is a Bitcoin-backed decentralized finance protocol built on the Rootstock (RSK) sidechain, offering lending, borrowing, margin trading, and AMM services with its native SOV governance token. The protocol suffered a confirmed $1.1 million price manipulation exploit in October 2022 targeting its legacy lending pools, with approximately half of funds recovered via developer intervention. A separate critical smart contract vulnerability was disclosed via bug bounty in March 2021 but was not exploited. ZachXBT has flagged the entity; no detailed public post from ZachXBT specifically detailing Sovryn allegations was independently located at time of investigation.

Save (formerly Solend) is a Solana-based algorithmic lending and borrowing protocol that has operated since 2021. The protocol has been flagged by ZachXBT and carries a history of two significant incidents: a controversial governance vote in June 2022 that briefly granted the team emergency powers to seize a user's wallet, and a $1.26 million oracle manipulation exploit in November 2022. The protocol rebranded from Solend to Save in late 2024 and continues to operate with approximately $74 million in total value locked as of mid-2026.

Astera.fi is a DeFi credit facility and lending protocol operating on Ethereum's Linea Layer-2 network, issuing the asUSD stablecoin through both over- and under-collateralized mechanisms. On October 9, 2025, the protocol suffered a flash loan exploit via a liquidity index inflation attack that drained approximately $821,856–$880,000 across three lending pools. The protocol has been flagged by ZachXBT and market data indicates near-zero trading activity for asUSD, with the token appearing to have effectively ceased normal operation post-exploit.

Kipseli (also styled Kipseli Capital) is a proprietary trading firm and on-chain market-maker founded in early 2018, operating the Kipseli PropAMM on Base Mainnet. The protocol was listed among exploited platforms during the April 2026 wave of DeFi attacks, and the broader PropAMM category to which it belongs was the subject of a March 2026 empirical report by 0x documenting systematic quote-spoofing behavior that caused measurable trader harm. ZachXBT has flagged the entity. No public smart-contract audit or post-incident disclosure has been identified as of May 2026.

Astrid Finance is an Ethereum-based liquid restaking protocol built on EigenLayer, allowing users to deposit liquid staking tokens (stETH, rETH, cbETH) in exchange for liquid restaked tokens. On October 28, 2023, the protocol suffered a smart contract exploit due to a missing input validation check in its withdraw function, resulting in the theft of approximately $228,000 in assets. The attacker eventually returned 80% of stolen funds after an on-chain negotiation and legal threat by the team; all affected users received refunds, and the vulnerable contracts remain paused pending re-audit.

M2 Exchange is an Abu Dhabi-based centralized cryptocurrency exchange licensed by the ADGM FSRA that suffered a $13.7 million hot wallet breach on October 31, 2024, attributed to an access control vulnerability spanning Bitcoin, Ethereum, and Solana. The exchange claims to have covered all customer losses from company reserves within hours of the incident, though the lack of a public post-mortem and two CEO transitions within eighteen months raise unresolved transparency questions.

Port3 Network is a Web3 social data protocol and AI data layer founded in 2022, backed by KuCoin Ventures and Jump Crypto, with products including SoQuest, SoSignal, and SoPush targeting Web3 community engagement and data aggregation. In November 2025 the project suffered a critical exploit in which an attacker leveraged a boundary-condition vulnerability in the third-party CATERC20 cross-chain standard to mint approximately 1 billion unauthorized PORT3 tokens valued at roughly $13 million, triggering an 80% token price collapse and full contract migration. ZachXBT has flagged the entity, and the token has been delisted from at least one major exchange (Coinone) following the incident.

IoTeX is a Layer 1 blockchain and DePIN (Decentralized Physical Infrastructure Network) platform founded in 2017 by Raullen Chai, Qevan Guo, Jing Sun, and Xinxin Fan, with its native IOTX token launched via ICO in 2018. In February 2026 the project suffered a significant security incident when a compromised private key on the Ethereum side of its ioTube cross-chain bridge allowed an attacker to drain approximately $4.3–$4.4 million in assets and mint 410 million unauthorized CIOTX tokens, with total estimated damages disputed between $4.4 million (official) and $8.8 million (PeckShield). Additional concerns include a prior market-maker-linked near-zero price anomaly on Binance in October 2025, governance centralization risks from its 36-delegate Roll-DPoS consensus model, and on-chain analyst reports alleging the attacker's wallet was funded by the same entity behind the $49 million Infini Finance hack of 2025.

Rho Markets is a DeFi lending protocol (Compound V2 fork) deployed on Scroll, an Ethereum Layer 2 ZK-rollup network. On July 19, 2024, a misconfigured price oracle allowed an MEV bot to extract approximately $7.6 million in user funds; the operator voluntarily returned all funds after demanding a public acknowledgment of the misconfiguration. Despite full fund recovery, the protocol's TVL collapsed to near-zero and remains essentially inactive as of 2026.

four.meme is a permissionless meme token launchpad built on BNB Chain (BSC), operated under the Four (formerly BinaryX) ecosystem, that enables zero-KYC token creation with automatic bonding-curve-to-PancakeSwap liquidity migration. The platform suffered two confirmed smart contract exploits within six weeks in early 2025, losing a combined total of approximately $310,000 in user and pool funds. Repeat critical vulnerabilities, a phishing campaign that hijacked Google search results, and ecosystem-wide spam and token-pollution incidents raise substantial safety concerns for users.

Moby Trade (moby.trade) is an on-chain options protocol built on Arbitrum and Berachain, launched in 2024 and backed by an Arbitrum Foundation grant. On January 8, 2025, the protocol suffered a critical security breach when a private key controlling proxy admin contracts was compromised, resulting in approximately $2.5 million in user funds being drained; roughly $1.5 million was subsequently recovered through an intervention by the SEAL911 security team. The protocol resumed operations after the incident and expanded to Berachain mainnet in February 2025, but the unrecovered ~$1 million in ETH and WBTC was routed through privacy mixers including Railgun and Tornado Cash, leaving those funds effectively unrecoverable.

Evoq Finance is a peer-to-peer lending optimizer built on BNB Chain that routes deposits through Venus Protocol to match suppliers and borrowers directly, aiming for improved capital efficiency. On September 10, 2025, the protocol suffered a critical security incident in which an attacker compromised the owner's private key, used the transferOwnership function to seize contract control, and upgraded the proxy contract to a malicious version, draining approximately $420,000 from both the protocol and user-approved accounts. Following the exploit, the protocol's total value locked collapsed to near zero and no verified public post-mortem or recovery plan has been identified. ZachXBT has flagged this entity.

SIR (Synthetics Implemented Right), operating as SIR.trading, is an Ethereum-based DeFi protocol offering non-liquidating leveraged tokens and synthetic assets. On March 30, 2025, just 39 days after its February 20 mainnet launch, the protocol's Vault contract was completely drained of its entire $355,000 TVL through an exploit targeting a novel misuse of Ethereum's transient storage (EIP-1153) introduced in the Dencun upgrade. The attacker laundered proceeds through Railgun; the founder publicly pleaded for a partial return of funds; the protocol subsequently relaunched after completing four additional security audits.

CoinDCX is one of India's largest cryptocurrency exchanges, founded in 2018 and valued at $2.45 billion following Coinbase investment. In July 2025, the exchange suffered a $44.2 million security breach attributed by cybersecurity firm Cyvers to North Korea's Lazarus Group, which was first publicly identified by blockchain investigator ZachXBT before official disclosure. While customer funds were not directly affected and the exchange covered losses from treasury, the incident compounded existing concerns including co-founder arrests over alleged fraud in March 2026 and ongoing user withdrawal complaints.

GMBL.COMPUTER is an Arbitrum-based DeFi gambling protocol that launched in September 2023 and was exploited within hours of going live, losing approximately 471 ETH (~$770,000) due to an off-chain server signature vulnerability and a flaw in its referral system. The exploiter returned roughly half of the stolen funds (235 ETH) after the team issued a conditional bug bounty offer. The protocol operates with an anonymous team, no disclosed security audits, no regulatory licensing, and as of 2025 shows near-zero trading volume and minimal on-chain activity.

Veil Cash is a zero-knowledge privacy protocol deployed on Coinbase's Base L2 network, enabling anonymous ETH and USDC transfers via zk-SNARK proofs and a UTXO model. In February 2026 the protocol's legacy pools were exploited due to an incomplete Groth16 trusted-setup ceremony, resulting in 2.9 ETH being drained before funds were returned by the exploiter. The incident attracted industry attention because the same misconfiguration pattern was subsequently replicated in a larger $2.26 million exploit of FoomCash, raising broader questions about cryptographic setup hygiene across ZK DeFi protocols.

Origin Protocol is a San Francisco-based DeFi and NFT platform founded in 2017 by Josh Fraser and Matthew Liu, best known for its yield-bearing stablecoin Origin Dollar (OUSD) and Origin Ether (OETH). In November 2020, before completing any security audit, OUSD was exploited via a reentrancy flash-loan attack resulting in approximately $7.7 million in losses including over $1 million from the team's own treasury. The protocol subsequently completed multiple audits, compensated affected users, and relaunched; it has continued operating with expanded DeFi yield products through 2025, though the OGN token trades at a fraction of its 2021 all-time high.

SolvBTC is the flagship wrapped Bitcoin product of Solv Protocol, designed to represent Bitcoin in DeFi systems across multiple chains. In March 2026, the BRO vault component of the protocol suffered a $2.7 million exploit due to a double-mint logic flaw in the BitcoinReserveOffering smart contract. Separately, in January 2025, the protocol faced credible public allegations of TVL manipulation prior to its SOLV token launch.

LeadBlock's Morpho Blue Market refers to a permissionless lending market and associated MetaMorpho vault curated by LeadBlock Partners on the Morpho Blue protocol. On October 13, 2024, an oracle misconfiguration in the LeadBlock-curated PAXG/USDC market enabled an opportunistic user to borrow approximately $230,000 in USDC against only $350 of PAXG collateral, exploiting an overvalued asset price of $2.6 trillion per unit of gold. The incident was attributed to an incorrectly configured SCALE_FACTOR by LeadBlock's oracle provider and raised questions about the adequacy of pre-launch testing and risk curation practices.

Loopscale is a Solana-based DeFi lending protocol (formerly Bridgesplit) launched on April 10, 2025, backed by Coinbase Ventures, Solana Labs, and CoinFund. On April 26, 2025 — just 16 days after launch — the protocol suffered a $5.8 million oracle pricing exploit affecting its Genesis Vaults, an attack vector that had been flagged in its pre-launch OShield security audit but was allegedly inadequately remediated. All stolen funds were ultimately recovered via negotiation with the exploiter, and user deposits suffered no permanent loss.

MONA is the native ERC-20 governance and utility token of DIGITALAX, a Web3 digital fashion NFT platform founded by Emma-Jane MacKinnon-Lee and launched in November 2020. The token reached an all-time high of approximately $5,980 in November 2021 before collapsing more than 99% to trade below $50, with a total market capitalisation under $500,000 as of mid-2026. Third-party security assessors flag critically low liquidity, extreme holder concentration, a below-average security score, and a near-total absence of trading activity, collectively indicating a project in terminal decline.

Wintermute is a London-headquartered algorithmic trading firm and cryptocurrency market maker founded in 2017 by Evgeny Gaevoy. On September 20, 2022, the firm's DeFi operations were exploited for approximately $160 million after an attacker leveraged a known cryptographic vulnerability in the Profanity vanity address tool to compromise Wintermute's admin private key. The stolen funds were never recovered, though the firm remained solvent, repaid its outstanding DeFi loans, and has continued operating and expanding into U.S. markets.

Volo Vault is a yield-generating vault product operated by Volo Protocol, a BTCFi and liquid staking platform built on the Sui blockchain. In April 2026, three of its vaults were exploited via a compromised admin private key, resulting in approximately $3.5 million in losses across WBTC, XAUm, and USDC holdings. The team committed to absorbing all user losses and ultimately recovered approximately 90% of the stolen funds through coordination with the Sui Foundation, ZachXBT, and ecosystem partners.

Vesper Finance is an Ethereum-based DeFi yield aggregator co-founded by former Bitcoin Core developer Jeff Garzik that launched in early 2021 and briefly exceeded $1 billion in TVL. The protocol suffered a confirmed $3.37 million oracle manipulation exploit on Rari Fuse Pool #23 in November 2021, and was indirectly exposed to a May 2024 Sonne Finance exploit that required treasury remediation. Vesper remains operational as of 2025 with approximately $48–55 million TVL, though its native VSP token has lost over 99% of its all-time-high value.

Juicebox is an Ethereum-based programmable treasury and crowdfunding protocol first launched in July 2021 by a pseudonymous developer known as Jango, enabling projects to raise ETH, issue contributor tokens, and manage on-chain treasuries without intermediaries. V3 is the third major iteration of the core contracts, deployed in September 2022, and subsequently patched through versions 3.1, 3.1.1, and 3.1.2 to address a series of high-severity and critical accounting vulnerabilities. A protocol logic exploit in April 2026 resulted in an alleged $52,000 loss via a borrowFrom spoof attack, and the platform's permissionless architecture has enabled misuse by bad actors operating fraudulent fundraising projects.

Ambient Finance (formerly CrocSwap, operated by Crocodile Labs) is a decentralized exchange protocol that runs an entire DEX inside a single smart contract, combining concentrated and ambient liquidity on Ethereum and several L2 networks. On October 17, 2024, the protocol's frontend suffered a DNS hijacking attack deploying Inferno Drainer malware to drain wallets of users who interacted with the compromised site; the underlying smart contracts were unaffected and the team reimbursed all affected users in ETH. ZachXBT has flagged this entity.

DODO is a decentralized exchange (DEX) protocol launched in 2020, operating across 14 EVM-compatible chains, and known for its proprietary Proactive Market Maker (PMM) algorithm that concentrates liquidity near market price. On March 8, 2021, an attacker exploited a critical initialization vulnerability in DODO's V2 Crowdpooling smart contracts, draining approximately $3.8 million across four pools; roughly $3.1 million was subsequently recovered through voluntary restitution and frontrunning bot operator cooperation. The protocol continues to operate and has undergone multiple third-party security audits post-exploit, though it has lost significant market share and TVL since its 2021 peak.

LCX (Liechtenstein Cryptoassets Exchange) is a regulated crypto exchange and tokenization platform headquartered in Vaduz, Liechtenstein, holding eight registrations under the Liechtenstein Financial Market Authority (FMA) pursuant to the Token and Trusted Technology Service Provider Act (TVTG). In January 2022 the exchange suffered a hot wallet compromise in which approximately $7.94 million in crypto assets were stolen, with stolen funds rapidly laundered through Tornado Cash; LCX subsequently used its own funds to compensate affected users and cooperated with international law enforcement to freeze an alleged 60% of stolen assets. The exchange is flagged by ZachXBT and carries a below-average trust score primarily due to the 2022 hack, ongoing user complaints about withdrawal delays and account freezes, and the broader security posture concerns that led to the compromise.

ZetaChain is a San Francisco-based omnichain Layer 1 blockchain that enables native cross-chain smart contracts connecting Bitcoin, Ethereum, and other networks. The protocol has been flagged by community investigators and crypto-security observers following a premeditated $334,000 exploit of its GatewayEVM smart contract in April 2026, which the team's own earlier bug-bounty review had dismissed as intended behavior. Additional concerns include a controversial airdrop policy that rewarded sybil actors, persistent token unlock sell pressure, and structural centralization risks inherent to its Threshold Signature Scheme validator design.

Sturdy V1 was a DeFi lending protocol on Ethereum and Fantom that offered interest-free borrowing by routing collateral into yield-bearing positions via third-party protocols such as Lido, Curve, and Yearn Finance. On June 12, 2023, the protocol suffered a read-only reentrancy exploit that drained approximately 442 ETH (roughly $800,000) from its lending pools by manipulating the Balancer B-stETH-STABLE price oracle. Stolen funds were laundered through Tornado Cash within 20 minutes and were never recovered, despite a $100,000 bounty offer to the attacker. ZachXBT flagged the protocol in connection with the exploit. Sturdy subsequently launched a redesigned V2 architecture.

Hacken Token (HAI) is the native utility token of Hacken, a Ukrainian-founded Web3 cybersecurity company established in 2017 that audits smart contracts and blockchain infrastructure for over 1,500 clients worldwide. In June 2025, a private key controlling HAI minting privileges was compromised during a bridge infrastructure migration, allowing an attacker to mint approximately 900 million tokens and dump roughly $253,000 worth on decentralized exchanges, causing a near-99% price collapse. The incident drew industry-wide attention due to its irony — a company whose business model is built on securing others' blockchain infrastructure had maintained a single-key minting architecture for over five years without multisig protection.

Bond Protocol is a permissionless bonds-as-a-service platform for DeFi, spun out of OlympusDAO's Olympus Pro product via a governance vote in mid-2022. In October 2022 — just weeks after its public launch — the protocol's Fixed-Expiry Teller smart contract was exploited for approximately $300,000 in OHM tokens due to a missing input validation vulnerability that had evaded three prior independent audits. The attacker ultimately returned all funds, the team underwent re-auditing with Zellic and Sherlock, and the protocol raised $2.5M in seed funding, though its TVL has since declined to minimal levels.

Dexodus Finance is an oracle-based perpetual derivatives DEX operating on Coinbase's Base L2 network, founded in 2023 and headquartered in Barcelona, Spain. On May 26, 2025, the protocol suffered a signature replay attack that drained approximately $291,000–$300,000 from its liquidity pool due to the absence of nonce tracking and timestamp validation in its Chainlink oracle price-report verification logic. The team claims to have achieved 100% fund recovery within 24 hours, deprecated Perps V1, and launched a redesigned Perps V2 system; however, the protocol's current TVL remains modest at approximately $1.28M and independent verification of the full recovery narrative is limited.

Allbridge Core is a cross-chain stablecoin bridge protocol operating across EVM-compatible chains, Solana, Tron, and Stellar. On April 1-2, 2023, the protocol suffered a flash loan price-manipulation exploit on BNB Chain that drained approximately $570,000 from its BUSD and USDT liquidity pools. The attacker was subsequently identified via on-chain analysis by BNB Chain and AvengerDAO, and ultimately returned roughly $465,000 of the stolen funds after Allbridge offered a white hat bounty with immunity from legal action.

Clober is a fully on-chain order book DEX (Decentralized Exchange) for EVM networks, built on the proprietary LOBSTER algorithm, which launched on February 14, 2023. Its Liquidity Vault product, a hybrid order-book/AMM product launched on Coinbase's Base network in December 2024, was exploited for approximately 133.7 ETH (~$501,000) within days of launch due to a reentrancy vulnerability introduced in post-audit code changes. The attacker ultimately moved the stolen funds through Tornado Cash after on-chain bounty negotiations failed.

Unibot is a Telegram-based trading bot launched in May 2023 that enabled users to execute Uniswap trades directly within Telegram. On October 31, 2023, a newly deployed router contract containing a call injection vulnerability was exploited, draining approximately $560,000–$640,000 in user funds that were subsequently laundered through Tornado Cash; the team ultimately reimbursed affected users at a reported cost of $1.78 million. A second crisis followed in March 2024 when the Ethereum and Solana development teams publicly split amid mutual accusations of unauthorized deployments and revenue misappropriation, causing the token to shed an additional 40% of its value and reducing the project to a fraction of its former user base.

Raga Finance is a DeFi yield optimization protocol launched in 2024 and deployed on Berachain and Hyperliquid, offering automated cross-chain vaults for earning yield on ETH, BTC, and stablecoins. A pre-launch security audit by QuillAudits uncovered 16 smart contract vulnerabilities — including critical flaws enabling permanent loss of user funds, a non-functional emergency panic function, and an open-access vault address setter — constituting the protocol logic incident flagged for review. The protocol has been flagged by ZachXBT, and while the development team reportedly remediated all identified vulnerabilities, the severity and breadth of pre-launch flaws raise meaningful questions about engineering process and ongoing risk.

Magpie XYZ is a multi-chain DeFi yield-optimization ecosystem built on a SubDAO model, enhancing veTokenomics across protocols including Wombat Exchange, Pendle Finance, PancakeSwap, Radiant Capital, and Camelot DEX. The ecosystem has suffered two distinct smart contract exploits: a $129,000 router vulnerability in April 2024 and a critical $27.3 million reentrancy exploit in September 2024 via its Penpie SubDAO, the latter of which resulted in laundering through Tornado Cash and law enforcement referrals to the FBI and Singapore Police. ZachXBT has flagged the entity in connection with the broader security incidents.

Tectonic is a decentralized money market protocol on the Cronos blockchain, operating as a fork of Compound, that allows users to lend and borrow cryptocurrency assets. Launched in December 2021 by Gary Or (former CTO of Crypto.com) and incubated by Particle B and Cronos Labs, the protocol reached approximately $1 billion TVL at peak in early 2022 before collapsing over 95% alongside the broader crypto bear market. A disclosed reentrancy vulnerability in the staking contract was reported in March 2024 allowing potential extraction of millions in a single transaction, and a separate flash loan exploit in February 2024 resulted in approximately $250,000 in losses.

DIMO (Decentralized Infrastructure for Mobility Operations) is a Web3 vehicle data protocol built on Polygon and later migrating to Base, developed by Digital Infrastructure Inc. The protocol allows drivers to connect their vehicles, stream data, and earn $DIMO tokens in exchange. In November 2025, a sophisticated attacker compromised a developer key and withdrew approximately 30 million DIMO tokens (3% of total supply) from a Wormhole bridge contract, causing a price drop of over 57% in 30 days and triggering a CertiK security alert. The project has legitimate venture backing and a publicly identified founding team, but the security incident, centralized key management failure, and ongoing token unlock pressure are material risk factors.

WazirX, operated in India by Zanmai Labs Pvt. Ltd., suffered a $234.9 million hack attributed to North Korea's Lazarus Group on July 18, 2024, freezing user funds and triggering multiple Indian regulatory investigations. India's Supreme Court dismissed a victims' petition in April 2025 citing a lack of crypto regulatory framework, while the Enforcement Directorate, Financial Intelligence Unit, and other agencies have opened probes into the exchange's operations, ownership structure, and alleged links to terror financing. A Singapore court approved a restructuring plan in October 2025, offering partial recovery to creditors.

Spectral Labs (spectrallabs.xyz) is a U.S.-based Web3 protocol founded in 2021 that pivoted from an on-chain credit scoring product (MACRO Score) to an autonomous AI agent economy platform. The project has raised approximately $30 million from institutional investors including General Catalyst, Social Capital, and Jump Capital. Its governance token SPEC reached an all-time high of approximately $18.48 in November 2024 before collapsing more than 99% to under $0.10 by mid-2026, with Bybit delisting the token from both spot and futures markets, raising significant concerns around tokenomics, unlock-driven selling pressure, and product-market fit.

CoinsPaid is an Estonia-based cryptocurrency payment processor founded by Max Krupyshev that was targeted in two major security breaches: a $37.3 million hack in July 2023 attributed by the company and the FBI to North Korea's Lazarus Group (achieved via a sophisticated social engineering campaign using fake job offers), and a second breach in January 2024 resulting in approximately $7.5 million in losses. Despite the company's stated transparency and rapid operational recovery, the consecutive incidents raise significant concerns about its security posture and its status as a repeated high-value target for state-sponsored threat actors.

Peapods Finance is a permissionless DeFi protocol on Ethereum and multiple EVM chains that pioneered a 'Volatility Farming' yield mechanism using asset-backed Pods and Leveraged Volatility Farming (LVF). The protocol has suffered three distinct security incidents since its December 2023 launch, including a $231K reentrancy exploit, a slippage manipulation attack, and a $200K oracle price manipulation attack in July 2025. On-chain investigator ZachXBT identified that the individual behind the initial 2023 'white hat' exploit had dumped a portion of stolen funds before returning the remainder, raising questions about the altruistic framing of that recovery.

Bungee Exchange is a cross-chain bridge aggregator and liquidity routing protocol developed by Socket (formerly SocketDotTech), founded in 2021 by Vaibhav Chellani and Rishabh Khurana. On January 16, 2024, the underlying Socket infrastructure was exploited via an inadequately validated smart contract route, resulting in approximately $3.3 million stolen from roughly 700 wallets with infinite token approvals. The protocol recovered approximately $2.23 million of the stolen funds one week later and resumed operations; it remains active as of 2026.

YO Protocol (yo.xyz), operated by YO Labs, is a San Francisco-based multi-chain DeFi yield optimization protocol founded by former Uber and Amazon executives and backed by Paradigm, Coinbase Ventures, and Foundation Capital with $24 million in total funding. Independent security research published in September 2025 identified significant centralization risks, MEV attack vectors, and EIP-4626 compliance gaps that existing audits had not fully addressed. No hacks, exploits, or regulatory actions have been publicly confirmed against the protocol; a claimed ZachXBT flag has not been corroborated by any findable public source as of May 2026.

DGLD (Digital Gold Token) is a physically-backed gold token originally launched in October 2019 by a consortium of CoinShares, Blockchain.com, and MKS PAMP SA on CommerceBlock's Ocean Bitcoin sidechain. The project went dormant by 2020 due to liquidity failure and market under-adoption, and the underlying infrastructure provider CommerceBlock later shut down entirely. MKS PAMP relaunched DGLD in late 2025 under full ownership of Gold Token SA, migrating to Ethereum and Base — but significant jurisdictional restrictions, minimal liquidity, contractual liability exclusions, and the project's history of abandonment remain concerns.

dTRINITY is a DeFi protocol self-described as the world's first subsidized stablecoin system, with dLEND serving as its Aave v3-forked lending market deployed across Fraxtal, Ethereum, and Katana. On March 17, 2026, the dLEND Ethereum deployment was exploited via an empty-market liquidityIndex inflation attack, resulting in approximately $257,000 in bad debt drained from the dUSD lending pool. The protocol paused operations and pledged to cover losses with internal funds, though the incident raised questions about audit coverage and the adequacy of pre-deployment testing on the Ethereum instance.

Usual is a Paris-based DeFi stablecoin protocol founded in 2022 by former French politician Pierre Person and co-founders Adli Takkal Bataille and Hugo Salle de Chou. The protocol issues USD0, a stablecoin collateralized by tokenized US Treasury Bills, alongside USD0++, a four-year locked bond derivative that suffered a significant depeg event in January 2025 after the team unilaterally changed redemption rules without adequate community notice. A smart contract arbitrage exploit was also detected and paused in May 2025, and USD0++ tokens were stolen in an unrelated third-party hack of Zoth Protocol in March 2025.

Cozy V2 is a DeFi protection marketplace deployed on Optimism that allows users to buy or provide protection against smart contract hacks, depegs, and other on-chain risks. On August 29, 2025, the protocol suffered a $427,000 exploit caused by a missing caller verification check in its withdrawal logic, with funds subsequently bridged to Ethereum mainnet and deposited into Tornado Cash. The incident is notable for its irony: a protocol designed to insure against DeFi hacks was itself hacked through a preventable authorization flaw.

Fusion by IPOR is a modular on-chain vault infrastructure product developed by IPOR Labs AG (Zug, Switzerland), designed to automate DeFi yield strategies across multiple chains without requiring Solidity expertise. On January 6, 2026, a legacy Fusion Optimizer Vault on Arbitrum was exploited for $336,000 USDC via a combination of missing fuse validation in the instantWithdraw method and an EIP-7702 delegation vulnerability on an administrator account. The IPOR DAO committed to fully compensating all affected depositors from treasury reserves, and the incident was flagged by blockchain investigator ZachXBT.

ThalaSwap is the decentralized exchange component of Thala Labs, an Aptos-based DeFi protocol offering an AMM, the Move Dollar (MOD) overcollateralized stablecoin, liquid staking, and a launchpad. On November 15, 2024, an input-validation bug introduced in a two-line patch to the v1 farming contract allowed an attacker to drain $25.5 million in liquidity pool tokens; funds were fully recovered within hours after SEAL 911 identified the exploiter via on-chain evidence and the attacker returned assets in exchange for a $300,000 bounty.

Thetanuts Finance is a multi-chain decentralized structured products protocol launched in August 2021, offering automated options vaults (covered calls, cash-secured puts) to generate yield across more than ten blockchain networks. The protocol raised $35 million across two funding rounds but has experienced severe TVL and token price decline since its 2022 peak, carries notable investor-concentration risk due to its early backing from the now-collapsed Three Arrows Capital, and has been flagged by on-chain investigator ZachXBT. A January 2025 exploit targeted unreleased v4 test contracts; no user funds were lost according to the team, though the incident raised scrutiny.

Lava (lavadefi.io) is a decentralized, non-custodial multichain lending and borrowing protocol deployed on Arbitrum and Base, operating since March 2024. The protocol suffered two documented exploit incidents in 2024 totaling approximately $470,000 in losses, both rooted in protocol logic vulnerabilities and flash loan abuse. The platform was flagged by on-chain investigator ZachXBT, and separately the lava.xyz Bitcoin lending product drew significant backlash in late 2025 after quietly switching users from a self-custodial DLC-based model to a fully custodial setup without adequate disclosure.

Keep3r Network (KP3R) is a decentralized keeper-job matching protocol launched in October 2020 by Andre Cronje, the creator of Yearn Finance. The protocol has experienced multiple security incidents including a $211k exploit in June 2023, a latent two-year-old vulnerability in its GaugeProxyV2 contract discovered in September 2022, and its oracle was implicated in the $15.6M Inverse Finance hack of April 2022. ZachXBT has flagged the protocol in the context of broader DeFi security concerns, and the project has been surrounded by scam forks, impersonator accounts, and fraudulent staking services operated by unaffiliated parties.

PeopleDAO is a community-governed decentralized autonomous organization that emerged from ConstitutionDAO in late 2021, adopting the PEOPLE token as its governance instrument and operating as a meta-DAO incubator for social-good subDAOs. In March 2023, the organization suffered a significant treasury exploit in which an attacker stole 76.5 ETH (approximately $120,000) by exploiting a publicly shared Google Sheets payroll form with edit access — a failure of basic operational security controls. The stolen funds were moved to centralized exchanges and no recovery has been confirmed; the incident drew engagement from on-chain investigator ZachXBT and blockchain security firm SlowMist.

Zerion is a non-custodial DeFi portfolio tracker and multi-chain wallet founded in 2016, supporting 50+ blockchains including Ethereum and Solana. The platform has experienced multiple security incidents over its history, including a 2026 social engineering attack attributed to North Korean threat actors that resulted in approximately $100,000 in company internal wallet losses, though user funds were unaffected in each incident. Zerion also shut down its ZERO Layer-2 network in May 2026 after 1.5 years due to low adoption, with assets bridgeable until July 31, 2026.

0G Labs (Zero Gravity Labs) is a Web3 AI infrastructure company building a modular, AI-first layer-1 blockchain and decentralized AI operating system, having raised $325 million across multiple funding rounds since March 2024. The project has faced a protocol-level smart contract exploit in December 2025 ($516K lost), a separate compromise of its official social media account in October 2025, and significant community criticism over alleged funding misrepresentation, undisclosed insider token allocations, and concerns that two co-founders departing from Conflux Network constituted a reputational 'soft rug' of that project. No regulatory actions have been identified as of May 2026.

Tropykus is a DeFi lending and borrowing protocol deployed on the Rootstock (RSK) Bitcoin sidechain, founded in 2021 by a Colombian team targeting Latin American underbanked communities. On June 14, 2023, the protocol suffered an exploit in its rBTC micro-market due to a redeem rounding error and exchange rate manipulation, resulting in losses of approximately $150,000 — roughly 10% of total value locked at the time. The team committed to full reimbursement of affected users and subsequently reverted to Compound Finance's original codebase, but the incident highlighted unresolved smart contract risks in a customized fork.

Silo V2 is a non-custodial, permissionless isolated lending market protocol operating across Ethereum, Arbitrum, Base, Optimism, and Sonic. On June 25, 2025, an unreleased peripheral leverage contract was exploited for approximately $545,000 (224 ETH) belonging to SiloDAO test funds; the team confirmed that all core markets and user deposits were unaffected. The incident revealed inadequate input validation and absent formal verification on pre-release code that had been deployed to mainnet, and the attacker subsequently laundered the stolen ETH through Tornado Cash.

Neutrl is a DeFi protocol issuing NUSD, a market-neutral synthetic dollar backed by OTC altcoin arbitrage and delta-neutral futures hedging strategies. The protocol raised $5 million in seed funding in April 2025 and grew to over $136 million in TVL. In March 2026 Neutrl suffered a DNS hijacking attack — part of a coordinated campaign targeting .fi domain protocols — that compromised its frontend interface, though the team maintained that smart contract reserves and user funds were not directly drained.

SuperRare is a curated Ethereum-based NFT art marketplace founded in 2018 by John Crain, Charles Crain, and Jonathan Perkins, operating as a high-end platform for 1-of-1 digital artworks with its own governance token RARE. On July 28, 2025, a critical access control vulnerability in the platform's RareStakingV1 staking contract was exploited, resulting in the theft of approximately 11.9 million RARE tokens worth roughly $731,000. SuperRare subsequently reimbursed the 61 affected wallets by August 5, 2025, and the RARE token recovered approximately 41% following the remediation announcement.

Panoptic V1.1 is a permissionless, oracle-free perpetual options protocol built on Uniswap V3 liquidity positions, developed by Panoptic Labs and incubated by Advanced Blockchain AG. On August 25, 2025, a Cantina researcher disclosed a critical position-spoofing vulnerability rooted in the protocol's XOR-based fingerprinting system, placing approximately $4–5 million in user funds at risk. A coordinated whitehat rescue secured over 98% of remaining at-risk funds, and ZachXBT flagged the incident, contributing to reduced community trust in the V1.1 deployment.

Hyperdrive HL (formerly Ambit Finance) is a stablecoin lending and liquid-staking protocol deployed on Hyperliquid EVM, which raised a $6 million Series A in May 2025 led by Hack VC and Arrington Capital. On September 27, 2025, an attacker exploited an arbitrary-call vulnerability in the protocol's router contract, draining approximately $782,000 in USDT0 and thBILL tokens across two markets. The team paused operations, patched the vulnerability, and compensated affected users before resuming, though the incident occurred within a broader wave of security breaches across the Hyperliquid ecosystem.

Stake DAO is a non-custodial DeFi protocol built around liquid staking, yield aggregation, and governance participation via veToken mechanics. The protocol has suffered three documented security incidents since 2023, the most severe of which — a May 2026 deployer private key compromise — enabled the minting of 5.4 trillion fraudulent vsdCRV tokens on Arbitrum, resulting in roughly $91,000 in realized losses despite a nominally catastrophic exposure. Repeated operational security failures across a two-year span, including a March 2026 oracle exploit draining $176,000 from its Votemarket product, indicate a pattern of infrastructure risk that audited smart contracts alone have not resolved.

SwissBorg is a Swiss-based crypto wealth management and exchange aggregator founded in 2017, holding MiCA authorization from France's AMF and VQF membership in Switzerland. In September 2025, the platform suffered a $41.5 million loss when its staking partner Kiln's API was compromised via a GitHub token theft and Kubernetes pod injection, resulting in the unauthorized transfer of 192,600 SOL from SwissBorg's SOL Earn program; the company subsequently pledged full reimbursement from treasury funds. While SwissBorg maintains legitimate regulatory standing and transparency measures including Proof of Liabilities, the third-party supply chain failure exposes material counterparty risk in its Earn product architecture.

Silo Finance V1 is a non-custodial isolated lending protocol launched on Ethereum mainnet in August 2022, enabling permissionless markets for long-tail crypto assets by confining risk to individual lending pools (Silos). The protocol experienced two security incidents in 2023: a critical interest rate manipulation vulnerability discovered by a white-hat researcher (no user funds lost) and a white-hat drain of approximately $45,000 in SILO incentive tokens due to a separate contract flaw. The deployed production version of V1 diverges from the audited codebase, a risk the team has publicly acknowledged but not fully remediated through re-audit.

Maestro is a Telegram-based crypto trading bot developed by Gearlay Technologies Inc. (Canada) that enables sniping, copy-trading, and wallet management across 14 blockchains. On October 24, 2023, a critical access-control vulnerability in its MaestroRouter2 smart contract was exploited, draining approximately 280 ETH (~$500,000) from 106 user accounts; the team subsequently refunded all affected users with 610 ETH (~$1.1 million) sourced from its own revenue. The platform operates a partial-custody model in which user private keys are encrypted and stored on Maestro servers, representing a persistent systemic risk.

Alchemix V2 is a DeFi self-repaying loan protocol on Ethereum that allows users to borrow synthetic assets (alUSD, alETH) against yield-bearing collateral, with loans auto-repaid by yield generated from underlying deposits. The protocol experienced two notable security incidents: a June 2021 smart contract bug in the alETH vault that allowed users to withdraw collateral without repaying loans (the 'reverse rug pull,' ~$6.5M shortfall), and an indirect July 2023 exploit via a Vyper compiler vulnerability in a Curve liquidity pool (~$13.6M drained, later fully returned). In both cases, the Alchemix team responded promptly and took active steps to restore protocol solvency, distinguishing it from many exploited DeFi protocols.

SubQuery Network is a Web3 data indexing protocol originally built for the Polkadot ecosystem, founded by Sam Zou and James Bayly out of New Zealand-based OnFinality. The project raised $10.8M in seed and Series A funding, launched its mainnet and SQT token in February 2024, and suffered a significant smart-contract exploit on April 12, 2026 in which a missing access-control modifier allowed an attacker to drain approximately 382 million SQT tokens (~$134,000 USD) from staker and delegator wallets across five transactions. ZachXBT flagged the entity in connection with this incident; the team published a full disclosure report and executed on-chain compensation for all affected wallets.

Bittensor is a decentralized blockchain protocol functioning as a peer-to-peer marketplace for machine intelligence, using the TAO token to reward AI model contributors. In July 2024, the protocol was the target of a supply chain attack via a malicious version of its official PyPI package, resulting in the theft of approximately $28 million in TAO tokens from 32 wallets. A civil lawsuit filed in January 2025 alleges that former Opentensor Foundation employees orchestrated the attack, and on-chain investigator ZachXBT identified a key suspect through NFT wash-trade analysis and Railgun de-mixing.

Agave was a decentralized lending protocol on Gnosis Chain forked from Aave v2, developed by members of the 1Hive community. On March 15, 2022, the protocol suffered a reentrancy exploit that drained approximately $5.5 million in user funds, part of a coordinated $11.7 million attack that simultaneously hit Hundred Finance. The protocol paused operations following the hack and formally closed down in March 2024 with no documented user compensation.

Dango (ticker: DNG) is a DeFi-native Layer-1 blockchain and perpetual futures exchange that raised $3.6 million in seed funding in November 2024 from Hack VC, Lemniscap, and Delphi Labs. On April 13, 2026, the protocol suffered a logic flaw exploit in its insurance fund donation contract, resulting in $1.9 million USDC being drained; approximately $410,010 was bridged to Ethereum before bridge rate limits halted further outflows. The attacker was identified as a white hat who returned all funds in exchange for a bug bounty, leaving user positions and trading functions unaffected.

Sonne Finance is a Compound V2 fork deployed on Optimism that was exploited for approximately $20 million on May 14, 2024, in what became the largest exploit in Optimism's history. The attack exploited a well-known precision-loss donation vulnerability in Compound V2 forks, triggered during the rollout of a new VELO token market; the attacker leveraged a multi-transaction deployment architecture and a two-day timelock window to manipulate exchange rates and drain user funds.

Zabu Finance was an Avalanche-based yield farming protocol that suffered a $3.2 million flash loan exploit on September 12, 2021, marking what was widely described as the first major DeFi hack on the Avalanche blockchain. The vulnerability — a known deflationary token accounting flaw that had already been exploited on Polygon two months prior — drained the protocol's SPORE staking pool and caused the ZABU token to collapse from approximately $0.004 to near-zero. The protocol attempted a v2 token relaunch but has since gone effectively dormant, with a TVL of approximately $5,000 and a website SSL certificate that expired in August 2022.

Bitget is a Seychelles-incorporated centralized cryptocurrency exchange founded in 2018, offering spot, futures, and copy trading to a claimed user base exceeding 150 million. While the exchange has never suffered a direct hack of user funds and publishes monthly proof-of-reserves attestations, it faces a pattern of serious regulatory actions across multiple jurisdictions — including blacklisting by France's AMF, warnings from Australia's ASIC and Japan's FSA, and a ban by the Philippines SEC — and has attracted allegations from blockchain investigator ZachXBT that it knowingly enabled supply-control market manipulation schemes targeting retail traders in 2026.

Ronin Bridge is the cross-chain bridge that connected the Axie Infinity gaming ecosystem's Ronin sidechain to Ethereum, operated by Sky Mavis. In March 2022 it suffered the largest DeFi hack in history at the time — $625 million in ETH and USDC stolen by North Korea's Lazarus Group via compromised validator private keys obtained through social engineering. A second, smaller exploit occurred in August 2024. The legacy bridge was deprecated in April 2025 and migrated to Chainlink CCIP infrastructure.

Step Finance was a Solana-based DeFi portfolio management and analytics platform founded by George Harrap that operated from 2021 until February 2026. On January 31, 2026, attackers compromised executive team devices and drained approximately $40 million in treasury assets, representing a catastrophic operational security failure. The platform was unable to secure financing or an acquisition to continue operating and formally shut down on February 23, 2026, along with affiliated projects SolanaFloor and Remora Markets.

Drift Protocol is a decentralized perpetual futures exchange built on the Solana blockchain, founded in 2021 by Cindy Leow, David Lu, and co-founders. The protocol has experienced two significant security incidents: a $14.5 million PnL accounting bug in May 2022 triggered by the LUNA collapse (fully reimbursed), and a catastrophic $285–286 million exploit on April 1, 2026, attributed with medium-high confidence to the North Korean state-sponsored threat actor UNC4736 (also tracked as Lazarus Group, AppleJeus, and Citrine Sleet), which constituted the largest DeFi hack of 2026. A $295 million recovery plan involving Tether-led financing and user-issued recovery tokens was announced in May 2026; a class action lawsuit was simultaneously filed against Circle Internet Financial.

DMM Bitcoin was a licensed Japanese cryptocurrency exchange operated by DMM Group (DMM.com) that launched in January 2018. In May 2024 it suffered the eighth-largest crypto theft in history when North Korean state-sponsored hackers attributed to the TraderTraitor subgroup of Lazarus Group stole 4,502.9 BTC (approximately $305–308 million USD) through a sophisticated supply-chain attack targeting Ginco, a third-party wallet management provider. Following the hack, Japan's Financial Services Agency issued a business improvement order, the exchange restricted operations, and in December 2024 announced full closure with all customer assets transferred to SBI VC Trade by March 2025.

Curve LlamaLend (also referred to as the crvUSD lending markets) is a decentralized, permissionless isolated lending protocol built by Curve Finance that allows users to borrow crvUSD against crypto collateral using the LLAMMA soft-liquidation mechanism. The protocol has experienced multiple distinct incidents since launch: a $10 million bad-debt event in June 2024 tied to the founder's oversized leveraged positions, an oracle-manipulation attack on the sDOLA market in March 2026 resulting in approximately $240,000 in borrower losses, an October 2025 market crash that left the CRV-long vault approximately $700,000 underbacked, and a May 2026 third-party exploit (Stake DAO) that forced the sunsetting of an associated Arbitrum LlamaLend market. The protocol's core contracts have not been directly compromised by a code-level hack, but recurring bad-debt events, oracle design flaws in permissionlessly created markets, and governance concentration risks have drawn sustained scrutiny including a flag from on-chain investigator ZachXBT.

SushiSwap is a decentralized exchange (DEX) and DeFi protocol launched in August 2020 as a fork of Uniswap, offering an automated market maker (AMM), governance token (SUSHI), and multi-chain liquidity pools. The protocol has endured a series of serious controversies spanning its entire history: a founding exit-scam attempt by anonymous creator Chef Nomi, early operational control handed to convicted fraudster Sam Bankman-Fried, an SEC subpoena issued to the protocol and its CEO in 2023, a $3.3 million smart contract exploit the same year, allegations that North Korean IT workers were embedded in its developer team, disputed DAO treasury centralization in 2024, and a governance process in late 2025 where a single wallet controlled 99.9% of a vote. TVL has declined approximately 98.7% from its 2022 peak of over $8 billion to roughly $100 million as of late 2025.

Gondi V3 is a decentralized, non-custodial NFT lending and borrowing protocol on Ethereum developed by Florida Street, which launched in July 2023 and raised a $5.35 million seed round from Hack.vc, Dragonfly Capital, and Pantera Capital. On March 9, 2026, the protocol suffered a smart contract exploit in its newly deployed Purchase Bundler component, resulting in the theft of approximately 78 NFTs valued at roughly $230,000 from users who had granted approvals to the vulnerable contract. The team disabled the affected feature, pledged full restitution using protocol fees, and engaged security firm Blockaid for a post-incident review; platform operations for other functions resumed the following day.

Loopring is an Ethereum Layer-2 zkRollup-based decentralized exchange protocol founded in 2017 by Daniel Wang. The protocol suffered a critical June 2024 security breach in which an attacker compromised the Official Guardian two-factor authentication server, draining approximately $5 million from 58 smart wallet accounts. Subsequent to the hack, Loopring wound down its consumer wallet product, shut down DeFi services, lost listings on major exchanges including Binance, Upbit, and Bithumb, and saw its CEO resign in August 2025, leaving the project's long-term viability in serious question.

Flow is a layer-1 proof-of-stake blockchain created by Dapper Labs, the company behind NBA Top Shot and CryptoKitties, with FLOW as its native token. The project has faced a serious 2025 protocol-level exploit ($3.9M stolen), a controversial rollback proposal that drew community backlash, multiple rounds of company layoffs, a $4M securities class-action settlement, a separate $7.05M privacy lawsuit settlement, SEC investigation, and delisting from major South Korean exchanges following the breach. The FLOW token has lost over 99% of value from its April 2021 all-time high of $46.16, trading near $0.033 as of mid-2026.

Trust Wallet is a widely-used non-custodial mobile and browser cryptocurrency wallet, originally acquired by Binance in 2018 and later divested as an independent entity. It has been the subject of multiple documented security incidents spanning 2022–2025, including a critical WebAssembly entropy vulnerability (CVE-2024-23660), a supply-chain compromise of its Chrome extension in December 2025 that resulted in approximately $8.5 million in user losses, and a historical low-entropy key generation flaw exploited in 2023. Blockchain investigator ZachXBT flagged the December 2025 browser extension incident and documented hundreds of victims.

Hedera is a public distributed ledger technology platform using a patented hashgraph consensus mechanism, launched to mainnet in September 2019. In March 2023, the network suffered a protocol-level exploit in its Smart Contract Service that drained approximately $600,000 in liquidity pool tokens from three decentralized exchanges, requiring a full mainnet proxy shutdown for 41 hours. The platform operates under a council governance model comprising up to 39 global enterprises, which provides institutional stability but draws criticism for centralization relative to permissionless blockchains.

ZKsync is an Ethereum Layer 2 scaling protocol built on zero-knowledge rollup technology, developed by Matter Labs, which has raised approximately $458 million in venture capital. The protocol has faced multiple significant controversies including a $5 million airdrop contract exploit in April 2025, a contentious 2024 token airdrop marred by sybil attack failures and community backlash, a South Korean regulatory probe into alleged price manipulation, compromised social media accounts spreading false SEC investigation claims, and an intellectual property theft lawsuit filed against Matter Labs by defunct firm BANKEX. User funds in the core protocol have not been directly compromised, but the pattern of incidents has substantially eroded community trust.

Yearn Finance is a decentralized yield aggregator on Ethereum that routes user deposits into lending protocols to maximize returns. Founded by Andre Cronje in 2020, the protocol has suffered at least four documented security exploits between 2021 and 2025, with aggregate losses exceeding $20 million, and its founder departed in 2022 citing sustained pressure from an SEC investigation. Governance concerns, an interconnected web of affiliated DeFi protocols implicated in their own major hacks, and repeated failures to deprecate vulnerable legacy code compound the protocol's risk profile.

Audius is a decentralized music streaming protocol and its native AUDIO token, launched in 2020 on Ethereum and subsequently migrated to Solana. On July 23, 2022, an attacker exploited a critical re-initialization vulnerability in Audius governance smart contracts, draining 18.56 million AUDIO tokens (valued at approximately $6 million at the time) from the community treasury before swapping them for approximately $1.08 million in ETH via Uniswap and routing funds through Tornado Cash. The platform has continued to operate since the exploit, deploying patched contracts and expanding user and artist partnerships, but the AUDIO token has declined approximately 99.6% from its all-time high and the exploit raised serious questions about audit quality.

Aave V3 is the third major iteration of the Aave decentralized lending protocol, one of the largest in DeFi with over $14 billion in total value locked across 21 chains as of May 2026. The protocol's core smart contracts have not been directly exploited; however, in April 2026, a $292 million bridge exploit targeting integrated asset KelpDAO's rsETH generated significant bad debt on Aave V3 markets, an event flagged by on-chain investigator ZachXBT. The protocol demonstrated institutional resilience by coordinating a cross-industry recovery fund (DeFi United) that ultimately raised over $327 million, with full rsETH operations restored by May 25, 2026.

Ankr is a Web3 infrastructure and liquid staking protocol founded in 2017, providing RPC endpoints for over 75 blockchains and BNB Chain-based liquid staking products. In December 2022, a former employee executed a supply chain attack that compromised Ankr's private deployer key, enabling unlimited minting of aBNBc tokens and resulting in approximately $5 million in direct losses, with cascading secondary losses of roughly $19 million through Helio Protocol's HAY stablecoin depeg. Ankr subsequently compensated affected users, implemented multi-signature controls, and continues to operate, though questions persist over the completeness of user reimbursement.

Yearn Ether (yETH) is a liquid staking token aggregation vault developed by Yearn Finance, launched under YIP-72 as a self-governed, permissionless product. On November 30, 2025, the yETH weighted stableswap pool was exploited via an arithmetic underflow and stale cache vulnerability, resulting in approximately $9 million in losses — the third major security incident involving a Yearn product since 2021. Approximately $2.4 million was partially recovered; roughly $6.6 million remains unrecovered, with a significant portion laundered through Tornado Cash.

Upbit is South Korea's largest cryptocurrency exchange by trading volume, operated by Dunamu and commanding approximately 70–80% of the domestic market. The exchange has suffered two significant security breaches — a $49M ETH theft in 2019 and a $36M Solana breach in November 2025, both attributed to North Korea's Lazarus Group — and has faced substantial regulatory sanctions including a $25M AML/KYC fine and a court-contested three-month partial business suspension. While Upbit has consistently reimbursed users from its own assets after security incidents and retains official VASP registration, its pattern of compliance failures, market dominance concerns, and repeated hacks present elevated risk.

Crypto.com is a Singapore-headquartered centralized cryptocurrency exchange founded in 2016 (originally as Monaco) by Kris Marszalek, Bobby Bao, Gary Or, and Rafael Melo. The platform has been subject to multiple serious security incidents, including a confirmed January 2022 hack in which $34 million was stolen via a 2FA bypass and laundered through Tornado Cash, and an alleged 2023 data breach linked to the Scattered Spider hacking group that the company did not publicly disclose to affected users. Blockchain investigator ZachXBT has publicly accused Crypto.com of governance manipulation and tokenomics fraud, citing the March 2025 reissuance of 70 billion CRO tokens that had been permanently burned in 2021, and the company's controversial 2020 forced swap from its original MCO token to CRO at unfavorable rates.

Hyperliquid suffered a documented ecosystem incident with reported losses of $37K on Arbitrum. This page tracks DeFiLlama's record of the event.

Matcha (matcha.xyz) is a DEX aggregator built and operated by 0x Labs, launched in 2020, that routes trades across 130+ liquidity sources on 15+ blockchains using the 0x Protocol. The core Matcha platform has no history of direct exploits; however, Matcha Meta — a related but distinct meta-aggregator product launched later by the same team — suffered a $13.4M exploit in January 2026 via a third-party SwapNet contract, affecting users who had disabled the platform's default one-time approval security setting. 0x Labs is a well-funded, established entity whose protocol contracts have been audited by Trail of Bits, OpenZeppelin, and Ouroboros, and whose bug bounty program offers up to $1M via Immunefi.

Raydium is a leading Solana-based automated market maker (AMM) and decentralized exchange (DEX) launched in February 2021 by a pseudonymous team. On December 16, 2022, a compromise of the protocol's admin private key enabled an attacker to drain approximately $4.4 million from eight liquidity pools; the stolen funds were subsequently laundered through Tornado Cash in January 2023. The team implemented a phased compensation plan and post-incident security upgrades, including migration of admin authority to a Squads multisig, but the incident exposed significant centralization risks that were not apparent prior to the exploit.

CoinSpot is an Australian cryptocurrency exchange founded in 2013 by Russell Wilson and headquartered in Melbourne. It is registered with AUSTRAC as a Digital Currency Exchange (since May 2018) and holds ISO 27001 certification. On November 8, 2023, the platform suffered a suspected private key compromise resulting in the loss of approximately 1,283 ETH (~$2.4 million USD), with stolen funds bridged to Bitcoin via THORChain and Wan Bridge. No customer funds were reported lost in the incident.

Coinbase (NASDAQ: COIN) is the largest publicly listed cryptocurrency exchange in the United States, founded in 2012 and regulated across multiple jurisdictions. Despite its regulated status, the platform has been the subject of significant documented concerns: a May 2025 insider-enabled data breach affecting approximately 70,000 users with estimated remediation costs of $180–400 million, ongoing documented losses exceeding $300 million per year from social engineering scams targeting Coinbase users (as reported by blockchain investigator ZachXBT), a $100 million AML compliance settlement with the NYDFS in 2023, and controversies surrounding its Base Layer-2 blockchain including a disputed token launch and a contentious departure from the Optimism OP Stack ecosystem.

Curve Finance is a major decentralized exchange and automated market maker (AMM) on Ethereum, optimized for low-slippage swaps of pegged assets such as stablecoins. On July 30, 2023, several of its liquidity pools were drained of approximately $70 million due to a reentrancy vulnerability in the Vyper smart contract compiler (versions 0.2.15, 0.2.16, and 0.3.0), one of the largest DeFi exploits of 2023. Separately, founder Michael Egorov's practice of using large CRV holdings as loan collateral across multiple DeFi protocols created systemic risk that culminated in a $140 million liquidation event in June 2024, generating over $10 million in bad debt across connected protocols.

1inch is a decentralized exchange (DEX) aggregator and liquidity protocol founded in 2019 by Sergej Kunz and Anton Bukov, operating across Ethereum and multiple EVM-compatible chains. The platform has experienced a series of security incidents between late 2024 and mid-2025, including a front-end supply chain attack, a private key compromise, a $5 million Fusion v1 resolver exploit, and a separate $5.87 million attack on a partner resolver — raising questions about operational security and smart contract lifecycle management. Additional concerns include alleged connections between co-founder Anton Bukov and the Russian FSS Academy, governance centralization risks, and sustained token value erosion since the 2021 peak.

Litecoin (LTC) is one of the oldest proof-of-work cryptocurrencies, created in October 2011 by former Google engineer Charlie Lee as a Bitcoin fork with faster block times and the Scrypt hashing algorithm. The protocol itself has a long operating history and has been formally classified as a digital commodity by U.S. regulators as of 2026. ZachXBT flagged Litecoin in connection with a January 2026 social engineering theft in which a single victim lost approximately $282 million in BTC and LTC — the largest individual crypto theft of that year — though the attack targeted a holder rather than representing any flaw in the Litecoin protocol or its development team.

Deribit is a crypto options and futures exchange founded in 2016 in the Netherlands by John and Marius Jansen, historically operated through a Panama-registered entity and now licensed under Dubai's VARA framework as Deribit FZE. The exchange suffered a $28 million hot wallet compromise on November 1, 2022, covering the loss entirely from its own balance sheet. Coinbase completed the acquisition of Deribit for approximately $2.9 billion on August 14, 2025, making it a subsidiary of a publicly traded, NASDAQ-listed U.S. company.

Bybit is a Dubai-headquartered cryptocurrency derivatives and spot exchange founded in 2018 by Ben Zhou, serving over 80 million registered users globally. On February 21, 2025, the exchange suffered the largest cryptocurrency theft in recorded history when North Korean state-sponsored hackers attributed to the Lazarus Group (TraderTraitor) stole approximately $1.46 billion in Ethereum via a supply chain compromise of Safe{Wallet}'s frontend infrastructure. Separately, Bybit accounts have been cited in the ICIJ's 2025 Coin Laundry investigation into crypto exchanges facilitating international criminal money flows.