├── .gitignore
├── README.md
└── list.md


/.gitignore:
--------------------------------------------------------------------------------
1 | *
2 | !.gitignore
3 | !list.md


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Documenting Economic Security Vulnerabilities
 2 | 
 3 | Whereas technical security comes from a lack of bugs in the code, economic security denotes a lack of bugs in the incentives.
 4 | 
 5 | Economic security vulnerabilities arise primarily from financial dependencies, which make a protocol's security a function of financial conditions.
 6 | 
 7 | This repo is _NOT_ for live vulnerabilities.
 8 | 
 9 | ## What is an economic vulnerability?
10 | 
11 | The protocol design process can be broken up into four stages:
12 | 1. Validation - The gathering of _**business requirements**_, resulting in a _**product spec**_ is validated by an the gathering of resources toward a protocol's development.
13 | 2. Design - Business requirements are translated into a _**design spec**_ that describe at a high level _how the protocol works_; evaluated with a design audit/economic security assessment.
14 | 3. Architecture - Modules are arranged such that the protocol is technically secure and gas efficient, resulting in _pseudocode_, evaluated as part of a technical audit.
15 | 4. Code - Functions are chosen, pseudocode is translated into actual _code_, evaluated in a technical audit.
16 | 
17 | Economic vulnerabilities arise from mistakes in the design. While protocol development is not always so straightforward, these vulnerabilities arise from the _non-technical considerations_ in protocol development.
18 | 
19 | Because of this, they are concerned with a set of disciplines that lie outside of the typical developer's expertise (e.g. economics, mechanism design, financial engineering). Economic vulnerabilities are marked by mistakes of this nature.
20 | 
21 | ## Schema
22 | 
23 | **Date:** mm/dd/yyyy US Date Standard (not sorry)
24 | 
25 | **Name:** Default to Twitter (X) name, in case of ambiguity, use existing name for consistency (e.g. if 'Compound Finance' currently in list, use 'Compound Finance' and not 'Compound'), otherwise, use your discretion
26 | 
27 | **Ecosystem:** 'Ethereum' includes mainnet + rollups including Optimism, Arbitrum, Polygon, etc.
28 | 
29 | **Protocol Type:** Choose from existing protocol types unless clearly a new category. Avoid subdividing categories, stick to top-level categories (e.g. Lending, not CDP; Stablecoin, not Seignorage Shares).
30 | 
31 | **Category:** Category of exploit; choose from existing
32 | 
33 | - Price manipulation
34 | - Oracle manipulation
35 | - Governance
36 | - ++
37 | 
38 | **Subcategory:** Subcategory of exploit; choose from existing, but subcategories are more flexible
39 | 
40 | **What happened:** A 2-3 sentence description of a description of the incident; simplify - avoid technical terms, function names, etc.
41 | 
42 | **Value lost by protocol:** Protocol's or users' losses, *not counting a decrease in price of a protocol's governance token*
43 | 
44 | **Value gained by exploiter:** Exploiter's net profit
45 | 
46 | **Source:** Link to a source, or multiple if a single source provides insufficient context
47 | 
48 | **Vulnerability Level**
49 | 
50 | Determined by profitability (Y/N) x barriers to execution
51 | 
52 | - **Low:** Unprofitable, permissioned (e.g. upgradable contracts with _no_ exogenous assets)
53 | - **Medium:** Unprofitable, permissionless (e.g. low-cost spam attack)
54 | - **High:** Profitable, "permissioned" i.e. significant barriers to entry (e.g. governance attack with large capital requirements)
55 | - **Critical:** Profitable, permissionless (e.g. flash loanable price manipulation)
56 | 
57 | ## Definitions
58 | 
59 | **Price manipulation:** Price is manipulated.
60 | 
61 | **Oracle manipulation:** The oracle, data feed, or data provider to a protocol is manipulated.
62 | 
63 | _P.S. "Flash loan" is not a category of economic exploit. A flash loan is a method for exploiting vulnerabilities. You may be looking for **Price manipulation** category, or **Critical** level vulnerability._
64 | 


--------------------------------------------------------------------------------
/list.md:
--------------------------------------------------------------------------------
 1 | # Economic Security Exploits & Vulnerabilities
 2 | 
 3 | |Date |Protocol |Ecosystem |Protocol Type |Category |Subcategory |What happened |Value lost by protocol |Value gained by attacker |Source |Vulnerability Level |
 4 | |---|---|---|---|---|---|---|---|---|---|---|
 5 | | 04/11/2025 | PancakeSwap | BNB Chain | DEX | Governance exploit | Suspicious voting | PancakeSwap proposed "Tokenomics Proposal 3.0" to eliminate the veCAKE system, which would severely impact projects built on it. Shortly before the proposal, wallet addresses (traced back to an old PancakeSwap treasury) suddenly locked massive amounts of CAKE (just under 50% of supply) across multiple addresses, potentially becoming the decisive voting bloc. If passed, these wallets could unlock immediately while projects building liquid lockers for veCAKE would face potential extinction as their business models would be eliminated. | Unknown | Unknown | https://rekt.news/sweet-betrayal/ | |
 6 | | 04/10/2025 | Synthetix | Ethereum | Stablecoin | Protocol design | Peg mechanism | SIP-420 introduced a protocol-owned staking pool that removed individual debt obligations, replacing them with a communal pool at a lower 200% collateral ratio. This structural change eliminated reflexive peg defense mechanisms - stakers no longer had incentive to buy cheap sUSD to repay personal debt. Combined with $80M+ SNX flowing into the pool and increased sUSD minting (2.5x more per SNX), supply surged while demand mechanisms lagged. This caused sUSD to depeg to as low as $0.83, with some Curve pools reaching 90%+ sUSD composition. The protocol remained overcollateralized but lacked short-term market incentives to restore the peg. | N/A | N/A | https://x.com/threesigmaxyz/status/1910371472780018168?s=43 | |
 7 | | 04/06/2025 | Arbitrum DAO | Arbitrum | Governance | Governance exploit | Vote buying | Vote buying through @lobbyfinance dramatically lowered the cost of governance attacks on Arbitrum DAO. A user purchased 19.3M ARB (~$6.5M) voting power for just 5 ETH (~$10K), and in another case 20.1M ARB votes cost only 0.0652 ETH. This mechanism created an economic imbalance where attackers could spend minimal amounts to control significant voting power and potentially extract value from the DAO treasury. For example, becoming an OAT member would pay 47.1 ETH plus potential bonuses of 100K ARB (18.7 ETH) - total 66 ETH return on a 5 ETH investment. This significantly reduced the cost-of-attack for potential governance exploits compared to traditional methods of accumulating governance tokens. | N/A | N/A | https://x.com/DefiIgnas/status/1909554283445387366 | |
 8 | | 03/26/2025 | Hyperliquid | Hyperliquid | Perps DEX | Protocol design | Market manipulation | A sophisticated trader coordinated an attack using three accounts funded with $7.17M total. They created balanced exposure by opening a $4.1M short position on JELLY at ~$0.0095 in one account and offsetting long positions totaling $4.05M in two other accounts. The trader then manipulated JELLY's price on external Solana DEXs, pumping it 426% to ~$0.05, triggering liquidation of the short position, which HLP inherited as backstop liquidation. Next, they simultaneously withdrew unrealized PnL from the profitable long accounts. The attack created an unrealized loss of $12M for HLP, threatening the entire $230M vault. Hyperliquid intervened by force-settling all JELLY positions at the original $0.0095 price. | $0 (after intervention) | -$1M (loss after intervention) | https://x.com/arkham/status/1905003319069688095 | Critical |
 9 | | 03/26/2025 | Polymarket | Polygon | Prediction Market | Governance exploit | Oracle manipulation | A large UMA token holder (whale) manipulated the outcome of a $7 million Polymarket bet on whether Ukraine would agree to a mineral deal with Trump before April 2025. The attacker controlled approximately 25% of UMA's voting power (5 million tokens across multiple accounts), allowing them to influence the dispute resolution process in UMA's Optimistic Oracle and force the market to resolve to "yes" despite no official agreement existing. Polymarket acknowledged the attack but did not issue refunds. | Unknown | ~$55,000 (largest winner) | https://x.com/wublockchain/status/1904772495649235117 | Critical |
10 | | 03/25/2025 | Abracadabra/Spell | Arbitrum | Lending | Smart contract | Flash loan vulnerability | An attacker exploited Abracadabra's cauldrons (smart contracts using GMX liquidity pools for lending/borrowing) by manipulating the liquidation process. Using a 7-step process within a flash loan, the attacker liquidated themselves while in a "flashloan state" where the borrower had no collateral. The vulnerability specifically affected the integration between Abracadabra's cauldrons and GMX V2's GM pools, allowing the attacker to profit from liquidation incentives. The stolen funds were subsequently bridged from Arbitrum to Ethereum. | $13M | 6,262 ETH | https://x.com/hklst4r/status/1904541046643495240 | |
11 | | 03/12/2025 | Hyperliquid | Hyperliquid | Perps DEX | Protocol design | Risk parameters | A trader opened a highly leveraged (50x) $340M ETH long position with $15.23M in USDC as collateral. After the position became profitable, they withdrew collateral to intentionally trigger liquidation, forcing the HLP vault to absorb the massive position. The liquidation system couldn't offload the position fast enough during market volatility, resulting in $4M in bad debt for HLP depositors. | $4M | $1.8M | https://x.com/chaos_labs/article/1901690776561590767 | 
12 | | 01/24/2025 | Thorchain | Thorchain | Cross-chain AMM | Financial design | Economic risk | Thorchain defaulted on its Lenders and Savers programs totaling $200M when redemptions accelerated amid concerns about protocol liabilities. The Lenders program allowed users to deposit BTC for 0% interest loans with no liquidation risk, effectively giving users a free call option. When BTC price rose against RUNE, redemptions required minting large amounts of RUNE, causing a price decline and death spiral. The protocol's "reflexivity" strategy backfired as it had created short BTC/RUNE positions. | $200MM |  | https://medium.com/thorchain/thorfi-unwind-96b46dff72c0 |  |
13 | | 01/09/2025 | Usual | Ethereum | Stablecoin/Yield | Protocol design | Deceptive redemption terms | Usual Protocol abruptly changed redemption terms for USD0++ from a 1:1 peg with USD0 to a $0.87 floor price for unconditional exits without proper warning. The sudden change caused USD0++ to depeg from $1 to as low as $0.89, triggered liquidations across lending platforms, and revealed conflicts of interest where MEV Capital (co-led by Usual co-founder) had hardcoded USD0++ oracles to $1 on certain platforms despite known future redemption changes. The ambush-style announcement caught users and partner protocols off guard, leading to immediate price collapse and bad debt in lending vaults. | Unknown | Unknown | https://x.com/DiogenesCasares/status/1877887923301081099 |  |
14 | | 09/11/2024 | Niftex | Ethereum | NFT Fractionalization | Governance exploit | Shotgun clause | An attacker identified a dormant NFT fractionalization platform with a "shotgun" clause allowing shareholders to propose buyouts. The attacker initiated a buyout of CryptoPunk #2386 for just 10 ETH (0.001 ETH per share), while its market value was approximately 600 ETH. A shareholder attempted to block the buyout but submitted a counterclaim below the required minimum (0.000001 ETH instead of 0.0010000001 ETH per share). Due to this miscalculation, the attacker was able to acquire the valuable NFT at a ~98% discount. | ~590 ETH | ~590 ETH | https://x.com/0xQuit/status/1833981567733301713 |  |
15 | | 09/06/2024 | Polymarket | Polygon | Prediction Market | Price manipulation | Spot liquidity | A derivative market of the main US presidential election market spawned, attracting enough liquidity to make manipulating the underlying market profitable for a motivated group. Whales unsuccessfully attempted to manipulate the underlying presidential market in order to profit on the derivative market. |  |  | https://x.com/Dumpster_DAO/status/1832148090452898235 |  |
16 | | 07/29/2024 | Compound Finance | Ethereum | Lending | Governance exploit | Hostile takeover |Golden Boys voting bloc led by Humpy accumulated COMP tokens over several months and pushed a proposal for COMP to earn yield in a novel scheme, granting themselves an additional 500,000 COMP in the process, giving them de facto control over the DAO. |  | $25m |[https://blockonomi.com/compound-finance-faces-controversy-over-24-million-proposal/](https://blockonomi.com/compound-finance-faces-controversy-over-24-million-proposal/) |  |
17 | | 06/10/2024 | UwU Lend | BSC | Lending | Price Manipulation |  | Exploiter borrowed tokens to manipulate prices in several pools to get a lower price when borrowing, and a higher price for the same tokens on being liquidated. |  | $23m | https://rekt.news/uwulend-rekt/ |  |
18 | | 06/25/2024 | Deans List/MetaDAO | Solana | Prediction Market | Price manipulation | Spot liquidity | A futarchy-based decision market utilizes a TWAP mechanism that updates the price based on a fixed number observations (or on-chain volume on the market) over a certain period of time.  Due to the lack of activity on the buy market, the TWAP price was manipulated by buying cheap fail tokens, pumping the fail market volume to manipulate the TWAP-derived price in the fail market, allowing the user to dump the now higher priced Dean List Token from the fail market on the spot market. | 6.6k USD | 6.6k USD | https://blog.metadao.fi/deans-list-proposal-2-b1cbca456469 |  |
19 | | 02/23/2024 | Compound Finance | Ethereum | Lending | Oracle | Oracle configuration | Compound's fallback oracle was triggered by an anomolous but legitimate 40% intrablock spike in the $UNI price. The difference between the primary oracle Chainlink, and the fallback oracle - a TWAP on the $UNI Uniswap v2 pool - was above the threshold, the fallback oracle price was used for Compound loans. Arbitrage bots quickly created loans on Compound which led to around $3 million of bad debt. |  | $3m | https://x.com/uriklarman/status/1761062094600864025 |  |
20 | | 1/22/2024 | Solana | Solana | L1 | MEV Bot | MEV | An MEV arbitrage bot operated by 2Fast was able to extract 1.8m USD in value from a WIF trader, based on a targeted strategy for the memecoin.  |  | 1.8m USD | https://www.theblock.co/post/272079/solana-based-mev-bot-earns-1-8-million-after-back-running-memecoin-trader-in-seconds |
21 | | 01/01/2024 | Synthetix | Ethereum  | Perpetual | Market manipulation | OI cap denomination  | The $TRB cap on Synthetix ballooned ~50x, from USD 250K (when set initially) to 12.5m USD at the pump's peak. The price was pumped across multiple exchanges, including Binance. The team set the OI caps denominated in TRB tokens, not the notional USD value amount, fully exposing the market to the $TRB pump. | $2m | $2m | https://twitter.com/omeragoldberg/status/1741654953691578737 |
22 | | 11/20/2023 | dYdX | Ethereum | Perpetual | Market manipulation | Spot liquidity | The attacker entered long positions on $YFI on dYdX and pushed up the price of $YFI on spot. The attacker withdrew unrealised profits and entered into more long positions. The price of $YFI 2x-ed but before the attacker could close their positions, $YFI crashed by 35% liquidating the attackers positions. The lack of liquidity led to dYdX covering the positions from their insurance fund | $9m | $11m | https://rekt.news/dydx-rekt/ https://dydx.exchange/blog/sushi-yfi-incident  |
23 | | 11/18/2023 | Indexed Finance | Ethereum | DAO | Governance exploit | Hostile takeover | Attacker targeted an inactive DAO that still held treasury assets. The attack was prevented by a close vote at the last moment. | None | None | <https://x.com/functi0nZer0/status/1725956393910280282> |  |
24 | | 10/11/2023 | Tangible | Polygon | Stablecoin |  |  | Stablecoin was backed by a mix of real estate and crypto collateral (DAI). A large series of DAI redemptions dropped the price far below peg. | 12m USD | 12m USD | https://blockworks.co/news/tangible-real-usd-illiquid-stablecoin-real-world-assets |
25 | | 10/11/2023 | Synthetify | Solana |  | Governance |  | A combination of a low threshold to pass DAO proposals, a largely inactive DAO, and low token price anabled the exploiter to drain the Synthetify treasury. The exploiter purchased the minimum amount of tokens needed to guarantee an approved proposal (~$4000 USD or 1.25% of the total circulating supply of the token) and pushed a malicious proposal to give them the ability to send DAO treasury funds to themselves. | $230k | $230k | https://blockworks.co/news/solana-exploit-dao-hacker/ |
26 | | 08/01/2023 | Circle | Ethereum |  | Vampire exploit |  | Tether is actively vampire attacking USDC. Since Tether has a 0.1% redemption fee but Circle has no redemption fee, Tether is buying USDC, redeeming them, and minting more USDT |  |  |[https://twitter.com/DeFi_Made_Here/status/1687820451463024641](https://twitter.com/DeFi_Made_Here/status/1687820451463024641) |
27 | | 07/07/2023 | NFTPerp | Ethereum | Perps DEX | Protocol design | vAMM balance failure | NFTPerp v1's vAMM model became insolvent when traders accumulated predominantly long positions on NFT floor prices without matching short positions. As the vAMM price rose to track external index prices, nearly all traders were in unrealized profit. When users attempted to realize these profits, the synthetic price curve collapsed due to insufficient liquidity. With no real assets backing price movements and minimal shorts to absorb funding payments, the protocol treasury had to subsidize funding costs, creating a death spiral where exits worsened price dislocations and triggered further withdrawals. | Unknown | N/A | https://x.com/nftperp/status/1677113298402066435 |
28 | | 06/13/2023 | Atlantis Loans | BSC | | Governance exploit | Governance, upgradeable contract | The attacker pushed and voted through a governance proposal granting them control of Atlantis Loans’ token contracts. They then upgraded with their own malicious contracts, allowing them to transfer tokens from any address which still had active approvals to Atlantis contracts. | $1m | | https://rekt.news/atlantis-loans-rekt/ |
29 | | 05/29/2023 | Jimbo | Arbitrum  | Stablecoin |  |  | Jimbo tried to make a rebalancing stablecoin. The attacker took a flash loan of 10k ETH to buy JIMBO tokens, inflating their price. A rebalance was triggered via the shift() function in the JimboController contract, draining all WETH liquidity and crashing JIMBO's price | $7.5m | $7.5m | https://rekt.news/jimbo-rekt/ |
30 | | 05/22/2023 | Tornado Cash | Ethereum |  | Governance |  | The attacker took control of the DAO via a trojan horse proposal, gaining control of the TORN governance token and the power to modify the router. They later published another proposal to revert the changes |None (~$275M at risk) |430 ETH (~$750k) |[https://rekt.news/tornado-gov-rekt/](https://rekt.news/tornado-gov-rekt/) |
31 | | 05/09/2023 | Aragon | Ethereum | DAO | Governance | Hostile Takeover | Conflict with "Risk-Free Value Raiders" activist investor group, led to fundamental defensive changes and general DAO collapse. Still unresolved as of late 2023. Fundamental issue: "The value of ANT did not keep pace with the value of the treasury behind the project." |  |  | https://blog.aragon.org/aragon-repurposes-dao-to-ensure-treasury-serves-its-mission/ |
32 | | 04/28/2023 | 0VIX | Polygon | Lending | Liquidation Exploit | Price Manipulation | The attacker used flash loans and price manipulation of vGHST to trigger a toxic liquidation spiral. By inflating vGHST prices through oracle manipulation, the attacker caused forced liquidations that left the protocol with $6.46 million in bad debt. | $4.33m | $6.46m | [https://medium.com/keom/0vix-exploit-post-mortem-steps-to-recovery-94e2e6d3b1e3](https://keomprotocol.medium.com/0vix-exploit-post-mortem-15c882dcf479) |
33 | | 04/13/2023 | RookDAO | Ethereum | DAO | Governance | Hostile Takeover | Conflict with "Risk-Free Value Raiders" activist investor group, who framed their actions in the narrative of "protecting users from rugpull". Social engineering (FUD disinformation campaign) leads to collapse of DAO, with treasury distribute to users. Even this distribution process turns out to be quite rocky. |  |  | https://unchainedcrypto.com/rfv-raiders-sold-450000-rook-from-treasury-migration/ https://www.coindesk.com/business/2023/04/13/rook-investors-begin-swapping-tokens-for-25m-crypto-treasury/ |
34 | | 03/14/2023 | Angle Protocol | Ethereum | Stablecoin |  |  | Angle ran out of liquidity following the Euler exploit due to its collateral mechanism. | $18.4m | |[https://anglemoney.notion.site/Angle-Protocol-Q-A-Regarding-Euler-Exploit-03af18cbe5e84430b3341b145554492e](https://anglemoney.notion.site/Angle-Protocol-Q-A-Regarding-Euler-Exploit-03af18cbe5e84430b3341b145554492e) |
35 | | 03/05/2023 | Iron Bank/Alpha Homora | Ethereum | | Governance/contractual issue | | Iron Bank freezes Alpha Homora token holders’ funds using multisig following Alpha Homora hack, threatening to rug them if not paid back. Maybe not an economic exploit, but another example of why not to build on top of upgradeable contracts. | $30m |None (funds frozen) |[https://rekt.news/iron-alpha/](https://rekt.news/iron-alpha/) |
36 | | 02/03/2023  | BonqDAO | Polygon | Stablecoin | Oracle | Oracle configuration | Tellor price updated with 10 TRB. Exploiter updated a Tellor oracle’s ALBT/MATIC price, stakes 0.1 ALBT and mints 100M bEUR, leaving the protocol with bad debt when he set the oracle price, this time lower to liquidate stakers of ALBT | $13m liquidity drained, exploiter netted ~$1.7m | Less than $2M | https://rekt.news/bonq-rekt/ |
37 | | 02/02/2023 | IPOR Protocol | Ethereum |  | Price manipulation |  | A user or group of users leveraged approximately $40m to manipulate interest rates on Aave and Compound for several hours and trade against IPOR LPs. | $55k | $55k | https://blog.ipor.io/ipor-usdt-index-sustained-oracle-attack-and-risk-mitigation-4f3618876a2c |  |
38 | | 12/12/2022 | Lodestar Finance | Arbitrum |  | Oracle Manipulation | Price manipulation | The attacker manipulated the price oracle of plvGLP collateral using flash loans, allowing them to drain the lending pools. The GLPOracle did not properly account for the impact of a user calling donate() on the GlpDepositor contract |~$6.5M |~$6.5M | https://rekt.news/lodestar-rekt/ |
39 | | 11/22/2022 | Aave | Ethereum | Lending | Liquidation Exploit | Bad debt | A short on CRV triggered a major liquidation on Aave, leaving $1.7 million in bad debt as the position exceeded available collateral for liquidation.| $1.7m | | https://blockworks.co/news/curve-stablecoin-crv-loan |
40 | | 10/19/2022 | Moola Market | Celo | Derivatives | Price Manipulation |Highly profitable trading strategy | A no-code exploit. Exploiter started with $180k in CELO, used some to borrow the protocol’s governance token, MOO to use as collateral. The exploiter then pumped MOO with the remaining CELO, which allowed them to borrow the remaining assets on | $8.4M |  | https://rekt.news/moola-markets-rekt/ |
41 | | 10/14/2022 | DAO Maker | Patex |  | Governance |  | Abject failure of governance |  |  | https://rekt.news/dao-maker-community-investigates/ |
42 | | 10/12/2022  | Mango Markets | Solana |  | Oracle manipulation |  | Highly profitable trading strategy. Exploiter manipulated the price of the MNGO token, causing $115M of bad debt | $115m | $115m | https://rekt.news/mango-markets-rekt/ |
43 | | 09/28/2022  | 0xbad | Ethereum |  |  |  | MEV bot takedown | 1,101 ETH | 1,101 ETH |[https://rekt.news/ripmevbot/](https://rekt.news/ripmevbot/) |
44 | | 07/28/2022 | Nirvana Finance | Solana  |  | Price Manipulation |  | Flash loan of 10m was used to mint ANA, inflating the price. This was redeemed against the Nirvana treasury at inflated prices for a profit. | $3.5m | $3.5m | https://rekt.news/nirvana-rekt/  https://twitter.com/0xFA2/status/1552576624121352193  https://www.justice.gov/usao-sdny/pr/former-security-engineer-international-technology-company-pleads-guilty-hacking-two|
45 | | 06/22/2022  | Bancor |Ethereum |  | Mechanism design |  |Bancor’s v3 design caused a death spiral in BNT’s price. Bancor paused the contract to prevent this |Not stated |Not stated |[https://rekt.news/bancor-lp-rekt/](https://rekt.news/bancor-lp-rekt/) |
46 | | 05/15/2022 | Perpetual Protocol | Gnosis Chain | Perps DEX | Protocol design | Liquidation failure | During the collapse of Terra's UST and LUNA, extreme market volatility overwhelmed Perpetual Protocol v1's liquidation mechanisms. The CREAM/USDC market experienced cascading failures when large positions became under-collateralized faster than the system could liquidate them. Oracle lag combined with rapid price movements meant positions went deeply negative almost instantly, beyond the system's self-correction capabilities. | $5.7M | N/A | N/A | High |
47 | | 05/13/2022 | Venus | BSC  |  | Oracle |  | Oracles on BSC mispriced LUNA in the chaos of the Terra collapse and enabled protocols dependent on them to be exploited. | $13.5m |  |  | https://rekt.news/venus-blizz-rekt/ |  |
48 | | 05/13/2022 | Blizz | BSC  |  | Oracle |  | Oracles on BSC mispriced LUNA in the chaos of the Terra collapse and enabled protocols dependent on them to be exploited. | $8.3m |  | https://rekt.news/venus-blizz-rekt/ |  |
49 | | 05/11/2022 | Drift Protocol | Solana | Perps DEX | Protocol design | Mark price manipulation | An attacker exploited Drift v1's vAMM pricing mechanism during Terra's collapse when oracle guardrails were disabled due to degraded oracle data. Using two accounts with ~$1.75M total collateral, they manipulated the vAMM price from ~$53 to over $285, creating a massive divergence from market price. One account realized and withdrew profits while the counterparty account generated unrecoverable bad debt. The exploit was possible because the protocol allowed profit withdrawal before counterparty losses were settled. | $8.7M | Unknown | https://driftprotocol.medium.com/drift-protocol-technical-incident-report-2022-05-11-eedea078b6d4 |
50 | | 05/10/2022 | Terra | Cosmos  | L1 | Mechanism design |  | Multiple mechanisms in Terra's Anchor Protocol which fueled its meteoric rise led to a death spiral in the price of LUNA. | $2.5b+ |  |  [https://eatsleepcrypto.com/terra-luna-tokenomic-post-mortem/](https://eatsleepcrypto.com/terra-luna-tokenomic-post-mortem/) |
51 | | 05/09/2022  | Fortress Protocol | BSC | | Governance exploit |  | A malicious governance proposal was passed which gave exploiter the ability to cheaply liquidate the treasury | $3m | $3m | https://rekt.news/fortress-rekt/ |
52 | | 04/18/2022 | Beanstalk | Ethereum  |  | Governance |  | A large flash loan was taken out by the exploiter, who aggregated tokens and from several pools in order to accumulate voting power in Beanstalk, then voted to transfer all the assets to himself. | $181m | $76m | https://rekt.news/beanstalk-rekt/ |
53 | | 04/13/2022 | Elephant Money |BSC | Stablecoin | Oracle manipulation |  | The attacker used flash loans to manipulate the price of the $ELEPHANT token during the minting process of the project’s stablecoin $TRUNK | $22.2m | $11.2m | [https://rekt.news/elephant-money-rekt/](https://rekt.news/elephant-money-rekt/) |
54 | | 04/02/2022 | Inverse Finance | Ethereum |  | Oracle Manipulation | |The exploiter swapped ETH for INV with low liquidity, changing the price 50x, then deposited $644k worth of INV and borrowed $15.6m against the protocol. | $15.6m | $15.6m |[https://rekt.news/inverse-finance-rekt/](https://rekt.news/inverse-finance-rekt/) |
55 | | 03/31/2022 | Neutrino Dollar | Waves | Stablecoin | Mechanism design |  | Neutrino (USDN) began to depeg as the value of its collateral, WAVES - the native token of the Waves blockchain and ecosystem - trended lower. The depeg entered a death spiral, as panicked holders redeemed USDN for WAVES and sold, driving the price down further. |  |  | https://cointelegraph.com/news/neutrino-dollar-breaks-peg-falls-to-0-82-amid-waves-price-manipulation-accusations |
56 | | 03/15/2022 | Deus DAO | Ethereum |  | Oracle manipulation | | Exploiter tricked the oracle into inflating the price of DEI, which was used as collateral to borrow funds from the protocol |~$3M |~$3M |[https://rekt.news/deus-dao-rekt/](https://rekt.news/deus-dao-rekt/) |
57 | | 2/14/2022 | Build Finance | Ethereum | DAO | Governance exploit | Hostile Takeover | Attacker created a proposal to claim the treasury for themselves. Despite repeated attempts to rally community support, there was not enough interest to vote the proposal down. | Total collapse | $450k | https://www.cryptotimes.io/2022/02/15/build-finance-suffered-hostile-governance-takeover-lost-470k/ |
58 | | 01/15/2022 | Float Protocol | Ethereum | Lending | Oracle manipulation | Liquidity oracle | Attacker exploited low liquidity in the FLOAT/USDC Uniswap V3 pool that was used as an oracle for Rari Capital's Pool 90. After ~$1M was withdrawn from the pool (leaving only ~$550k), the attacker swapped 47 ETH (~129,447 USDC) to 77.5k FLOAT, dramatically increasing the price. After waiting 2-7 minutes for time-weighted oracles to update, they deposited FLOAT at the inflated price into Rari Fuse to borrow other assets, then sold FLOAT back to return the price. Primary victims were Float Protocol treasury, FRAX AMO, and FEI PCV deposits, with approximately $25k in user funds lost. | Unknown | Unknown | https://twitter.com/FloatProtocol/status/1433448371255300099 |  |
59 | | 11/18/2021 | Uniswap | Ethereum | DEX | Externality |  | Poor understanding of Uniswap v3 led to LPs’ impermanent loss (IL). | Over $260M in impermanent loss | |[https://rekt.news/uniswap-v3-lp-rekt/](https://rekt.news/uniswap-v3-lp-rekt/) |
60 | | 11/17/2021 | ParaSwap | Ethereum  | DEX | Sybil |  | A single wallet posed as many distinct users in order to receive a greater share of tokens airdropped to users. | | | https://rekt.news/airdrop-hunters/ |
61 | | 10/28/2021 | CREAM Finance | Ethereum | Lending |  |  | Exploiters manipulated the price of the underlying yUSDVault token to double the value of their collateral, ultimately draining Cream's lending vaults of about $130 million. | $130m | $130m | https://rekt.news/cream-rekt-2/ |
62 | | 10/15/2021 | Indexed Finance | Ethereum | Yield | Mechanism design |  | Indexed Finance attempted to maintain an index of multiple tokens by rebalancing onchain. The exploiter used a flash loan to manipulate the weights of assets in the DEFI5 and CC10 pools. This allowed him to deposit small amounts of over-weighted SUSHI tokens, minting inflated DEFI5 tokens which were then cashed out for other assets, resulting in a $16 million loss. | $16m | $16m | https://ndxfi.medium.com/indexed-attack-post-mortem-b006094f0bdc
63 | https://rekt.news/indexed-finance-rekt/ |
64 | | 7/18/2021 | PancakeBunny | Polygon | Yield | Mechanism design | Rewards calculation |  | $2.4m | $2.4m | https://rekt.news/pancakebunny2-rekt/ |
65 | | 7/14/2021 | ApeRocket  | BSC, Polygon | Yield | Mechanism design | Rewards calculation | Attacker made an initial deposit of 509k $CAKE into the ApeRocket AutoCake vault while another 1.1m $CAKE was transferred to the same vault as the reward. When withdrawn, $SPACE tokens were minted proportional to the rewards. | $1.26m | $1.26m | https://inspexco.medium.com/aperocket-finance-incident-analysis-improper-reward-minting-52153a8958fa https://twitter.com/peckshield/status/1415187038605758464 |
66 | | 06/29/2021 | Merlin Labs | BSC  |  | Mechanism design | Rewards calculation | The logic of reward issuance was such that the exploiter could profitably trick the contract into thinking he deserved rewards. | $330k | $330k | https://rekt.news/merlin3-rekt/ |
67 | | 06/28/2021 | SafeDollar | Polygon | Stablecoin | Mechanism design | Rewards calculations | The economic exploit in the SafeDollar case involved manipulating the protocol's reward mechanism to claim enormous amounts of SDO tokens. The attacker depleted the PLX balance of the pool and inflated the reward rate, eventually crashing the price of SDO to zero and making off with 202k USDC and 46k USDT | $248k | $248k | https://rekt.news/safedollar-rekt/ |
68 | | 06/17/2021 | Iron Finance | BSC, Polygon | Stablecoin | Mechanism design | Algorithmic | Iron Finance collateralized its stablecoin IRON with USDC and its own governance token, TITAN, which was issued in a mint-and-burn scheme proportional to its time-weighted average price. Market sells of TITAN spooked IRON holders who then sold, causing IRON to depeg. The arbitrage opportunity from redeeming a depegged IRON for TITAN created a death spiral that led to the total collapse of the protocol. | From $2b TVL to ~$260M |  | https://www.youtube.com/watch?v=HUokre-szPg |
69 | | 05/26/2021 | Merlin Labs | BSC |  | Mechanism design | Rewards calculation | Exploiter sent BNB directly to the address used in reward calculations. | $680k | $680k | https://rekt.news/merlinlabs-rekt/ |
70 | | 05/20/2021 | PancakeBunny | BSC  |  | Mechanism design | Rewards calculation | Exploiter flash loaned and deposited BNB into pools receiving BUNNY rewards, claimed those rewards within the same block, repaid the loan, then dumped the tokens. | $45m | $45m | https://rekt.news/pancakebunny-rekt/ |
71 | | 05/12/2021 | xToken | Ethereum  | Yield | Oracle | Price manipulation | xToken allowed users to mint xAssets based on the prices in Uniswap pools. The exploiter used a flash loan to manipulate prices in these pools and mint an inflated amount of xAssets which were sold on the market. | $24m |  | https://rekt.news/xtoken-rekt/ |
72 | | 04/07/2021 | Fei | Ethereum | Stablecoin | Mechanism design | Direct incentives | A death spiral in the newly launched FEI stablecoin was triggered by supply shocks. |  |  | https://rekt.news/fei-rekt/ |
73 | | 02/05/2021 | Yearn | Ethereum | Yield |  |  | The exploiter repeatedly arbitraged the Yearn DAI v1 vault using flash loans while Yearn developers had disabled withdrawal fees in order to migrate liquidity. The Yearn exploit was possible because the withdrawal fee had been turned off for vault migration, making it an opportunistic exploit rather than a fundamental flaw in Yearn's economic design. | $11m | $2.7m | https://rekt.news/yearn-rekt/ |
74 | | 12/18/2020 | Warp Finance | Ethereum | Lending | Price manipulation | Spot price oracle | Warp relied on a Uniswap liquidity pool as an oracle. The exploiter traded through the pool, manipulating the price and borrowing against the protocol. | $7.8m | $950k | https://rekt.news/warp-finance-rekt/ |
75 | | 11/26/2020 | Compound | Ethereum | Lending | Oracle | Oracle selection | Compound’s dependence on Coinbase's price oracle led to $110m in liquidations. | $110M |  | https://rekt.news/coinbase-the-oracle/ |
76 | | 11/14/2020 | Value DeFi | Ethereum | Yield | Price manipulation | Spot price oracle |  |  |  | https://peckshield.medium.com/value-defi-incident-root-cause-analysis-fbab71faf373 |
77 | | 11/6/2020 | Cheese Bank | Ethereum | Lending | Price manipulation | Spot price oracle | Cheese Bank accepted LP tokens of its native token paired against ETH as collateral for borrowing. The exploiter deployed a contract which flash loaned 21,000 ETH to purchase CHEESE, create LP tokens, inflate the value of CHEESE and those LP tokens, and borrow Cheese Bank's entire TVL against the inflated position. | $3.3m | $3.3m | https://peckshield.medium.com/cheese-bank-incident-root-cause-analysis-d076bf87a1e7 |
78 | | 10/26/2020 | Harvest Finance | Ethereum  | Yield | Mechanism design |  |  | $24m | $24m | https://rekt.eth.link/harvest-finance-rekt/ |
79 | | 3/14/2020 | MakerDAO | Ethereum | Lending | Mechanism design |  | MakerDAO's zero-bid day aka Black Thursday | $8.3m | $8.3m | https://medium.com/@whiterabbit_hq/black-thursday-for-makerdao-8-32-million-was-liquidated-for-0-dai-36b83cac56b6 |
80 | | 2/2/2020 | Steemit |  | L1 | Governance | Hostile takeover | Justin Sun offered to buy the Steemit blockchain from the original founders who controlled it. The community of users revolted, leading to intricate maneuvering in both communications channels and delegation/voting maneuvering. |   |  -$| https://decrypt.co/38050/steem-steemit-tron-justin-sun-cryptocurrency-war<br><br>https://blockchain.news/news/vitalik-buterin:-time-will-tell-whether-the-hive-blockchain-will-surpass-steem<br><br>https://www.altcoinbuzz.io/spotlight/peoples-hive-vs-justin-suns-steem-decentralization-wins/ |
81 | | 6/25/2019 | Synthetix | Ethereum | Synthetic Asset | Oracle configuration | Single source | A bot exploited an error in the price reported for KRW that was 1000x what it should have been. Synthetix took the average of two APIs (one with the error), allowing the bot to make a nominal profit of $1bn in the window that the price was being reported. However, SNX market cap was just under $40m at the time, and the owner of the bot returned the funds in exchange for an undisclosed bug bounty. | Undisclosed bug bounty | Undisclosed bug bounty | https://blog.synthetix.io/response-to-oracle-incident/ |
82 | | 6/08/2013 | Feathercoin | Feathercoin | L1 | 51% attack | Malicious | Sustained 51% attack leading to multiple orphaned blocks, shortly after the chain voted to reduce hash power. The attacker appeared to be malicious rather than primarily economically motivated. | $10k |  | https://www.coindesk.com/markets/2013/06/10/feathercoin-hit-by-massive-attack/ |
83 | 


--------------------------------------------------------------------------------