Major crypto exploits, year-to-date
Aggregated incidents across DeFi, CEX, bridges, and wallets. Filter to spot emerging attack trends.
Total stolen
$1.02B
17 incidents
Recovered
$137M
13.4% recovery rate
Largest single loss
$312.0M
Chains affected
10
across active filters
Chain
Category
Cumulative losses · 2026
$1.02B totalAttack vectors by $ lost
Private Key Compromise$598.4M · 58%
Bridge Exploit$201.4M · 20%
Flash Loan$57.0M · 6%
Access Control$51.7M · 5%
Oracle Manipulation$41.5M · 4%
Reentrancy$36.5M · 4%
Smart Contract Bug$14.3M · 1%
Social Engineering$11.2M · 1%
Phishing$6.7M · 1%
Frontend Hijack$4.8M · 0%
Incident log · 17 events
live feed| Chain | Category | Vulnerability | Recovery | Source | |||
|---|---|---|---|---|---|---|---|
| May 21 | BaseLend Deprecated multisig retained owner privileges. | Base | DeFi | Access Control | $18.60M +$7.5M back | Partial | CertiK |
| May 13 | BNBVault Single-source Chainlink fallback manipulated via low liq. | BNB Chain | DeFi | Oracle Manipulation | $22.10M | Lost | PeckShield |
| May 05 | SolanaSwapr Atomic arb reverted by validator coordination. | Solana | DeFi | Flash Loan | $9.80M +$9.8M back | Recovered | Immunefi |
| Apr 27 | BinarisCEX Cold storage breach attributed to nation-state actor. | Ethereum | CEX | Private Key Compromise | $198.40M +$45.0M back | Partial | SlowMist |
| Apr 18 | HyperBridge Light-client proof verifier accepted malformed headers. | Arbitrum | Bridge | Bridge Exploit | $76.90M +$3.0M back | Ongoing | CertiK |
| Apr 10 | ApeNFT Market Discord admin compromise → fake mint stole assets. | Ethereum | NFT | Social Engineering | $11.20M | Lost | PeckShield |
| Apr 02 | OptiYield Cross-function reentrancy in reward distributor. | Optimism | DeFi | Reentrancy | $27.60M +$9.0M back | Partial | Immunefi |
| Mar 25 | AvaxKingdom DNS hijack served malicious approval prompts. | Avalanche | Gaming | Frontend Hijack | $4.80M | Lost | CertiK |
| Mar 17 | PolyLend Rounding error patched; funds returned via bounty. | Polygon | DeFi | Smart Contract Bug | $14.30M +$14.3M back | Recovered | PeckShield |
| Mar 09 | Tronix Exchange Insider exfiltration of multisig signer keys. | Tron | CEX | Private Key Compromise | $88.00M +$22.0M back | Partial | SlowMist |
| Mar 01 | BasedPerps Unprotected admin function set fee recipient to attacker. | Base | DeFi | Access Control | $33.10M +$1.5M back | Ongoing | Immunefi |
| Feb 19 | MetaVaultX Mass phishing kit drained delegated approvals. | Ethereum | Wallet | Phishing | $6.70M | Lost | CertiK |
| Feb 11 | SolFlare Pools Pyth feed lag exploited for arbitrage drain. | Solana | DeFi | Oracle Manipulation | $19.40M +$4.2M back | Partial | PeckShield |
| Feb 03 | Krakenize Hot wallet keys exfiltrated via supply-chain attack. | Bitcoin | CEX | Private Key Compromise | $312.00M | Lost | SlowMist |
| Jan 22 | ZenithSwap Whitehat returned funds after reentrancy in claim(). | BNB Chain | DeFi | Reentrancy | $8.90M +$8.9M back | Recovered | Immunefi |
| Jan 14 | NovaBridge Signature verification flaw allowed forged withdrawal proofs. | Ethereum | Bridge | Bridge Exploit | $124.50M | Ongoing | CertiK |
| Jan 08 | OrbitDEX Flash loan-driven price manipulation drained LP pools. | Arbitrum | DeFi | Flash Loan | $47.20M +$12.0M back | Partial | PeckShield |