Author: Changan | Biteye Content Team

In April 2026, Kelp DAO was hacked for $292 million. Attackers used uncollateralized tokens to borrow real assets on Aave, causing more than $200 million in bad debts within 46 minutes.

This is just one of many thefts this year. Drift was stolen $285 million, Step Finance was stolen about $30 million, and Resolv Labs was stolen about $23 million. The news of thefts comes one after another. Before the industry can even react, the next project to be stolen has already appeared.

Are there any patterns behind these incidents? How exactly do hackers attack protocols? (Related reading: Why is DeFi so frequently attacked by hackers? You may have overlooked these warning signs )

This article reviews 20 of the most representative theft cases from history and recent times, attempting to find answers from them.

Based on the 20 cases we analyzed, three clear patterns emerge:

Technical vulnerability cases accounted for the majority, but the losses per case were relatively limited; while privilege and social engineering attack cases were fewer, they contributed the vast majority of the total losses.
The scale of privilege-based attacks continues to escalate. In 20 cases, North Korean hackers were implicated in the four incidents that resulted in the greatest losses.
The battleground for technical vulnerabilities is shifting, and cross-chain bridges have never been truly secure.

I. Top 10 items with the largest stolen amounts

1. Project Name: Bybit (Amount Stolen: $1.5B | Time: February 2025)

Reason for theft:

The North Korean hacking group Lazarus Group (FBI and ZachXBT high-confidence attribution, codenamed "TraderTraitor") broke into Safe Wallet's multi-signature mechanism by hijacking the front-end UI and committing multi-signature fraud.

Attackers injected malicious JavaScript code into the Safe wallet frontend. When the multi-signature holder (6 signers) executed a regular cold wallet transfer, the UI displayed a normal receiving address and amount, but the underlying call data was tampered with, redirecting 401,000 ETH to the attacker's address. Under this "what you see is not what you get" deception, 3/6 of the signers approved the transaction, and the funds were instantly lost.

The fundamental problem: multi-signature relies on a human-computer interaction layer, and the lack of independent verification at the front end led to a failure of mathematical security; Tether froze related USDT within hours, while Circle delayed freezing USDC by 24 hours, exacerbating the losses. This incident exposed the fatal threat of social engineering + UI attacks to centralized exchanges, prompting the development of transaction verification networks such as Safenet.

This incident bears a striking resemblance to the Drift Protocol (April 2026, $285M) pattern: targeted social engineering to build trust, followed by UI/signature fraud, marking a shift in hackers from contract vulnerabilities to "human-machine weaknesses".

In the subsequent handling, Bybit quickly used its own funds to fully compensate for all losses, ensuring that users suffered zero losses, and the platform is currently operating stably.

2. Project Name: Ronin Network (Stolen Amount: $624M | Time: March 2022)

Reason for theft:

The North Korean hacking group Lazarus Group successfully gained full control of the private keys of the verification nodes through social engineering and backdoor techniques.

The attackers compromised Sky Mavis's internal systems and, using a backdoor in a gas-free RPC node, gained control of five of the nine validator nodes (including four Sky Mavis nodes and one Axie DAO node). They then fabricated two fake withdrawal transactions, illegally withdrawing 173,600 ETH and 25.5M USDC.

The root cause of this incident lies in the fact that verification authority is highly concentrated in a small number of nodes in the cross-chain bridge design. The threshold that only requires 5 signatures out of 9 nodes to complete the operation is practically non-existent in the face of targeted social engineering attacks.

3. Project Name: Poly Network (Amount Stolen: $611M | Time: August 2021)

Reason for theft:

The core reason for the Poly Network theft was a serious vulnerability in the permission management design of cross-chain contracts.

The attacker exploited the relationship between two high-privilege contracts, EthCrossChainManager and EthCrossChainData, to forge an executable function call. Since EthCrossChainManager itself has the permission to modify the Keeper public key, and the _method parameter used in the call can be user-defined, the attacker successfully invoked the putCurEpochConPubKeyBytes function, which is normally only executable by high-privilege users, by constructing a hash collision.

In this way, the attacker replaced their own public key with the public key of the legitimate administrator, gained control of cross-chain assets, and ultimately transferred funds out of multiple chains.

4. Project Name: Wormhole (Stolen Amount: $326M | Time: February 2022)

Reason for theft:

Normally, if a user wants to transfer assets from one blockchain to another, the system must first confirm that the asset has indeed been deposited and that the relevant signature is indeed genuine and valid. Only then will the corresponding asset be generated on the other blockchain.

Wormhole's problem lies in this "signature verification" step. Wormhole's code uses an outdated and insecure function to check the legitimacy of a transaction. This function is intended to confirm whether the system has actually performed signature verification. However, its check is not rigorous, giving attackers an opportunity.

Attackers exploited this vulnerability to forge a set of seemingly "verified" information, misleading the system into believing that the cross-chain transaction was genuine and valid. In other words, the system should have first verified whether the money had actually been locked up, but because the verification process was bypassed, the system directly trusted the false proof submitted by the attacker.

Thus, the attackers created a large amount of wETH out of thin air without actually depositing enough assets. After these assets were generated, they were further transferred out and exchanged, ultimately causing Wormhole to lose approximately $326 million.

5. Project Name: Drift Protocol (Stolen Amount: $285M | Time: April 2026)

Reason for theft:

The DPRK hacking group conducted a six-month targeted penetration attack, combining it with the Solana Durable Nonce presignature scam.

Beginning in the fall of 2025, attackers posed as a quantitative trading firm, establishing offline trust relationships with Drift contributors at multiple international crypto conferences and investing over a million dollars to join Ecosystem Vault to build credibility. After gaining trust, the attackers induced Security Council members to pre-sign multiple seemingly harmless transactions: using Solana's Durable Nonce mechanism to hide management transfer instructions within them. Simultaneously, Drift completed its migration to zero-latency multisignature, eliminating the window for post-transaction detection and intervention.

After gaining control of the protocol, the attackers registered a fake token, CVT, with only a few hundred dollars of real liquidity. They created a false price by buying and selling their own tokens, and then deposited 500 million CVT as collateral into the protocol, lending out $285 million worth of USDC, SOL, and ETH. The entire execution phase lasted only 12 minutes.

Drift officials and the SEAL 911 security team attributed the attack to the DPRK-affiliated organization (a North Korean state-sponsored hacking group) with "medium to high confidence." The perpetrators were not North Koreans, but rather third-party intermediaries controlled by the organization to conduct offline contact.

6. Project Name: WazirX (Stolen Amount: $235M | Time: July 2024)

Reason for theft:

The core of this attack lies in the gradual compromise of the multi-signature wallet, which was eventually replaced by a malicious contract.

The attackers first gained access to some signers through phishing and other methods (including direct breaches and induced signatures). Building on this, they then misled other signers by forging an interface, causing them to unknowingly approve malicious transactions.

After collecting enough signatures, the attacker did not directly transfer the assets. Instead, he used the upgrade mechanism of the multisignature wallet to perform a contract upgrade operation, replacing the original implementation contract with a malicious contract he deployed.

After the malicious contract was configured with new execution logic, all subsequent transactions were redirected, and funds continuously flowed to the attacker's address. Ultimately, control of the multi-signature wallet was completely taken over, and on-chain assets were gradually transferred out.

7. Project Name: Cetus (Stolen Amount: $223M | Time: May 2025)

Reason for theft:

This attack stemmed from an arithmetic overflow vulnerability in the protocol's liquidity calculation.

Specifically, Cetus has a boundary check error in the mathematical functions it uses when handling large number calculations. When a value just reaches a critical value, the system fails to correctly identify the impending overflow and continues to execute the calculation, resulting in an abnormally amplified result.

The attackers constructed an operational procedure around this point:

First, extreme price conditions are created through large-scale transactions. Then, liquidity positions are established within a specific range, with only a very small amount of assets (dust level) invested. Under these conditions, an overflow problem is triggered in the contract, causing the system to calculate that the attacker should receive a much larger share of liquidity than actually invested.

The attackers then used these amplified shares to perform liquidity removal operations, withdrawing far more assets from the pool than were invested. This process could be repeated, continuously draining funds from the pool and ultimately causing massive losses.

8. Project Name: Gala Games (Amount Stolen: $216M | Time: May 2024)

Reason for theft:

The core of this attack lies in the compromise of the private key of the high-privilege minting account, which rendered access control ineffective.

Gala's contract itself imposes access restrictions on the mint function, but the private key of one of the accounts with minting privileges (the minter account) was obtained by an attacker. This account had not been used for a long time, but still retained full high privileges.

After gaining control of the account, the attacker directly invoked the contract's minting function, minting approximately 5 billion GALA tokens and transferring them to a personal address. The attacker then converted these tokens into ETH in batches on the market, cashing out.

Throughout the entire process, no smart contract vulnerabilities were exploited; instead, malicious operations were performed directly using legitimate permissions.

9. Project Name: Mixin Network (Amount Stolen: $200M | Time: September 2023)

Reason for theft:

The core of this attack lies in the fact that Mixin stores its private keys in a centrally managed cloud database.

Mixin Network claims to be maintained by 35 mainnet nodes and supports cross-chain transfers across 48 public chains. However, the private keys for its hot wallets and a large number of deposit addresses were stored in a database of a third-party cloud service provider in a "recoverable manner." In the early morning of September 23, 2023, attackers breached this database and extracted these private keys in bulk.

After obtaining the private key, the attacker did not need to crack any contract logic and directly initiated transfers with a legitimate identity. On-chain records show that the attacker emptied addresses sequentially in descending order of balance, involving more than 10,000 transactions over several hours. The main assets included approximately $95.3 million in ETH, $23.7 million in BTC, and $23.6 million in USDT, with the USDT being quickly exchanged for DAI to avoid being frozen.

10. Project Name: Euler Finance (Amount Stolen: $197M | Time: March 2023)

Reason for theft:

The core of this attack lies in the inconsistency between the asset and liability calculation logic within the protocol, which was amplified and exploited by Flash Loan.

Specifically, when Euler's DonateToReserve function is executed, it only destroys the eToken representing the collateral asset, but does not simultaneously destroy the dToken representing the debt, thus breaking the correspondence between "collateral" and "liability" in the system.

In this situation, the agreement may mistakenly assume that the collateral has decreased and the debt structure has changed, thus creating an abnormal asset status.

The attackers constructed a complete operational process around this point:

First, a large amount of funds is borrowed through flash loans. Deposits and loans are then made within the protocol, repeatedly adjusting the relationship between eTokens and dTokens. Exploiting this logical flaw, the system continuously generates incorrect asset/liability statuses, thereby obtaining loan amounts exceeding the actual collateral capacity.

After gaining abnormally amplified lending capacity, the attackers withdrew the funds in batches and transferred them out through various assets (DAI, USDC, stETH, wBTC). The entire process was completed in a single transaction, but the gains were amplified through multiple operations, ultimately resulting in a loss of approximately $197 million.

II. Ten projects recently stolen

1. Project Name: Hyperbridge (Amount Stolen: Approximately $2.5 million, April 2026)

Reason for theft:

The core issue in this incident is a flaw in the proof and verification logic of Token Gateway.

The attacker exploited a missing input validation error in the MMR (Merkle Mountain Range) proof verification to forge a cross-chain proof that should not have passed. Because the system mistakenly treated this invalid proof as valid, the attacker gained administrative control of the bridged DOT contract on Ethereum, subsequently minting approximately 1 billion counterfeit bridged DOTs and dumping them on the DEX.

Meanwhile, the attack also affected DOT pools on Ethereum, Base, BNB Chain, and Arbitrum, with the official estimate of losses later revised from approximately $237,000 to approximately $2.5 million.

2. Project Name: Venus Protocol (Amount Stolen: Approximately $3.7 million to $5 million, March 2026)

Reason for theft:

The core of this attack lies in the fact that the supply cap verification can be bypassed, and the logic for calculating the exchange rate can be exploited.

Specifically, when calculating market funds, Venus directly uses balanceOf() to read the actual balance in the contract; however, the supply cap limitation is only checked in the mint() process.

The attacker bypassed the mint() function by directly transferring the underlying assets to the vToken contract (ERC-20 transfer), thus circumventing the supply cap check.

Because these funds are included in the contract balance, the system considers the pool assets to have increased when calculating the exchange rate, but the corresponding number of vTokens has not increased, resulting in an abnormally high exchange rate.

In this scenario, the value of the collateral assets held by the attacker is amplified, thereby granting them borrowing power far exceeding their actual capacity.

Subsequently, the attackers exploited the inflated collateral value to repeatedly borrow, inflate the price, and then borrow again, extracting various assets from the protocol and ultimately causing a loss of approximately $5 million.

3. Project Name: Resolv Labs (Amount Stolen: Approximately $23 million to $25 million, March 2026)

Reason for theft:

The core of this attack lies in the compromise of the critical signature private key and the lack of upper limit verification for minting in the on-chain contract.

Resolv's USR minting process relies on an off-chain service: the user first submits a request, which is then signed by a system holding a privileged private key (SERVICE_ROLE), and finally the contract executes the minting.

However, the contract itself only checks whether the signature is valid, and does not verify whether the quantity minted is reasonable, nor does it include collateral ratios, price oracles, or maximum minting limits.

The attacker compromised the project's cloud infrastructure and obtained the signing private key, thus enabling them to generate legitimate signatures on their own.

After gaining signing privileges, the attacker used a small amount of USDC (approximately $100,000–$200,000) as input, forged parameters, and directly minted approximately 80 million USR tokens without collateral support.

Subsequently, these uncollateralized USR were quickly exchanged for other stablecoins and eventually for ETH. Funds were gradually transferred out, and at the same time, a large increase in supply caused the price of USR to quickly de-peg.

4. Project Name: Saga (Amount Stolen: Approximately $7 million, January 2026)

Reason for theft:

The core of this attack lies in the flawed verification logic of the EVM precompile bridge.

SagaEVM uses an Ethermint-based EVM implementation, but there is an undiscovered vulnerability in the code that affects the transaction verification logic of the cross-chain bridge.

Attackers bypassed the checks on "whether collateral assets have been deposited" and "stablecoin supply limits" during the bridging process by constructing specific transactions.

If verification is bypassed, the system will treat these forged messages as legitimate cross-chain operations and mint the corresponding amount of stablecoins according to the procedure. Since there is no real collateral backing, attackers can mint a large number of stablecoins at no cost and exchange them for real assets in the protocol.

Ultimately, the funds in the agreement were continuously withdrawn, the stablecoin became de-pegged, and approximately $7 million in assets were transferred out.

5. Project Name: Solv (Amount Stolen: Approximately US$2.5 million, March 2026)

Reason for theft:

The core of this attack lies in the double minting vulnerability in the BRO Vault contract (triggered by reentrancy).

Specifically, when the contract receives ERC-3525 assets, it calls doSafeTransferIn. ERC-3525 is based on ERC-721, and the onERC721Received callback is triggered during the secure transfer process.

In this process, the contract performs one minting operation in the main process and triggers another minting operation in the callback function.

Because the callback occurs before the first minting is fully completed, an attacker can trigger two mintings in a single deposit operation, creating a typical reentrancy path. By repeatedly exploiting this vulnerability, an attacker could amplify a small amount of assets into a large amount of BRO, then exchange it for SolvBTC and transfer it out.

6. Project Name: Aave (Indirectly affected, with a bad debt risk of approximately $177 million to $236 million, April 2026)

Reason for theft:

The direct vulnerability in this incident is not in Aave, but rather a failure of the cross-chain bridge verification mechanism in Kelp DAO.

The attacker sent a forged message to a LayerZero-based cross-chain bridge, causing the system to erroneously release and mint approximately 116,500 rsETH without any actual ETH being deposited. These rsETH were not backed by any real assets but were used as normal collateral assets within the system.

The attackers then deposited these uncollateralized rsETH into Aave as collateral and borrowed a large amount of real assets (WETH). Because Aave's parameter settings allow for large-scale collateralization and lending, the attackers were able to complete the borrowing and transfer of funds in a short period of time.

The final result is:

Attackers transferred risk to Aave by "forging collateral assets → lending out real assets", resulting in large-scale bad debts.

7. Project Name: YieldBlox (Stolen Amount: Approximately US$10.2 million, February 2026)

Reason for theft:

The core of this attack lies in the fact that oracle prices can be manipulated in a single transaction (low liquidity + VWAP mechanism).

Prior to the attack, the USTRY/USDC trading pair had virtually no liquidity and no normal trading occurred within the oracle price window. YieldBlox uses the Reflector oracle, which is based on VWAP (volume-weighted price), meaning that in such cases, a single transaction can determine the price.

The attacker first placed an extreme price (approximately 500 USDC / USTRY), then used another account to complete the transaction with a very small volume (only about 0.05 USTRY), successfully driving the oracle price up to approximately $106.

After the price was amplified, the attacker's USTRY was treated as high-value collateral by the system, thus obtaining a loan amount far exceeding its actual value. Subsequently, the attacker directly borrowed all assets (XLM and USDC) in the pool to complete the withdrawal.

8. Project Name: Step Finance (Amount Stolen: Approximately $30 million to $40 million, January 2026)

Reason for theft:

The core of this attack lies in the compromise of the devices of key project members, leading to the loss of private keys or the signing process.

Attackers gained access to the project's control wallet by compromising the devices of senior team executives. This access could include directly obtaining private keys or interfering with the transaction signing process by implanting malware, causing administrators to approve malicious transactions without their knowledge.

After gaining control, the attackers operated multiple Solana wallets controlled by the project, including unstaking assets and transferring funds out. No smart contract vulnerabilities were involved in the entire process; instead, the attackers directly utilized the acquired wallet permissions to complete the fund transfers.

Ultimately, a large amount of project funds were transferred out, resulting in a loss of approximately $30 million and causing a sharp drop in token prices.

9. Project Name: Truebit (Amount Stolen: Approximately $26 million, January 2026)

Reason for theft:

The core of this attack lies in an integer overflow vulnerability in the TRU purchase pricing function.

The price calculation process in buyTRU() involves multiple large number multiplications and additions, but the contract uses the Solidity 0.6.10 compilation version, which does not have overflow checks by default.

When an attacker passes in a specific large parameter, the intermediate calculation overflows and the value wraps around, causing the final calculated purchase price to be abnormally low, or even zero.

In this scenario, attackers can purchase a large number of TRUs at extremely low or even zero cost.

The protocol's sell logic (sellTRU()) is still calculated according to normal rules, and can be exchanged for ETH reserves in the contract proportionally.

The attacker then executed the following repeatedly:

👉 Buy TRU at a low price/zero price → Sell at the normal price → Withdraw ETH

Through multiple rounds of manipulation, funds were continuously withdrawn from the agreement, ultimately resulting in a loss of approximately $26 million.

10. Project Name: Makina (Amount Stolen: Approximately US$4.1 million, January 2026)

Reason for theft:

The core of this attack lies in its reliance on external Curve pool data for AUM/sharePrice calculation, which lacks verification and is manipulated by flash loans.

Attackers borrow large sums of money through flash loans, temporarily inject liquidity into multiple Curve pools and conduct transactions, artificially altering the pool status and related calculation results (such as LP value, withdrawal calculation results, etc.).

This manipulated data was directly used by the protocol to calculate AUM (Assets Under Management) and further affected sharePrice.

Because external data was not effectively validated or time-weighted, the system treated these abnormal data as real values, resulting in:

AUM was significantly increased
sharePrice was abnormally amplified.

After the sharePrice was inflated, the attackers used the price difference to arbitrage, swapping assets out of the DUSD/USDC pool to make a profit.

III. Common Patterns and Lessons Learned from 20 Theft Cases

From these 20 incidents, we can actually see an increasingly clear trend: hackers steal huge amounts of assets through only two paths: technical vulnerabilities and social engineering.

1️⃣ Technical vulnerabilities: A clear migration path can be seen from the time distribution of technical vulnerability cases.

Early technical vulnerabilities were highly concentrated in cross-chain bridges, which were the fastest-growing, most up-to-date, and most poorly audited infrastructure in DeFi at that stage. They carried a large amount of assets but had not yet undergone sufficient adversarial testing.

Subsequently, the industry began to prioritize the security of cross-chain bridges, and verification mechanisms were generally strengthened, resulting in a significant reduction in large-scale cross-chain bridge technical vulnerabilities. However, the vulnerabilities did not disappear; they simply reappeared in different places—shifting to the mathematical logic within DeFi protocols, oracle design, and dependencies on third-party libraries.

Cetus: The boundary conditions in the math library are incorrect.
Truebit: Integer overflow in older compilers.
YieldBlox: Oracles' excessive trust in low-liquidity markets.

The underlying essence is simple: the attack surface always follows the assets, the age of the code, and the blind spots in audit coverage. When a certain type of infrastructure is targeted by concentrated attacks, the industry begins to pay attention and strengthens its defenses, and then the attackers move on to the next fastest-growing and most vulnerable area.

2️⃣ Social Engineering: Of these 20 theft cases, four have been confirmed or highly attributed to North Korean state-sponsored hacking groups—Ronin, WazirX, Bybit, and Drift—with total losses exceeding $2.5 billion.

According to Chainalysis, North Korean-affiliated hacking groups stole over $2 billion in crypto assets in 2025 alone, accounting for nearly 60% of the total global crypto thefts that year. Compared to 2024, the number of North Korean hacking attacks decreased by 74%, but the average amount per attack increased significantly.

North Korean hackers are also constantly upgrading their methods, from directly infiltrating internal systems during the Ronin era, to Bybit's supply chain attacks, and then to Drift's six-month offline penetration, each time finding new ways outside the existing defenses.

Even more alarming is that North Korean hackers are also extensively infiltrating the global encryption industry by posing as developers. Once inside a target company, these individuals will learn about the internal system structure, gain access to the code repository, and quietly implant backdoors into the production code.

The scope of the theft is expanding: In the early days of theft, the impact was basically limited to the protocol itself, but as DeFi becomes more composable, the impact of a single point of attack is beginning to spread outward.

Drift: Following the theft, at least 20 protocols that relied on its liquidity or strategy experienced disruptions, suspensions, or direct losses, with Carrot Protocol's TVL being affected by 50%.
Aave: The Aave contract itself is perfectly fine. The problem arises simply because it accepted rsETH from Kelp DAO as collateral. The failure of the external bridge's verification directly translates into bad debt risk for Aave.

These patterns ultimately point to one reality: depositing assets into a protocol is not just about trusting the protocol's code. You are also trusting the security of every external asset it depends on, every third-party service, and the judgment and operations of the few people with administrative authority.

Recently, news of thefts has been coming one after another. Polymarket just launched a poll this month asking, "Have any crypto projects been stolen more than 100 million this year?", and the market has already settled the issue in less than a month. This is not accidental. The asset size of DeFi is growing, and the interdependence between protocols is deepening, but the ability to protect money has not kept up with this pace.

Security pressures haven't eased, but the dimensions of threats are increasing. In April 2026, Anthropic released Claude Mythos Preview, which discovered thousands of high-risk vulnerabilities in every major operating system and browser during testing, and was able to convert 72% of known vulnerabilities into usable attack paths.

Once this capability is systematically scanned for smart contracts, it means that vulnerabilities in the DeFi industry will be discovered and exploited at an unprecedented speed. At the same time, project teams can also proactively use this tool for self-inspection, identify and fix potential risks in advance, and further improve their own security capabilities.

⏰For ordinary users, these cases offer several direct insights:

Do not concentrate your assets in a single agreement. While diversification cannot completely eliminate risk, it can control the upper limit of a single loss.
Keep your distance from new protocols. Most technical vulnerabilities are discovered early in the protocol's lifecycle after launch. A protocol that has been running for two years and has undergone multiple audits and real stress tests is far safer than one that offers high returns immediately upon launch.
Examine whether the protocol is truly profitable. A profitable protocol has the actual ability to compensate for losses. Protocols that rely on token incentives to operate and have no real revenue will often only offer new tokens or empty promises as compensation when problems arise.

A truly mature financial infrastructure will not allow security to forever lag behind growth metrics. Until that day arrives, news of thefts will not cease.

Risk Warning: All content in this article is for informational purposes only and does not constitute any investment advice. The cryptocurrency market is highly volatile, and smart contracts inherently carry risks. Please make independent judgments only after fully understanding the risks.

PyShield: One victim lost approximately $1 million due to a previously authorized unverified contract (yvWETH).

Popular Articles