DeFi Security Incidents

DeFi Security Incidents

Digging deep into many major security incidents in DeFi, revealing the underlying concerns such as vulnerability exploits, flash loan attacks, and contract defects. When traveling on the chain, safety comes first.

30 articles
$285 million evaporates! Drift's April Fool's Day nightmare, defeated by the most basic private key security.
Drift Protocol, the largest perpetual contract exchange on the Solana blockchain, suffered a key breach attack that could result in losses exceeding $280 million, making it the largest DeFi security incident so far in 2026. This incident once again exposed the core pain point of systemic risk in DeFi: private key security.
深潮TechFlow
In-depth research report on the Resolv protocol hacking incident: Who will ultimately pay the price?
The Resolv protocol was attacked, with attackers exploiting a USR minting vulnerability to create 80 million stablecoins out of thin air and cash out, revealing the fundamental contradiction between capital efficiency and security in Delta-neutral stablecoins. DeFi protocols such as Curve and Morpho were also impacted.
菠菜菠菜!
CertiK发布加密货币ATM欺诈报告:损失达3.3亿美元,AI诈骗与跨境洗钱成主要威胁
3月12日,全球最大的Web3安全公司CertiK发布了《Skynet加密货币ATM欺诈报告》。报告显示,2025年此类诈骗造成的损失已达到3.3亿美元,同比增长约33%,已成为美国增长最快的金融犯罪类别之一。
CertiK
After seizure of crypto assets by British and American law enforcement agencies, the rate of returning the assets to their rightful owners is approximately 0%.
From the Qian Zhimin case to the Silk Road, most of the victims have become forgotten.
Odaily星球日报
一次精心设计的“自爆”:PGNLZ攻击事件分析
2026 年 1 月 27 日,BNB Smart Chain 上 PGNLZ 项目遭攻击,攻击者借闪电贷、抵押借款后,利用 PancakeSwap 交易操控 Token 价格,因项目通缩模型未验证扣费及 Burn 逻辑,致约 10 万 USD 损失。建议项目方设计时多验证,合约上线前选多家审计公司交叉审计。
零时科技
Truebit Protocol security incident analysis and traceability of stolen funds, resulting in losses exceeding $26 million.
Five years ago, Truebit Protocol suffered a loss of $26.4 million in ETH due to an attack on its closed-source contract. The attackers exploited an arithmetic logic vulnerability to mint tokens and withdraw funds; the stolen ETH has been traced to a high-risk address.
Beosin
10,000-word investigation: How North Korea infiltrates the cryptocurrency industry
A CoinDesk investigation has found that more than a dozen blockchain companies have unwittingly hired undercover IT workers from North Korea, creating cybersecurity and legal risks.
Joy
DeFi可组合性的潘多拉魔盒:Euler Finance被攻击,这11个DeFi项目遭受损失
Euler作为底层的借贷协议,安全性更值得关注,本次攻击也给其它DeFi项目造成数千万美元的损失。
蒋海波
复盘GALA风波:一场40万美元诱发的价值2.5亿美元的火币信任危机
一向营销见长的孙宇晨万万没想到却在“公关”上翻车了,时隔两天才找到了真矛头,可惜风向已经变了。
链上观
2022年Q3全球区块链安全报告:总损失约4.05亿美元,DeFi成事故高发区
2022年第三季度区块链领域主要攻击事件超37起,总损失约4亿美元。
Beosin
盘点跨链桥史上10大攻击:涉及超19亿美元,15.5亿美元被赔付或追回
跨链桥资金量大且频繁遭到攻击,流动性前三的桥均出现过安全事故,说明跨链桥属于高危领域。
蒋海波
价值5.4亿美元的Offer:Ronin遭攻击源自工程师打开了一家虚假公司的录取信
黑客欺骗了 Axie Infinity 的一名高级工程师,让他向一家虚构的公司申请工作,这该导致了Axie Infinity的Ronin链今年早些时候被黑客盗取了5.4亿美元的加密货币。
Joy
BXH盗币案反思:黑客用最原始的方式“摧毁了”国产机枪池原因与教训是什么
吴说作者 | 吴卓铖本期编辑 | Colin Wu10月30日,去中心化收益类协议 BXH 发生私钥被盗事件,损失了价值约1.39亿美元的加密资产。此次安全事故发生在 BSC 链上,据官方声明显示,以太坊、OEC 和 Heco 的链上资产未受影响,但出于安全考量,所有链上的充提功能都被关
吴说区块链
慢雾:分析Poly Network遭受攻击细节,并非keeper私钥泄露导致
慢雾安全团队认为,攻击者通过此函数传入精心构造的数据修改了 EthCrossChainData 合约的 keeper 为攻击者指定的地址,并非网传的是由于 keeper 私钥泄漏导致这一事件的发生。
PANews官方
链上黑客猖獗,资产频繁被盗,币安智能链走下神坛?
币安智能链持续火爆之后,也逐渐成为了黑客的温床,尤其在最近,币安智能链不断发生资金被盗或被套利的安全事件,BSC 在 5 月份一共发生了12起安全事件,总共损失了超过 2.7 亿美元。
轻鸽
多个DeFi项目遭遇DNS劫持,请务必保护好你的私钥和助记词!
巴比特资讯
为什么将稳定币列入黑名单对DeFi百害而无一利?
最近,中心化稳定币USDC发行方将某个地址列入黑名单,这种做法对于加密货币、尤其是目前蓬勃发展的DeFi行业意味着什么?
Jordan
安全公司拆解Balancer遭黑客攻击过程,DeFi 可组合性的兼容风险再鸣警钟
最近因“借贷即挖矿”模式而备受关注DeFi 平台 Balancer 上的 STA 和 STONK 两个 ERC20 通缩代币池遭到了黑客攻击,共计损失了超50万美元。
PA荐读
代码漏洞、黑客、市场波动、套利者:DeFi 风险管理的范式
DeFi 协议开发者如何进行风险管理?
NEST爱好者
dForce公布资产返还计划,仅存款用户一周内按原资产全部退还
但由于持续的攻击,Lendf.Me的合约状态已被污染,无法重启,为此dForce需要通过新开发“资产返还系统”做资产返还工作。
PA一线