Avoid your next
big mistake

SubQuery Network is a Web3 data indexing protocol originally built for the Polkadot ecosystem, founded by Sam Zou and James Bayly out of New Zealand-based OnFinality. The project raised $10.8M in seed and Series A funding, launched its mainnet and SQT token in February 2024, and suffered a significant smart-contract exploit on April 12, 2026 in which a missing access-control modifier allowed an attacker to drain approximately 382 million SQT tokens (~$134,000 USD) from staker and delegator wallets across five transactions. ZachXBT flagged the entity in connection with this incident; the team published a full disclosure report and executed on-chain compensation for all affected wallets.

Kipseli (also styled Kipseli Capital) is a proprietary trading firm and on-chain market-maker founded in early 2018, operating the Kipseli PropAMM on Base Mainnet. The protocol was listed among exploited platforms during the April 2026 wave of DeFi attacks, and the broader PropAMM category to which it belongs was the subject of a March 2026 empirical report by 0x documenting systematic quote-spoofing behavior that caused measurable trader harm. ZachXBT has flagged the entity. No public smart-contract audit or post-incident disclosure has been identified as of May 2026.

Juicebox is an Ethereum-based programmable treasury and crowdfunding protocol first launched in July 2021 by a pseudonymous developer known as Jango, enabling projects to raise ETH, issue contributor tokens, and manage on-chain treasuries without intermediaries. V3 is the third major iteration of the core contracts, deployed in September 2022, and subsequently patched through versions 3.1, 3.1.1, and 3.1.2 to address a series of high-severity and critical accounting vulnerabilities. A protocol logic exploit in April 2026 resulted in an alleged $52,000 loss via a borrowFrom spoof attack, and the platform's permissionless architecture has enabled misuse by bad actors operating fraudulent fundraising projects.

MONA is the native ERC-20 governance and utility token of DIGITALAX, a Web3 digital fashion NFT platform founded by Emma-Jane MacKinnon-Lee and launched in November 2020. The token reached an all-time high of approximately $5,980 in November 2021 before collapsing more than 99% to trade below $50, with a total market capitalisation under $500,000 as of mid-2026. Third-party security assessors flag critically low liquidity, extreme holder concentration, a below-average security score, and a near-total absence of trading activity, collectively indicating a project in terminal decline.

Zerion is a non-custodial DeFi portfolio tracker and multi-chain wallet founded in 2016, supporting 50+ blockchains including Ethereum and Solana. The platform has experienced multiple security incidents over its history, including a 2026 social engineering attack attributed to North Korean threat actors that resulted in approximately $100,000 in company internal wallet losses, though user funds were unaffected in each incident. Zerion also shut down its ZERO Layer-2 network in May 2026 after 1.5 years due to low adoption, with assets bridgeable until July 31, 2026.

James Wynn (X: @JamesWynnReal) is a pseudonymous UK-based crypto trader who rose to prominence through an early investment in the PEPE memecoin and subsequently became one of the most-watched high-leverage traders on the Hyperliquid perpetual futures platform. He has faced repeated public accusations of memecoin pump-and-dump schemes, insider token allocations, and a disputed rug pull of the $WORLD token in May 2026, with on-chain analytics firm Lookonchain attributing a linked wallet to him. Wynn's trading career is defined by extreme leverage use — at times up to 40x — and at least nine documented liquidation events erasing hundreds of millions in notional exposure.

Curve LlamaLend (also referred to as the crvUSD lending markets) is a decentralized, permissionless isolated lending protocol built by Curve Finance that allows users to borrow crvUSD against crypto collateral using the LLAMMA soft-liquidation mechanism. The protocol has experienced multiple distinct incidents since launch: a $10 million bad-debt event in June 2024 tied to the founder's oversized leveraged positions, an oracle-manipulation attack on the sDOLA market in March 2026 resulting in approximately $240,000 in borrower losses, an October 2025 market crash that left the CRV-long vault approximately $700,000 underbacked, and a May 2026 third-party exploit (Stake DAO) that forced the sunsetting of an associated Arbitrum LlamaLend market. The protocol's core contracts have not been directly compromised by a code-level hack, but recurring bad-debt events, oracle design flaws in permissionlessly created markets, and governance concentration risks have drawn sustained scrutiny including a flag from on-chain investigator ZachXBT.

dTRINITY is a DeFi protocol self-described as the world's first subsidized stablecoin system, with dLEND serving as its Aave v3-forked lending market deployed across Fraxtal, Ethereum, and Katana. On March 17, 2026, the dLEND Ethereum deployment was exploited via an empty-market liquidityIndex inflation attack, resulting in approximately $257,000 in bad debt drained from the dUSD lending pool. The protocol paused operations and pledged to cover losses with internal funds, though the incident raised questions about audit coverage and the adequacy of pre-deployment testing on the Ethereum instance.

Gondi V3 is a decentralized, non-custodial NFT lending and borrowing protocol on Ethereum developed by Florida Street, which launched in July 2023 and raised a $5.35 million seed round from Hack.vc, Dragonfly Capital, and Pantera Capital. On March 9, 2026, the protocol suffered a smart contract exploit in its newly deployed Purchase Bundler component, resulting in the theft of approximately 78 NFTs valued at roughly $230,000 from users who had granted approvals to the vulnerable contract. The team disabled the affected feature, pledged full restitution using protocol fees, and engaged security firm Blockaid for a post-incident review; platform operations for other functions resumed the following day.

Dango (ticker: DNG) is a DeFi-native Layer-1 blockchain and perpetual futures exchange that raised $3.6 million in seed funding in November 2024 from Hack VC, Lemniscap, and Delphi Labs. On April 13, 2026, the protocol suffered a logic flaw exploit in its insurance fund donation contract, resulting in $1.9 million USDC being drained; approximately $410,010 was bridged to Ethereum before bridge rate limits halted further outflows. The attacker was identified as a white hat who returned all funds in exchange for a bug bounty, leaving user positions and trading functions unaffected.

Usual is a Paris-based DeFi stablecoin protocol founded in 2022 by former French politician Pierre Person and co-founders Adli Takkal Bataille and Hugo Salle de Chou. The protocol issues USD0, a stablecoin collateralized by tokenized US Treasury Bills, alongside USD0++, a four-year locked bond derivative that suffered a significant depeg event in January 2025 after the team unilaterally changed redemption rules without adequate community notice. A smart contract arbitrage exploit was also detected and paused in May 2025, and USD0++ tokens were stolen in an unrelated third-party hack of Zoth Protocol in March 2025.

Polycule (ticker: PCULE) is a Telegram-based trading bot built for the Polymarket prediction market platform, operating on Solana and Polygon. Launched in May 2025 by a founder identified as 'krish' and backed by a $560,000 seed from AllianceDAO, the project gained significant traction before its bot was compromised in January 2026, resulting in approximately $230,000 in user funds stolen. Extended team silence following the incident generated widespread rug pull allegations, and ZachXBT has flagged the entity in connection with these concerns.

Goose Finance is an anonymous-team yield farming and decentralized exchange protocol launched on Binance Smart Chain in February 2021, best known for its EGG governance and reward token. The protocol achieved rapid early traction, reaching third-most-popular DeFi app on BSC within one month, before its EGG token collapsed more than 99% from an all-time high near $172. A post-audit smart contract exploit in March 2026 drained approximately $8,000 via a share accounting flaw, and independent analysts have flagged the layered farming tokenomics as structurally unsustainable.

PRXVT (ticker: PRXVT) is a privacy-focused AI-agent token launched on the Base blockchain via the Virtuals Protocol launchpad. The project markets itself as the governance and utility token for px402, an alleged zero-knowledge payment SDK designed to enable anonymous USDC transactions for autonomous AI agents. In early January 2026 the project's staking contract was exploited via a reward-claiming vulnerability, causing the token price to crash to an all-time low and prompting a contested emergency removal of a liquidity pool that was publicly represented as locked for ten years.

Evoq Finance is a peer-to-peer lending optimizer built on BNB Chain that routes deposits through Venus Protocol to match suppliers and borrowers directly, aiming for improved capital efficiency. On September 10, 2025, the protocol suffered a critical security incident in which an attacker compromised the owner's private key, used the transferOwnership function to seize contract control, and upgraded the proxy contract to a malicious version, draining approximately $420,000 from both the protocol and user-approved accounts. Following the exploit, the protocol's total value locked collapsed to near zero and no verified public post-mortem or recovery plan has been identified. ZachXBT has flagged this entity.

Stake DAO is a non-custodial DeFi protocol built around liquid staking, yield aggregation, and governance participation via veToken mechanics. The protocol has suffered three documented security incidents since 2023, the most severe of which — a May 2026 deployer private key compromise — enabled the minting of 5.4 trillion fraudulent vsdCRV tokens on Arbitrum, resulting in roughly $91,000 in realized losses despite a nominally catastrophic exposure. Repeated operational security failures across a two-year span, including a March 2026 oracle exploit draining $176,000 from its Votemarket product, indicate a pattern of infrastructure risk that audited smart contracts alone have not resolved.

Swift Wave Capital (also branded Value Chain Exchange or VCEX) is an alleged cryptocurrency investment fraud operating a recruitment-driven 'click-a-button' Ponzi scheme. Documented from at least January 2026, the platform shares near-identical mechanics, infrastructure fingerprints, and promoter networks with the collapsed BG Wealth Sharing / DSJ Exchange operation, which is estimated to have defrauded investors of over $150 million. New Zealand's Financial Markets Authority added Swift Wave Capital to its fraudulent investment platform list in April 2026.

Silo V2 is a non-custodial, permissionless isolated lending market protocol operating across Ethereum, Arbitrum, Base, Optimism, and Sonic. On June 25, 2025, an unreleased peripheral leverage contract was exploited for approximately $545,000 (224 ETH) belonging to SiloDAO test funds; the team confirmed that all core markets and user deposits were unaffected. The incident revealed inadequate input validation and absent formal verification on pre-release code that had been deployed to mainnet, and the attacker subsequently laundered the stolen ETH through Tornado Cash.

GoonFi is a proprietary automated market maker (Prop AMM) operating on Solana, launched in June 2025 with no public team, no frontend, and no published smart-contract audit. On March 28, 2026, a protocol logic vulnerability was exploited via mispricing arbitrage, resulting in approximately $254,000 in losses with no recovery reported. The protocol has been flagged by ZachXBT and is cited by researchers as representative of a broader Solana centralization concern, wherein anonymous, closed-source market makers capture an outsized share of DEX volume with minimal accountability.

Thetanuts Finance is a multi-chain decentralized structured products protocol launched in August 2021, offering automated options vaults (covered calls, cash-secured puts) to generate yield across more than ten blockchain networks. The protocol raised $35 million across two funding rounds but has experienced severe TVL and token price decline since its 2022 peak, carries notable investor-concentration risk due to its early backing from the now-collapsed Three Arrows Capital, and has been flagged by on-chain investigator ZachXBT. A January 2025 exploit targeted unreleased v4 test contracts; no user funds were lost according to the team, though the incident raised scrutiny.

Harbor Protocol is a decentralized collateralized-debt-position (CDP) protocol built on the Comdex chain (Cosmos SDK / CosmWasm) that enabled users to mint the Composite stablecoin (CMST) against whitelisted collateral assets. The protocol suffered two distinct security incidents in 2023 — an oracle-manipulation liquidation event in June and a direct vault drain exploit in August — after which its total value locked collapsed to effectively zero. As of 2025 the protocol appears inactive, with the HARBOR governance token near worthless and no meaningful community or development activity detected.

Ratio Finance is a defunct Solana-based collateralized debt position (CDP) protocol that allowed users to mint the USDr stablecoin against yield-bearing LP token collateral. The protocol raised $8.4 million across multiple rounds from investors including Alameda Research, Solana Ventures, and CMS Holdings, then launched its RATIO governance token in March 2022 at an all-time high near $2.24. The project suffered a private key compromise on or around December 3, 2022, after which the protocol's TVL fell to zero, the RATIO token lost over 99.9% of its value, and all social media activity ceased by December 2023.

Rivus DAO was a Bittensor-focused liquid staking protocol on Ethereum that raised approximately $4.23 million in an April 2024 IDO before suffering a rugpull classified by DefiLlama as a Third-party Dev Backdoor Exploit on September 16, 2024. The incident effectively drained protocol TVL from its operational peak to under $2,500, and the RIVUS governance token lost more than 99.8% of its all-time high value. On-chain investigator ZachXBT has flagged this entity; the project attempted a relaunch in October 2024 but is currently listed as inactive with no trading activity.

Neutrl is a DeFi protocol issuing NUSD, a market-neutral synthetic dollar backed by OTC altcoin arbitrage and delta-neutral futures hedging strategies. The protocol raised $5 million in seed funding in April 2025 and grew to over $136 million in TVL. In March 2026 Neutrl suffered a DNS hijacking attack — part of a coordinated campaign targeting .fi domain protocols — that compromised its frontend interface, though the team maintained that smart contract reserves and user funds were not directly drained.

UPCX is a blockchain payment protocol that suffered a $70 million exploit on April 1, 2025, when an attacker compromised an administrative private key and used it to push a malicious smart contract upgrade, draining 18.4 million UPC tokens from management accounts. The attack was enabled by the absence of multisig controls on privileged protocol functions, despite having undergone CertiK and Cyberscope audits that did not catch the operational key management risk. Despite listing on a Japanese FSA-licensed exchange just 11 days prior, no recovery of stolen funds was reported.

Ambient Finance (formerly CrocSwap, operated by Crocodile Labs) is a decentralized exchange protocol that runs an entire DEX inside a single smart contract, combining concentrated and ambient liquidity on Ethereum and several L2 networks. On October 17, 2024, the protocol's frontend suffered a DNS hijacking attack deploying Inferno Drainer malware to drain wallets of users who interacted with the compromised site; the underlying smart contracts were unaffected and the team reimbursed all affected users in ETH. ZachXBT has flagged this entity.

DGLD (Digital Gold Token) is a physically-backed gold token originally launched in October 2019 by a consortium of CoinShares, Blockchain.com, and MKS PAMP SA on CommerceBlock's Ocean Bitcoin sidechain. The project went dormant by 2020 due to liquidity failure and market under-adoption, and the underlying infrastructure provider CommerceBlock later shut down entirely. MKS PAMP relaunched DGLD in late 2025 under full ownership of Gold Token SA, migrating to Ethereum and Base — but significant jurisdictional restrictions, minimal liquidity, contractual liability exclusions, and the project's history of abandonment remain concerns.

Panoptic V1.1 is a permissionless, oracle-free perpetual options protocol built on Uniswap V3 liquidity positions, developed by Panoptic Labs and incubated by Advanced Blockchain AG. On August 25, 2025, a Cantina researcher disclosed a critical position-spoofing vulnerability rooted in the protocol's XOR-based fingerprinting system, placing approximately $4–5 million in user funds at risk. A coordinated whitehat rescue secured over 98% of remaining at-risk funds, and ZachXBT flagged the incident, contributing to reduced community trust in the V1.1 deployment.

Lendf.me was a decentralized lending protocol built by dForce Network and launched in September 2019 as a fork of Compound v1. On April 19, 2020, an attacker exploited a reentrancy vulnerability involving ERC-777 tokens to drain approximately $25.2 million from the protocol — at the time representing 99.95% of its total value locked. The attacker returned nearly all funds within two days after inadvertently exposing identifying metadata, and the original Lendf.me contract was permanently deprecated following the incident.

Cod3x (CDX) is a rebranded DeFi and AI-agent platform launched in February 2025, consolidating several prior protocols built by the Byte Masons development collective — including Reaper Farm, Granary Finance, and the OATH Foundation — under a unified 'DeFAI' vision. The team has operated continuously since 2021, is publicly identified under founder Justin Bebis, and previously managed billions in TVL across Fantom and Optimism. The project carries material historical risk: Reaper Farm suffered a $1.7 million access-control exploit in August 2022, and the Ironclad protocol — a remaining Byte Masons-adjacent lending market — was affected by the February 2025 Ionic Money exploit contagion. CDX launched at an all-time high of approximately $0.25 in February 2025 and had fallen over 80% to an all-time low near $0.017 by May 2025, as of the time of this investigation.

SuperFarm, rebranded to SuperVerse in 2023, is an Ethereum-based Web3 gaming and NFT ecosystem founded by crypto influencer Elliot Wainman (EllioTrades). The project launched its SUPER token in February 2021, reached an all-time high of $4.73 before declining over 97%, and became central to high-profile allegations that YouTuber MrBeast received and sold approximately $9–19 million worth of SUPER tokens after promoting the project to his audience of hundreds of millions. No formal SEC enforcement action has been confirmed against the project itself, though Senator Elizabeth Warren formally questioned MrBeast in 2026 regarding these promotions.

Hyperliquid suffered a documented ecosystem incident with reported losses of $37K on Arbitrum. This page tracks DeFiLlama's record of the event.

Akropolis is an Ethereum-based DeFi protocol founded in 2017 by Ana Andrianova and Kate Kurbanova, offering yield aggregation and undercollateralized lending through its Delphi and Sparta products. On November 12, 2020, the protocol suffered a $2.03 million DAI exploit via a reentrancy and flash loan attack — a vulnerability that was missed across multiple third-party smart contract audits. The project subsequently rebranded to Kaon in early 2025, having never recovered the stolen funds or fully compensated affected users.

Roll (tryroll.com) is an Ethereum-based social token infrastructure platform that allows creators to mint, distribute, and manage branded personal tokens. On March 14, 2021, Roll suffered a critical security breach in which an attacker compromised the private keys of its hot wallet and liquidated approximately $5.7 million worth of social tokens across 42 different creator tokens, routing stolen ETH through Tornado Cash. Roll subsequently upgraded its security infrastructure via a Fireblocks MPC integration and raised a $10M Series A in September 2021, but the root cause of the private key compromise was never publicly confirmed.

BurgerSwap is a decentralized exchange (DEX) and automated market maker (AMM) protocol launched in September 2020 on Binance Smart Chain (BSC), built around the native BURGER governance token. On May 28, 2021, the protocol suffered a flash loan and reentrancy exploit that drained approximately $7.2 million in user funds across 14 transactions. Uniswap founder Hayden Adams publicly noted that a critical line of code enforcing the constant-product formula had been deliberately removed from BurgerSwap's fork of Uniswap v2, raising allegations of an intentional vulnerability or insider involvement by the anonymous development team.

NowSwap is an Ethereum-based automated market maker (AMM) decentralized exchange that launched in July 2021, positioning itself as the first DEX optimized for small-size trades under $3,000. On September 15, 2021, the protocol suffered a smart contract exploit resulting in the loss of approximately $1.07 million in USDT and WETH, caused by an incomplete code update that left an invalid K-value check in the pair contract. Following the exploit, the protocol's total value locked effectively collapsed to near zero and has remained dormant, with no evidence of remediation, audit, or resumed operations.

Cheese Bank was an Ethereum-based DeFi lending protocol that launched in September 2020 and suffered a $3.3 million exploit on November 6, 2020, caused by a flash loan attack combined with price oracle manipulation on Uniswap. The anonymous team claimed to have patched the vulnerability, but the protocol never recovered meaningful activity, the CHEESE token collapsed in value, and the project is widely considered abandoned. ZachXBT has flagged the entity as a high-risk project.

Jito Labs is a San Francisco-based software company that builds MEV (maximal extractable value) and liquid staking infrastructure for the Solana blockchain, most notably the Jito-Solana validator client and the JitoSOL liquid staking protocol. The company was named as a defendant in a civil RICO class action (Aguilar v. Baton Corporation, S.D.N.Y., No. 1:25-cv-00880) alleging it enabled insider front-running on the Pump.fun memecoin platform; plaintiffs voluntarily dismissed all claims against Jito Labs on September 26, 2025, without settlement payment, though the court later granted leave to refile and the broader case against co-defendants continues. Jito Labs previously suspended its public mempool in March 2024 after sandwich-attack bots exploited the feature, and subsequently took enforcement action against validators conducting such attacks in 2025.

CoinDash was an Israeli-founded cryptocurrency portfolio management and social trading platform that conducted an ICO in July 2017. Thirteen minutes into its token sale, an attacker compromised the company's website and substituted a fraudulent Ethereum address, diverting approximately 43,500 ETH (valued at roughly $7-10 million at the time) from over 2,000 investors before the sale was halted. The company later rebranded as Blox and has since ceased operations; the CDT token retains minimal trading volume.

Origin Protocol is a San Francisco-based DeFi and NFT platform founded in 2017 by Josh Fraser and Matthew Liu, best known for its yield-bearing stablecoin Origin Dollar (OUSD) and Origin Ether (OETH). In November 2020, before completing any security audit, OUSD was exploited via a reentrancy flash-loan attack resulting in approximately $7.7 million in losses including over $1 million from the team's own treasury. The protocol subsequently completed multiple audits, compensated affected users, and relaunched; it has continued operating with expanded DeFi yield products through 2025, though the OGN token trades at a fraction of its 2021 all-time high.

Warp Protocol refers to two distinct but both risk-flagged entities: (1) Terraform Labs' Cosmos-based on-chain automation protocol, shut down by December 2024 following the $40 billion Terra/Luna collapse and a $4.47 billion SEC settlement against Do Kwon and Terraform Labs; and (2) Warp Finance, an Ethereum DeFi lending protocol that suffered a $7.76 million flash loan exploit in December 2020, which ZachXBT linked to Omar Zaki, a Yale graduate who had previously settled SEC fraud charges for $25,000 in 2019 while operating an unregistered hedge fund. ZachXBT's February 2022 investigation alleged that Zaki operated both Warp Finance and Force DAO under the pseudonym '0xbrainjar' while concealing his SEC enforcement history from the Composable Finance community.

Growth DeFi is a Binance Smart Chain (BSC) yield aggregator and DeFi ecosystem founded in 2020, offering the GRO governance token, the WHEAT yield optimizer, and the MOR overcollateralized stablecoin. On February 8, 2021, the protocol suffered a flashloan price oracle exploit targeting its stkGRO/rAAVE staking contract, resulting in approximately $1.3–1.4 million in stolen funds with no full recovery. As of 2026, the protocol has an extremely low TVL of roughly $22,000 and the GRO token trades at near-zero valuations, indicating near-complete abandonment.

Trinity Wallet was the official desktop and mobile software wallet for the IOTA cryptocurrency, developed and maintained by the IOTA Foundation. In February 2020, a supply chain attack exploiting a compromised MoonPay SDK delivered via CDN resulted in the theft of approximately 8.55 Ti (teraIOTA) worth roughly $2 million from 50 user seeds, forcing the IOTA Foundation to shut down the entire IOTA network for 27 days. Trinity was subsequently deprecated in April 2021 following the Chrysalis protocol upgrade, with the Firefly wallet introduced as its replacement.

On May 6, 2026, the SEC and DOJ charged 30 individuals — with the SEC filing civil charges against 21 of them — in connection with an alleged decade-long insider trading scheme orchestrated by M&A attorney Nicolo Nourafchan and his partner Robert Yadgarov. Nourafchan allegedly misappropriated material nonpublic information from confidential client files at multiple elite BigLaw firms including Sidley Austin, Latham & Watkins, Cleary Gottlieb, and Goodwin Procter, then distributed tips through a tiered network of middlemen and traders in exchange for cash kickbacks. The alleged scheme spanned roughly 30 M&A transactions, generated tens of millions of dollars in illicit profits, and involved fugitives in Russia and Israel as well as international regulatory cooperation across five foreign jurisdictions.

AudiA6 is a centralized cryptocurrency mixing and exchange service, documented by security researchers and blockchain investigators as a vehicle for laundering illicit funds. In May 2026, blockchain investigator ZachXBT identified AudiA6 as the mixing service used to launder approximately $9.5 million in cryptocurrency stolen from victims of a counterfeit Ledger Live application on the Apple App Store, routing proceeds through more than 150 KuCoin deposit addresses. The service has no known OFAC designation as of May 2026 but maintains an established presence on criminal carding and cracking forums.

DODO is a decentralized exchange (DEX) protocol launched in 2020, operating across 14 EVM-compatible chains, and known for its proprietary Proactive Market Maker (PMM) algorithm that concentrates liquidity near market price. On March 8, 2021, an attacker exploited a critical initialization vulnerability in DODO's V2 Crowdpooling smart contracts, draining approximately $3.8 million across four pools; roughly $3.1 million was subsequently recovered through voluntary restitution and frontrunning bot operator cooperation. The protocol continues to operate and has undergone multiple third-party security audits post-exploit, though it has lost significant market share and TVL since its 2021 peak.

SQUID was a BEP-20 token on the Binance Smart Chain launched in late October 2021 that exploited the viral popularity of the Netflix series 'Squid Game.' On November 1, 2021, anonymous developers executed a rug pull, draining at least $3.38 million in liquidity and abandoning the project, causing the token price to collapse from a peak of $2,861.80 to effectively zero within minutes. More than 43,000 investors suffered losses, with no arrests made and the perpetrators remaining unidentified as of mid-2026.

TreasureDAO is an Arbitrum-based NFT gaming ecosystem and marketplace powered by the MAGIC token. In March 2022 its marketplace suffered a critical smart contract exploit that allowed attackers to acquire NFTs for free, resulting in approximately $1.4 million in losses across 153 NFTs. Separately, blockchain investigator ZachXBT raised concerns in February 2022 about a core team engineer's alleged prior involvement in failed NFT projects. The project has since experienced severe financial distress, shut down its Treasure Chain layer-2 network in May 2025 after five months of operation, and executed major layoffs in a pivot to AI-agent products.

Belt Finance (belt.fi) is a multi-strategy yield aggregator and stableswap AMM built primarily on Binance Smart Chain (BSC), developed by South Korean blockchain firm Ozys. On May 29, 2021, the protocol was exploited via a flash loan attack that netted the attacker approximately $6.23 million in BUSD and caused an estimated $50 million in total pool losses. The protocol announced a phased compensation plan for affected users but full repayment status remains unverified; the protocol has continued operating in diminished form, with current TVL of approximately $12 million as of 2025.

TurtleDex (TTDX) was a Binance Smart Chain decentralized file-storage protocol that conducted a confirmed exit scam on March 19, 2021, approximately 72 hours after its presale closed. The anonymous development team drained 9,000 BNB (approximately $2.5 million) from liquidity pools on PancakeSwap and ApeSwap, converted the proceeds to ETH split across nine wallets, and routed the funds to Binance exchange addresses before deleting all official channels. No funds are known to have been recovered and no perpetrators have been publicly identified.

Daren Li is a 42-year-old dual national of China and St. Kitts and Nevis who pleaded guilty in November 2024 to conspiracy to commit money laundering in connection with an international pig-butchering cryptocurrency investment scam operated from scam centers in Cambodia. He was sentenced in absentia on February 9, 2026 to the statutory maximum of 20 years in federal prison after cutting off his ankle monitor and fleeing U.S. custody in December 2025. The U.S. Department of State has offered a reward of up to $4 million for information leading to his arrest.

Alchemix V2 is a DeFi self-repaying loan protocol on Ethereum that allows users to borrow synthetic assets (alUSD, alETH) against yield-bearing collateral, with loans auto-repaid by yield generated from underlying deposits. The protocol experienced two notable security incidents: a June 2021 smart contract bug in the alETH vault that allowed users to withdraw collateral without repaying loans (the 'reverse rug pull,' ~$6.5M shortfall), and an indirect July 2023 exploit via a Vyper compiler vulnerability in a Curve liquidity pool (~$13.6M drained, later fully returned). In both cases, the Alchemix team responded promptly and took active steps to restore protocol solvency, distinguishing it from many exploited DeFi protocols.

ApeRocket is a DeFi yield farming aggregator and optimizer originally deployed on Binance Smart Chain (BSC) and Polygon in 2021. The protocol suffered two simultaneous flash loan exploits on July 14, 2021, resulting in combined losses of approximately $1.26 million and a 63% collapse in its native SPACE token price. The project attempted a V2 relaunch with improved security, but the SPACE token currently shows zero trading volume and effectively zero market capitalization, indicating the protocol is inactive.

THORChain is a decentralized cross-chain liquidity protocol that enables native asset swaps across blockchains without wrapped tokens, using its RUNE token as settlement collateral. Since its mainnet launch, the protocol has suffered three significant exploit events totaling over $25 million in losses, became the primary laundering conduit for North Korea's Lazarus Group following the 2025 Bybit hack ($1.2 billion routed through the network), and its THORFi lending product collapsed in January 2025 with approximately $200 million in user funds frozen. The protocol faces ongoing legal action from creditors, has lost key developers over ethical disputes about blocking illicit transactions, and experienced a further $10.8 million vault breach in May 2026.

Levyathan was a Binance Smart Chain DeFi protocol billing itself as the first crypto index fund on BSC, launching in mid-2021. On July 30, 2021, the project collapsed after private keys controlling the token minting contract were left exposed in a public GitHub repository for approximately four months, enabling an attacker to mint and dump a quadrillion LEV tokens. A concurrent bug in the emergencyWithdraw() function compounded losses for stakers, and stolen funds were bridged to Ethereum and routed through Tornado Cash; the project never recovered and effectively disbanded.

Eleven Finance is a yield optimizer and leveraged yield farming protocol deployed on Binance Smart Chain (BSC) and Polygon. On June 22, 2021, attackers exploited a critical smart contract vulnerability in the protocol's Nerve-partnership vaults, draining approximately $4.5–4.8 million. The team published a recovery plan, repaid an initial 25% tranche from personal debt, and later announced full principal recovery; however, the ELE token has since lost over 99% of its value from its all-time high, and the protocol appears largely inactive.

HQI Exchange (HQIEX) is an alleged advance-fee continuation scam formally identified by the Washington State Department of Financial Institutions in May 2026. It targets victims of the collapsed BG Wealth Sharing / DSJ Exchange Ponzi scheme, which involved an estimated $150 million in losses, by falsely claiming that frozen balances can be recovered by paying a new 'migration fee' of at least 100 USDT to activate an account on the new platform. No legitimate trading activity, disclosed ownership, or regulatory registration has been identified.

DAO Maker Vesting refers to the smart contract infrastructure operated by DAO Maker, a crypto launchpad platform, that was compromised in two separate exploits in 2021 resulting in combined losses of approximately $11 million. The August 2021 incident drained $7 million in USDC from 5,251 user accounts via a compromised admin private key, and a second exploit in September 2021 extracted approximately $4 million from vesting contracts via an unauthenticated init() function vulnerability. Victims allege that DAO Maker has failed to honor its full compensation commitments over three years after the hacks, with governance manipulation alleged to have been used to cancel the USDR reimbursement program.

SurgeBNB was a BEP-20 yield token on Binance Smart Chain operated by the XSurge DeFi project. On August 16–17, 2021, an attacker exploited a reentrancy vulnerability in the contract's sell() function via a flash loan, draining approximately 13,111 BNB (~$5 million USD) from the protocol. The project had publicly claimed to be 'rug-proof' prior to the exploit; post-hack, the team launched a 'SurgeFund' compensation scheme, though the extent and completion of repayment to victims remains unclear.

SIREN is a BNB Chain-based token launched in early 2025, marketed as an on-chain AI agent analyst. In March 2026, blockchain investigator ZachXBT and analytics firm Bubblemaps identified that a single wallet cluster controlled nearly 50% of the circulating supply and linked those wallets on-chain to DWF Labs, alleging coordinated market manipulation. The token subsequently crashed over 70% from its all-time high within 24 hours. The SIREN name is also shared by a separate, earlier Ethereum-based DeFi options protocol (Siren Markets) that suffered a $3.5 million reentrancy exploit in September 2021.

Zabu Finance was an Avalanche-based yield farming protocol that suffered a $3.2 million flash loan exploit on September 12, 2021, marking what was widely described as the first major DeFi hack on the Avalanche blockchain. The vulnerability — a known deflationary token accounting flaw that had already been exploited on Polygon two months prior — drained the protocol's SPORE staking pool and caused the ZABU token to collapse from approximately $0.004 to near-zero. The protocol attempted a v2 token relaunch but has since gone effectively dormant, with a TVL of approximately $5,000 and a website SSL certificate that expired in August 2022.

Acala Network is a Polkadot-native DeFi hub offering a multi-collateralized stablecoin (aUSD), liquid staking, and an AMM DEX. On August 14, 2022, a misconfiguration in a newly deployed liquidity pool caused 3.022 billion aUSD to be erroneously minted, triggering a 99% depeg; approximately 98% of the erroneous tokens were subsequently recovered and burned via community governance votes. The incident raised significant concerns about the protocol's claimed decentralization after the team unilaterally placed the network in maintenance mode and froze token transfers without an on-chain vote.

JayPegs Automart (also styled Jay Pegs Auto Mart) is an Ethereum-based NFT and token project launched in September 2021 by the anonymous team behind NGMI.global, themed as a satirical used-car dealership selling 2007 Kia Sedona NFTs. On September 17, 2021, a contractor injected malicious code into the SushiSwap MISO auction front end during the project's DONA token sale, redirecting approximately $3.1 million (864.8 ETH) to the attacker's wallet. Funds were fully recovered within 24 hours following public identification of the alleged attacker and threat of FBI referral.

ChainSwap was a cross-chain token bridge protocol connecting Ethereum, Binance Smart Chain, and Huobi Eco Chain, which raised $3 million in April 2021 from investors including Alameda Research and NGC Ventures. The platform suffered two separate smart contract exploits in July 2021 — the first on July 2 draining approximately $800,000, and the second on July 10-11 draining approximately $4.4 million (with some sources citing up to $8 million across affected partner token markets) — collectively devastating more than 20 partner projects. Following the exploits, ChainSwap offered partial compensation via token airdrops; the project's native CHAINS/ASAP token collapsed over 96% from its all-time high and the protocol has since become largely inactive under its original identity, with the @ChainSwapERC Twitter handle rebranding to ChainHub in early 2026.

8ight Finance (also referred to as 8ightDAO) was an OHM fork launched on the Harmony blockchain in October 2021, positioning itself as a relief project for victims of the Snowdog DAO rug pull. In December 2021, approximately $1.75 million in treasury stablecoins was drained after the team admitted to transmitting private keys through Facebook group chat and Google Drive. The incident is disputed: community members alleged an intentional rug pull while the team claimed external compromise, but funds were sent to Tornado Cash making attribution impossible.

Bent Finance is an Ethereum-based DeFi yield aggregator built on top of Curve Finance and Convex Finance, offering staking and liquidity pool boosting for the BENT token. In December 2021, the protocol suffered an insider exploit in which a rogue developer with access to the contract deployer private key inserted a backdoor into the cvxCRV and MIM pool contracts, resulting in the theft of approximately 440 ETH (~$1.75M). Stolen funds were ultimately returned by the attacker and reimbursed to users by late December 2021, but the incident caused a 73% BENT token price collapse and left the protocol with negligible TVL.

Vesper Finance is an Ethereum-based DeFi yield aggregator co-founded by former Bitcoin Core developer Jeff Garzik that launched in early 2021 and briefly exceeded $1 billion in TVL. The protocol suffered a confirmed $3.37 million oracle manipulation exploit on Rari Fuse Pool #23 in November 2021, and was indirectly exposed to a May 2024 Sonne Finance exploit that required treasury remediation. Vesper remains operational as of 2025 with approximately $48–55 million TVL, though its native VSP token has lost over 99% of its all-time-high value.

GSD Cloud, an AI-powered software orchestration project founded by Lex Christopherson (X handle: @official_taches), won first place at the Bags Hackathon on May 11, 2026, receiving approximately $100,000 in prize grants. On May 22, 2026, approximately ten days after the win, Christopherson allegedly dumped his token holdings and removed liquidity across Solana DEXs, extracting an estimated $500,000 in total value, then deleted his X account and posted a farewell message attributing the closure to competitive obsolescence by tools such as OpenAI Codex and Anthropic Claude Code. The $GSD token (Solana contract: 8116V1BW9zaXUM6pVhWVaAduKrLcEBi3RGXedKTrBAGS) collapsed approximately 90% within two days, reaching a market cap of roughly $97,600, with no compensation plan or recovery mechanism announced.

Gamma Strategies is a DeFi active liquidity management (ALM) protocol built on Uniswap v3 and other concentrated-liquidity DEXs, formerly known as Visor Finance. The protocol suffered a significant flash loan exploit on January 4, 2024, resulting in losses of approximately $6.18 million across four vaults on Arbitrum; the attacker laundered the majority of stolen funds through Tornado Cash. This was not the protocol's first security incident: its predecessor Visor Finance lost approximately $8.2 million to an infinite mint vulnerability in December 2021, leading to a rebrand.

BitBNS (Bitbns) is an Indian cryptocurrency exchange founded in 2017 by Gaurav Dahake, Prashant Singh, and Srikanth Sethumadhavan, operating under Buyhatke Internet Private Limited and headquartered in Bengaluru. In February 2022 the exchange suffered a $7.5 million hack that it concealed from users under the guise of 'system maintenance' for over a year until on-chain investigator ZachXBT publicly exposed the breach in March 2023. The exchange subsequently froze user withdrawals for approximately two years, drawing multiple court actions in India and sustained criticism for withholding customer funds while continuing to accept new deposits.

Meter (meter.io) is a layer-1 blockchain protocol and cross-chain bridge infrastructure founded in 2018, operating a dual-token system (MTR and MTRG) with an EVM-compatible sidechain and a multi-chain bridge product called Meter Passport. On February 5, 2022, Meter Passport suffered a critical smart contract exploit that drained approximately $4.4 million in wETH and BNB, with cascading losses of approximately $2.1–3.3 million to the Hundred Finance lending protocol. The team committed to a PASS token reimbursement scheme but full recovery for affected users remained contingent on foundation revenues, and stolen funds were partially laundered through Tornado Cash.

Superfluid is an asset streaming and programmable cash flow protocol founded in 2020, deployed across Ethereum, Polygon, and multiple other EVM chains. On February 8, 2022, an attacker exploited a context serialization vulnerability in the protocol's host contract, draining approximately $8.7 million in assets from multiple projects including QiDAO, Stake DAO, Stacker Ventures, and Museum of Crypto Art. The protocol patched the vulnerability within hours, partially compensated affected parties, and has continued operating with additional audits and a native SUP token launch in 2025.

LCX (Liechtenstein Cryptoassets Exchange) is a regulated crypto exchange and tokenization platform headquartered in Vaduz, Liechtenstein, holding eight registrations under the Liechtenstein Financial Market Authority (FMA) pursuant to the Token and Trusted Technology Service Provider Act (TVTG). In January 2022 the exchange suffered a hot wallet compromise in which approximately $7.94 million in crypto assets were stolen, with stolen funds rapidly laundered through Tornado Cash; LCX subsequently used its own funds to compensate affected users and cooperated with international law enforcement to freeze an alleged 60% of stolen assets. The exchange is flagged by ZachXBT and carries a below-average trust score primarily due to the 2022 hack, ongoing user complaints about withdrawal delays and account freezes, and the broader security posture concerns that led to the compromise.

Fantasm Finance was a fractional-algorithmic synthetic token protocol on the Fantom Opera blockchain, designed to maintain a synthetic FTM token (XFTM) backed partially by FTM collateral and partially by the protocol's native FSM token. On March 9, 2022, within days of its public launch, the protocol suffered a critical smart contract exploit that drained approximately $2.62 million from its collateral reserve pool. The attacker laundered the stolen funds through Tornado Cash and was never publicly identified; the protocol has since ceased operations with zero TVL remaining.

Revest Finance is an Ethereum DeFi protocol that tokenizes ERC-20 assets into Financial NFTs (FNFTs) using the ERC-1155 standard, allowing users to lock and manage assets with programmable release conditions. On March 27, 2022, the protocol suffered a reentrancy attack that resulted in approximately $2 million in user funds stolen, with the team publicly acknowledging it lacked the resources to fully reimburse victims. The protocol remains technically active with extremely low TVL and a token (RVST) that has declined over 99% from its all-time high.

Hundred Finance was a multi-chain DeFi lending protocol forked from Compound V2 that suffered at least two major security exploits totaling approximately $13.6 million in direct losses, alongside a related $11 million joint attack with Agave Finance on Gnosis Chain. The protocol was unable to recover stolen funds and shut down in August 2023 following a governance vote, with remaining treasury funds allocated toward partial victim compensation. Stolen funds remained unrecovered as of 2024, with the April 2023 attacker moving assets through decentralized exchanges more than a year after the exploit.

Ola Finance is a multi-chain decentralized lending protocol offering a 'lending-as-a-service' platform that allows third parties to deploy isolated Compound-style lending pools across multiple blockchains. On March 31, 2022, the protocol's deployment on the Fuse Network was exploited via a reentrancy vulnerability in ERC677 token logic, resulting in approximately $4.67 million in stolen assets. The attacker used Tornado Cash to obscure initial funding, laundered proceeds through Ethereum and BNB Chain wallets, and was never publicly identified; a partial compensation plan was offered but fell materially short of full victim restitution.

Ko Thet Company, Sanduo Group, and Giant Company are three alleged criminal organizations that operated cryptocurrency investment fraud ('pig-butchering') scam centers, primarily in Southeast Asia and the UAE. A coordinated international law enforcement operation (Operation Tri-Force Sentinel) involving the FBI, Dubai Police, and Chinese Ministry of Public Security led to at least 276 arrests, the dismantlement of nine scam centers, the seizure of 503 fraudulent websites, and the restraint of approximately $701 million in cryptocurrency in April–May 2026. Five defendants—including one Burmese national and three Indonesian nationals—were charged with wire fraud and money laundering conspiracy in the Southern District of California.

AI hallucinations — outputs generated by large language models that appear factually credible but are fabricated — present a distinct and growing threat category in cryptocurrency markets. When AI-powered tools such as trading bots, smart contract auditors, research platforms, and oracle providers produce hallucinated data, the consequences can propagate directly on-chain as irreversible financial transactions. Academic benchmarks, regulatory warnings, and documented incidents collectively confirm that current AI agent accuracy in adversarial crypto environments falls well short of the reliability threshold required for autonomous financial decisions.

Fortress Loans (fortress.loans) was an algorithmic money market and lending protocol on BNB Chain (Binance Smart Chain), launched in April 2021 by the JetFuel Finance team. On May 8, 2022, the protocol was drained of all funds — approximately $2.98 million — through a combined governance manipulation and oracle price manipulation attack. The protocol has been effectively inactive since, with DefiLlama recording a TVL of approximately $1,168 as of 2024, and the FTS governance token has lost effectively all of its value.

Machine Hallucinations is a series of AI-generated NFT artworks created by Turkish-American media artist Refik Anadol, deployed on the Ethereum blockchain beginning in 2021. The project has generated over $30 million in total NFT sales across multiple collections auctioned through Sotheby's, Christie's, and secondary markets including OpenSea. The project is notable for its institutional legitimacy — MoMA acquired the related 'Unsupervised' work as its first NFT in its permanent collection — but has attracted criticism regarding conflicts of interest between museum endorsement and commercial NFT promotion.

Nirvana V1 was a Solana-based algorithmic stablecoin and yield protocol that operated twin tokens: ANA (an algorithmic metastable wealth token) and NIRV (a decentralized stablecoin). On July 28, 2022, the protocol was catastrophically exploited via a flash loan attack that drained approximately $3.5 million — representing nearly all protocol reserves — causing both tokens to collapse and forcing a permanent shutdown. The attacker, Shakeeb Ahmed, was later identified, arrested, and convicted in the first-ever U.S. criminal prosecution for hacking a smart contract, and was sentenced to three years in prison in April 2024.

Sovryn is a Bitcoin-backed decentralized finance protocol built on the Rootstock (RSK) sidechain, offering lending, borrowing, margin trading, and AMM services with its native SOV governance token. The protocol suffered a confirmed $1.1 million price manipulation exploit in October 2022 targeting its legacy lending pools, with approximately half of funds recovered via developer intervention. A separate critical smart contract vulnerability was disclosed via bug bounty in March 2021 but was not exploited. ZachXBT has flagged the entity; no detailed public post from ZachXBT specifically detailing Sovryn allegations was independently located at time of investigation.

Dragoma was a move-to-earn GameFi project built on the Polygon network whose native DMA token collapsed 99.8% within hours of its MEXC exchange listing on August 8, 2022, in what blockchain security firm PeckShield identified as a rug pull. Approximately $3.5 million in investor funds were allegedly drained by the development team and deposited into centralized exchanges. The project's website and all social media channels were subsequently deleted, and no known recovery or law enforcement action against the responsible parties has been publicly confirmed.

Audius is a decentralized music streaming protocol and its native AUDIO token, launched in 2020 on Ethereum and subsequently migrated to Solana. On July 23, 2022, an attacker exploited a critical re-initialization vulnerability in Audius governance smart contracts, draining 18.56 million AUDIO tokens (valued at approximately $6 million at the time) from the community treasury before swapping them for approximately $1.08 million in ETH via Uniswap and routing funds through Tornado Cash. The platform has continued to operate since the exploit, deploying patched contracts and expanding user and artist partnerships, but the AUDIO token has declined approximately 99.6% from its all-time high and the exploit raised serious questions about audit quality.

FEMITBOT is a large-scale, centralized fraud-as-a-service network discovered by CTM360 in April 2026 that abuses Telegram Mini Apps to operate fake cryptocurrency platforms, impersonate over 30 global brands, and distribute Android malware across more than 60 domains and 146 active bots. The network harvests Telegram initData authentication tokens to silently access victim sessions, operates in 22+ languages, and uses real-time ad-tech conversion tracking from Meta and TikTok to optimize victim recruitment at global scale. No law enforcement action or attribution to specific threat actors has been publicly confirmed as of May 2026.

Moola Market is a decentralized lending protocol built on the Celo blockchain, founded in 2020 by Patrick Baron and backed by Polychain Capital. In October 2022, the protocol suffered a price manipulation exploit draining approximately $9.1 million, making it one of the largest DeFi incidents on Celo; over 93% of funds were returned by the attacker within hours in exchange for a roughly $500,000 bounty. The protocol subsequently relaunched with reduced collateral thresholds, but its TVL and MOO token value have declined sharply since the incident.

Skyward Finance was a permissionless token launchpad built on the NEAR Protocol, launched in June 2021. On November 2, 2022, a smart contract vulnerability in its treasury redemption function was exploited, resulting in the loss of approximately 1.1 million NEAR tokens (~$3.2 million USD). The exploit rendered the SKYWARD token and protocol treasury effectively worthless, and the team publicly advised users to withdraw all remaining funds and cease interacting with the platform.

Raydium is a leading Solana-based automated market maker (AMM) and decentralized exchange (DEX) launched in February 2021 by a pseudonymous team. On December 16, 2022, a compromise of the protocol's admin private key enabled an attacker to drain approximately $4.4 million from eight liquidity pools; the stolen funds were subsequently laundered through Tornado Cash in January 2023. The team implemented a phased compensation plan and post-incident security upgrades, including migration of admin authority to a Squads multisig, but the incident exposed significant centralization risks that were not apparent prior to the exploit.

Ankr is a Web3 infrastructure and liquid staking protocol founded in 2017, providing RPC endpoints for over 75 blockchains and BNB Chain-based liquid staking products. In December 2022, a former employee executed a supply chain attack that compromised Ankr's private deployer key, enabling unlimited minting of aBNBc tokens and resulting in approximately $5 million in direct losses, with cascading secondary losses of roughly $19 million through Helio Protocol's HAY stablecoin depeg. Ankr subsequently compensated affected users, implemented multi-signature controls, and continues to operate, though questions persist over the completeness of user reimbursement.

Save (formerly Solend) is a Solana-based algorithmic lending and borrowing protocol that has operated since 2021. The protocol has been flagged by ZachXBT and carries a history of two significant incidents: a controversial governance vote in June 2022 that briefly granted the team emergency powers to seize a user's wallet, and a $1.26 million oracle manipulation exploit in November 2022. The protocol rebranded from Solend to Save in late 2024 and continues to operate with approximately $74 million in total value locked as of mid-2026.

Defrost Finance was an Avalanche-based CDP (Collateralized Debt Position) DeFi protocol that allowed users to collateralize yield-bearing tokens to mint an H2O USD-pegged stablecoin. In December 2022 the protocol suffered a two-stage exploit resulting in approximately $12 million in losses; multiple blockchain security firms — including CertiK, PeckShield, and De.Fi Security — alleged the attack constituted an insider rug pull enabled by admin key access, a conclusion the team denied. Funds were subsequently returned and a refund contract was deployed in January 2023, but the protocol has since effectively ceased meaningful operations with under $100,000 in TVL, and the MELT governance token has lost nearly all of its value.

DFX Finance is a decentralized foreign exchange protocol optimized for trading fiat-backed stablecoins such as CADC, EURS, and XSGD, backed by investors including Polychain Capital. On November 10, 2022, the V2 smart contracts were exploited via a reentrancy vulnerability in the flash loan function, resulting in approximately $7.5 million in total losses split between a primary attacker (~$4.3M) and an MEV front-running bot (~$3.2M). The stolen funds were funneled into Tornado Cash; the protocol subsequently paused all contracts, launched a DFX-token reimbursement plan, and later released V3, but TVL remains near zero as of 2024.

BonqDAO was a Polygon-based decentralized lending protocol that launched in December 2022, offering zero-interest borrowing against crypto collateral with a native euro-pegged stablecoin (BEUR). On February 1, 2023, the protocol suffered a critical oracle manipulation exploit in which an attacker staked approximately $175 worth of TRB tokens to manipulate the Tellor price feed for the WALBT collateral token, minting 100 million BEUR against near-zero collateral and liquidating other users for an additional 113 million WALBT, resulting in nominal losses of approximately $120 million. BonqDAO's TVL fell by over 99% following the attack; a successor protocol (3A DAO) was subsequently launched by the team but BonqDAO itself remains effectively defunct.

Omm (Open Money Market) is a decentralized lending and borrowing protocol built on the ICON blockchain, launched in August 2021 by Lydia Labs (formerly ICX Station), co-founded by Scott Smiley and Daeki Lee. On January 21, 2023, the protocol suffered a smart contract exploit in which an attacker deployed a malicious contract to drain approximately $1.9 million in user collateral across 18 transactions, exploiting a critical flaw in the Redeem function. Following the exploit, the protocol pivoted away from its money market model toward a liquid staking product, which launched in January 2024, though TVL and market activity remain minimal.

LendHub was a decentralized cross-chain lending protocol operating primarily on the Huobi Eco Chain (HECO) and Binance Smart Chain (BSC). On January 12, 2023, the protocol suffered an approximately $6 million exploit caused by an operational failure to remove a deprecated IBSV cToken from its market, allowing an attacker to drain funds by arbitraging the two coexisting token versions. The protocol's TVL collapsed to near zero following the exploit, stolen funds were laundered through Tornado Cash, and the protocol is no longer considered operational.

Platypus Finance is an Avalanche-based stablecoin automated market maker (AMM) and issuer of the USP stablecoin that suffered three separate exploits in 2023, losing a combined total of approximately $11.75 million. The first and most severe attack in February 2023 exploited a logic flaw in the protocol's emergency withdrawal function, draining roughly $8.5–9.1 million and causing the USP stablecoin to lose its dollar peg. Two French brothers identified by blockchain investigator ZachXBT were arrested and later acquitted on criminal charges after one argued he was an 'ethical hacker'; as of 2024 the protocol's total value locked had collapsed from over $200 million at peak to below $100,000.

Dexible V2 is a multichain DEX aggregator that suffered a critical smart contract exploit on February 17, 2023, resulting in approximately $2 million in user funds stolen across Ethereum and Arbitrum. The attack exploited an unvalidated router address in the selfSwap function of the v2 contracts, which had never undergone a formal third-party security audit. Stolen funds were laundered through Tornado Cash and have not been recovered; the protocol has since ceased operations.

Tender Finance (tender.fi) was an Arbitrum-based decentralized lending and borrowing protocol that suffered a $1.59 million oracle misconfiguration exploit on March 7, 2023. A white hat hacker exploited a decimal precision error in the GMX price oracle, depositing one GMX token worth approximately $71 to borrow nearly $1.6 million in assets. The hacker returned funds in exchange for a $97,000 bounty, and the project subsequently rebranded to GLend under the Gemach DAO umbrella, migrating its TND token to GLEND and later to GMAC.

MyAlgo was a non-custodial web browser wallet for the Algorand blockchain, developed by Rand Labs. Between January and March 2023, a supply-chain attack via a compromised CDN (content delivery network) resulted in the theft of approximately $9.6 million in ALGO and USDC across at least five distinct attack waves. The wallet was officially shut down on January 30, 2024, following the incident and subsequent user attrition.

Hope Finance was an Arbitrum-based DeFi protocol that launched in January 2023, positioning itself around an algorithmic stablecoin pegged to 0.001 ETH. On February 20, 2023 — the same day the platform went live — approximately $2 million (1,095 ETH) was drained from its Genesis Rewards Pool in what blockchain security firms CertiK and PeckShield assessed as an insider-orchestrated exit scam, making it the largest exit scam recorded on Arbitrum at that time. Stolen funds were bridged to Ethereum and routed through Tornado Cash; the protocol's website subsequently went offline and the team became unreachable.

Paraluni is a metaverse DeFi yield-farming protocol deployed on Binance Smart Chain (BSC). On March 13, 2022, its MasterChef smart contract was exploited via a reentrancy vulnerability in the depositByAddLiquidity function, resulting in approximately $1.7 million in losses. The attacker laundered the proceeds through Tornado Cash and never returned funds despite a public appeal from the Paraluni team.

Merlin DEX was a decentralized exchange built on zkSync Era that suffered a confirmed insider rug pull on April 26-27, 2023, during its MAGE token Liquidity Generation Event. Rogue backend developers exploited excessive smart contract permissions granted to a privileged 'Feeto' address to drain approximately $1.82 million in user funds. Despite a prior CertiK audit, centralization risks flagged during review were not effectively remediated; CertiK subsequently acknowledged partial responsibility and launched a compensation plan, recovering only $160,000 of the stolen amount.

Swaprum was an Arbitrum-based decentralized exchange (DEX) that launched in early 2023 and operated briefly before its anonymous development team executed a deliberate exit scam on May 18, 2023. The team exploited a backdoor function embedded in an upgraded smart contract to drain approximately 1,628 ETH (roughly $3 million) from user liquidity pools, then laundered the proceeds through Tornado Cash and deleted all official communication channels. No funds have been recovered and no arrests have been publicly reported.

0VIX was a DeFi lending protocol built on Polygon PoS and Polygon zkEVM, forked from the Compound v2 codebase, that launched as one of Polygon zkEVM's inaugural partners. On April 28, 2023, an attacker exploited a price oracle vulnerability in the protocol's vGHST market using a flash loan, draining approximately $2 million in user funds from a total TVL of $6.4 million. Stolen funds were bridged to Ethereum via Stargate Finance and deposited into Tornado Cash; the attacker did not respond to a $125,000 bounty offer. The protocol subsequently rebranded as Keom in August 2023.

Sentiment is an undercollateralized DeFi lending protocol originally deployed on Arbitrum, later migrating activity to HyperLiquid L1. On April 4, 2023, the protocol suffered a read-only reentrancy exploit resulting in approximately $1 million in losses, of which 90% was returned by the attacker following a negotiated $95,000 bounty. ZachXBT has flagged the entity for elevated risk; the protocol remains operational with a low TVL of roughly $518,000 as of 2025.

On May 26, 2026, Manuel Aráoz, co-founder of smart contract security firm OpenZeppelin, issued a public warning on X declaring that he considers 'all of DeFi unsafe,' citing the emergence of AI coding agents that are 'superhuman' at discovering and weaponizing smart contract vulnerabilities. The warning coincided with more than $1.1 billion lost to DeFi hacks in the prior 12 months and was substantiated by Anthropic research published in late 2025 demonstrating that frontier AI models can autonomously exploit known smart contract vulnerabilities at scale. This entry tracks the AI-assisted DeFi exploit surface as a forward-looking threat category, documenting the evidence base, industry response, and structural security asymmetry that Aráoz and corroborating researchers describe.

Jimbos Protocol was an Arbitrum-based DeFi liquidity protocol designed to provide a semi-stable floor price for its native JIMBO token. On May 28, 2023, just three days after launching its V2, the protocol was exploited via a flash loan attack that drained approximately 4,090 ETH (~$7.5 million) by exploiting a lack of slippage control in the JimboController contract. The attacker rejected a $800,000 bounty offer, laundered the full amount through Tornado Cash, and remains unidentified; no funds have been recovered.

Kannagi Finance was a decentralized yield aggregation protocol launched on zkSync Era in June 2023. On July 29, 2023, the project's anonymous team executed an exit scam, draining approximately $2.13 million in user funds and reducing TVL from $2.13 million to $0.17. The stolen funds were subsequently laundered through the Tornado Cash crypto mixer, and all project infrastructure — website, Twitter, and GitHub repositories — was deleted.

EraLend (formerly Nexon Finance) is a decentralized lending protocol on zkSync Era that suffered a $3.4 million read-only reentrancy exploit on July 25, 2023, draining its USDC pool due to a vulnerability in inherited SyncSwap oracle code. The protocol's pre-hack audit by PeckShield explicitly assumed a trusted price oracle, leaving the vulnerable oracle mechanism unexamined. EraLend relaunched post-hack with a fee-based compensation plan but has seen its TVL decline sharply to approximately $138,000 as of 2025-2026.

Conic Finance was a DeFi liquidity-diversification protocol built on Curve Finance that allowed users to deposit assets into Omnipools across multiple Curve pools. On July 21, 2023, the protocol suffered two separate exploits totaling approximately $4.2 million — a $3.26 million read-only reentrancy attack on its ETH Omnipool and a subsequent $300,000 sandwich attack on its crvUSD Omnipool — after which TVL never recovered. In March 2025, the team formally shut down the protocol, citing an inability to fix critical security issues in a planned v2 upgrade.

Agave was a decentralized lending protocol on Gnosis Chain forked from Aave v2, developed by members of the 1Hive community. On March 15, 2022, the protocol suffered a reentrancy exploit that drained approximately $5.5 million in user funds, part of a coordinated $11.7 million attack that simultaneously hit Hundred Finance. The protocol paused operations following the hack and formally closed down in March 2024 with no documented user compensation.

Cypher Protocol was a Solana-based cross-margin decentralized exchange (DEX) and perpetuals trading platform that suffered a critical smart contract exploit in August 2023 resulting in approximately $1 million in losses. Following the exploit, an insider contributor known as 'Hoak' systematically drained over $314,000 from the community redemption fund established to reimburse hack victims, admitting publicly to gambling the funds away. The protocol appears effectively defunct, having failed to deliver meaningful restitution to users who received roughly 31 cents on the dollar from the original exploit fund before that fund itself was embezzled.

Remitano is a peer-to-peer cryptocurrency exchange operated by Babylon Solutions Limited, incorporated in Seychelles and active since 2015. The platform suffered a confirmed hot wallet hack in September 2023 resulting in approximately $2.7 million in losses, with the Lazarus Group (North Korea-linked) alleged as a probable suspect. Regulatory authorities in Malaysia, the United Kingdom, and Seychelles have issued warnings or taken enforcement actions against Remitano for operating without authorization, and the operating entity Babylon Solutions Limited was dissolved and struck off as of January 1, 2023.

Exactly Protocol is a decentralized, non-custodial fixed-rate and variable-rate lending protocol deployed on the Optimism Layer 2 network. On August 18, 2023, the protocol suffered a critical exploit resulting in approximately $7.3–$12 million in ETH stolen from 117 user accounts due to insufficient input validation in its DebtManager periphery contract. The protocol has since resumed operations, engaged law enforcement, offered a $700,000 bounty, and passed a governance proposal to compensate affected users with EXA tokens.

Lodestar V0 is the original deployment of Lodestar Finance, an algorithmic money market lending protocol on Arbitrum. On December 10, 2022, the protocol suffered a critical flash loan exploit in which an attacker manipulated the plvGLP price oracle to drain approximately $6.9 million in user funds. The protocol was subsequently relaunched as Lodestar V1 in July 2023; V0 remains abandoned with negligible TVL (~$95K) and the attacker was never publicly identified.

Steadefi is a decentralized leveraged yield farming protocol operating on Arbitrum and Avalanche. On August 7, 2023, an attacker exploited a compromised deployer private key to drain approximately $1.14 million from the protocol's lending vaults across both chains. The protocol subsequently relaunched with enhanced security measures and issued a token-based compensation plan for affected users, though roughly 70% of stolen funds were never recovered.

HTX (formerly Huobi Global) is one of the world's largest cryptocurrency exchanges, rebranded in September 2023 following the de facto acquisition of Huobi by interests linked to Justin Sun in late 2022. The exchange has suffered at least three significant security incidents totaling over $130 million in losses since September 2023, and in May 2026 was sanctioned by the UK government for alleged facilitation of Russian sanctions evasion — the first such crypto-exchange designation under the UK Russia sanctions framework. HTX also faces FCA legal proceedings over illegal financial promotions to UK consumers, has withdrawn its Hong Kong licensing applications twice, and has been publicly criticized for opaque reserve practices.

Florence Finance is a DeFi real-world asset (RWA) lending protocol built on Arbitrum that tokenizes euro-denominated loans to European small and medium enterprises (SMEs). In November 2023 the protocol lost $1.45 million in USDC to an address poisoning attack, and notably failed to publicly acknowledge the theft for at least five days after it was reported by security firms. As of 2025-2026 the protocol's TVL has collapsed to approximately zero and the official website indicates the project is shutting down.

Levana Perps is a decentralized perpetual-swap protocol originally deployed on Osmosis (Cosmos ecosystem) and later expanded to Sei and Injective. In December 2023, the protocol suffered a confirmed oracle-manipulation exploit spanning 13 days that drained approximately $1.14 million (roughly 10% of liquidity provider funds). The protocol subsequently underwent a strategic rebrand and token migration into the Rujira (RUJI) ecosystem in 2025, effectively sunsetting the standalone LVN token.

Onyx Protocol is a DeFi lending protocol forked from Compound Finance v2, operating on Ethereum and issuing the XCN (Onyxcoin) token. The protocol suffered two major exploits in under twelve months — $2.1 million in October/November 2023 and $3.8 million in September 2024 — both stemming from the same known precision vulnerability in the Compound v2 codebase that the team had been warned about by auditor CertiK in February 2023 and chose not to remediate. Following the second hack the Ethereum-based lending market was shut down and the protocol relaunched as Onyx Core.

dYdX V3 was a decentralized perpetual futures exchange built on Ethereum using StarkWare's StarkEx Layer-2 technology, operated by dYdX Trading Inc. The platform suffered a $9 million insurance fund drain in November 2023 due to an alleged coordinated market manipulation attack targeting YFI and SUSHI markets, a DNS hijacking attack in July 2024, and a software supply chain compromise in September 2022. The V3 product was formally sunset on October 28, 2024, with trading migrated to the dYdX Chain (V4) on Cosmos.

MangoFarmSOL was a purported yield-farming protocol on the Solana blockchain that executed an exit scam in January 2024, draining approximately $1.32 million from users who had deposited SOL tokens in anticipation of a promised MANGO token airdrop. The perpetrators deployed a malicious frontend under the guise of an 'emergency migration,' bridged stolen funds to Ethereum, and laundered proceeds through privacy tools including Railgun and instant exchanges before all social media accounts, the project website, and the Telegram channel were abandoned. No perpetrators have been publicly identified and no regulatory or law enforcement actions are known to have followed.

RiskOnBlast was a GambleFi (gambling and exchange) platform launched on the Blast Layer-2 network in February 2024. Its anonymous team executed an exit scam (rug pull) on February 24, 2024, draining approximately 420 ETH (~$1.3 million) from over 750 investor wallets immediately after the IDO cap was reached. The project is linked by on-chain evidence to a serial fraud group responsible for more than $20 million in losses across multiple DeFi protocols.

DuelBits is a Curacao-licensed crypto casino and sportsbook operated by Liquid Entertainment N.V., launched in 2020. The platform suffered a confirmed $4.6 million private key compromise on February 13, 2024, affecting wallets on both the Ethereum and BNB Chain networks. DuelBits has also been flagged in broader contexts related to unlicensed gambling promotion, Twitch's 2022 ban on unlicensed gambling streams, and mixed user reports of withdrawal delays and account-closure disputes.

Bungee Exchange is a cross-chain bridge aggregator and liquidity routing protocol developed by Socket (formerly SocketDotTech), founded in 2021 by Vaibhav Chellani and Rishabh Khurana. On January 16, 2024, the underlying Socket infrastructure was exploited via an inadequately validated smart contract route, resulting in approximately $3.3 million stolen from roughly 700 wallets with infinite token approvals. The protocol recovered approximately $2.23 million of the stolen funds one week later and resumed operations; it remains active as of 2026.

Seneca is a decentralized stablecoin lending protocol that allowed users to mint senUSD against collateral. On February 28, 2024, attackers exploited a critical arbitrary external-call vulnerability in its Chamber contract, draining approximately $6.4 million from user wallets across Ethereum and Arbitrum. Approximately 80% of stolen funds were recovered after an on-chain bounty offer; however, the vulnerability had been publicly identified months before the exploit and the team proceeded to launch without patching it.

Unizen is a cross-chain DEX aggregator and smart exchange ecosystem operating on Ethereum and multiple other networks, with a native utility token ZCX. On March 8, 2024, the platform suffered a $2.1 million exploit caused by an unsafe external call vulnerability introduced during a smart contract upgrade; the attacker subsequently laundered the stolen funds through Tornado Cash in August 2024. Despite a CEO-funded reimbursement covering approximately 99% of affected users, the incident raised significant questions about upgrade security practices given that two prior audits (Halborn, Verichain 2022) had not caught the flaw.

Shido Network (SHIDO) is a Layer-1 proof-of-stake blockchain project founded in Sweden in 2021. On February 29, 2024, an attacker exploited the Ethereum-based SHIDO staking contract by transferring ownership to a new address and upgrading it with a hidden token-withdrawal function, draining over 4.3 billion tokens and causing the price to collapse 94% within 30 minutes. On-chain investigator ZachXBT linked the exploit to a serial hacker responsible for the OKX (December 2023) and Concentric Finance (January 2024) hacks, with the attack vector in each case being private key compromise via social engineering.

Adshares is a Warsaw-based decentralized advertising protocol operating a proprietary dPoS blockchain with cross-chain bridges to Ethereum, BSC, Base, and Polygon. In May 2026 its Ethereum bridge was exploited for approximately $628,000 through fake wrapped-token minting, making it one of eight bridge exploits tracked by PeckShield that month. Approximately 86% of stolen funds were returned after the team offered a 10% whitehat bounty, but no public post-mortem has been published and the root cause of the bridge compromise remains unconfirmed.

5CLYzCRa2E8p3NHNrRSs2w5NkHzj5WGmqCF8zYd3PRD7 is a standard Solana wallet account (owned by the System Program), not a token mint. On-chain data shows 643 transactions between May 2024 and November 2025, predominantly consisting of inbound 1-lamport dust transfers sent by automated batch senders to groups of 15-20 wallets simultaneously, and inbound unsolicited SPL token airdrops from a known mass-distributor address. The wallet has also sent modest outbound SOL transfers and closed its own token accounts using a sweep program. No association with a named project, DEX listing, or public fraud report has been identified.

Rapira Group LLC and Aifory LLC (operating as Aifory Pro) are Georgia-incorporated cryptocurrency exchanges that operated primarily as ruble-to-crypto fiat on-ramps targeting Russian and CIS retail users. On May 26, 2026, the UK Foreign, Commonwealth and Development Office designated both entities under the Russia (Sanctions) (EU Exit) Regulations 2019 as part of an 18-entity package targeting the A7 sanctions-evasion network. UK sanctions impose full asset freezes, Regulation 17A correspondent banking prohibitions, and internet access restrictions — representing the first application of banking-style sanctions to crypto exchanges under the UK Russia sanctions regime. Georgian courts separately convicted individuals connected to the fictitious registration scheme used to incorporate both entities, with the alleged organizer receiving a 9-year sentence in April 2026.

Dolomite is a decentralized money market and trading protocol originally launched on Ethereum in 2019 and migrated to Arbitrum in 2022. The protocol suffered a $1.8 million exploit in March 2024 due to a reentrancy vulnerability in a legacy 2019 Ethereum contract. The platform drew significant controversy in 2026 when Trump-affiliated World Liberty Financial (WLFI) used 5 billion WLFI tokens as collateral to borrow $75 million on Dolomite — a platform co-founded by WLFI's own chief technology officer — driving USD1 pool utilization to 93% and trapping ordinary depositors.

Grand Base was a decentralized real-world asset (RWA) synthetic trading protocol launched on Coinbase's Base layer-2 blockchain in early 2024. On April 15, 2024, the protocol suffered a critical security incident in which its deployer wallet was compromised, allowing an attacker to mint approximately 32.5 million unauthorized GB tokens and drain roughly $2 million in liquidity. The GB token subsequently lost over 99% of its value; no verified recovery or compensation plan has been confirmed, and the project's long-term operational status remains uncertain.

Super Sushi Samurai (SSS) is a Telegram-based blockchain game launched on the Blast layer-2 network in March 2024. On March 21, 2024 — four days after launch — a critical infinite-mint vulnerability in the SSS token contract was exploited, draining approximately $4.6–4.8 million (1,310 ETH) from its liquidity pool and causing the token to lose over 99% of its value. The attacker claimed to be a white-hat actor, and most funds were returned minus a 5% bounty; however, approximately 40 ETH were separately stolen by a distinct black-hat actor and the failed audit by Verichains raises material security governance concerns.

An ongoing phishing campaign impersonates Jupiter Exchange (Solana DEX aggregator) by airdropping counterfeit tokens labeled '$CJUP' directly into Solana wallets, then directing recipients to wallet-draining websites that automatically empty connected wallets. First documented in early 2024 and still active as of May 2026, the campaign exploits the widespread recognition of Jupiter's legitimate annual 'Jupuary' airdrop program, which has distributed over $1 billion in real $JUP tokens since 2024.

SKP (SKIPPY) is a BEP-20 token on BNB Smart Chain deployed in October 2021 and originally presented as a utility token for an Australian e-commerce and travel business. On May 27, 2026, blockchain security firm TenArmor detected an active exploit draining approximately $212,000 from SKP-linked liquidity pools across PancakeSwap, Venus, and Lista DAO on BNB Chain, with the attacker exiting with approximately 162,854 BSC-USD and 74.877 BNB. As of the date of this investigation, the root cause of the exploit is unconfirmed, no official post-mortem or team response has been issued, and the token exhibits extreme supply concentration and no active trading volume.

XBridge is a cross-chain bridge protocol built by SaitaChain (formerly Saitama Inu), designed to connect Ethereum Mainnet and BNB Chain. On April 24, 2024, the protocol suffered a $1.44 million exploit caused by a critical access-control vulnerability in its smart contracts, with stolen funds subsequently routed through Tornado Cash. The parent company, Saitama LLC, faces U.S. federal charges of wire fraud and market manipulation, with CEO Manpreet Kohli arrested in the UK in October 2024 and facing extradition proceedings.

Velocore V2 was a ve(3,3) decentralized exchange (DEX) deployed on the Linea and zkSync Era layer-2 blockchains. On June 2, 2024, the protocol suffered a critical smart contract exploit that drained approximately $6.8 million in ETH from its volatile liquidity pools. The attacker laundered stolen funds through Tornado Cash, no recovery was achieved, and the team subsequently announced a treasury liquidation rather than a protocol relaunch.

ALEX (Automated Liquidity Exchange) is a decentralized finance protocol built on the Stacks blockchain, designed to bring DeFi capabilities to Bitcoin. The protocol has suffered two major security exploits: a $4.3 million hack in May 2024 attributed to North Korea's Lazarus Group via a private key compromise of its XLink bridge, and an $8.3 million exploit in June 2025 caused by a smart contract access control vulnerability. In both cases, ALEX Lab Foundation pledged full user reimbursement, though partial recovery of 2024 stolen funds remained ongoing as of mid-2025, and the native ALEX token has declined approximately 99.9% from its all-time high.

Pike V1 (also known as Pike Beta) was a cross-chain DeFi lending protocol built by Nuts Finance that suffered two smart contract exploits within four days in April 2024, resulting in approximately $1.98 million in user losses. A vulnerability identified by auditing partner OtterSec prior to launch was never remediated, and a subsequent botched patch introduced even more severe vulnerabilities. The project's October 2024 token generation event further damaged investor trust after the team launched the $P token with only $10,000 in initial liquidity despite having raised $6.45 million in a presale.

Bitcoin Latinum (LTNM) is a cryptocurrency token launched in 2020 by Donald G. Basile through his companies GIBF GP, Inc. and Monsoon Blockchain Corporation. In April 2026, the U.S. Securities and Exchange Commission charged Basile with orchestrating a $16 million investor fraud scheme, alleging he raised funds through Simple Agreements for Future Tokens (SAFTs) using fabricated insurance coverage claims and nonexistent asset-backing structures, then diverted millions to personal expenses. The token, which peaked near $9,336 in December 2021, has since collapsed to near zero, and multiple civil lawsuits from defrauded investors preceded the SEC action.

YOLO Games is an on-chain gambling platform built on the Blast Layer 2 network, offering high-risk games such as YOLO, Moon or Doom, and Poke the Bear, with a native $YOLO token as its reward mechanism. In June 2024, an access control vulnerability in a third-party Liquidity Bootstrapping Pool (LBP) contract was exploited, resulting in the extraction of approximately $1.387 million, of which 90% was subsequently returned by the attacker acting as a whitehat. The $YOLO token has since collapsed approximately 99.6% from its all-time high and the protocol shows near-zero fee activity as of 2025-2026, suggesting severe user attrition or effective abandonment.

ParaSpace Lending V1 was an Ethereum-based cross-margin NFT and fungible token lending protocol launched in December 2022. In March 2023, a price manipulation exploit targeting the AutoCompoundApe contract nearly drained $5 million (2,909 ETH) from the protocol; blockchain security firm BlockSec intervened in a white-hat operation to recover the funds. In May 2023, a separate internal governance crisis erupted when over 19 team members accused CEO Yubo Ruan of misappropriating approximately 1,454.5 ETH (~$2.7M) from the recovered funds, allegations Ruan denied. The protocol subsequently rebranded through a merger with Parallel Finance, forming ParaX in August 2023, while the original V1 contracts were wound down and remain at minimal TVL as of 2026.

CoinStats is an Armenian-founded cryptocurrency portfolio tracking application with approximately 1.5 million users, founded in 2017 by Narek Gevorgyan. On June 22, 2024, the platform suffered a significant security breach in which 1,590 internally-hosted wallets were compromised and approximately $2.2 million in cryptocurrency was stolen, with attribution pointing to North Korea's Lazarus Group. The platform has since rebuilt its infrastructure and restored operations, but no confirmed compensation program for affected users has been publicly documented.

Holograph is an omnichain tokenization protocol that enables cross-chain asset transfers, launched in 2022 by CXIP Labs with $6.5 million in seed funding. On June 13, 2024, a former technical contractor exploited admin-level access to the protocol's operator contract to mint 1 billion unauthorized HLG tokens worth approximately $14.4 million, crashing the token price by over 80%. Four suspects were subsequently arrested in Italy and extradited to France, where criminal proceedings are ongoing; approximately 80% of stolen tokens were reported recovered by law enforcement.

Orion Pools is the automated market maker (AMM) and liquidity pool component of Orion Protocol, a DeFi liquidity aggregator founded in 2018 by Alexey Koloskov. On February 2, 2023, the protocol suffered a $3 million reentrancy exploit targeting its core exchange contract across Ethereum and BNB Chain, with stolen funds subsequently laundered through Tornado Cash. The project later rebranded to Lumia in late 2024, pivoting from a liquidity aggregator to a Layer 2 blockchain.

An industrial-scale pattern of fraud on the Solana blockchain exploits the Token-2022 Permanent Delegate extension, a legitimate feature that grants a mint-level authority the unconditional ability to burn or transfer any holder's tokens without their signature. First publicly documented in September 2024 by a Jupiter Core Working Group member, the exploit has since scaled into an automated rug pull factory pattern where scammers burn victim tokens seconds after purchase. RugCheck.xyz identifies the Permanent Delegate extension as a significant risk indicator on a substantial fraction of newly launched Solana tokens.

Dough Finance was an Ethereum-based DeFi lending and margin-trading protocol co-founded by Chase Herro and Zachary Folkman. On July 12, 2024, the protocol was exploited via a flash loan attack that drained approximately $2.1–2.5 million in user funds due to unvalidated calldata in its ConnectorDeleverageParaswap smart contract. The protocol's website is shut down, the vast majority of the approximately 2,700 affected users have received no meaningful compensation, and the co-founders have since launched World Liberty Financial alongside Donald Trump, earning an alleged $65 million in revenues from that new venture.

Rho Markets is a DeFi lending protocol (Compound V2 fork) deployed on Scroll, an Ethereum Layer 2 ZK-rollup network. On July 19, 2024, a misconfigured price oracle allowed an MEV bot to extract approximately $7.6 million in user funds; the operator voluntarily returned all funds after demanding a public acknowledgment of the misconfiguration. Despite full fund recovery, the protocol's TVL collapsed to near-zero and remains essentially inactive as of 2026.

LI.FI is a Berlin-based cross-chain bridge and DEX aggregation protocol founded in 2021 by Philipp Zentner and Max Klenk. The protocol has suffered two significant smart contract exploits — a $600,000 loss in March 2022 and an $11.6 million loss in July 2024 — both stemming from the same class of arbitrary-call vulnerability, prompting criticism from security researchers that lessons were not learned. Separately, blockchain investigator ZachXBT alleged in June 2025 that North Korean (DPRK) actors accounted for an estimated 15–25% of the protocol's volume during May 2025, using LI.FI to launder funds from the Bybit hack.

Minterest (formerly using the MNT token, later rebranded to MINTY) was a cross-chain DeFi lending and borrowing protocol founded by Josh Rogers and incorporated as Minterest Labs OÜ in Estonia. The protocol suffered a $1.4 million reentrancy exploit on July 14, 2024 — in a market that went live without a completed security audit — and subsequently announced the sunsetting of all operations in November 2025, explicitly stating that hack victims would receive no refund or token compensation as part of the wind-down.

Transit Finance (also known as Transit Swap) is a cross-chain DEX aggregator supporting over 122 decentralized exchanges across Ethereum, BNB Chain, TRON, Solana, Polygon, and other networks. The protocol has suffered two confirmed security exploits: a $28.9 million hack in October 2022 due to an arbitrary external call vulnerability in its routing contract, with approximately $18.9 million recovered; and a second $1.88 million exploit in May 2026 via a deprecated TRON smart contract that remained on-chain and exploitable years after official deprecation. ZachXBT flagged the protocol amid broader DeFi monitoring, and the 2022 attacker routed funds through OFAC-sanctioned Tornado Cash.

Elijah Armstrong (21), Nino Chindavanh (21), and Jayden Rucker (25), all from the Nashville, Tennessee area, were federally indicted on March 31, 2026 in the Northern District of California for a violent cryptocurrency robbery and kidnapping spree carried out across the San Francisco Bay Area and Los Angeles between November 22 and December 31, 2025. The three men allegedly posed as delivery workers to gain entry into victims' homes, then used firearms, duct tape, and zip ties to restrain and assault victims before forcing cryptocurrency transfers; in at least one documented incident, $6.5 million in digital assets was transferred at gunpoint. All three defendants remain in federal custody without bond.

DeltaPrime is a decentralized leveraged farming and lending protocol deployed on Arbitrum and Avalanche. The protocol suffered two major security exploits in 2024 — a $5.98 million private key compromise in September and a $4.8 million smart contract vulnerability in November — totaling over $10.7 million in losses. On-chain investigator ZachXBT alleged that DeltaPrime had previously employed North Korean IT workers with alleged ties to the DPRK-linked Lazarus Group, raising concerns about insider access as a contributing factor to the first exploit.

Rubic is a cross-chain DEX aggregator founded in 2020 by Vladimir Tikhomirov and Alexandra Korneva, supporting swaps across 90+ blockchains. The protocol suffered two significant security incidents within two months in late 2022: a private key compromise in November that drained approximately $1.2 million in RBC tokens, followed by a smart contract exploit on December 25, 2022 that stole roughly $1.4 million in user USDC. Both events caused severe token price collapses, though the platform subsequently implemented new security architecture and remained operational into 2025.

Kokomo Finance was a purported non-custodial lending and borrowing protocol launched on the Optimism blockchain on March 25, 2023. Within approximately 24 hours of launch, its developers executed a deliberate exit scam, stealing approximately $4 to $4.5 million in user funds through smart contract manipulation. The project was subsequently linked by on-chain investigator ZachXBT to a serial scam ring responsible for over $20 million in losses across multiple DeFi protocols.

MonoSwap is a decentralized exchange (DEX) and launchpad built on the Blast L2 network that launched in late February 2024. On July 24, 2024, the protocol was compromised via a social engineering attack in which a developer was tricked into installing infostealer malware disguised as a video conferencing app, allowing attackers to drain approximately $1.3 million in staked liquidity. The stolen funds were subsequently laundered through Tornado Cash, and the protocol has remained largely inactive with negligible TVL since the incident.

Terra 2.0 (LUNA) is a replacement blockchain launched in May 2022 by Terraform Labs following the catastrophic collapse of the original Terra network and its algorithmic stablecoin TerraUSD (UST), which erased approximately $40–60 billion in market value in one week. The project's founder, Do Kwon, was arrested in March 2023, found liable for securities fraud in a U.S. civil trial in April 2024, pleaded guilty to wire fraud and conspiracy in August 2025, and was sentenced to 15 years in federal prison in December 2025. Terraform Labs itself filed for Chapter 11 bankruptcy in January 2024 and received court approval to wind down operations by September 2024, leaving Terra 2.0 as a severely diminished chain with minimal developer activity and an approximately 79% year-over-year decline in token value.

Wasabi Protocol is a decentralized perpetual futures and leverage trading protocol founded in 2022, enabling users to trade memecoins, NFTs, and other long-tail assets with leverage on Ethereum, Base, Blast, and Berachain. On April 30, 2026, the protocol suffered a critical exploit in which an attacker compromised the deployer EOA private key (wasabideployer.eth), granted ADMIN_ROLE to a malicious orchestrator contract with zero timelock delay, and executed UUPS proxy upgrades across all four chains to drain approximately $5.9 million in user funds. The stolen assets were subsequently consolidated into ETH and routed through Tornado Cash across five attacker wallets.

Poly Network was a cross-chain interoperability protocol launched in August 2020 by Neo, Ontology, and Switcheo. It suffered two major security breaches: a $610 million exploit in August 2021 (the largest DeFi hack at the time, with funds ultimately returned) and a second exploit in July 2023 in which attackers minted billions in notional value of tokens, extracting an estimated $10–20 million in real assets. The protocol permanently terminated all services on September 30, 2024.

Onyx Protocol is a Compound Finance fork and DeFi lending platform on Ethereum that launched a V2 iteration in 2024 following two devastating exploits — one in November 2023 ($2.1M) and a second in September 2024 ($3.8M) — both exploiting the same known vulnerability in the Compound V2 codebase. After the second hack, the community voted to shut down the Ethereum lending market and relaunch as Onyx Core; V2 targeting compliance with the U.S. CLARITY Act launched in Q3 2025 on a new XCN Ledger infrastructure. Total confirmed losses across both exploits exceed $5.9 million.

uniBTC is a synthetic Bitcoin liquid restaking token issued by Bedrock protocol, enabling wBTC holders to earn BTC-native yield via the Babylon staking protocol while retaining liquidity. In September 2024, a critical minting vulnerability in multiple uniBTC vault smart contracts across eight blockchains was exploited for approximately $2 million after a third-party security firm disclosed the flaw hours before the attack. Post-incident forensics by Fuzzland, disclosed in June 2025, attributed the exploit to an insider threat — a former employee who embedded malware into Fuzzland's internal codebase and used privileged access to execute the attack; Bedrock has since integrated Chainlink Proof of Reserve and expanded to multiple new chains.

Banana Gun is a Telegram-based crypto trading bot launched in 2023 that allows users to snipe token launches on EVM chains and Solana. The project has experienced two major security incidents: a smart contract bug at token launch in September 2023 that caused the BANANA token to crash 99.7%, and a $3 million exploit in September 2024 in which attackers leveraged a Telegram message oracle vulnerability to drain 11 users. Separate, unresolved allegations from on-chain researchers claim the team arranged an exclusive order flow deal with block builder Titan that funneled millions of dollars in user bribe payments away from Ethereum validators.

Level Finance (also marketed as Level Perps) is a decentralized perpetual derivatives exchange that launched on BNB Chain in Q4 2022 and later expanded to Arbitrum. In May 2023 the protocol suffered a $1.1 million exploit caused by a logic bug in its referral reward contract that was missed by two prior security audits. The protocol's LVL token has declined approximately 99.9% from its all-time high, and as of 2025-2026 the protocol shows near-zero TVL ($32K), zero fees, and zero revenue, indicating effective dormancy.

TAC Protocol is an EVM-compatible Layer-1 blockchain built on Cosmos SDK that bridges Ethereum DeFi applications to the TON blockchain and Telegram ecosystem. On May 12, 2026, its cross-chain bridge was exploited for approximately $2.86 million — the protocol's entire TVL at the time — due to missing validation in sequencer software that allowed attackers to forge Jetton wallets. The attacker subsequently accepted a 10% white-hat bounty, returning roughly 90% of stolen funds to TAC's multisig; the bridge remains paused pending an independent security audit as of late May 2026.

CrossCurve Bridge is a cross-chain liquidity protocol formerly known as EYWA, built in partnership with Curve Finance and backed by Curve founder Michael Egorov. On February 2, 2026, the protocol was exploited for approximately $3 million after attackers discovered that its ReceiverAxelar smart contract failed to validate the origin of cross-chain messages, allowing fabricated instructions to drain PortalV2 contracts across multiple networks. The team invoked a SafeHarbor WhiteHat policy offering a 10% bounty, while threatening legal escalation if funds were not returned within 72 hours.

XT Exchange (XT.com), founded in 2018 and registered in Seychelles, is a centralized cryptocurrency exchange that has been flagged by multiple regulatory authorities — including the UK FCA, Dubai VARA, Thailand SEC, and the Seychelles FSA — for operating without proper licensing. The exchange suffered a $1.7 million hot wallet exploit in November 2024 due to a compromised private key, and has accumulated substantial user complaints alleging unjustified account freezing, asset seizure, and blocked withdrawals. Independent analysis has also raised concerns about inflated trading volumes and inadequate proof-of-reserves transparency.

Moby Trade (moby.trade) is an on-chain options protocol built on Arbitrum and Berachain, launched in 2024 and backed by an Arbitrum Foundation grant. On January 8, 2025, the protocol suffered a critical security breach when a private key controlling proxy admin contracts was compromised, resulting in approximately $2.5 million in user funds being drained; roughly $1.5 million was subsequently recovered through an intervention by the SEAL911 security team. The protocol resumed operations after the incident and expanded to Berachain mainnet in February 2025, but the unrecovered ~$1 million in ETH and WBTC was routed through privacy mixers including Railgun and Tornado Cash, leaving those funds effectively unrecoverable.

Sirio Finance is a DeFAI lending and borrowing protocol built on the Hedera blockchain that launched on January 27, 2025 and suffered a flashloan exploit on February 1, 2025, resulting in an estimated $2–3 million in stolen funds. The exploit occurred within five days of mainnet launch, with post-incident analysis indicating the vulnerability was introduced when the team followed an audit directive from QuillAudits to remove a reentrancy guard from the protocol's smart contracts. The protocol's TVL collapsed to near zero following the hack, and no confirmed recovery of stolen funds or full user compensation has been publicly documented.

Sunray Finance was a perpetual-trading DEX protocol on Arbitrum that suffered a critical exploit on October 30, 2024, resulting in approximately $2.7–2.9 million in losses. An attacker — using what the team attributed to a compromised private key — upgraded the protocol's management contract and minted 200 sextillion SUN tokens, then swapped a portion for USDT before the token price collapsed to zero. The project website subsequently went offline with no confirmed fund recovery, and the protocol's pre-exploit marketing included unverified claims of SoftBank backing and unsustainable 299% annual yield promises.

CATFI is a Solana-based memecoin launched in early 2025 via Pump.fun that was the subject of a coordinated rug pull orchestrated by a South Korean operator known online as 'Eth Father,' identified by prosecutors only as Mr. Park. The scheme artificially inflated the token 1,001-fold within 26 hours before a mass exit drained investor funds, causing approximately 900 million KRW (~$600,000) in losses across at least 256 victims. In May 2026 the Seoul Southern District Prosecutors' Office charged five individuals, marking South Korea's first criminal prosecution of a decentralized-exchange rug pull under the Virtual Asset User Protection Act.

Superteam (formerly SuperteamDAO) is a Solana Foundation-backed talent network and ecosystem growth organization founded in 2021, operating 23+ regional chapters globally. It runs Superteam Earn, an open-source bounty and grant platform, and facilitates community earnings exceeding $1.7 million across the Solana ecosystem. No confirmed fraud, regulatory actions, or security exploits have been identified; primary risk factors relate to its dependency on Solana Foundation funding and the inherent volatility of the broader Solana ecosystem.

Ionic Protocol (also known as Ionic Money) is a decentralized non-custodial lending and borrowing protocol deployed on the Mode Network (OP Superchain). It is a rebrand of Midas Capital, which suffered two separate exploits in 2023 totaling approximately $1.26 million. In February 2025, Ionic itself was exploited via a social engineering attack involving a counterfeit LBTC token, resulting in losses estimated between $8.6 million and $12.3 million; funds were partially laundered through Tornado Cash and have not been recovered.

Venus Core Pool is the primary lending market of Venus Protocol, the largest decentralized money market on BNB Chain. The protocol has accumulated over $112 million in cumulative losses across at least five separate security incidents since 2021, including oracle manipulation, a phishing attack draining $27 million from the Core Pool itself in September 2025, and a donation-attack exploit in March 2026 that left $2.15 million in unrecoverable bad debt. A critical vulnerability flagged during a 2023 Code4rena security audit was dismissed by the development team and subsequently exploited twice.

KiloEx is a decentralized perpetual futures exchange (DEX) backed by YZi Labs (formerly Binance Labs), deployed across opBNB, Base, BNB Chain, Taiko, and other networks. In April 2025, the platform suffered a $7.5–8.44 million oracle price manipulation exploit caused by an access control vulnerability in its TrustedForwarder contract; the attacker subsequently returned all stolen funds within 3.5 days after accepting a $750,000 white-hat bounty. The platform relaunched on April 24, 2025 after a partial security audit, with a full comprehensive audit still pending at that time.

zkLend was a decentralized money-market lending protocol built on Starknet (Ethereum Layer 2), founded in 2022 by Brian Fu and Jane Ma and backed by Delphi Digital, Three Arrows Capital, and StarkWare. On February 11–12, 2025, the protocol suffered a critical flash-loan exploit that drained approximately $9.57 million in user funds through manipulation of the lending_accumulator variable and precision-loss rounding errors. The protocol permanently ceased operations in June 2025, allocating a $200,000 treasury remnant to a user recovery fund — leaving the vast majority of affected users uncompensated.

Zoth is a Dubai-based real-world asset (RWA) restaking protocol and the issuer of ZeUSD, a CDP-style stablecoin backed by tokenized fixed-income assets including U.S. T-Bills and ETFs. In March 2025, the protocol suffered two separate security incidents within three weeks: a $285,000 logic-flaw exploit on March 1 and a critical $8.4–8.85 million admin key compromise on March 21, the latter resulting in the theft of 8.85 million USD0++ tokens. The stolen funds remain largely unrecovered as of mid-2025, with Zoth offering a $500,000 bounty and engaging Crystal Blockchain BV for forensic investigation.

Trifleck is a shell company with no verifiable business registration used as a front in an active LinkedIn-based malware campaign targeting crypto and Web3 developers, first publicly disclosed in May 2026. The campaign delivers a malicious 'pre-interview code review' ZIP file containing infostealers after recruiters posing as Trifleck employees contact developers with frontend job offers. The attack pattern, infrastructure, and malware families are consistent with tactics attributed by Microsoft, Mandiant, Palo Alto Unit 42, and the FBI to DPRK-aligned threat actors operating under the cluster known as Contagious Interview.

ZKsync is an Ethereum Layer 2 scaling protocol built on zero-knowledge rollup technology, developed by Matter Labs, which has raised approximately $458 million in venture capital. The protocol has faced multiple significant controversies including a $5 million airdrop contract exploit in April 2025, a contentious 2024 token airdrop marred by sybil attack failures and community backlash, a South Korean regulatory probe into alleged price manipulation, compromised social media accounts spreading false SEC investigation claims, and an intellectual property theft lawsuit filed against Matter Labs by defunct firm BANKEX. User funds in the core protocol have not been directly compromised, but the pattern of incidents has substantially eroded community trust.

Mobius Token (ticker: MBU) is a DeFi token that operated on BNB Chain. On May 11, 2025, an attacker exploited a critical decimal-precision bug in the project's unaudited smart contract, minting approximately 9.73 quadrillion MBU tokens with a deposit of only 0.001 BNB and draining $2.15 million in USDT from the protocol's liquidity pools. The stolen funds were laundered through Tornado Cash, no official team response was issued, and no funds have been recovered.

SushiSwap is a decentralized exchange (DEX) and DeFi protocol launched in August 2020 as a fork of Uniswap, offering an automated market maker (AMM), governance token (SUSHI), and multi-chain liquidity pools. The protocol has endured a series of serious controversies spanning its entire history: a founding exit-scam attempt by anonymous creator Chef Nomi, early operational control handed to convicted fraudster Sam Bankman-Fried, an SEC subpoena issued to the protocol and its CEO in 2023, a $3.3 million smart contract exploit the same year, allegations that North Korean IT workers were embedded in its developer team, disputed DAO treasury centralization in 2024, and a governance process in late 2025 where a single wallet controlled 99.9% of a vote. TVL has declined approximately 98.7% from its 2022 peak of over $8 billion to roughly $100 million as of late 2025.

Bitcoin Mission is an entity that has been flagged by on-chain investigator ZachXBT, though the specific nature, founding, and full scope of the entity could not be independently verified through publicly available Tier 1 or Tier 2 sources at the time of this investigation. Multiple unrelated legitimate entities share the name 'Bitcoin Mission' (including a Christian-focused Bitcoin podcast and a GitHub organization), making disambiguation difficult. The trust score of 25 reflects the ZachXBT flag combined with the absence of verifiable public transparency about the entity.

LND (lnd.fi) was a non-custodial, multichain DeFi lending protocol built on Sonic (a high-performance EVM chain) as a fork of Aave V3. On May 9, 2025, the protocol was drained of approximately $1.27–1.42 million by a developer who gained Pool Admin credentials and introduced a malicious access control modification 41 days before executing the exploit; the official postmortem attributed the attacker to a DPRK (North Korea) IT worker embedded in the team under false pretenses. As of mid-2025, the lnd.fi domain is no longer operated by the team and appears listed for resale, indicating the protocol ceased operations following the incident.

Between September 2025 and May 2026, a solo Russian-speaking threat actor operating under the handle 'bandcampro' conducted a sustained AI-assisted fraud and credential-theft campaign targeting MAGA and QAnon communities to steal cryptocurrency. The actor deployed a jailbroken Google Gemini CLI — with safety guardrails persistently disabled via a GEMINI.md context injection file — as the operational backbone of an automated social engineering, influence operation, and hacking pipeline. The campaign is documented in a May 2026 Trend Micro research report titled 'Inside the 5-Year Influence and Fraud Patriot Bait Campaign.'

Kinto was a KYC-enforced Ethereum Layer 2 built on the Arbitrum Nitro stack, marketing itself as a 'safety-first' DeFi protocol with built-in AML and identity verification. On July 10, 2025, an attacker exploited a CPIMP proxy vulnerability in the $K token contract on Arbitrum, minting 110,000 unauthorized tokens and draining approximately $1.55–1.9 million from Uniswap V4 and Morpho Blue liquidity pools. Despite a partial recovery effort dubbed 'Phoenix,' the project announced shutdown effective September 30, 2025, as fundraising options collapsed and the team ran unpaid for months.

Texture Finance is a Solana-based decentralized lending protocol founded in 2021 and backed by $5 million in venture funding from P2P Capital, Sino Global Capital, Wintermute, and Jane Street Capital. In July 2025, a missing ownership check in its USDC vault smart contract allowed an attacker to steal approximately $2.2 million in user funds; the protocol negotiated a 10% greyhat bounty and recovered roughly $1.98 million. User withdrawals remained disabled following the exploit, and a formal repayment timeline had not been published as of mid-2025.

OlaXBT (ticker: AIO) is a BNB Smart Chain-based AI trading platform that raised $3.38 million in seed funding led by Amber Group and launched publicly in July 2025. The project suffered a confirmed multi-signature wallet breach on September 1, 2025 that resulted in the theft of approximately 32 million AIO tokens (estimated $2 million at the time), forcing an emergency token contract migration that several exchanges declined to support. Additional risk factors include extreme holder concentration (approximately 96% of supply held by two addresses per CertiK Skynet data), an anonymous founding team with unverifiable claimed credentials, and multiple exchange delistings citing security concerns.

ForceBridge is a cross-chain bridge operated by Magickbase on the Nervos Network (CKB), enabling transfers between Nervos and Ethereum and BNB Chain. On June 2, 2025, the bridge was exploited via an access control vulnerability — likely a compromised private key — resulting in approximately $3.7–3.9 million in user funds being stolen and laundered through Tornado Cash. The exploit occurred just one day after Magickbase announced the bridge's sunset, raising questions about the timing and origin of the attack.

Bitpapa IC FZC LLC is a UAE-registered peer-to-peer cryptocurrency exchange primarily serving Russian and CIS markets that has been sanctioned by three separate national jurisdictions: OFAC (March 2024), Ukraine (July 2025), and the UK FCDO (May 2026). Authorities allege the platform facilitated millions of dollars in transactions with OFAC-designated entities including Garantex and Hydra Market, employed systematic wallet rotation to evade transaction monitoring, and provided financial services to the A7 LLC network accused of moving over $90 billion into Russia's war economy. The platform has continued operating through multiple sanctions designations, illustrating the limits of unilateral enforcement against P2P fiat-on-ramps.

EXMO Exchange Limited is a UK-registered cryptocurrency exchange founded circa 2013 by Russian nationals Eduard Bark and Ivan Petukhovskiy. The exchange suffered a hot wallet hack in December 2020 losing approximately $10.5 million in user funds, faced multiple regulatory failures including a failed FCA registration and a UK ASA ruling for misleading advertising, and was sanctioned by the UK government on May 26, 2026 under Russia (Sanctions) (EU Exit) Regulations 2019 for alleged facilitation of Russian sanctions evasion via transactions with sanctioned entities Garantex, Grinex, and Chatex totaling over $19.5 million. Blockchain analysis by TRM Labs found that EXMO's claimed operational separation from its Russia-facing spinoff EXMO.me was not reflected in actual custodial wallet infrastructure.

Shibarium is a layer-2 blockchain built on Ethereum, launched in August 2023 as the scaling solution for the Shiba Inu (SHIB) ecosystem. The network has faced a series of significant incidents including a failed initial launch that trapped $1.7 million in bridged funds, a September 2025 flash loan exploit that drained approximately $4.1 million from its cross-chain bridge via validator key compromise, persistent rug pull activity on its DeFi layer, allegations of code plagiarism, and ongoing transparency concerns stemming from fully pseudonymous leadership. Shibarium initiated a novel NFT-based restitution program following the 2025 exploit but as of early 2026 the recovery path remained unresolved.

YO Protocol (yo.xyz), operated by YO Labs, is a San Francisco-based multi-chain DeFi yield optimization protocol founded by former Uber and Amazon executives and backed by Paradigm, Coinbase Ventures, and Foundation Capital with $24 million in total funding. Independent security research published in September 2025 identified significant centralization risks, MEV attack vectors, and EIP-4626 compliance gaps that existing audits had not fully addressed. No hacks, exploits, or regulatory actions have been publicly confirmed against the protocol; a claimed ZachXBT flag has not been corroborated by any findable public source as of May 2026.

CrossCurve (formerly EYWA) is a cross-chain DeFi liquidity protocol built in partnership with Curve Finance, backed by $8.5 million in funding including a seed round led by Curve founder Michael Egorov. On February 1-2, 2026, the protocol suffered a critical smart contract exploit in its ReceiverAxelar bridge contract, resulting in an estimated $3 million in user losses across multiple chains; confirmed liquid losses were approximately $1.44 million after exchange freezes limited attacker liquidation. A subsequent Hashlock audit of separate OFT messaging contracts in March 2026 found and resolved additional vulnerabilities, and the protocol has not publicly confirmed full fund recovery from the February exploit.

Moonwell is a decentralized, non-custodial lending and borrowing protocol deployed on Base, Optimism, Moonbeam, and Moonriver, operating as a fork of Compound v2. The protocol has suffered at least five distinct security incidents between 2022 and 2026, resulting in combined losses and bad debt exceeding $5 million, including repeated oracle failures, a flash loan exploit, a near-successful governance attack, and an AI-assisted smart contract misconfiguration. Despite multiple audits by Halborn and Code4rena, the pattern of recurring vulnerabilities and the removal of its Immunefi bug bounty program in early 2025 have raised significant security concerns.

TMX TRIBE (also marketed as Tribe DEX) is a decentralized perpetual futures exchange operating on Arbitrum and Optimism that launched its TMX token in mid-2025. On January 5-7, 2026, an attacker exploited a critical logic flaw in unverified, unaudited smart contracts to drain approximately $1.4 million in user funds over 36 hours, with stolen assets subsequently bridged to Ethereum and laundered via Tornado Cash. The team deployed no emergency pause during the attack, issued no public statement for days afterward, and produced no post-mortem or user compensation plan, raising serious concerns about operational competence and transparency. ZachXBT has flagged the entity.

Vortex, Antier Solutions Private Limited, and Contrarian are three cryptocurrency market-making firms whose executives were charged in federal indictments unsealed March 30, 2026 as part of Operation Token Mirrors, a joint FBI and IRS Criminal Investigation undercover sting. Ten foreign nationals across these three firms and Gotbit face allegations of systematic wash trading and pump-and-dump schemes, with three defendants extradited from Singapore to face charges in the Northern District of California. All defendants face up to 20 years imprisonment and fines of up to $250,000 per violation if convicted.

HyperVault (also known as HyperVaultFi, ticker @hypervaultfi) was a yield optimization protocol built on the Hyperliquid Layer 1 blockchain that marketed itself as a multichain DeFi hub offering APRs of up to 95%. On September 26, 2025, approximately $3.6 million in user funds were drained from the protocol, bridged to Ethereum, converted to approximately 752 ETH, and funneled into Tornado Cash; the team then deleted all social media accounts and the website went offline, in what blockchain security firm PeckShield and multiple crypto news outlets characterized as a rug pull. No founders have been publicly identified by name; at least one team member operated under the pseudonym 0xnick.

Raft is a decentralized Ethereum CDP lending protocol that issued the R stablecoin, collateralized by liquid staking tokens (stETH, rETH). On November 10, 2023, an attacker exploited a precision loss vulnerability to mint approximately $6.7 million in unbacked R tokens, draining 1,577 ETH from the protocol and causing the R stablecoin to depeg by up to 50%. Due to a coding error the attacker burned 1,570 of the stolen ETH to an inaccessible burn address, effectively losing money on the attack; the protocol subsequently implemented a partial recovery plan offering approximately 42% restitution to affected users and announced plans to phase out the current version.

Cover Protocol was a decentralized insurance marketplace on Ethereum, launched in November 2020 after a troubled rebrand from the failed SAFE token project. On December 28, 2020, a critical smart contract vulnerability in its Blacksmith farming contract allowed an attacker to mint approximately 40 quintillion COVER tokens and extract over $4 million in assets, crashing the token price by more than 97%. After a failed merger with Yearn Finance and the abrupt departure of core developers, the protocol permanently shut down on September 5, 2021, distributing remaining treasury funds to token holders.