SuperGrosz
November 3, 2025
•[ vulnerability exploit, cryptocurrency theft, phishing ]
On 3 November 2025, attackers exploited faulty access-control logic in Balancer's V2 Composable Stable Pools to drain more than $100 million in cryptocurrency, with blockchain security firms estimating overall losses above $120 million and at least $99 million in ETH. Balancer acknowledged the exploit, began a forensic investigation and placed any pools it could pause into recovery mode while warning customers about phishing messages spoofing its security team. Partner platforms such as Berachain temporarily halted their networks and froze some of the stolen funds as they worked to protect user assets across the wider DeFi ecosystem.
Hacken
June 20, 2025
•[ private key compromise, cryptocurrency theft, web3 ]
Ukrainian Web3 auditing company Hacken suffered a private-key compromise on its HAI token bridge on June 20 2025, enabling ~900 million HAI to be minted and about US$250K liquidated; token value fell ~98%, investigation ongoing.
Cork Protocol
May 28, 2025
•[ cryptocurrency theft, decentralized finance (DeFi) ]
DeFi platform reported ~$12.1M (4,530 ETH) stolen from the wstETH:weETH market; all markets paused during investigation.
BitoPro Exchange
May 8, 2025
•[ cryptocurrency theft, unauthorized access, money laundering ]
Unauthorized access on May 8 2025 to BitoPro exchange hot wallets resulted in theft of about NT$345 million (US$11.5 million) in cryptocurrency; funds laundered via Tornado Cash, Thorchain, and Wasabi; attribution linked to North Koreas Lazarus Group (APT38); no operational disruption reported.
Abracadabra Finance
March 25, 2025
•[ cryptocurrency theft, exploit, DeFi ]
Hackers exploited Abracadabra cauldrons leading to multimillion-dollar cryptocurrency theft.
Wemix (Wemade)
February 28, 2025
•[ data breach, cryptocurrency theft, leaked secrets ]
The blockchain gaming platform WEMIX was hacked, resulting in the theft of about 8.65 million WEMIX tokens (worth roughly $6.1 million). The breach stemmed from attackers obtaining authentication keys for the NFT monitoring service NILE, likely via a shared repository. After gaining the keys, the threat actors spent about two months preparing before executing 15 withdrawal attempts of which 13 succeeded. The stolen tokens were swiftly laundered through multiple crypto exchanges. WEMIX shut down the affected server on February 28 and later disclosed the incident, migrating their infrastructure to a more secure environment.
zkLend
February 12, 2025
•[ smart contract exploit, cryptocurrency theft, defi ]
Smart-contract vulnerability exploited in zkLends DeFi protocol allowed unauthorized withdrawal of ~3,600 ETH (~USD 9.5 m); zkLend offered a 10 % white-hat bounty for fund return.
