Step Finance
January 31, 2026
•[ hacking, cryptocurrency theft, treasury breach ]
Step Finance reported that hackers compromised devices belonging to company executives and used that access to breach several treasury wallets, resulting in approximately $40 million in stolen digital assets. The platform detected the incident on January 31, 2026 and engaged cybersecurity researchers and partners; it reported partial recovery (including assets associated with Remora and other positions) and stated certain operations were halted to reinforce security. The incident affected treasury wallet holdings rather than user rTokens (reported as fully backed), and Step advised users to avoid interacting with the STEP token pending an outcome plan and snapshot process.
Truebit
January 8, 2026
•[ cryptocurrency theft, smart contract exploit, blockchain security ]
The Record reported that hackers stole more than $26 million in cryptocurrency from the Truebit platform on Thursday (January 8, 2026). Truebit said it became aware of a security incident involving one or more malicious actors and urged users not to interact with the affected smart contract. Blockchain security firms tracked 8,535 ETH taken (reported as about $26.44 million). The report frames the event as a major early-2026 crypto theft affecting Truebits on-chain assets, with ongoing law-enforcement contact and incident response actions mentioned, but without detailing the precise exploit mechanism in the article text provided.
Trust wallet
December 24, 2025
•[ supply chain attack, cryptocurrency theft, malicious browser extension ]
Trust Wallet said a December 24, 2025 incident led to roughly $8.5M stolen from more than 2,500 crypto wallets after attackers published a malicious version of its Chrome extension (v2.68.0) containing a JavaScript payload that collected sensitive wallet data and enabled unauthorized transactions. Trust Wallet stated that developer GitHub secrets were exposed, giving the attacker access to extension source code and a Chrome Web Store API key; with that key, the attacker could upload builds directly, bypassing Trust Wallets internal approval/manual review process. Trust Wallet said it revoked release APIs, coordinated registrar action to suspend attacker domains used to host malicious code, began reimbursing affected users, and warned about impersonation scams targeting victims.
SuperGrosz
November 3, 2025
•[ vulnerability exploit, cryptocurrency theft, phishing ]
On 3 November 2025, attackers exploited faulty access-control logic in Balancer's V2 Composable Stable Pools to drain more than $100 million in cryptocurrency, with blockchain security firms estimating overall losses above $120 million and at least $99 million in ETH. Balancer acknowledged the exploit, began a forensic investigation and placed any pools it could pause into recovery mode while warning customers about phishing messages spoofing its security team. Partner platforms such as Berachain temporarily halted their networks and froze some of the stolen funds as they worked to protect user assets across the wider DeFi ecosystem.
Hacken
June 20, 2025
•[ private key compromise, cryptocurrency theft, web3 ]
Ukrainian Web3 auditing company Hacken suffered a private-key compromise on its HAI token bridge on June 20 2025, enabling ~900 million HAI to be minted and about US$250K liquidated; token value fell ~98%, investigation ongoing.
Cork Protocol
May 28, 2025
•[ cryptocurrency theft, decentralized finance (DeFi) ]
DeFi platform reported ~$12.1M (4,530 ETH) stolen from the wstETH:weETH market; all markets paused during investigation.
BitoPro Exchange
May 8, 2025
•[ cryptocurrency theft, unauthorized access, money laundering ]
Unauthorized access on May 8 2025 to BitoPro exchange hot wallets resulted in theft of about NT$345 million (US$11.5 million) in cryptocurrency; funds laundered via Tornado Cash, Thorchain, and Wasabi; attribution linked to North Koreas Lazarus Group (APT38); no operational disruption reported.
Abracadabra Finance
March 25, 2025
•[ cryptocurrency theft, exploit, DeFi ]
Hackers exploited Abracadabra cauldrons leading to multimillion-dollar cryptocurrency theft.
Wemix (Wemade)
February 28, 2025
•[ data breach, cryptocurrency theft, leaked secrets ]
The blockchain gaming platform WEMIX was hacked, resulting in the theft of about 8.65 million WEMIX tokens (worth roughly $6.1 million). The breach stemmed from attackers obtaining authentication keys for the NFT monitoring service NILE, likely via a shared repository. After gaining the keys, the threat actors spent about two months preparing before executing 15 withdrawal attempts of which 13 succeeded. The stolen tokens were swiftly laundered through multiple crypto exchanges. WEMIX shut down the affected server on February 28 and later disclosed the incident, migrating their infrastructure to a more secure environment.
zkLend
February 12, 2025
•[ smart contract exploit, cryptocurrency theft, defi ]
Smart-contract vulnerability exploited in zkLends DeFi protocol allowed unauthorized withdrawal of ~3,600 ETH (~USD 9.5 m); zkLend offered a 10 % white-hat bounty for fund return.
Jeff “Jihoz†Zirlin
February 23, 2024
•[ cryptocurrency theft, personal account breach, digital assets ]
Jeff Jihoz Zirlin, one of the co-founders of the video game Axie Infinity and the related Ronin Network has nearly $10 million in cryptocurrency stolen from personal accounts.
