Exploit Archives

23rd June 2025

Cointelegraph Hit by Front-End Exploit, Fake Phishing Airdrop Pop Up on Website

Crypto media outlet Cointelegraph has confirmed its website was compromised by a front-end exploit on Sunday, with attackers injecting a malicious pop-up that falsely claimed to offer “CoinTelegraph ICO Airdrops” and “CTG tokens.”

The fake banner urged readers to connect their crypto wallets in exchange for nearly $5,500 worth of tokens, citing a “fair launch” event and a bogus CertiK audit to lend legitimacy to the scam.

“Do not click on these pop-ups, connect your wallets, or enter any personal information,” Cointelegraph warned in a post on X, adding that it was “actively working on a fix.”

Victims are typically tricked into connecting wallets for token claims, identity verification, or loyalty rewards — only to have their funds siphoned immediately after.

The tactic mirrors a nearly identical exploit on CoinMarketCap two days earlier, where attackers embedded similar code to serve wallet phishing prompts.

In both cases, the attack relied on hijacking trusted platforms to bypass user skepticism — turning news and data sites into unwitting vectors for wallet drainers.

17th June 2025

Meta Pool, a Liquid Staking Protocol, Suffers $27M Exploit

Multi-chain liquid staking protocol Meta Pool suffered a smart contract exploit on Tuesday, resulting in the loss of $27 million.

Blockchain security firm PeckShield reported that a bug in the protocol's staking contract allowed users to freely mint mpETH, the protocol's liquid staking token (LST).

While an attacker managed to mint $27 million worth of the tokens, a lack of liquidity on Uniswap meant that they could only swap 10 ETH worth ($25,000).

An Etherscan transaction before the exploit took place showed that an account labeled as “MEV Frontrunner Yoink” removed 90 ETH worth of liquidity from the pool.

Meta Pool is yet to post any updates about the exploit on social media. Total value locked (TVL) for the project still stands at $75 million, according to DefiLlama, while the protocol's MPDAO governance token trades at $0.02 on minimal volume.

The exploit continues a trend from May that saw investors lose $302 million to hacks, scams and exploits, according to CertiK.

12th June 2025

Bittrue Hacker Funnels $30M Through Tornado Cash, Made $9.3M by Trading Ether

A hacker who stole $23 million from crypto exchange Bittrue in 2023 has started to launder the proceeds through Tornado Cash, according to Debank data cited by EmberCN.

The hacker sent $30 million worth of ether ETH to the mixing service on Thursday, having sold the token in 2023, buying it back after the price fell and holding it through ether's subsequent gains.

The second-largest cryptocurrency by market value traded as high as $2,450 in 2023, and had dropped to as low as $1,472 in April before rebounding to trade as high as $2,873 this week, CoinDesk data show. The hacker made a $9.37 million in profit on their transaction, EmberCN said.

Debank data shows that all of the stolen funds are now being dispersed through Tornado Cash. It is unclear whether the hacker was a part of a larger group or working solo.

Crypto investors lost $1.67 billion to hacks and exploits in the first quarter of this year as the industry struggled to constrain the criminal underworld despite a rapid advance in institutional adoption.

The hacker's on-chain trail on Etherscan shows that some funds were also laundered in April and between that period there were also several deposits to decentralized derivatives exchange HyperLiquid.

28th May 2025

DeFi Platform Cork Protocol Suffers $12M Smart Contract Exploit

Decentralized finance (DeFi) platform Cork Protocol has suffered a smart contract exploit, with hackers reportedly stealing $12 million worth of wrapped staked ether (wstETH).

Blockchain security monitor Cyvers noticed the exploit, stating that the malicious contract was deployed by a wallet likely funded by a service provider.

It added that $12 million worth of wstETH was quickly swapped for ETH.

Cork Protocol received investments from a16z crypto and OrangeDAO in September 2024.

“There was a security incident affecting the wstETH:weETH market at 11:23 UTC today,” Cork wrote on X.

Cork added that it has paused all other markets as a precaution and that it is investigating the root cause.

Security auditing company Debaub wrote that the attacker likely manipulated an issue with the smart contact's exchange rate by issuing fake tokens.

28th May 2025

Sui Network Steps in to Compensate Cetus Losses in Full After $223M Exploit

Cetus Protocol, the largest decentralized exchange (DEX) on the Sui blockchain, has secured a loan from the Sui Foundation to compensate users in full following a $223 million exploit last week.

These funds apply only to cover the bridged assets, and are separate from the frozen funds subject to an onchain community vote.

“Using our cash and token treasuries, we are now in a position to fully cover the stolen assets currently off-chain if the locked funds are recovered through the upcoming community vote,” Cetus said in an X post.

“This includes a critical loan from the Sui Foundation, making a 100% recovery for all affected users possible.”

The recovery plan hinges partly on the outcome of a pending on-chain governance proposal, which would authorize the use of frozen funds to complete user reimbursements.

“These are extraordinary measures taken to protect the Sui community,” the Sui Foundation said in a statement, adding that a “full recovery is possible” with the community’s support.

The exploit of Cetus last week involved an attacker manipulating spoof tokens, such as BULLA, to exploit flawed price curves and reserve logic, allowing them to drain SUI, USDC, and other real assets from liquidity pools without depositing equivalent value.

At the time, over $162 million in stolen tokens were frozen on-chain, while the remainder were bridged out through multiple paths. The attacker’s wallet (which is still active) was last seen holding over 12.9 million SUI, with additional assets likely swapped or obfuscated across networks.

In response, Cetus paused its smart contracts and initiated an investigation, while its governance token, CETUS, dropped nearly 40% at the time. Trading activity across Sui’s DeFi ecosystem slowed amid liquidity concerns and broader scrutiny of protocol safety.

Now, with the new secured loan from the Sui Foundation, Cetus says it is in a position to begin reimbursing users immediately.

18th April 2025

KiloEx’s ‘Sophisticated’ Hack Shows DeFi Risks — But This Time, Recovery Was Swift

KiloEx, a decentralized exchange (DEX) for trading perpetual futures, said Friday it recovered all of its hacked funds after a sophisticated attack this week left users reeling with losses of around $7 million.

The DEX is working to close the legal process of recovering the funds and is awarding 10% of the recovered amount as a bounty to the white hat hacker who was involved in the process.

“The legal process to formally close the case is now underway, in coordination with judicial authorities, our legal team, and third-party experts (special thanks to @SlowMist_Team @blitezero, who have extensive experience in such matters),” KiloEx said in a social media post on Friday.

KiloEx's native token KILO surged more than 14% in 24 hours on the recovery news, while the broader market gauge CoinDesk 20 Index remained flat on Friday.

The crypto industry has been plagued by multiple hacks and exploits, resulting in billions of dollars lost to attackers. Blockchain security firm CertiK said that hackers stole $1.67 billion worth of crypto in the first quarter of 2025, a 303% rise from the previous quarter. Most of the Q1's losses were attributed to the massive $1.45 billion Bybit hack.

The KiloEx exploit on April 15 unfolded across multiple blockchain networks and appeared to stem from a vulnerability in the platform’s price oracle system, per blockchain analysis firm Cyvers. Oracles are blockchain-based tools that relay any outside data to a blockchain, where smart contracts use them to make decisions for a financial application.

The attacker used a wallet funded through Tornado Cash and executed a series of transactions on the Base, BNB Chain and Taiko networks to take advantage of a flaw in the platform’s price oracle system, which allowed the attacker to manipulate asset prices.

The KiloEx might be one of the cases of a crypto exploit, where the outcome was positive for the DEX, as most aren't as lucky. CertiK said in the report that only 0.38% of stolen funds in the first quarter were returned compared to 42.09% in the previous quarter.

One growing trend highlighted by KiloEx's hack resolution is that the community came together to recover the funds rather than wait for long-drawn court battles that leave investors reeling in millions in losses. However, the exploit is still a stark reminder of the serious risks in decentralized finance, where small vulnerabilities could lead to massive losses, testing the trust in the code.

2nd April 2025

Crypto Investors Lost $1.67B to Hacks and Exploits in Q1: CertiK

Blockchain security firm CertiK has revealed that $1.67 billion worth of crypto was stolen by hackers in the first quarter of 2025, a 303% rise on the previous quarter.

The figure is two thirds of the total amount stolen across 2024, although it’s worth noting that the majority of Q1’s losses can be attributed to the $1.45 billion Bybit hack.

Aside from that, CertiK analyzed 197 hacking incidents in Q1, 98 of which occurred on Ethereum.

The two largest hacks following Bybit were the $71 million Phemex heist in January and the $49.5 million exploit suffered by crypto neobank Infini.

Phishing attacks, which involve stealing a victim’s credentials to gain access to personal accounts, remains the highest attack vector accounting for 81 incidents. There were also 15 incidents of private key compromise.

Only 0.38% of stolen funds in Q1 have been returned compared to 42.09% in the previous quarter, making the adjusted loss much higher. In February no stolen funds were returned at all.

13th January 2025