As of today, there are a total of  72 DeFi exploits* that have occurred, with lost funds amounting to a total of approximately $1.5 billion at the time of these exploits.

Ethereum: 49
Binance Smart Chain: 20
Avalanche: 2
Polygon: 1

* some exploits occur on multiple chains
November 5, 2021
November 5, 2021

bZx

"Decentralized finance (DeFi) lending protocol bZx was compromised for $55 million today, in what is becoming a recurring theme."

Amount stolen: $55,000,000

Source: The Block

October 27, 2021
October 27, 2021

Cream Finance

"An attacker has gained over $130 million of assets in an exploit that appears to have drained Cream’s coffers."

Amount stolen: $130,000,000

Source: CoinDesk

October 20, 2021
October 20, 2021

PancakeHunny

"On 20 October 2021, at 0920 UTC. A smart contract was created to exploit the Hunny TUSD vault. The Contract was subsequently executed 26 times. This is the sequence of events."

Amount stolen: $2,000,000

Source: PancakeHunny | Medium

October 15, 2021
October 15, 2021

Indexed Finance

"Indexed Finance has lost over $16 million worth of users’ assets after a hacker exploited a vulnerability in the protocol’s smart contracts."

Amount stolen: $16,000,000

Source: CryptoBriefing

September 30, 2021
September 30, 2021

Compound Finance

"DeFi Money Market Compound Overpays Millions in COMP Rewards in Possible Exploit; Founder Says $80M at Risk"

Amount stolen: $80,000,000 (?)

Source: CoinDesk

September 21, 2021
September 21, 2021

Vee Finance

"Decentralized finance (DeFi) platform Vee Finance has been hit for an exploit of around $35 million in the second major attack of an Avalanche platform."

Amount stolen: $35,000,000

Source: CoinDesk

September 20, 2021
September 20, 2021

pNetwork

"An unidentified hacker has stolen 277 wrapped Bitcoin, currently worth around $12.5 million, by exploiting a bug in decentralized finance (DeFi) interoperability protocol pNetwork, its developers disclosed on Sunday."

Amount stolen: $12,000,000

Source: Decrypt

September 16, 2021
September 16, 2021

Sushi

"The Miso front end has become the victim of a supply chain attack. An anonymous contractor by with the GH handle AristoK3 injected malicious code into the Miso front end."

Amount stolen: n/a

Source: @josephdelong

September 12, 2021
September 12, 2021

Zabu Finance

"Avalanche-Based Zabu Finance Sees $3.2M Hack.
The attacker used Zabu’s “Transfer Tax” mechanism to mint tokens, sending their value to zero."

Amount stolen: $3,200,000

Source: CoinDesk

September 4, 2021
September 4, 2021

Dao Maker

"DaoMaker was exploited for ~$4m. They left the `init` function unprotected. The attacker re-initialized the contract with malicious data and then called `emergencyExit` to get away with the funds."

Amount stolen: $4,000,000

Source: @Mudit__Gupta

August 30, 2021
August 30, 2021

Cream Finance

"An unknown hacker has managed to gain $18.8 million in the latest flash loan exploit of the Cream Finance protocol through a reentrancy bug introduced by the Amp (AMP) token, according to an investigation by blockchain security firm Peckshield."

Amount stolen: $19,000,000

Source: Cointelegraph

August 12, 2021
August 12, 2021

Dao Maker

"According to a report from DAO Maker CEO Christoph Zaknun, hackers were able to remove roughly $7 million in USD Coin (USDC) from 5,251 user accounts.

Despite the name, DAO Maker has no apparent connection to MakerDAO, the decentralized finance, or DeFi, protocol behind the stablecoin Dai (DAI)."

Amount stolen: $7,000,000

Source: Cointelegraph

August 10, 2021
August 10, 2021

Poly Network

"Multi-chain interoperability protocol Poly Network fell victim to an exploit today, resulting in the loss of roughly $600 million worth of various cryptocurrencies, the platform's developers revealed."

Amount stolen: $268,000,000

Source: Decrypt [1][2]

August 10, 2021
August 10, 2021

Punk Protocol (PUNK)

"On Aug 10th, Punk Protocol was hacked for $8.95M, ~$5M of which was later returned.

The platform planned to offer a DeFi annuity scheme backed by ETH, WBTC and stablecoins."

Amount stolen: $3,950,000

Source: REKT

August 3, 2021
August 3, 2021

Popsicle Finance (ICE)

Popsicle Finance, a multi-chain yield-generating crypto project, has melted under the heat of a new exploit.

The $25 million heist was revealed by security researcher Mudit Gupta, who said “the hack was complex but the bug was simple.”

Amount stolen: $25,000,000

Source: Decrypt

July 30, 2021
July 30, 2021

Levyathan (LEV)

"A Smart Contract flaw has seen Levyathan mint limitless tokens and endure a cataclysmic price drop.

Leviathan’s (LEV) token price fell from $0.15 to an unthinkable $0.00000147 at the time of writing according to CoinGecko data."

Amount stolen: n/a

Source: BSC NEWS

July 23, 2021
July 23, 2021

THORChain (RUNE)

"Thorchain has been exploited for the third time in a month, bringing total losses to around $13 million. The platform, which looks after $100 million in funds, is designed for exchanging crypto tokens across different blockchains."

Amount stolen: $13,000,000

Source: The Block

July 16, 2021
July 16, 2021

PancakeBunny (BUNNY)

"PolyBunny, a yield farming protocol running on the Polygon network and QuickSwap decentralized exchange (DEX) based on Ethereum (ETH), got exploited for $2.4 million on July 16."

Amount stolen: $2,400,000

Source: CryptoSlate

July 15, 2021
July 15, 2021

THORChain (RUNE)

"THORChain has suffered another unfortunate exploit — the second this month."

Amount stolen: $4,900,000

Source: RUNEBase

June 28, 2021
June 28, 2021

THORChain (RUNE)

"$140k in funds were taken by a targeted exploit on a logic error in the ETH Bifrost. The network was halted by nodes and patched. Swaps were re-enabled 6 hours later."

Amount stolen: $139,000

Source: THORChain | Medium

July 15, 2021
July 15, 2021

Bondly Finance (BONDLY)

"Decentralized e-commerce platform Bondly Finance is the latest decentralized finance (DeFi) platform to suffer an alleged exploit. The developer team advised the DeFi community to stop trading Bondly, the platform’s native token, following a suspected exploit on Thursday."

Amount stolen: n/a

Source: Cointelegraph

July 10, 2021
July 10, 2021

ChainSwap (ASAP)

"crypto projects that had used ChainSwap to launch Ethereum tokens on Binance Smart Chain lost millions to an attacker whose address now holds about $4.4 million."

Amount stolen: $4,400,000

Source: Decrypt

July 2, 2021
July 2, 2021

ChainSwap (ASAP)

"On July 2nd, the project announced that its smart contract was compromised and the hackers drained around $800,000 worth of assets from users’ wallets."

Amount stolen: $800,000

Source: CryptoPotato

June 28, 2021
June 28, 2021

SafeDollar (SDO)

"According to the contract address on the Polygon Scan dashboard, $248,000 in USDC and Tether was withdrawn from the protocol on June 28."

Amount stolen: $248,000

Source: BeInCrypto

June 22, 2021
June 22, 2021

Eleven Finance (ELE)

"Eleven Finance was exploited to drain a number of vaults at the loss about $4.6 million. The incident was due to a bug that allows the attacker to withdraw funds without burning any shares. While it appears to be a flashloan attack, it is a flashswap-assisted one."

Amount stolen: $4,600,000

Source: PeckShield

June 21, 2021
June 21, 2021

Impossible Finance (IF)

"Decentralized finance (DeFi) protocol Impossible Finance has lost as much as $500,000 in user funds during a flash loan attack today. The attack on Impossible Finance’s liquidity pool occurred at around 4:40 AM UTC on June 21 and resulted in a loss of 229.84 ETH (about $0.5 million at the time)."

Amount stolen: $500,000

Source: Decrypt

June 16, 2021
June 16, 2021

Alchemix (ALCX)

"This morning, Alchemix announced that the contracts for one of their synthetic assets, alETH, had experienced an “incident.”

for a short window of time users were able to withdraw their ETH collateral with their alETH loans still outstanding — a rugpull by the community to the tune of $6.5 million"

Amount stolen: n/a

Source: Cointelegraph

May 28, 2021
May 28, 2021

Belt Finance (BELT)

"Belt Finance, a platform that provides automated market making for decentralized finance (DeFi), was hacked Saturday in a flash loan attack that resulted in a profit of $6.23 million for the perpetrator and an overall $50 million loss for the platform."

Amount stolen: $50,000,000

Source: CoinDesk

May 28, 2021
May 28, 2021

BurgerSwap (BURGER)

"According to The Block Research’s Igor Igamberdiev, an attacker used flash loans to exploit the protocol for $7.2 million. Flash loans are blockchain-based loans where large amounts of tokens are borrowed, used for some purpose and repaid — all in the same transaction."

Amount stolen: $7,200,000

Source: The Block

May 27, 2021
May 27, 2021

Wild Credit (WILD)

"Preliminary results show that BNT-ETH was the only exploited pool.

Total amount is 125,585 BNT (~ $637k).

The attacker has returned the BNT. All funds have been recovered with zero losses."

Amount stolen: n/a

Source: Twitter @WildCredit [1][2]

May 26, 2021
May 26, 2021

Merlin Lab

"A total of $330k was stolen, bringing their TVL (total value lost) to $1,560,000, and putting them on par with Value DeFi as one of the few protocols to be so unsafe that they have three positions onto the rekt leaderboard."

Amount stolen: $330,000

Source: REKT

May 26, 2021
May 26, 2021

Merlin Lab

"Just 8 hours after the first attack, they lost another ~200 ETH to a completely different exploit."

Amount stolen: $550,000

Source: REKT

May 26, 2021
May 26, 2021

Merlin Lab

"On May 26, 2021, 03:59:05 AM +UTC, less than 48 hrs after the Autoshark hack. Merlin Lab, (another fork of PancakeBunny), was attacked in a similar fashion to the Bunny and the Autoshark hack.

As a result, the hacker was able to remove ~240 ETH (~680K USD)."

Amount stolen: $680,000

Source: REKT

May 24, 2021
May 24, 2021

AutoShark Finance (JAWS)

"Flash loan attacks on the Binance Smart Chain (BSC) are becoming an everyday affair now. DeFi protocols are becoming much more vulnerable to attackers exploiting the (BSC) platform. In a third flash-loan-attack incident within a week’s time, AutoShark Finance has been the latest victim."

Amount stolen: $822,000

Source: CoinGape

May 19, 2021
May 19, 2021

Venus Protocol (XVS)

"Venus Protocol faced massive liquidations of over $200 million on Wednesday due to a possible price manipulation of its native XVS token."

Amount stolen: n/a

Source: The Block

May 19, 2021
May 19, 2021

PancakeBunny (BUNNY)

"Popular Binance Smart Chain-based decentralized finance protocol PancakeBunny has suffered a major exploit that allowed a hacker to make off with more than $200 million worth of crypto assets."

Amount stolen: $200,000,000

Source: Cointelegraph

May 16, 2021
May 16, 2021

bEarn Fi (BFI)

"bEarn Fi, a cross-chain auto yield farming protocol, was exploited earlier Sunday, resulting in a loss of almost $11 million, according to China-based blockchain analysis firm PeckShield."

Amount stolen: $11,000,000

Source: CoinDesk

May 12, 2021
May 12, 2021

xToken (XTK)

"Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million."

Amount stolen: $24,500,000

Source: CoinDesk

May 8, 2021
May 8, 2021

Rari Capital (RGT)

"Rari Capital announced there was an exploit in the Rari Capital ETH Pool related to its Alpha Finance Lab integration.

According to Etherscan, $15 million worth of ether was taken."

Amount stolen: $15,000,000

Source: CoinDesk

May 2, 2021
May 2, 2021

Spartan Protocol (SPARTA)

"Spartan Protocol, a decentralized protocol built on Binance Smart Chain for incentivized liquidity and synthetic assets, was exploited earlier Sunday UTC due to “a flawed liquidity share calculation” in the protocol, resulting in a loss of more than $30 million, according to a Medium post by on-chain analysis and security startup PeckShield."

Amount stolen: $30,000,000

Source: CoinDesk

April 28, 2021
April 28, 2021

Uranium Finance

"Uranium Finance, an automated market maker platform on the Binance Smart Chain, has reported a security incident that resulted in a loss of about $50 million."

Amount stolen: $50,000,000

Source: Cointelegraph

April 19, 2021
April 19, 2021

EasyFi (EZ)

"EasyFi, a decentralized finance (DeFi) Polygon Network-powered protocol, has reported suffering a hack Monday of over $80 million."

Amount stolen: $80,000,000

Source: CoinDesk

April 4, 2021
April 4, 2021

Force DAO (FORCE)

"According to a chain of tweets by Mudit Gupta, blockchain team lead at blockchain software company Polymath, there were five attackers, one of whom later returned his share of the stolen funds. The others, however, made off with FORCE tokens worth about US$376,000."

Amount stolen: $376,000

Source: CoinDesk

March 18, 2021
March 18, 2021

TurtleDex (TTDX)

"TurtleDex, a decentralized finance (DeFi) file storage project on the Binance Smart Chain (BSC), is believed to have pulled a rugpull exit scam yesterday when more than $2.4 million in funds were drained from trading pools on major BSC DeFi exchanges Ape Swap and Pancake Swap."

Amount stolen: $2,400,000

Source: Decrypt

March 16, 2021
March 16, 2021

Iron Finance (IRON)

"Iron Finance is a partially collateralized stablecoin platform based on the Binance Smart Chain (BSC).

It reported that on March 16, two Iron Finance vFarm pools were “subject to an incident”. This ordeal resulted in the loss of user deposits."

Amount stolen: $170,000

Source: BeInCrypto

March 14, 2021
March 14, 2021

Roll

"Roll, a platform for issuing social tokens on the Ethereum network, suffered an apparent exploit on Sunday, resulting in the theft and subsequent sale of tokens."

Amount stolen: $5,700,000

Source: The Block

March 8, 2021
March 8, 2021

DODO (DODO)

"Decentralized finance (DeFi) platform DODO has been hacked for approximately $3.8 million worth of tokens."

"According to an update, the exchange recovered $1.89 million, comprised of about 1,140,000 USDT and 411 ETH, and plans to return the funds to affected parties."

Amount stolen: $1,910,000

Source: CoinDesk | The Block

March 5, 2021
March 5, 2021

Paid Network (PAID)

"PAID Network, a crypto project that utilizes an Ethereum-based token, has suffered a contract exploit, resulting in the minting of nearly $160 million worth of tokens by the attacker."

Amount stolen: $160,000,000

Source: The Block

March 4, 2021
March 4, 2021

Meerkat Finance (MKAT)

"Meerkat Finance, a decentralized finance project, has just said it has been drained by $31 million worth-of crypto assets due to a hack. But on-chain data shows it may not as simple as that."

Amount stolen: $31,000,000

Source: The Block

February 28, 2020
February 28, 2020

Furucombo (COMBO)

"Furucombo, a drag and drop tool for users to create DeFi transactions, has been exploited.

The exploiter has stolen roughly $14M in ETH and ERC-20 tokens."

Amount stolen: $14,000,000

Source: The Block

February 13, 2021
February 13, 2021

Alpha Finance Lab (ALPHA) & Cream Finance (CREAM)

"In one of the largest exploits of the DeFi era, this morning an attacker successfully drained over $37 million from Alpha Homora by leveraging Cream’s Iron Bank protocol-to-protocol lending platform."

Amount stolen: $37,000,000

Source: Cointelegraph

February 12, 2021
February 12, 2021

BT Finance (BT)

"In this exploit, the exploiter(s) made a total profit of 31.87renBTC and 211 ETH, and used REN and Tornado.Cash to transfer assets anonymously."

Amount stolen: $1,500,000

Source: BT Finance | Medium

February 8, 2021
February 8, 2021

Growth DeFi (GRO)

"By forcing the staker contract to accept a liquidity pair containing a fake token, the attacker was able to remove $1.3 million in liquidity.

The attacker created a fake token called AXZ and supplied rAXZZ/GRO liquidity. He then staked it in the contract and pulled out the other pair."

Amount stolen: $1,300,000

Source: REKT

February 4, 2021
February 4, 2021

Yearn Finance (YFI)

"DeFi yield farming project Yearn Finance has been hit by an exploit that has affected a DAI lending pool."

Amount stolen: $11,000,000

Source: Decrypt

January 19, 2021
January 19, 2021

Saddle Finance

"DeFi protocol Saddle Finance was launched on Jan. 20, with the aim of alleviating the problematic spread between stablecoins and wrapped or tokenized crypto assets. Within a few hours of going live, however, whales had taken advantage of the new protocol by arbitraging for huge profits."

Amount stolen: $275,000

Source: BeInCrypto

December 28, 2020
December 28, 2020

Cover Protocol (COVER)

"Decentralized finance (DeFi) protocol Cover, which recently merged with Yearn.Finance, has just been exploited."

Amount stolen: $5,000,000

Source: The Block

December 18, 2020
December 18, 2020

Warp Finance (WARP)

"Decentralized finance (DeFi) lending protocol Warp Finance has experienced a flash loan attack that resulted in a loss of $7.7 million worth of stablecoins."

Amount stolen: $7,700,000

Source: The Block

November 21, 2020
November 21, 2020

Pickle Finance (PICKLE)

"The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack."

Amount stolen: $30,000,000

Source: Decrypt

November 17, 2020
November 17, 2020

Origin Protocol (OUSD)

"Stablecoin project Origin Dollar (OUSD) sustained a re-entrancy attack at 00:47 UTC Tuesday resulting in a loss of funds worth $7 million, including over $1 million deposited by Origin and its founders and employees."

Amount stolen: $7,000,000

Source: CoinDesk

November 14, 2020
November 14, 2020

Value DeFi (VALUE)

"Value DeFi was exploited for approximately $6 million earlier Saturday, possibly due to a flash loan attack, a scheme often seen in the fast-growing DeFi sector."

Amount stolen: $6,000,000

Source: CoinDesk

November 12, 2020
November 12, 2020

Akropolis (AKRO)

"Decentralized finance (DeFi) protocol Akropolis lost $2 million in DAI in an exploit on Thursday morning."

Amount stolen: $2,000,000

Source: The Block

October 26, 2020
October 26, 2020

Harvest Finance (FARM)

"An arbitrage trade exploiting weak points in decentralized finance (DeFi) protocol Harvest Finance led to some $24 million in stablecoins being siphoned away from the project’s pools on Monday, according to CoinGecko."

Amount stolen: $24,000,000

Source: CoinDesk

October 11, 2020
October 11, 2020

Leo Finance (wLEO)

"Wrapped Leo (WLEO) and its investors have been named recent victims of hackers after the team confirmed in a blog post earlier today that about $42,000 was drained from the DeFi project."

Amount stolen: $42,000

Source: Cryptopolitan

September 29, 2020
September 29, 2020

Eminence (EMN)

"Experimental DeFi platform Yearn Finance cultists were hit with losses this morning after an unidentified hacker exploited a smart contract vulnerability in Eminence, an upcoming gaming project built by Yearn founder Andre Cronje."

Amount stolen: $15,000,000

Source: Decrypt

September 13, 2020
September 13, 2020

bZx (BZRX)

"Decentralized finance (DeFi) lending protocol bZx was attacked once again last night and lost a little over $8 million due to a faulty code in its smart contracts."

Amount stolen: $8,000,000

Source: The Block

September 7, 2020
September 7, 2020

Soft Yearn (SYFI)

"An anonymous user has revealed how he made $250k in profits from a minor investment in a cloned version of Yearn.finance called Soft Yearn (SYFI)."

Amount stolen: $250,000

Source: Cointelegraph

August 4, 2020
August 4, 2020

Opyn

"Attackers raided the decentralized finance (DeFi) protocol Opyn yesterday, making off with over 370,000 USDC.

Opyn, which deals primarily with options for ETH, was subject to a double-spend attack."

Amount stolen: $370,000

Source: Decrypt

June 29, 2020
June 29, 2020

Balancer (BAL)

"Balancer Pool admitted early Monday morning it had fallen victim to a sophisticated hack that exploited a loophole, tricking the protocol into releasing $500,000 worth of tokens."

Amount stolen: $500,000

Source: CoinDesk

April 19, 2020
April 19, 2020

dForce (DF)

"The total value locked in the dForce ecosystem was down by 100% to $6 over the past 24 hours, per DeFi Pulse data. A day ago, the total value locked in the system was $24.9 million."

Amount stolen: $24,900,000

Source: The Block

February 15, 2020
February 15, 2020

bZx (BZRX)

"In the last four days, the bZx DeFi trading protocol was exploited twice; the first attack was executed over Valentine’s Day and yielded ~1,271 ETH, while the second one was just last night and made ~2,378 ETH. That’s about $320,000 and $600,000, respectively, with ETH at $250."

Amount stolen: $900,000

Source: The Defiant

January 11, 2020
January 11, 2020

Fulcrum (BZRX)

"when Fulcrum team released their own Flash Loans feature on the Ethereum Mainnet, and we happened to find a very critical vulnerability in it. We discovered that $2.5M of user funds from 3 pools could be stolen within a single transaction.."

Amount stolen: $2,500,000

Source: 1inch Network