WEB3-PLAYDAPP-2024

On September 23, 2023, Mixin Network lost about $200M (roughly $95M ETH, $24M BTC and $24M USDT among other assets) after attackers breached the database of the network's third-party cloud service provider, which held Mixin's deposit-address and hot-wallet private keys in a recoverable manner. With the database compromised, the attacker reconstructed the private keys and signed outbound transactions directly, sweeping over 11,400 deposit wallets from highest to lowest balance across more than 10,000 transactions; stolen USDT was swapped to roughly 23.5M DAI to break traceability. The weak link was the upstream cloud database acting as a single point of failure with recoverable keys, rather than a smart-contract bug or a direct private-key theft from Mixin itself (the provider is widely inferred to be Google Cloud but was never officially confirmed). Mixin engaged Google and SlowMist to investigate, suspended deposits and withdrawals, offered a $20M bounty, and announced a plan to reimburse 50% of affected user assets with the remainder issued as debt/bond tokens. The bulk of the funds was laundered and not recovered.

On April 14, 2025 the perpetuals DEX KiloEx lost about $7.5 million across BNB Chain, Base, opBNB, and Taiko to what was reported as oracle price manipulation but was really an access-control failure. KiloEx's price feed (KiloPriceFeed.setPrices) was meant to be reachable only through a keeper-gated call chain, but the top-level MinimalForwarder.execute function was publicly callable and validated an attacker-supplied signature against attacker-supplied data, letting anyone forge a trusted call that reached setPrices and write an arbitrary price. The attacker set a market price far below true value, opened a leveraged position, then set the price far above value and closed it in the same flow, extracting fabricated profit from the vault; the sequence was repeated across all four chains, with a single transaction netting $3.12M. Reporting that framed it as flash-loan oracle manipulation was imprecise: no market liquidity was moved, the price was simply written directly through the unprotected forwarder. After KiloEx offered a 10% (~$750K) whitehat bounty and no legal action, the attacker returned essentially all of the funds by April 18, 2025.

On January 23, 2025, exchange Phemex lost about $85M (early estimates started near $29M before rising) after attackers drained hot wallets across roughly 11-16 blockchains in a synchronized series of more than 125 transactions consistent with a compromised set of hot-wallet private keys; Phemex said the affected signing devices were identified and isolated, pointing to compromised signing infrastructure rather than an on-chain contract flaw. The attacker prioritized high-value tokens and swapped freezable assets into non-freezable ones before any freezes could land. Cold wallets stayed secure and Phemex covered the losses, resuming operations within days under Fireblocks MPC custody with keys split across distributed nodes. Flow-of-funds tracing (Merkle Science) and on-chain analysts (ZachXBT, Arkham), later supported by the FBI, attributed the theft to North Korea's Lazarus Group: on February 22, 2025 the attackers consolidated proceeds from the subsequent Bybit hack into the existing Phemex hacker address, retroactively linking the two incidents on-chain. Stolen funds were laundered via Tornado Cash and not recovered.

On October 16, 2024, the cross-chain lending protocol Radiant Capital lost roughly $50M (about $53M across Arbitrum and BSC) after attackers compromised the devices of at least three of its multisig signers. Initial access began September 11, 2024 via a Telegram message spoofing a trusted former contractor, delivering a ZIP with a decoy PDF that was actually a macOS application carrying INLETDRIFT backdoor malware. The malware sat between the signers' browsers and their hardware wallets, so the Safe (Gnosis) UI and Tenderly simulations displayed correct data while the signers blind-signed a malicious transferOwnership() call on the LendingPoolAddressesProvider contract; the 3-of-11 threshold was met and the attacker then upgraded the pools to a malicious implementation and drained them. Mandiant assessed with high confidence the attack was conducted by North Korea-linked UNC4736 (aka Citrine Sleet/AppleJeus), part of the Lazarus cluster. Funds were not recovered and the protocol later wound down.

On August 13, 2024 the Vow (Vowcurrency) protocol lost about $1.2 million (~452 ETH) when its own admin temporarily misconfigured a price setter and an MEV bot pounced. Vow's usdRateSetter admin key called setUSDRate and changed the VOW-to-vUSD exchange rate from 1 to 100 - the team later said it was testing the rate-setter while preparing a lending pool - then reverted it. The function had no input validation and no rate-change delay or timelock, and the inflated rate was readable on-chain for the window between the two transactions. An attacker-controlled MEV bot, its contract deployed 110 days earlier and funded via Tornado Cash, detected the change and within two blocks swapped VOW into vUSD at the 100x rate, minting roughly 148.7 million vUSD far above its backing, then dumped it for ETH and USDT on Uniswap. The VOW token fell 80-87%. The root cause was an unbounded, unprotected privileged setter exposed without a timelock, turning a careless admin action into instantly exploitable on-chain state.

On June 2, 2024, the DEX Velocore was drained of about $6.8 million from its constant-product (volatile) pools on Linea and zkSync Era. The root cause combined a missing access-control modifier with an unchecked arithmetic underflow in the ConstantProductPool fee math: velocore__execute performed Vault-only state changes but had no onlyVault check, so anyone could call it directly. The pool's feeMultiplier, which increases per withdrawal and resets each block to deter free swaps, fed an effective fee computed as fee1e9 * feeMultiplier / 1e9 with no upper bound and inside an unchecked block. By repeatedly invoking velocore__execute to inflate feeMultiplier, the attacker drove effectiveFee1e9 above 100% (> 1e9), so the growth term 1e18 - ((1e18 - k) * effectiveFee1e9) / 1e9 underflowed and wrapped to a huge unsigned value, causing a small single-token withdrawal to be accounted as a massive deposit and mint excessive LP tokens. Linea controversially paused its sequencer for about an hour to stop the remaining funds from bridging out.