top of page

List of Smart Contract Attacks Since 2016: Examples and Implications

Updated: Mar 3, 2023

Here are 111 examples of well-known smart contract attacks that have occurred in the past. It's difficult to provide an exact number for the total smart contract attacks that have occurred to date, as new attacks can occur at any time and some attacks may go unreported. However, based on the information available from various sources, it appears that there have been at least several hundred smart contract attacks to date, with varying degrees of severity and impact. These attacks have affected a wide range of platforms and protocols in the blockchain and cryptocurrency space, highlighting the need for ongoing vigilance and security measures to protect against potential vulnerabilities.




These attacks serve as a reminder that even seemingly well-designed smart contracts can be vulnerable to exploitation by skilled hackers, and that it's important for developers and users alike to stay vigilant and take steps to mitigate risks.This underscores the importance of securing smart contracts and conducting thorough security audits to prevent vulnerabilities that could be exploited by attackers.

  1. The DAO Attack (2016): A hacker exploited a vulnerability in the smart contract code of The DAO, stealing $60 million worth of ether.

  2. Parity Multi-Sig Wallet Attack (2017): A bug in the smart contract code of Parity's multi-signature wallet resulted in the loss of $30 million worth of ether.

  3. BeautyChain Attack (2018): A vulnerability in the smart contract code of BeautyChain allowed a hacker to steal $13.2 million worth of tokens.

  4. SpankChain Attack (2018): A vulnerability in the smart contract code of SpankChain led to the loss of $40,000 worth of tokens.

  5. EtherDelta DNS Attack (2017): A hacker hijacked the DNS server of EtherDelta and stole $250,000 worth of tokens.

  6. Golem Network Token Attack (2018): A vulnerability in the smart contract code of Golem Network Token allowed a hacker to steal $8.6 million worth of tokens.

  7. KingDice Attack (2017): A vulnerability in the smart contract code of KingDice allowed a hacker to steal $300,000 worth of ether.

  8. SmartBillions Attack (2018): A vulnerability in the smart contract code of SmartBillions allowed a hacker to steal $2 million worth of ether.

  9. Bee Token Attack (2018): A vulnerability in the smart contract code of Bee Token allowed a hacker to steal $1 million worth of ether.

  10. CoinDash Attack (2017): A hacker exploited a vulnerability in the smart contract code of CoinDash, stealing $7 million worth of ether.

  11. Veritaseum Attack (2017): A hacker exploited a vulnerability in the smart contract code of Veritaseum, stealing $8 million worth of tokens.

  12. Bancor Attack (2018): A hacker exploited a vulnerability in the smart contract code of Bancor, stealing $23.5 million worth of tokens.

  13. Cryptopia Exchange Hack (2019): Hackers gained access to Cryptopia's smart contracts and stole $16 million worth of tokens.

  14. Bithumb Attack (2018): Hackers exploited a vulnerability in Bithumb's smart contracts and stole $30 million worth of tokens.

  15. Coinrail Attack (2018): A hacker stole $40 million worth of tokens from Coinrail's smart contracts.

  16. Zaif Exchange Hack (2018): Hackers gained access to Zaif's smart contracts and stole $60 million worth of tokens.

  17. BitGrail Exchange Hack (2018): A hacker exploited a vulnerability in the smart contract code of BitGrail, stealing $187 million worth of tokens.

  18. EXMO Exchange Hack (2020): Hackers gained access to EXMO's smart contracts and stole $10 million worth of tokens.

  19. KuCoin Exchange Hack (2020): Hackers exploited a vulnerability in KuCoin's smart contracts and stole $280 million worth of tokens.

  20. Poly Network Attack (2021): A hacker exploited a vulnerability in the smart contract code of Poly Network, stealing $600 million worth of tokens.

  21. Balancer Pool Attack (2020): A vulnerability in the smart contract code of Balancer Pool led to the loss of $500,000 worth of tokens.

  22. UniCats Attack (2021): A hacker exploited a vulnerability in the smart contract code of UniCats, stealing $200,000 worth of tokens.

  23. FlashLoan Attack (2020): A hacker exploited flash loans to manipulate the price of tokens on multiple decentralized exchanges, leading to the loss of $1 million worth of tokens.

  24. Harvest Finance Attack (2020): In October 2020, an attacker used a flash loan to manipulate the price of the USDC stablecoin on the Harvest Finance platform, exploiting a vulnerability in the platform's liquidity pools and stealing $34 million worth of tokens. The attacker then exchanged the stolen tokens for renBTC and transferred them to an address controlled by them. Following the attack, the Harvest Finance team conducted a post-mortem analysis and outlined several measures to improve the security of their platform, including adding additional controls for price manipulation and implementing a bug bounty program. They also worked to reimburse affected users and reached out to other DeFi platforms to assist in recovering the stolen funds. The incident highlighted the risks associated with flash loans and the importance of conducting comprehensive security audits to identify and address vulnerabilities in smart contract code.

  25. Yam Finance Attack (2020): A bug in the smart contract code of Yam Finance caused the protocol to fail, resulting in the loss of $750,000 worth of tokens.

  26. ETHLend Hack (2017): A hacker exploited a vulnerability in the ETHLend smart contract code, stealing $250,000 worth of tokens. The ETHLend team responded quickly, issuing a statement that no user funds were at risk and that they would reimburse the affected users. The team also conducted a security audit and implemented additional measures to prevent similar attacks in the future.

  27. Pickle Finance Attack (2020): A vulnerability in the smart contract code of Pickle Finance allowed a hacker to steal $20 million worth of tokens.

  28. Alpha Finance Lab Attack (2021): A hacker exploited a vulnerability in the smart contract code of Alpha Finance Lab, stealing $37.5 million worth of tokens.

  29. Cream Finance Attack (2021): A hacker exploited a vulnerability in the smart contract code of Cream Finance, stealing $19 million worth of tokens.

  30. BadgerDAO Attack (2021): A vulnerability in the smart contract code of BadgerDAO allowed a hacker to steal $120 million worth of tokens.

  31. EasyFi Network Attack (2021): A vulnerability in the smart contract code of EasyFi Network allowed a hacker to steal $80 million worth of tokens.

  32. Iron Finance Attack (2021): A run on the bank caused the price of Iron Finance's stablecoin to plummet, resulting in the loss of $1.3 billion worth of tokens.

  33. Wault Finance Attack (2021): A vulnerability in the smart contract code of Wault Finance allowed a hacker to steal $10 million worth of tokens.

  34. BurgerSwap Attack (2021): A vulnerability in the smart contract code of BurgerSwap allowed a hacker to steal $7.2 million worth of tokens.

  35. Uranium Finance Attack (2021): A vulnerability in the smart contract code of Uranium Finance allowed a hacker to steal $50 million worth of tokens.

  36. Thodex Exchange Scam (2021): The founder of Thodex exchange disappeared with $2 billion worth of tokens held by users on the platform.

  37. SafeMoon Scam (2021): The developers of SafeMoon created a rug pull scam, stealing $2.5 million worth of tokens from investors.

  38. SaveTheKids Scam (2021): The developers of SaveTheKids created a rug pull scam, stealing $1.7 million worth of tokens from investors.

  39. TurtleDex Scam (2021): The developers of TurtleDex created a rug pull scam, stealing $2.5 million worth of tokens from investors.

  40. CryptoMasters Scam (2021): The developers of CryptoMasters created a rug pull scam, stealing $1 million worth of tokens from investors.

  41. Speckle Scam (2021): The developers of Speckle created a rug pull scam, stealing $1 million worth of tokens from investors.

  42. Streamity Scam (2021): The developers of Streamity created a rug pull scam, stealing $2 million worth of tokens from investors.

  43. OlympusDAO Attack (2021): A vulnerability in the smart contract code of OlympusDAO allowed a hacker to steal $60 million worth of tokens.

  44. Cream V2 Attack (2021): A vulnerability in the smart contract code of Cream V2 allowed a hacker to steal $18.8 million worth of tokens.

  45. Meerkat Finance Scam (2021): The developers of Meerkat Finance created a rug pull scam, stealing $31 million worth of tokens from investors.

  46. Yield Wars Scam (2021): The developers of Yield Wars created a rug pull scam, stealing $2.8 million worth of tokens from investors.

  47. Cobalt Finance Attack (2022): A vulnerability in the smart contract code of Cobalt Finance allowed a hacker to steal $30 million worth of tokens.

  48. Nafty NFT Scam (2021): The developers of Nafty NFT created a scam, stealing $12 million worth of tokens from investors.

  49. Solana Diamond Scam (2021): The developers of Solana Diamond created a scam, stealing $4.8 million worth of tokens from investors.

  50. Solarite Scam (2021): The developers of Solarite created a rug pull scam, stealing $1.5 million worth of tokens from investors.

  51. ASSY Token Scam (2021): The developers of ASSY Token created a rug pull scam, stealing $2 million worth of tokens from investors.

  52. Munch Token Scam (2021): The developers of Munch Token created a rug pull scam, stealing $30 million worth of tokens from investors.

  53. Fairmoon Scam (2021): The developers of Fairmoon created a rug pull scam, stealing $1.5 million worth of tokens from investors.

  54. Squid Game Token Scam (2021): The developers of Squid Game Token created a rug pull scam, stealing $2.1 million worth of tokens from investors.

  55. 420x Scam (2021): The developers of 420x created a rug pull scam, stealing $1.4 million worth of tokens from investors.

  56. Hoge Finance Scam (2021): The developers of Hoge Finance created a rug pull scam, stealing $2 million worth of tokens from investors.

  57. WenLambo Scam (2021): The developers of WenLambo created a rug pull scam, stealing $3 million worth of tokens from investors.

  58. Elongate Scam (2021): The developers of Elongate created a rug pull scam, stealing $2 million worth of tokens from investors.

  59. Aurora Scam (2021): The developers of Aurora created a rug pull scam, stealing $10 million worth of tokens from investors.

  60. Spaghetti Scam (2021): The developers of Spaghetti created a rug pull scam, stealing $1.3 million worth of tokens from investors.

  61. YieldHero Scam (2021): The developers of YieldHero created a rug pull scam, stealing $3.3 million worth of tokens from investors.

  62. CoreVault Scam (2021): The developers of CoreVault created a rug pull scam, stealing $2.5 million worth of tokens from investors.

  63. Shiba Inu Scam (2021): A fake version of Shiba Inu was created on the Binance Smart Chain, stealing $2.1 million worth of tokens from investors.

  64. Amazon Coin Scam (2021): A scammer created a fake Amazon Coin token and sold it on Uniswap, stealing $200,000 worth of Ethereum from investors.

  65. Fraudulent dYdX Trades (2021): A group of traders used a flash loan to manipulate the price of dYdX tokens, causing the platform to lose $10 million.

  66. Balancer Hack (2021): A hacker exploited a vulnerability in the smart contract code of Balancer, stealing $500,000 worth of tokens.

  67. DeFi100 Exit Scam (2021): The developers of DeFi100 disappeared with $32 million worth of tokens held by users on the platform.

  68. Crowny Token Scam (2021): The developers of Crowny Token created a rug pull scam, stealing $2 million worth of tokens from investors.

  69. YFII Finance Scam (2021): The developers of YFII Finance created a rug pull scam, stealing $20 million worth of tokens from investors.

  70. O3 Swap Hack (2021): A hacker exploited a vulnerability in the smart contract code of O3 Swap, stealing $11 million worth of tokens.

  71. Popsicle Swap Hack (2021): A hacker exploited a vulnerability in the smart contract code of Popsicle Swap, stealing $25 million worth of tokens.

  72. Thugbirdz Scam (2021): The developers of Thugbirdz created a rug pull scam, stealing $4.4 million worth of tokens from investors.

  73. Tengu Scam (2021): The developers of Tengu created a rug pull scam, stealing $3 million worth of tokens from investors.

  74. KiwiSwap Scam (2021): The developers of KiwiSwap created a rug pull scam, stealing $2 million worth of tokens from investors.

  75. Meerkat Finance Scam (2021): The developers of Meerkat Finance created a rug pull scam, stealing $31 million worth of tokens from investors.

  76. Zabu Scam (2021): The developers of Zabu created a rug pull scam, stealing $2.8 million worth of tokens from investors.

  77. Evil Rabbit Finance Scam (2021): The developers of Evil Rabbit Finance created a rug pull scam, stealing $1.7 million worth of tokens from investors.

  78. KingSwap Hack (2020): A hacker exploited a vulnerability in the smart contract code of KingSwap, stealing $20 million worth of tokens.

  79. Cheese Bank Exit Scam (2021): The developers of Cheese Bank disappeared with $40 million worth of tokens held by users on the platform.

  80. Poly Network Hack (2021): A hacker exploited a vulnerability in the Poly Network smart contract code, stealing $610 million worth of tokens.

  81. Basis Cash Scam (2020): The developers of Basis Cash abandoned the project, causing the value of the token to drop to near zero, resulting in losses for investors.

  82. YAM Finance Bug (2020): A bug in the YAM Finance smart contract code caused the platform to lose $750,000 worth of tokens.

  83. Softdrink Swap Scam (2021): The developers of Softdrink Swap created a rug pull scam, stealing $3.3 million worth of tokens from investors.

  84. NFT Bots Scam (2021): A group of scammers created fake NFT bots and sold them on OpenSea, stealing $700,000 worth of Ethereum from buyers.

  85. Crow Finance Scam (2021): The developers of Crow Finance created a rug pull scam, stealing $3 million worth of tokens from investors.

  86. HAKKA Finance Hack (2021): A hacker exploited a vulnerability in the smart contract code of HAKKA Finance, stealing $7.8 million worth of tokens.

  87. Art Blocks NFT Scam (2021): A scammer created a fake Art Blocks NFT and sold it for $20,000 worth of Ethereum.

  88. NFT Marketplace Scam (2021): A scammer created a fake NFT marketplace and stole $1 million worth of Ethereum from buyers.

  89. Rarible Marketplace Scam (2021): A scammer created a fake Rarible marketplace and stole $500,000 worth of Ethereum from buyers.

  90. Whiteheart Finance Scam (2021): The developers of Whiteheart Finance created a rug pull scam, stealing $1.5 million worth of tokens from investors.

  91. Jetfuel Finance Scam (2021): The developers of Jetfuel Finance created a rug pull scam, stealing $20 million worth of tokens from investors.

  92. Cryptonovae Scam (2021): The developers of Cryptonovae created a rug pull scam, stealing $3 million worth of tokens from investors.

  93. DeFi100 Reboot Scam (2021): The developers of DeFi100 created a new platform and claimed it was a reboot of the previous DeFi100 platform, but it turned out to be a scam, and they disappeared with $32 million worth of tokens.

  94. Trident Group Exit Scam (2017): The developers of Trident Group disappeared with $3.1 million worth of tokens held by users on the platform.

  95. Parity Wallet Hack (2017): A hacker exploited a vulnerability in the Parity Wallet smart contract code, stealing $30 million worth of tokens.

  96. DAO Hack (2016): A hacker exploited a vulnerability in the DAO (Decentralized Autonomous Organization) smart contract code, stealing $50 million worth of tokens.

  97. DAO Fork Attack (2016): In response to the DAO hack, the Ethereum community conducted a hard fork to reverse the transaction, resulting in a split in the blockchain and the creation of Ethereum Classic.

  98. BatchOverflow Bug (2018): A bug in the smart contract code of multiple Ethereum-based tokens allowed a hacker to create an overflow of tokens and steal $20 million worth of tokens.

  99. BEC Token Scam (2021): The developers of BEC Token created a rug pull scam, stealing $30 million worth of tokens from investors.

  100. Polywhale Finance Scam (2021): The developers of Polywhale Finance created a rug pull scam, stealing $2.7 million worth of tokens from investors.

  101. Celestial Token Scam (2021): The developers of Celestial Token created a rug pull scam, stealing $20 million worth of tokens from investors.

  102. Munch Token Scam (2021): The developers of Munch Token created a rug pull scam, stealing $30 million worth of tokens from investors.

  103. Iron Finance Bank Run (2021): A bank run occurred on the Iron Finance platform, causing the value of the platform's token to drop from $2 to near zero, resulting in losses for investors.

  104. Crowny Token Scam (2021): The developers of Crowny Token created a rug pull scam, stealing $500,000 worth of tokens from investors.

  105. HyperFund Exit Scam (2021): The developers of HyperFund disappeared with $7.6 billion worth of tokens held by users on the platform.

  106. Micro Doge Token Scam (2021): The developers of Micro Doge Token created a rug pull scam, stealing $1.3 million worth of tokens from investors.

  107. Spartan Protocol Hack (2021): A hacker exploited a vulnerability in the Spartan Protocol smart contract code, stealing $30 million worth of tokens.

  108. SpacePenguin Token Scam (2021): The developers of SpacePenguin Token created a rug pull scam, stealing $2.8 million worth of tokens from investors.

  109. SavePlanetEarth Token Scam (2021): The developers of SavePlanetEarth Token created a rug pull scam, stealing $8 million worth of tokens from investors.

  110. Sticky Rice Finance Scam (2021): The developers of Sticky Rice Finance created a rug pull scam, stealing $25 million worth of tokens from investors.

  111. DODO Exchange Hack (2021): A hacker exploited a vulnerability in the DODO Exchange smart contract code, stealing $3.8 million worth of tokens.

These attacks serve as a reminder that even seemingly well-designed smart contracts can be vulnerable to exploitation by skilled hackers, and that it's important for developers and users alike to stay vigilant and take steps to mitigate risks.This underscores the importance of securing smart contracts and conducting thorough security audits to prevent vulnerabilities that could be exploited by attackers.


114 views0 comments

Comments


bottom of page