35 entries tagged “defi”.
The pseudonymous Wonderland treasury manager '0xSifu', revealed by ZachXBT in 2022 to be Michael Patryn — co-founder of the collapsed QuadrigaCX exchange and a prior convicted fraudster who had used the name Omar Dhanani.
An Ethereum token whose deployer key was compromised on March 5, 2021, letting an attacker upgrade the contract, mint ~59.5M PAID, and sell ~2.5M for ~$3M in ETH before liquidity was pulled. The team blamed a leaked key; some observers alleged an insider rug.
A zkSync DEX (token MAGE) drained of ~$1.8M during its April 2023 token launch — concluded to be a rug pull by rogue developers via excessive 'feeTo' permissions. CertiK had audited it days earlier and later offered a victim compensation plan.
An Arbitrum DEX (token SAPR) whose deployer rug-pulled ~$3M in May 2023 by using proxy upgradeability to swap the audited staking contract for a malicious one. Funds were laundered via Tornado Cash. CertiK had audited it weeks earlier and later flagged it an 'exit scam'.
A Solana yield aggregator launched via the SolPAD launchpad that went dark in Aug 2021 after withdrawing liquidity — one of Solana's first major rug pulls. CoinDesk verified ~$6.7M removed; funds were reportedly bridged to Ethereum and routed through Tornado Cash.
An Avalanche OlympusDAO-style 'reserve currency' protocol whose TIME token crashed after on-chain investigator ZachXBT revealed (Jan 2022) that its pseudonymous treasury manager '0xSifu' was Michael Patryn — a convicted felon and co-founder of the collapsed QuadrigaCX exchange.
An Avalanche stablecoin protocol exploited for about $8.5M in February 2023 via a flash loan that abused a flawed solvency check. Two brothers were arrested in France (aided by ZachXBT) but were later acquitted of criminal charges by a French court.
Identified by U.S. prosecutors as the operational leader of Forsage, a 'DeFi' platform they call a ~$340M Ponzi and pyramid scheme. He was indicted in the U.S. in 2023 (charges pending) and, per reporting, was convicted in absentia in Georgia in 2024.
The trader behind the October 2022 ~$110M Mango Markets exploit, which he called a 'highly profitable trading strategy.' A jury convicted him of fraud and market manipulation in 2024, but a federal judge vacated those convictions in May 2025; prosecutors appealed.
A BNB Chain yield-farming project that rug-pulled about $10M in January 2022. The team minted millions of ARBX via an owner-only mint() function, dumped them, routed user deposits to unverified pools, and deleted its site and socials — months after a CertiK audit.
A BNB Chain AMM drained of about $50M on April 28, 2021 during a contract migration, after a single-character math error in its pair contracts let an attacker withdraw far more than deposited. The team suspected an internal leak; U.S. authorities later seized ~$31M.
A BNB Chain yield aggregator hit by a flash-loan price-manipulation 'economic exploit' on May 19, 2021. The attacker minted ~6.97M BUNNY and dumped it for about $45M in profit, crashing BUNNY from ~$146 to near $1; the team said no vaults were breached.
A partially collateralized stablecoin protocol on Polygon whose share token TITAN collapsed from ~$64 to near zero on June 16, 2021 in what the team called crypto's 'first large-scale bank run.' Its TVL fell from ~$2B; investor Mark Cuban said he was among those hit.
An Ethereum yield aggregator (a Harvest/Yearn clone) that rug-pulled ~$10.8M (some estimates ~$12.5M) in Dec 2020 by swapping audited 'Strategy' contracts for malicious ones via an unmonitored timelock. CP3R fell ~99% and the team vanished.
A Solana DEX whose MNGO token was manipulated by trader Avraham Eisenberg in Oct 2022 to borrow ~$110M against an inflated position. He returned ~$67M; a 2024 jury conviction was vacated on appeal in 2025 (venue + no material misstatement), which prosecutors appealed.
An OlympusDAO-style project with no website or whitepaper and pseudonymous developers that raised ~13,556 ETH (~$60M) in October 2021. About 20 hours later all liquidity was withdrawn and the token fell to zero — a rug pull.
A July 30, 2023 incident in which a compiler bug in older Vyper versions broke reentrancy protection, letting attackers drain several Curve pools and dependent protocols (Alchemix, JPEG'd, Metronome). Gross losses were ~$70M; white-hats and returns cut net losses to about $52M.
A cross-chain lending protocol drained of about $50M on October 16, 2024. Mandiant attributed it to a North Korea-linked actor (UNC4736 / AppleJeus) that used a fake-contractor Telegram lure to plant macOS malware on developers' machines and forge multisig approvals.
A decentralized exchange drained of about $48M in November 2023 via a complex exploit of its Elastic concentrated-liquidity pools. The attacker then posted an on-chain 'treaty' demanding full executive control of the Kyber company in exchange for the funds.
A yield-farming protocol exploited on October 26, 2020 in a flash-loan attack that manipulated Curve pool prices to drain its USDC and USDT vaults. Estimates ranged from ~$24M to ~$33.8M; the attacker returned about $2.5M.
The Ethereum stablecoin protocol Beanstalk lost about $182M in April 2022 when an attacker used a flash loan to borrow enough governance tokens to pass a malicious proposal that drained the protocol's funds in a single transaction.
The Nomad token bridge was drained of about $190M in August 2022 in a chaotic 'free-for-all' after a flawed upgrade let users replay other people's withdrawal messages by copying transactions.
A BNB Chain yield-vault protocol that lost ~$31M (≈14M BUSD and ~73,600 BNB) one day after launch in March 2021. The deployer used the proxy upgradeTo() function to swap the vault logic for malicious contracts with a permissionless 'backdoor' and drained the vaults. Widely classified as a rug pull.
A BNB Chain stableswap protocol that rug-pulled ~$27M in June 2021 by deploying a linked library different from its verified source code, letting operators drain the protocol and approved user wallets. A white-hat traced the team to Manchester, UK; arrests followed and most funds were returned.
A 'decentralized' smart-contract investment platform the SEC called a 'textbook pyramid and Ponzi scheme', raising $300M+ (DOJ cited ~$340M). The SEC charged 11 people in 2022.
ZachXBT publicly warned that Sorta Finance (Arbitrum) was likely to be an exit scam and linked it to a series of earlier lending-protocol rug pulls attributed to the same actor, with reported cumulative losses above $25M.
A BNB Chain lending protocol whose QBridge was exploited for about $80M on January 27, 2022. A logic flaw let an attacker mint unlimited 'qXETH' collateral without depositing any ETH, then borrow out the protocol's assets. Chainalysis later assessed it was likely North Korea-linked.
A DeFi protocol whose users lost about $120M on December 2, 2021 — not via a smart-contract bug but a front-end attack: a compromised Cloudflare API key let attackers inject a script that tricked users into approving malicious token allowances, then drained their wallets.
A cross-chain lending protocol drained of about $130M on October 27, 2021 via a flash-loan price-oracle manipulation of a Yearn yUSD vault — the largest of three exploits Cream suffered in 2021.
The crypto market maker Wintermute lost about $160M in September 2022 after an attacker brute-forced the private key of a 'vanity' admin address generated with the buggy Profanity tool, then used it to drain the firm's DeFi vault.
The Ethereum lending protocol Euler Finance lost about $197M in a March 2023 flash-loan attack exploiting a flawed 'donate' function. After weeks of on-chain negotiation, the attacker returned essentially all of the recoverable funds.
The Wormhole bridge between Solana and Ethereum was exploited for about $325M (120,000 wETH) in February 2022 after a signature-verification flaw let the attacker mint unbacked tokens. Backer Jump Crypto replenished the funds.
A cross-chain protocol exploited for about $611M in August 2021 — one of the largest DeFi thefts ever. Unusually, the attacker (dubbed 'Mr. White Hat') returned nearly all of the funds over the following days.
ZKasino ran a 'bridge-to-earn' campaign that, per reporting, collected about 10,515 ETH (~$33M). At launch the project converted deposits into its native ZKAS token instead of returning ETH and moved funds to a team multisig and into Lido. The event was widely reported as a rug pull.
A DeFi yield farm that drained its liquidity pool 11 days after launch, taking an estimated $4.2M from depositors.