Humanity Protocol Private-Key Compromise
A compromised Humanity Foundation key let an attacker drain wallets and mint 100M H tokens on BNB Chain, netting about $32M and crashing $H nearly 90%.
Loss
32.0M
USD
Volume I · The catalog
Since 2009, more than $14.06B has been drained from blockchains and the businesses that touch them. This is the running ledger — citation-first, on-chain verifiable, and updated as we learn more.
Front page · The biggest№ 001
Bybit Heist
Malicious JavaScript injected into Safe{Wallet}'s signing UI drained 401,000 ETH ($1.46B) from a Bybit cold-wallet transfer, the largest crypto theft ever.
Recent filings
All →Gnosis Pay Zodiac Delay Module Exploit
A signature-verification flaw in the Zodiac Delay Module let an attacker bypass Gnosis Pay's time-delay protection and drain roughly $265,000 in EURe and GNO from dozens of user Safes.
Loss265.0KUSDTesseraDAO Unauthorized Mint Exploit
An attacker with control of privileged minting rights created 99 million TSR tokens on BNB Chain and dumped them for roughly $2.5 million, crashing the token nearly 99%.
Loss2.5MUSDGravity Bridge Signing-Key Compromise
Gravity Bridge, the Cosmos-Ethereum cross-chain bridge, was drained of roughly $5.4 million after attackers apparently compromised validator signing keys and forged unauthorized withdrawals.
Loss5.4MUSDNew Market Trading SquidRouterModule Exploit
A confused-deputy access-control flaw in New Market Trading's third-party SquidRouterModule let an attacker drain roughly $3.8 million from 88 Gnosis Safe wallets across Ethereum, Base, and Arbitrum.
Loss3.8MUSDEcho Protocol eBTC Admin Key Mint
An attacker minted 1,000 unbacked eBTC (~$76.7M nominal) on Echo Protocol via an admin-key compromise, used it as Curvance collateral, and extracted ~$821K through Tornado Cash before containment.
Loss821.0KUSD