WEB3-LIFI-2022

On April 19, 2024, Hedgey Finance was drained of about $44.7 million (notional) across Arbitrum (~$42.6 million, mostly BONUS tokens) and Ethereum (~$2.1 million in USDC, ETH and other tokens). The root cause was an unvalidated attacker-controlled address combined with a stale token allowance in the ClaimCampaigns contract. createLockedCampaign granted an ERC-20 allowance via SafeERC20.safeIncreaseAllowance(IERC20(campaign.token), claimLockup.tokenLocker, campaign.amount) without validating that the caller-supplied tokenLocker was a legitimate Hedgey vesting contract, so the attacker passed their own address and obtained spend approval. cancelCampaign then refunded the deposited tokens but never called safeDecreaseAllowance, leaving the dangling allowance live after capital was returned. Funding the deposit with a Balancer flash loan, the attacker looped create-then-cancel to accumulate approvals, then called the token's transferFrom directly to drain funds belonging to other campaigns out of the contract.

The Parity multisig wallet (version 1.5+) suffered two distinct incidents rooted in the same flaw. On 19 July 2017 an attacker stole 153,037 ETH (~$30M) from several wallets, and on 6 November 2017 the user devops199 accidentally froze 513,774 ETH (~$150M+ across 587 wallets) permanently. Each thin wallet contract held no logic and used delegatecall to forward unmatched calls to a single shared WalletLibrary, which executed in the caller's storage context. The library's initWallet (calling initMultiowned) was a public function with no initialized guard, so in July the attacker called initWallet on a deployed wallet to overwrite m_owners with only their own address and m_required to 1, then called execute() to drain it. In November devops199 called the unprotected initWallet directly on the shared WalletLibrary itself (whose own storage was still uninitialized, bypassing the post-July fix that only checked the caller's m_numOwners), became its owner, then called the library's kill() which ran selfdestruct, deleting the shared code and bricking every wallet that delegatecalled into it.

A frontend hijack leaves the on-chain contracts untouched but replaces the Web2 surface serving the dApp UI with a wallet-drainer clone, so no Solidity audit can catch it. The recurring pattern: attackers take over the domain registrar or DNS provider account (or a CDN/tag-manager account), repoint the domain to a cloned site, and prompt visitors to sign malicious token approvals, EIP-2612 permit signatures, or transfers. Curve Finance was hit twice: on August 9-10, 2022 its curve.fi domain was DNS-hijacked via a compromised nameserver and drained ~$570K in USDC/DAI; and again around May 12, 2025 at the registrar level, after which Curve permanently migrated to curve.finance and announced an ENS move (Convex Finance and Resupply, which depend on Curve's data feeds, suffered dependency-driven outages but were not themselves compromised). In July 2024 a mass wave hit DeFi domains registered through Squarespace, whose forced migration off Google Domains stripped 2FA: Compound's frontend redirected to an Inferno Drainer clone and 100+ protocols were exposed (Celer blocked its takeover via domain monitoring). Ambient Finance's domain was hijacked through stolen registrar credentials on October 17, 2024. Most recently, on April 14, 2026 attackers used forged identity documents to social-engineer the registrar into handing over DNS control of CoW Swap's swap.cow.fi and cow.fi domains, redirecting users to a pixel-perfect drainer clone for about 90 minutes; over $1M was taken in roughly three hours, including 219 ETH (~$750K) from a single wallet, while CoW's contracts, backend APIs, and solver network were untouched. The same bucket includes CDN-account injections (KyberSwap's September 2022 Cloudflare/Google Tag Manager compromise, ~$265K) and BGP route hijacks that swap signed bundles for drainer code.

On September 2, 2025 Bunni, a liquidity manager built on Uniswap v4, was drained of roughly $8.4 million across Ethereum and Unichain (USDC, USDT, and weETH/ETH) through a rounding error in its withdrawal accounting amplified by flash loans. Bunni's Liquidity Distribution Function (LDF) tracks an 'idle balance' that is rebalanced on every swap, and the withdraw path rounded that balance in the wrong direction under specific conditions. The attacker flash-borrowed millions in USDT and executed a precisely sized sequence of swaps that pushed the pool's spot price back and forth across tick boundaries, triggering the faulty rounding repeatedly; each cycle let them withdraw more tokens than they burned in liquidity (in the USDC/USDT pool the idle balance fell 85.7% while liquidity fell only 84.4%, and that gap was the leak). The bug was application-specific accounting math, not an oracle or price-feed flaw. Unable to fund a secure relaunch, the Bunni team announced on October 23, 2025 that it was permanently shutting down, leaving withdrawals open and relicensing v2 from BUSL to MIT.

On May 22, 2025 Cetus Protocol, the leading DEX on Sui, was drained of approximately $223M. The root cause was a flawed overflow check: the checked_shlw function in the integer-mate math library built its guard mask as 0xFFFFFFFFFFFFFFFF << 192 instead of 0x1 << 192, so values above 2^192 slipped past the check and the subsequent 64-bit left shift silently overflowed (left shifts do not abort in Move). The flaw lived in get_delta_a, which computes the tokens needed for a liquidity position; under the overflow the numerator wrapped to a tiny value, so the function demanded as little as 1 token unit for an enormous liquidity amount. Using flash swaps (borrowing ~10M haSUI), the attacker opened a tight-range position (ticks [300000, 300200]) and minted a massive amount of liquidity for a negligible deposit, then withdrew real pool reserves. Around $162M was frozen on-chain by Sui validators and eventually returned, while roughly $62M was bridged out to Ethereum. Cetus relaunched after recovering and replenishing affected pool liquidity.

On April 14, 2025 the perpetuals DEX KiloEx lost about $7.5 million across BNB Chain, Base, opBNB, and Taiko to what was reported as oracle price manipulation but was really an access-control failure. KiloEx's price feed (KiloPriceFeed.setPrices) was meant to be reachable only through a keeper-gated call chain, but the top-level MinimalForwarder.execute function was publicly callable and validated an attacker-supplied signature against attacker-supplied data, letting anyone forge a trusted call that reached setPrices and write an arbitrary price. The attacker set a market price far below true value, opened a leveraged position, then set the price far above value and closed it in the same flow, extracting fabricated profit from the vault; the sequence was repeated across all four chains, with a single transaction netting $3.12M. Reporting that framed it as flash-loan oracle manipulation was imprecise: no market liquidity was moved, the price was simply written directly through the unprotected forwarder. After KiloEx offered a 10% (~$750K) whitehat bounty and no legal action, the attacker returned essentially all of the funds by April 18, 2025.