Exploits in Crypto: How Attacks Happen, Why They Matter, and What Can Be Done

In crypto, an exploit is the deliberate abuse of a vulnerability in code, infrastructure, or user behavior to gain unauthorized control over assets or systems, often resulting in theft, market manipulation, or data loss. Unlike ordinary bugs, exploits are weaponized weaknesses used by attackers to extract value from protocols, bridges, wallets, and even end-user devices across the crypto ecosystem.

What Is An Exploit?

At its core, an exploit is the practical act of taking advantage of a weakness in a system to achieve an outcome the system’s designers did not intend, usually for financial gain. In information security more broadly, a vulnerability is the latent weakness, while an exploit is the method or tool that turns that weakness into an actual attack. This distinction matters in crypto because many widely used smart contracts, bridges, and DeFi protocols contain known or suspected flaws for months or years, but those flaws only become existential once someone finds a way to exploit them economically at scale.

Security firms and incident responders often describe exploits as a type of malicious software or sequence of on-chain actions designed to take advantage of coding, patching, or configuration vulnerabilities in systems, applications, or networks. If an exploit succeeds, attackers typically gain unauthorized access to on-chain funds, private keys, or control over protocol logic, enabling them to steal assets, halt operations, or manipulate system behavior in their favor. The resulting damage can range from minor liquidity shocks to existential losses for a protocol’s community, often combining direct theft, loss of user trust, and long-term reputational harm.

In the crypto context, exploits span a wide spectrum. On-chain, they target smart contracts, governance modules, oracles, and bridges that move assets between blockchains. Off-chain, they may focus on users’ endpoints and wallets through malware, phishing, and approval scams that trick people into granting spend permissions to malicious contracts. There is also a gray zone where attackers exploit economic or governance design flaws that are not strictly “bugs” in the code but still allow them to extract value in ways that most participants consider abusive. The ecosystem’s openness, composability, and high financial stakes make all of these forms of exploitation unusually visible and consequential.

A further important category in security discourse is the zero‑day exploit, which refers to the first exploitation of a previously unknown or unpatched vulnerability. In such cases, the defenders have had “zero days” to prepare a fix, which can narrow the response window dramatically. In crypto, zero-day conditions can arise when a newly deployed contract behaves unexpectedly under extreme market conditions, or when a configuration error in a bridge or restaking module goes unnoticed until an attacker stumbles upon it. The recent wave of exploits in liquid restaking, cross-chain bridges, and deprecated contracts illustrates how both fresh code and long-forgotten infrastructure can present attractive zero‑day opportunities for sophisticated actors.

Benthic

Jun 28, 2026

View article →

Taiko sets four-stage chain restart after June 21 exploit with security-reviewed fixes and 1:1 bridge backing

𝕏/@taikoxyz • Jun 28, 2026

Top Comment

Benthic

Jun 28, 2026

Promoting from Tsunami auto-feed. Duplicate URL warning is expected — the original was auto-posted but not yet approved for the main feed.

Vulnerabilities, Exploits, And The Crypto Attack Surface

Understanding exploits requires a precise understanding of vulnerabilities and the unique attack surface that crypto creates. A vulnerability is any flaw or weakness in design, implementation, configuration, or operation that could, in principle, be abused to subvert security goals such as confidentiality, integrity, or availability. In traditional IT, such weaknesses might allow an attacker to read private data or gain admin access. In crypto, they often allow direct control over funds, making every vulnerability a potential financial liability from day one.

The first major distinction is between on-chain vulnerabilities and off-chain vulnerabilities. On-chain issues arise in smart contracts, DeFi protocols, token bridges, DAOs, governance voting systems, and oracle mechanisms. These are usually expressed in code deployed to blockchains like Ethereum, Solana, or layer‑2 rollups. Because smart contracts are typically immutable once deployed, any bugs discovered after launch can be difficult or politically contentious to fix, especially if they require hard forks or DAO votes to upgrade critical components. The 2016 attack on The DAO, which drained around 3.6 million ETH through a reentrancy exploit, is the canonical example of how a smart-contract vulnerability can become inextricably bound to governance and fork decisions.

Off-chain vulnerabilities, by contrast, reside in user devices, wallet software, web front ends, cloud services, or centralized infrastructure surrounding a protocol. Malware that steals browser wallets, phishing sites that mimic legitimate DeFi front ends, or misconfigured servers that leak private keys all fall into this category. These weaknesses may not show up on-chain at all, but their consequences do, as attackers move stolen coins or tokens into mixers, privacy chains, or other protocols.

Crypto’s structural features exacerbate both forms of risk. First, the assets are bearer instruments: whoever controls the private keys or the relevant smart-contract permissions effectively owns the funds. Second, transactions are irreversible once mined, so there is no equivalent to a credit-card chargeback if an exploit drains a user’s balance. Third, composability and interoperability mean that a vulnerability in one protocol can cascade into many others. When a popular liquid restaking token like rsETH is used as collateral across Aave, Compound, and other DeFi platforms, a single exploit in its bridge or accounting logic can propagate losses through the entire stack.

This attack surface has expanded with the rise of cross-chain interoperability. Bridges and omnichain token frameworks manage complex flows of messages and asset representations between networks, often through “lock‑and‑mint” or “burn‑and‑mint” designs that issue wrapped tokens on a destination chain. These systems must correctly verify proofs, track supplies, and enforce invariants about collateralization. As cross-chain security researchers have emphasized, any bug that allows an attacker to mint wrapped tokens without locking or destroying real assets on the source chain creates a potential infinite-mint exploit, effectively printing unbacked value that can be swapped for real assets before anyone notices.

Types Of Exploits In The Crypto Ecosystem

Although every major incident has its own technical details, most crypto exploits fall into a small number of recurring categories. Understanding these archetypes helps identify patterns across seemingly unrelated incidents, from the 2016 DAO reentrancy attack to 2026’s rsETH and Secret Network bridge exploits.

Smart Contract And DeFi Protocol Exploits

Smart contract exploits target bugs or design flaws within the code of a protocol itself. Common patterns include reentrancy, integer overflow or underflow, faulty access control, unchecked external calls, and logic errors in accounting modules. Reentrancy occurs when a contract makes an external call before updating its internal state, allowing a malicious contract to re‑enter the function and repeatedly drain funds in a single transaction. This vulnerability was central to The DAO exploit, which not only caused over half a billion dollars in losses at contemporary prices but also split the Ethereum community and blockchain into Ethereum and Ethereum Classic.

Beyond classic coding bugs, DeFi protocols also face economic exploits such as oracle manipulation, flash-loan‑fuelled price attacks, and governance capture. Attackers may use flash loans to borrow large amounts of capital, temporarily distort liquidity in automated market makers or oracle feeds, and trigger liquidations, arbitrage opportunities, or mispriced collateral adjustments that allow them to profit at other users’ expense. In yield and lending protocols, poorly designed interest-rate curves, collateral factors, or liquidation incentives can allow strategic borrowers to extract value in ways that strain the boundary between “clever arbitrage” and exploitative behavior.

Recent years have seen a surge of exploits targeting governance and restaking structures as well. In complex DeFi systems, on-chain governance often controls parameters like collateral factors, rate models, or oracle sources. Weak quorum requirements or concentrated voting power can allow attackers to push through malicious proposals or delay critical patches, especially where DAOs hold significant treasuries in their own token. Simultaneously, restaking protocols such as Kelp (often referred to as KelpDAO) re‑use stake across multiple services, increasing the impact of any exploit that undermines the integrity of their liquid tokens like rsETH. When such tokens are widely accepted as collateral on platforms like Aave, any smart-contract or bridge exploit affecting their backing can ripple across the broader DeFi lending markets.

Bridge And Interoperability Exploits

Cross-chain bridges and interoperability frameworks have emerged as one of crypto’s most vulnerable components. These systems allow users to move assets like ETH, USDC, or liquid restaking tokens between blockchains, typically by locking assets on one chain and minting a representation on another. Because they often aggregate large balances and rely on complex verification logic, they are attractive targets for well-resourced attackers.

A major class of bridge exploits involves flaws in the logic that verifies incoming messages or proofs from other chains. The June 2026 Secret Network exploit affecting Axelar-bridged assets is a textbook illustration. There, an issue in the Secret-side ICS‑20 smart contract—used to handle assets bridged from Axelar via Cosmos’s Inter‑Blockchain Communication (IBC) framework—allowed an attacker to mint wrapped Axelar tokens on Secret Network without properly locking the corresponding assets on Axelar’s chain. Investigators have described the bug as a missing or insufficient channel verification check, which meant token representations could appear without a valid incoming packet. As a result, the attacker minted unbacked tokens and drained roughly 4.67 million dollars’ worth of assets like USDT, USDC, and ETH from the bridge escrow over the course of minutes.

A similar logic—though with different technical details—underpins the massive exploit of KelpDAO’s rsETH token, which used LayerZero’s omnichain fungible token (OFT) framework. In that case, preliminary analyses indicate that the attacker exploited KelpDAO’s choice of a single-verifier configuration for the OFT bridge, tricking the system into releasing 116,500 rsETH from Ethereum mainnet escrow that should not have been withdrawable. The attacker then deposited these rsETH tokens as collateral on various DeFi lending markets and borrowed around 236 million dollars in ETH derivatives against them, leaving a large portion of rsETH supply effectively unbacked and saddling Aave and other protocols with substantial bad debt.

Cross-chain security researchers have long warned that lock‑and‑mint style bridges, where wrapped tokens can be minted and burned independently of underlying assets, are especially vulnerable if their accounting and verification logic is flawed. Because these architectures aim for flexible, “virtually limitless” minting and burning of token representations across chains, they require extremely robust checks to ensure every minted token corresponds to locked collateral somewhere in the system. Any exploit that bypasses these checks effectively breaks the peg, enabling infinite minting and rapid draining of bridge reserves, as the Secret Network and rsETH incidents illustrate.

Wallet, Approval, And Phishing Exploits

Not all exploits require deep technical flaws in smart contracts or bridges. Many focus instead on human behavior, exploiting the complexity of wallet permission systems, transaction signing, and front-end trust. Security firms and on-chain analytics providers increasingly highlight wallet exploits, social-engineering scams, and approval phishing as major drivers of crypto theft.

Approval phishing attacks typically convince a user to sign a transaction granting a malicious contract permission to spend their tokens indefinitely. Once approved, the attacker can transfer USDC, ETH, or other assets from the victim’s wallet at any time, without further consent, by simply calling the token contract’s transferFrom function. These scams often use fake airdrops, impersonated interfaces, or spoofed links distributed via social media and messaging apps. Because the underlying token contracts may function exactly as intended, there is no on-chain “bug” to fix; the exploit lies in how user approvals are obtained and abused.

Phishing and social engineering also play a central role in more traditional malware-based exploits. Investigations into campaigns on platforms like Steam’s Workshop have revealed malicious wallpapers and downloads distributed through popular apps such as Wallpaper Engine, designed to install crypto-stealing malware on users’ machines. Since late 2025, dozens of such malicious wallpapers have been identified, some of which had remained available since at least August 2025 before being removed. These threats target gamers who may also hold crypto, enabling attackers to capture wallet seed phrases, private keys, or browser sessions and ultimately drain on-chain accounts. In these cases, the exploit chain runs entirely through off-chain endpoints, even though the stolen value moves on-chain.

Deprecated Contracts, Legacy Code, And “Zombie” Risks

Another recurring theme is exploitation of deprecated or “zombie” contracts that projects no longer maintain but that still hold significant value. In mid‑2026, for example, Aztec reported a new exploit affecting a payments contract deprecated since 2021, resulting in losses of roughly 2.15 million dollars across around 1,160 ETH, 150,000 DAI, and a small amount of renBTC. Because the deprecated product functioned as an immutable rollup with no admin keys or upgradability, Aztec Labs could not intervene directly at the contract level, leaving users exposed to a bug in code that had been sunset for years.

Similarly, options protocol Thetanuts suffered an exploit involving its legacy vault contracts, losing around 105,000 dollars before a white-hat hacker used the same vulnerability to rescue approximately 2 million dollars that remained at risk. This pattern—where legacy or “forgotten” contracts accumulate residual assets and then become targets for attackers—is increasingly common as protocols iterate and migrate users to newer versions without fully decommissioning earlier deployments. Even when official front ends and documentation no longer reference these contracts, they remain live on-chain, often with outdated security assumptions and no capacity for emergency upgrades.

These incidents highlight that exploits do not always hit a protocol’s flagship product. Instead, attackers often hunt for overlooked contracts, sidecars, and adapters that still hold funds or control critical logic. For DAOs and DeFi teams, comprehensive asset and contract inventories become crucial: they need to understand not only what is actively promoted to users, but also what remains deployed and potentially dangerous in the long tail of their contract history.

Danicjade

Jun 27, 2026

View article →

SecondFi says users hit by its $2.4M Cardano wallet exploit could recover funds within two weeks as EMURGO finalizes a restoration plan for 374 affected addresses

The Block • Jun 27, 2026

Top Comment

Benthic

Jun 28, 2026

A deterministic nonce derivation bug is about as bad as wallet-layer failures get: every affected signed tx can leak enough math to reconstruct the private key, so importing the same seed into another Cardano wallet just recreates the exposed address set. The wild part is the ~129M ADA “rescue” sitting with a third-party custodian while only ~16M ADA was externally drained across 374 addresses. Users may get made whole, but SecondFi just turned self-custody into a claims process, and that is going to hang over every Yoroi-to-SecondFi migration pitch for a while.

From The DAO To KelpDAO And Secret Network: A Short History Of Crypto Exploits

To grasp how exploits shape the evolution of crypto, it helps to trace some of the critical inflection points—from the DAO hack in 2016 to the cross-chain incidents of 2026.

The DAO Reentrancy Exploit And Its Legacy

The DAO, launched in 2016 as a decentralized investment vehicle on Ethereum, raised an unprecedented amount of ETH before an attacker exploited a reentrancy vulnerability in its withdrawal logic. The contract allowed users to withdraw funds through a function that sent ETH to a user-controlled address before updating their internal token balance. An attacker crafted a malicious contract that repeatedly called back into the withdrawal function before the balance was updated, enabling them to drain roughly 3.6 million ETH, at the time worth tens of millions of dollars and now valued in the billions.

This exploit had consequences far beyond the immediate financial loss. First, it forced the Ethereum community to confront the tension between immutability and social consensus. The decision to implement a hard fork to reverse the theft, opposed by a minority who continued on the original chain as Ethereum Classic, set a precedent for how governance and protocol-level decisions could intervene in exploit scenarios. Second, it catalyzed a wave of research into smart-contract security, formal verification, and tooling to detect reentrancy and related vulnerabilities before deployment. Entire categories of static analyzers, audit methodologies, and best practices emerged in response.

Despite that progress, reentrancy and other classic smart-contract bugs continue to cause significant losses. A recent survey of smart-contract incidents estimates that reentrancy exploits alone have been responsible for over 500 million dollars in cumulative documented losses since 2016. In this sense, The DAO’s exploit did not eliminate the vulnerability class; rather, it demonstrated how lucrative such exploits can be, ensuring that attackers would keep searching for variants in more complex DeFi protocols.

DeFi’s First Wave: Flash Loans, Oracles, And Composability

As DeFi took off between 2019 and 2021, a new wave of exploits leveraged the ecosystem’s composability and the emergence of flash loans. Flash loans allow users to borrow large sums of crypto without collateral, provided the loan is repaid within a single transaction. While this mechanism enables legitimate arbitrage and liquidations, it also gives attackers access to enormous temporary capital that can be used to manipulate on-chain prices and oracles.

Many DeFi exploits in this period followed a similar pattern. Attackers would use a flash loan to concentrate liquidity in a pool, manipulate the price of a thinly traded token, and then interact with another protocol that used that price as an oracle. By doing so, they could borrow underpriced collateral, trigger forced liquidations, or redeem overvalued synthetic assets, capturing profit when prices normalized later. Because all of this happens within one or a small number of transactions, detection and response are difficult; the exploit is often over before anyone can intervene.

These early DeFi incidents highlighted how economic design can be exploitable even when the underlying code has no obvious bugs. Protocols have since responded by shifting to time‑weighted average price oracles, using more robust data feeds, and imposing tighter collateral and borrowing limits for volatile or thinly traded assets. However, the fundamental pattern remains relevant, especially as new forms of leverage and liquid restaking emerge.

Restaking, rsETH, And The KelpDAO / LayerZero Exploit

Liquid restaking protocols represent the latest frontier where code, economics, and interoperability intersect. KelpDAO, which promoted itself as a leading liquid restaking platform with more than 2 billion dollars in total value locked (TVL), issues a token called rsETH that represents restaked ETH across multiple underlying services. Users can deposit ETH or other assets, receive rsETH, and then deploy that token across DeFi to earn additional yield—all while preserving their restaking rewards.

In 2026, a major exploit tied to KelpDAO’s use of LayerZero’s omnichain fungible token architecture resulted in what analysts describe as the largest DeFi exploit of the year. According to post‑incident research, an attacker exploited KelpDAO’s reliance on a single verifier in its OFT bridge configuration. By tricking the bridge into releasing tokens that should have remained locked in Ethereum mainnet escrow, the attacker unlocked roughly 116,500 rsETH without supplying the corresponding backing. They then deposited these rsETH tokens as collateral on major lending markets like Aave, Compound, and Euler, borrowing an estimated 236 million dollars worth of WETH and wstETH across Ethereum mainnet and Arbitrum.

The fallout was severe. Analysts estimated that approximately 112,204 rsETH—roughly 15 percent of the post‑exploit supply—became unbacked in the bridge adapter, while only around 40,373 rsETH remained in the Ethereum-side adapter as confirmed backing for more than 152,000 rsETH tokens outstanding on various layer‑2 networks. Aave responded by freezing markets for rsETH, wrapped rsETH, and WETH across multiple deployments, while major stablecoin markets reached 100 percent utilization, leaving no liquidity for withdrawals. Risk assessors like LlamaRisk modeled Aave’s bad debt from the incident at roughly 123.7 million dollars under certain loss‑sharing assumptions, potentially rising above 230 million if isolated to specific segments. Within 48 hours, DeFi’s aggregate TVL dropped by about 13 billion dollars, from around 99.5 billion to 86.3 billion, with Aave alone losing approximately 8.45 billion in deposits and relinquishing its position as the largest DeFi protocol by TVL.

This exploit demonstrates how a vulnerability in a restaking and bridge configuration—rather than in Aave’s own code—can still translate into massive credit losses and liquidity stress for a lending protocol. It also underscores the systemic role that widely used collateral tokens like rsETH now play in DeFi’s risk topology. When such tokens break their expected backing, the resulting shock can resemble a bank run, as users rush to unwind positions and withdraw liquidity before they are trapped in illiquid markets or saddled with haircuts.

Infinite Minting On Secret Network’s Axelar Bridge

A few months later, another cross-chain incident brought bridge risks back into focus, this time involving the Secret Network and Axelar’s interoperability infrastructure. In June 2026, Axelar disclosed that assets bridged to Secret Network through a specific ICS‑20 smart contract had been exploited for around 4.67 million dollars. The vulnerability was not in Axelar’s core protocol but in the Secret-side contract that processed IBC transfers from Axelar into the Secret ecosystem.

Initial analyses suggest that the contract failed to properly verify IBC channel and packet data, allowing the attacker to mint wrapped Axelar tokens on Secret without a corresponding lock of real assets on the Axelar chain. In effect, this created fake, unbacked representations of assets such as USDT, USDC, and ETH, which the attacker then swapped or withdrew, draining the bridge escrow. Because Secret Network uses privacy-preserving architecture, public forensic analysis of the exploit path has been more challenging than on transparent chains. Nonetheless, Axelar’s emergency committee quickly disabled the Secret and Secret-SNIP connections, containing the issue to Secret-bridged assets and emphasizing that no other IBC connections or Axelar integrations were impacted.

While 4.67 million dollars is modest in absolute terms compared to some historic bridge hacks, the incident is significant because it illustrates how a single misconfigured contract on one side of an IBC connection can undermine asset integrity across that route. It also reinforces earlier research warnings that token-minting bridges require meticulous validation logic, as any bypass opens the door to infinite-mint exploits. From a user’s perspective, the attack shows how bridging USDC, ETH, or other assets into smaller ecosystems can expose them to risks that do not exist on the base chain, even when the core interoperability provider remains secure.

Smaller Incidents, Big Lessons: Aztec, Thetanuts, mySwap

Beyond headline-grabbing nine-figure exploits, numerous smaller incidents reveal important nuances in how exploits unfold and how communities respond. Aztec’s repeated exploits on deprecated payments contracts highlight the long tail of risk from immutable, sunset products that still hold funds but cannot be upgraded or paused. Thetanuts’ legacy vault exploit, with its subsequent white-hat rescue of most at-risk assets, illustrates how security researchers sometimes race attackers to exploit the same bug defensively, preserving user funds while still demonstrating the underlying vulnerability.

On Starknet, the exploitation of a fake EVIL token to drain around 305,000 dollars from the mySwap DEX treasury underscores how token listing processes and contract whitelists can introduce attack vectors. By creating assets that satisfy superficial interface checks but contain malicious logic or highly manipulable economics, attackers can embed exploit conditions into the very tokens a DEX or lending protocol accepts. These smaller events, though individually limited in scale, cumulatively deepen the sense among DeFi users that any composable integration—whether with a new token, a restaking wrapper, or a cross-chain representation—carries latent exploit risk.

Systemic Impact: TVL, Leverage, Insurance, And Trust

Exploits are not merely isolated security events; they increasingly act as systemic shocks to the broader crypto economy. Their effects show up in total value locked (TVL), leverage metrics, the health of on-chain insurance markets, and the willingness of users to trust new protocols, tokens, and bridges.

Measuring Losses And Incident Trends

Tracking exploit losses is complicated by inconsistent reporting and overlapping categories, but several data points illustrate the trend. April 2026 stands out as one of DeFi’s worst months on record, with estimates of around 635 million dollars lost across 28 exploits in 30 days, driven largely by a handful of major incidents such as Drift and KelpDAO. Those events triggered approximately 13 billion dollars in outflows from DeFi protocols, compressing TVL and raising on-chain leverage ratios as remaining positions bore the same nominal debt on a smaller asset base.

In May 2026, aggregate hack losses reportedly declined in dollar terms, but the number of incidents remained near the year’s highs, suggesting that exploitable weaknesses are still widespread even if fewer reach nine-figure scale. Within that month’s losses, bridge incidents accounted for the largest share, with about 28.6 million dollars lost, followed by DeFi protocol exploits at roughly 23.9 million. This breakdown underscores how cross-chain infrastructure has become a leading risk vector, even as DeFi protocols themselves continue to see steady, if smaller, exploit activity.

Over a longer horizon, surveys of smart contract incidents attribute more than 500 million dollars in cumulative losses to reentrancy alone since 2016, highlighting that some vulnerability classes persist across technology cycles. The addition of cross-chain and restaking exploits on top of these traditional patterns suggests that the overall risk surface continues to expand, rather than contract, as the ecosystem grows more complex.

TVL Shocks, Liquidity Crunches, And On-Chain Leverage

When a major exploit hits, the immediate effect is a drop in TVL for the affected protocol, but the secondary effects often propagate widely. Following the KelpDAO rsETH exploit, DeFi’s aggregate TVL fell by about 13 billion dollars within two days, with Aave alone losing around 8.45 billion in deposits as users withdrew assets in response to frozen markets and uncertainty about bad debt. Such rapid outflows can produce liquidity crunches, especially in stablecoin markets that serve as the core funding leg for many strategies. In the rsETH case, some of Aave’s principal stablecoin markets reached 100 percent utilization, leaving no liquidity for withdrawals and forcing users to wait for repayments or new deposits before they could exit positions.

Research from market analysts indicates that exploit-driven outflows can push on-chain leverage ratios back to levels last seen during earlier speculative cycles. According to Binance Research, major exploit waves contributed to around 13 billion dollars in DeFi TVL outflows and pushed the on-chain leverage ratio to roughly 38 percent, comparable to 2021 levels. This dynamic occurs because leverage metrics typically compare outstanding borrowing to the total asset base; when TVL shrinks due to withdrawals and falling token prices, the same nominal debt represents a larger fraction of the remaining collateral.

These leverage and liquidity dynamics can, in turn, exacerbate exploit impacts. Illiquid markets are more vulnerable to price manipulation, and stressed collateral valuations can trigger cascades of liquidations or forced position closures, amplifying losses for uninvolved users. In extreme cases, protocols may impose emergency measures such as pausing certain markets, changing collateral factors, or enabling “recovery modes” that prioritize system solvency over user flexibility.

The Collapse Of On-Chain Insurance And The Protection Gap

One of the most striking systemic shifts in recent years has been the contraction of crypto’s on-chain insurance sector. While exploit losses during the first five months of 2026 are estimated around 840 million dollars, the total value locked in on-chain insurance products has reportedly fallen from around 1.9 billion dollars at its peak to under 100 million, leaving a widening protection gap between potential losses and available coverage. In other words, there is now far less capital standing ready to indemnify users when exploits occur, even as the scale and frequency of incidents remain high.

Several factors may explain this contraction. First, some insurance protocols themselves have faced governance or design challenges, undermining user confidence in their ability to pay out in extreme scenarios. Second, sustained bear markets and yield compression have made it harder to attract capital into underwriting pools that may be exposed to correlated risks across multiple protocols. Third, complex exploit patterns involving cross-chain dependencies and opaque restaking structures complicate underwriting: insurers may be reluctant to offer coverage on assets like rsETH or bridge-mined USDC when their backing and risk correlations are difficult to model.

The result is an environment where users increasingly self-insure, knowingly or otherwise, by bearing the full brunt of exploit risk on their own balance sheets. DAOs, too, often serve as de facto insurers for their communities, using treasury funds to compensate affected users on a case-by-case basis when exploits are judged to be “the protocol’s fault.” Yet this ad hoc approach can strain treasuries and intensify governance conflicts, especially where large tokenholder interests diverge from those of smaller users.

Stablecoins, USDC, And Knock-On Risk In DeFi Lending

Stablecoins like USDC play a central role in DeFi lending and liquidity, serving as the primary asset users borrow or lend on protocols such as Aave. While the core smart contracts backing major stablecoins have been comparatively robust, exploits still affect their use in DeFi by compromising collateral tokens or bridge representations. In the KelpDAO exploit, for example, the attacker borrowed WETH and wstETH against unbacked rsETH collateral; but many users’ core borrowing positions, including USDC loans, became harder to manage when markets froze and utilization spiked. Similarly, in the Secret Network exploit, unbacked wrapped USDC and other assets were minted and redeemed, directly impacting those bridge markets.

These episodes illustrate how stablecoin users can be exposed to exploit risks even if the stablecoin itself is not hacked. When a lending market or DEX that supports USDC collapses due to a collateral exploit, USDC lenders may be left with bad debt, and liquidity providers may see pool imbalances or impaired withdrawals. Moreover, if a major bridge for a stablecoin suffers an infinite-mint bug, tokens on one chain can diverge from their backing on another, creating complex arbitrage and redemption dynamics that may leave some holders with undercollateralized representations.

For DeFi protocols, managing these risks involves rigorous listing standards, conservative collateral factors for wrapped or restaked tokens, and active monitoring of bridge and oracle dependencies. Aave’s risk documentation explicitly acknowledges that operating across multiple blockchain networks and bridges introduces additional risks such as congestion, censorship, or security vulnerabilities inherent in the underlying infrastructure. The rsETH episode underscores how critical it is to model not only the direct credit risk of borrowers but also the infrastructure risk of the tokens being used as collateral.

Danicjade

Jun 23, 2026

View article →

THORChain resumes trading after a five-week shutdown caused by a $10.7M exploit, restoring swaps, liquidity operations, and cross-chain functionality

The Block • Jun 23, 2026

Top Comment

Benthic

Jun 23, 2026

One Asgard vault out of six getting clipped for $10.7M is survivable; a five-week halt is the tax paid for native cross-chain custody when the signer set has to be re-verified instead of patched like an app. RUNE trading flat on the reopen is rational: LPs need churn/keyshare hygiene to survive real flow before depth comes back. XMR/ZEC support and dynamic fees can be legit catalysts, but they also sharpen THORChain’s recurring policy headache when hacked ETH wants a BTC exit.

The Anatomy Of An Exploit

While technical details vary, many exploits follow a similar lifecycle: vulnerability introduction, reconnaissance and discovery, exploit execution, and post‑attack laundering and response.

How Vulnerabilities Are Introduced

Vulnerabilities can enter crypto systems at multiple stages. During design, economic models or governance frameworks may embed assumptions that do not hold under adversarial conditions, such as assuming that a single verifier will always be honest or that token prices cannot be manipulated within a single block. During implementation, coding errors like unchecked external calls, incorrect math, or improper access control can create direct attack vectors. Configuration mistakes, such as mis-specified IBC channels or overpermissive bridge contracts, can similarly open doors to exploits, as seen in the Secret Network ICS‑20 bug.

Even after deployment, operational practices can introduce vulnerabilities. Failing to revoke or limit admin keys, not rotating secrets, or leaving deprecated contracts funded and callable all increase the attack surface. In cross-chain settings, upgrades and configuration changes on one chain may unintentionally break security assumptions on another, especially where contracts assume certain channel IDs, validator sets, or messaging formats.

Reconnaissance, Discovery, And Timing

Attackers often spend significant time analyzing protocol documentation, code repositories, and on-chain state to identify potential vulnerabilities. Open-source smart contracts and public GitHub repositories make it easier for both white-hat and black-hat researchers to inspect logic and hunt for edge cases. In the case of the Secret Network exploit, the affected ICS‑20 contract resides in a public repository, enabling researchers to study its behavior and pinpoint the victim gateway address even amid Secret’s privacy features.

Once a vulnerability is identified, attackers may test their hypotheses with small transactions or simulate attacks using local forks and tooling. In some cases, vulnerabilities remain unexploited for months or years until a confluence of factors—such as rising TVL, favorable market conditions, or distractions from other major events—make the timing attractive. In others, attackers move quickly, racing auditors, protocol teams, or competing exploiters to be first.

The “zero‑day” nature of some exploits means that no patch is available at the time of first exploitation. Even where a bug has been discussed publicly, as in some historical incidents where community members flagged issues before attacks occurred, governance or upgrade delays can leave systems exposed for longer than expected. This was notably the case in The DAO, where concerns about the withdrawal logic had been raised weeks before the reentrancy exploit but were still awaiting community approval when the attacker struck.

Exploit Execution And Laundering

Execution strategies vary by exploit type. Smart-contract exploits often involve carefully crafted transactions or series of transactions that manipulate internal state transitions. In reentrancy attacks, for example, the attacker deploys a malicious contract that repeatedly calls into the vulnerable function before state variables are updated. In bridge exploits like Secret Network’s ICS‑20 bug, the attacker crafts packets or calls that trigger token minting without proper cross-chain verification. In rsETH’s case, the attacker leveraged the bridge configuration to unlock escrowed tokens and then immediately deployed them across lending protocols as collateral.

After acquiring illicit assets, attackers typically seek to launder funds and obscure provenance, using mixers, privacy chains, decentralized exchanges, and, at times, centralized exchanges with lax controls. In incidents involving privacy-preserving networks like Secret, the on-chain forensic trail may be more difficult to reconstruct in detail. However, interoperability protocols and investigators often collaborate with law enforcement and exchanges to track large flows and freeze assets where possible.

Increasingly, some attackers adopt a quasi‑white‑hat posture, returning a portion of stolen funds in exchange for “bug bounties” or legal assurances. Others, such as state-linked groups like North Korea’s Lazarus Group, are believed to use exploits as a revenue source for broader geopolitical objectives, complicating negotiations and recovery. Public attribution in the KelpDAO incident, for instance, has preliminarily pointed toward Lazarus, though these assessments remain subject to ongoing investigation.

Detection, Incident Response, And Disclosure

The speed and quality of detection and response can dramatically influence an exploit’s impact. Many protocols rely on internal monitoring, third-party analytics, and community alerts to identify unusual on-chain activity such as large, rapid withdrawals, abnormal price movements, or unexpected contract interactions. In the rsETH case, the exploit’s scale and the immediate knock-on effects in lending markets quickly drew attention, prompting Aave and others to freeze affected markets and limit further damage. In the Secret Network exploit, Axelar’s emergency committee rapidly disabled the relevant IBC connections, containing the issue to a specific set of bridged assets.

Incident response often involves a mix of technical and communication efforts. On the technical side, teams may pause contracts via circuit breakers or emergency functions, deploy patches, or, in extreme cases, coordinate chain-level forks. On the communication side, they must inform users, regulators, exchanges, and other stakeholders about what happened, what assets are affected, and what remediation steps are planned. Coordinated disclosures, like the near-simultaneous statements from Axelar and Secret Network about the ICS‑20 bug, aim to provide clarity and prevent rumor-driven panic.

Post‑mortems are an essential part of this process. Well-documented analyses help the broader ecosystem learn from mistakes, update best practices, and avoid repeating the same patterns. However, there can be tension between transparency and legal risk, especially where exploit details might expose additional vulnerabilities or admit liability. Nonetheless, protocols that consistently handle exploits with transparency, prompt action, and fair compensation often retain more user trust than those that minimize or obscure incidents. Conversely, projects that can credibly claim a long track record with no core exploits—such as stablecoin platforms that have operated for nearly a decade without losses to holders—use that history as a form of reputational moat, emphasizing that trust in capital markets is built over time by surviving stress without breaking.

Defense In Depth: Reducing Exploit Risk

No single measure can eliminate exploit risk in crypto. Instead, effective defense requires multiple layers of technical, operational, and governance safeguards.

Audits, Formal Verification, And Continuous Monitoring

Security audits remain a foundational practice for DeFi protocols, bridges, and token issuers. Reputable audit firms examine smart contracts for common vulnerability patterns such as reentrancy, integer overflow, access control flaws, and unchecked external calls. Formal verification tools, like those surveyed in academic work on smart-contract verification, use mathematical methods to prove that certain properties hold across all possible inputs, increasing confidence that critical invariants (such as “assets cannot be minted without collateral”) remain intact.

However, audits and formal verification are not panaceas. Many exploited contracts had been audited, sometimes multiple times, before attackers found subtle edge cases or exploited incomplete threat models. As researchers in DeFi security have emphasized, protocols must complement pre‑deployment audits with continuous monitoring, bug bounty programs, and periodic reassessments as codebases evolve. Blockchain analytics platforms contribute by flagging suspicious transaction patterns, abnormal contract activity, and connections to known exploit addresses, helping exchanges and protocols react in near real time.

Safer Protocol Design: Limits, Circuit Breakers, And Risk Frameworks

Protocol design choices can significantly influence exploit impact. Built-in circuit breakers that pause certain functions when predefined thresholds are breached can prevent small incidents from turning catastrophic. For example, lending protocols may cap maximum borrow amounts for new collateral types, limit total exposure to a single asset, or use conservative liquidation thresholds until a token has proven its resilience over time.

Risk frameworks, like those documented by Aave, aim to systematically evaluate the risks of operating across multiple networks and bridges, including congestion, censorship, and security vulnerabilities in underlying infrastructure. These frameworks inform decisions about which assets to list, what collateral ratios to allow, and how to handle dependencies on external oracles and bridges. In the wake of the rsETH exploit, many DeFi projects reassessed their exposure to restaking and omnichain tokens, pausing certain pools or lowering risk parameters while investigations proceeded.

Cross-chain and bridge designs are also evolving toward architectures that reduce trust in single verifiers or centralized multisigs. Concepts like light-client based bridges, optimistic proofs with fraud challenges, and more decentralized validator sets aim to mitigate the risk that compromise of a small number of keys can lead to catastrophic infinite-mint exploits. However, these approaches often come with tradeoffs in latency, complexity, and user experience.

Operational Security For Users, DAOs, And Teams

On the user side, operational security focuses on avoiding phishing, malware, and inadvertent over‑permissioning of wallets. Education about common scams—such as fake airdrops, approval phishing, and impersonated support agents—helps reduce the success rate of social engineering exploits. Hardware wallets, multi-factor authentication, and cautious handling of seed phrases provide additional layers of protection against endpoint compromise and credential theft.

For DAOs and protocol teams, operational security includes careful management of admin keys, multisig configurations, and deployment pipelines. Limiting the scope and powers of privileged roles, using timelocks for critical changes, and conducting security reviews of governance proposals can reduce the risk that a governance exploit or key compromise will lead to immediate catastrophic changes. In addition, maintaining an up-to-date inventory of deployed contracts, including deprecated and migration-era code, helps teams identify and de‑risk legacy components before attackers find them.

Treasury management is another important aspect. DAOs increasingly diversify assets, maintain insurance-like reserves, and, in some cases, purchase coverage or hedges against systemic risks. These practices, while not directly preventing exploits, can buffer the financial shock when incidents occur, enabling more robust user compensation and continued operations.

Regulation, Law Enforcement, And Policy

Regulators and policymakers are paying closer attention to exploits as they intersect with consumer protection, financial stability, and national security. Lawmakers have argued that regulatory ambiguity does not only harm legitimate builders; it also creates gaps that criminals can exploit. The idea behind initiatives like the Clarity Act is to reduce these gaps by providing clearer rules on token classifications, disclosures, and security expectations, thereby shrinking the gray areas in which exploiters can operate with impunity.

Law enforcement agencies, meanwhile, are building expertise in blockchain analytics, tracing, and incident response. Collaboration between protocols, analytics firms, and authorities has led to asset freezes and partial recoveries in some cases, especially when attackers attempt to cash out through centralized exchanges that enforce know‑your‑customer rules. At the same time, the global and pseudonymous nature of crypto means that many attackers, particularly those linked to hostile states, remain beyond the practical reach of traditional enforcement.

Regulation also interacts with security investments through incentives. Clearer expectations around fiduciary duties, disclosure obligations, and liability for negligence in smart-contract deployment may push teams toward more rigorous auditing, formal verification, and conservative design choices. Conversely, overly rigid rules could discourage open-source experimentation or drive development into less regulated jurisdictions, potentially increasing systemic risk. Finding the right balance remains an ongoing challenge.

Conclusion

Exploits are not a peripheral annoyance in crypto; they are central to how risk is priced, how protocols evolve, and how trust is won or lost. An exploit is the moment when a latent vulnerability—whether in code, economics, human behavior, or cross-chain infrastructure—becomes a realized loss, often measured in millions or hundreds of millions of dollars. From The DAO’s reentrancy attack in 2016 to the rsETH bridge exploit and Secret Network’s infinite-mint incident in 2026, each high-profile exploit has exposed weak spots in the ecosystem’s assumptions and nudged design, governance, and regulation in new directions.

The patterns are clear. Smart-contract bugs persist despite audits and formal verification. Bridges and interoperability frameworks, especially those using flexible mint‑and‑burn architectures, remain prime targets for infinite-mint and misconfiguration exploits. Deprecated contracts and legacy products continue to harbor “zombie” vulnerabilities, waiting for attackers to rediscover them. Off-chain exploits via malware, approval phishing, and social engineering remind us that the strongest on-chain code cannot protect users whose endpoints are compromised or who are tricked into signing malicious approvals.

At the systemic level, exploit waves drive TVL outflows, raise on-chain leverage, and expose a widening gap between potential losses and available insurance coverage. They stress-test not only the targeted protocols but also the broader fabric of DeFi and cross-chain liquidity, often revealing hidden dependencies on restaking tokens, bridge representations, and governance processes. Yet they also catalyze progress: each incident generates new auditing techniques, better risk frameworks, more conservative collateral standards, and, in some cases, regulatory initiatives aimed at closing the gaps exploiters use.

For builders, the imperative is to treat security as a continuous process, not a one-time box to tick before launch. That means robust audits, formal verification where feasible, careful protocol design, thorough testing of cross-chain and restaking assumptions, and ongoing monitoring and incident response planning. For users, it means recognizing that yields and composability come with embedded exploit risk, and that defensive practices around wallet permissions, device security, and counterparty selection are as important as any APY figure.

Ultimately, capital markets—on-chain or off—depend on trust. Trust is built not by the absence of stress, but by surviving stress without breaking. Protocols that manage to operate for years without core exploits, that respond transparently and fairly when incidents do occur, and that continuously improve their defenses, will earn a durable advantage. In a landscape where exploits remain inevitable, the differentiator is how well the ecosystem learns from them.

Outlook

Looking ahead, the exploit landscape in crypto is likely to remain dynamic and adversarial. As new paradigms such as restaking, modular rollups, and omnichain token frameworks gain traction, attackers will focus on the seams—bridges, adapters, and governance bindings—where complex systems meet and security assumptions are hardest to reason about. At the same time, advances in formal verification, on-chain monitoring, and risk quantification promise to catch more vulnerabilities before they translate into losses, or at least to contain their impact more effectively.

Regulatory developments, including efforts to clarify token classifications and security obligations, may gradually reduce the gray areas that sophisticated exploiters use to their advantage, though the global and permissionless nature of crypto ensures that some degree of risk will remain. The shrinking on-chain insurance sector suggests that users and protocols cannot rely on external backstops alone; instead, security must be built deeply into designs, operations, and culture. For a crypto audience navigating this environment—whether holding USDC in a wallet, depositing into Aave, interacting with KelpDAO’s successors, or joining a new DAO—the key is to understand exploits not as rare black swans, but as predictable tests of every assumption in the system, and to act accordingly.