Learn Real Smart Contract Exploits background image
Home - Coinspect Security

Learn Real Smart Contract Exploits

A curated collection of Foundry-based tests reproducing real-world EVM attacks.

41

Real Attacks Reproduced

1.7B+

In Total Value Hacked

8

EVM Chains Covered

16

Vulnerability Categories

ethereumethereum
May 28, 2025

Cork Finance

Manipulating rollover pricing to extract underpriced tokens

Total Losses: $7,200,000

binance smart chainbinance smart chain
May 11, 2025

MobiusDAO

Exploiting decimal precision errors to inflate token amounts

Total Losses: $2,150,000

ethereumethereum
Mar 30, 2025

SIR Trading

Attacking through misused transient storage security checks

Total Losses: $355,000

binance smart chainbinance smart chain
Feb 11, 2025

Four Meme

Preemptively manipulating pool prices during liquidity migration

Total Losses: $183,000

FantomFantom
Nov 16, 2024

Polter Finance

Breaking lending protocols through manipulated oracle price feeds

Total Losses: $8,700,000

ethereumethereum
Nov 1, 2023

Onyx Protocol

Creating empty market conditions to manipulate collateral values

Total Losses: $2,100,000

ethereumethereum
May 21, 2023

TornadoCash Governance Takeover

Hijacking governance by replacing approved proposal implementations

Total Losses: $2,700,000

arbitrumarbitrum
Feb 3, 2023

Sperax USD (USDS)

Abusing contract deployment timing to bypass balance checks

Total Losses: $309,000

binance smart chainbinance smart chain
Nov 29, 2022

MBC Token

Manipulating token prices through public liquidity functions

Total Losses: $5,000

binance smart chainbinance smart chain
Nov 29, 2022

Seaman

Forcing contracts to trade at manipulated token prices

Total Losses: $7,000

polygonpolygon
Nov 23, 2022

Curve Pool Oracle

Exploiting AMM oracle prices during liquidity withdrawal callbacks

Total Losses: $180,000

ethereumethereum
Nov 10, 2022

DFX Finance

Exploiting flash loan callbacks to manipulate balance checks

Total Losses: $6,000,000

binance smart chainbinance smart chain
Oct 30, 2022

BVaults

Manipulating token prices to drain protocol funds

Total Losses: $35,000

ethereumethereum
Oct 27, 2022

Team Finance

Exploiting migration processes through malicious token manipulation

Total Losses: $15,000,000

ethereumethereum
Oct 21, 2022

Bond Olympus DAO

Exploiting arbitrary token parameters in redemption functions

Total Losses: $300,000

ethereumethereum
Oct 14, 2022

Earning Farm

Bypassing withdrawal limits through unauthorized flash loan callbacks

Total Losses: $967,000

ethereumethereum
Oct 11, 2022

TempleDAO Spoof Old Staking Contract

Spoofing migration contracts to steal staked tokens

Total Losses: $2,300,000

ethereumethereum
Sep 19, 2022

Arbitrum Inbox

Exploiting reinitialization vulnerability in bridge upgrade process

Total Losses: $400,000

ethereumethereum
Sep 2, 2022

Bad Guys NFT

Claiming unlimited NFTs through unvalidated mint amounts

No losses reported

ethereumethereum
moonbeanmoonbean
Aug 1, 2022

Nomad Bridge

Processing arbitrary messages through faulty validation logic

Total Losses: $190,000,000

ethereumethereum
Apr 30, 2022

Fei Protocol

Cross-function reentrancy through lending protocol token transfers

Total Losses: $80,000,000

ethereumethereum
Mar 27, 2022

Revest Finance

Reentering token vault systems through ERC-1155 callbacks

Total Losses: $2,000,000

ethereumethereum
Mar 23, 2022

Ronin Bridge

Compromising validator keys to authorize malicious withdrawals

Total Losses: $624,000,000

ethereumethereum
Mar 21, 2022

Compound TUSD Integration

Exploiting dual-contract tokens in sweep functions

No losses reported

FantomFantom
Mar 21, 2022

One Ring Finance

Exploiting share price manipulation via reserve balance changes

Total Losses: $1,550,000

gnosis chaingnosis chain
Mar 15, 2022

Hundred Finance

Draining lending pools via ERC667 token hook reentrancy

Total Losses: $6,000,000

binance smart chainbinance smart chain
Mar 15, 2022

Paraluni

Attacking liquidity pools through malicious token reentrancy

Total Losses: $1,700,000

fantomfantom
Mar 9, 2022

Fantasm Finance

Minting tokens without required backing collateral

Total Losses: $2,620,000

ethereumethereum
Feb 24, 2022

Wormhole Bridge

Bypassing signature verification through uninitialized implementation contracts

Total Losses: $10,000,000

polygonpolygon
Feb 8, 2022

Superfluid

Forging transaction contexts to impersonate any user

No losses reported

ethereumethereum
Feb 8, 2022

Sandbox Public Burn

Destroying anyone's NFTs through flawed burn logic

No losses reported

ethereumethereum
Jan 19, 2022

AnySwap Permit Attack

Draining user funds via malicious token contracts

Total Losses: $960,000

ethereumethereum
Nov 2, 2021

Rari Fuse

Manipulating low-liquidity pools to inflate collateral pricing

Total Losses: $3,000,000

ethereumethereum
Sep 3, 2021

DAO maker

Exploiting unprotected initialization to become contract owner

Total Losses: $4,000,000

ethereumethereum
Aug 30, 2021

Cream Finance

Bypassing reentrancy guards through cross-contract token hooks

Total Losses: $18,000,000

ethereumethereum
Aug 10, 2021

Punk Protocol Re-initialize

Taking control by re-initializing proxy contracts

Total Losses: $8,950,000

ethereumethereum
moonbeanmoonbean
Aug 10, 2021

Polynetwork Bridge

Hijacking validator roles through sighash collision attacks

Total Losses: $611,000,000

binance smart chainbinance smart chain
Apr 28, 2021

Uranium

Breaking AMM invariants through incorrect constant calculations

Total Losses: $50,000,000

binance smart chainbinance smart chain
Apr 15, 2021

Rikkei Oracle Replace

Setting malicious price oracles through unprotected functions

Total Losses: $1,000,000

ethereumethereum
Feb 27, 2021

Furucombo

Hijacking proxy contexts through malicious delegatecalls

Total Losses: $15,000,000

N/AN/A
Jan 1, 1111

Read Only Reentrancy

Exploiting stale state reads during reentrancy execution

No losses reported