Ultimately the attacker profited around 295 ETH (~$1 million), but the protocol was saddled with significantly more bad debt that the team will now have to grapple with.
Moonwell accrues almost $3.7 million of bad debt after oracle malfunction
The Moonwell lending protocol, built on the Base Ethereum L2, wound up with $3.7 million in bad debt after an attacker took advantage of an oracle malfunction that caused the price of wrsETH to be massively inflated. The Chainlink oracle used by the project erroneously reported that a single wrsETH token (Kelp DAO's wrapped restaked ETH) was priced at around 1.65 million ETH (~$5.8 billion). Within 30 seconds of the oracle reporting bad data, an attacker took advantage of the error to borrow huge amounts of tokens, which they then swapped to other tokens to cash out.
- wrsETH Oracle Malfunction 11/4/25, Moonwell forum
- Tweet by CertiK Alert [archive]
Stream Finance halts activity after $93 million loss
The Stream Finance defi yield project announced that "an external fund manager overseeing Stream funds disclosed the loss of approximately $93 million in Stream fund assets." Stream announced that they were in the process of withdrawing remaining liquid assets, and had halted all deposits or withdrawals. They also announced they had retained a law firm to investigate the "incident".
The project didn't disclose who the fund manager was, or the circumstances in which the "loss" occurred.
The Staked Stream USD token depegged on November 3, and crashed further following the announcement.
Balancer exploited for at least $110 million
The defi protocol Balancer suffered a major exploit that drained over $110 million across several blockchains, including Ethereum, Polygon, Base, and Sonic. Attackers exploited faulty access control in the
manageUserBalance function of Balancer's v2 smart contract, enabling unauthorized internal withdrawals. The stolen tokens included 6,850 osETH, 6,590 wETH, and 4,260 wstETH, later consolidated into new wallets likely for laundering.The exploit also impacted forked protocols like Beets Finance, which lost around $3 million. Balancer's BAL token dropped over 10% following the theft.
This was Balancer's third major security incident since 2020, despite prior audits by OpenZeppelin and Trail of Bits.
Garden hacked for $11 million
The Garden bitcoin bridge suffered a roughly $11 million loss after one of its solvers was compromised. These solvers essentially act as market makers for the protocol. Some blockchain sleuths have questioned whether the affected solver, which Garden described as a separate entity, may actually be operated by the same team as Garden.
There wasn't much sympathy to be had for Garden after this exploit. The protocol had recently announced hitting a milestone of bridging more than $2 billion in assets, but the celebration was criticized after zachxbt pointed out that a substantial portion of the bridged funds were proceeds of crimes being laundered to evade detection and recovery.
Hyperliquid user loses $21 million to private key leak
An attacker apparently obtained access to a victim's private key, enabling them to drain $21 million in various crypto assets. The attacker quickly bridged the stolen funds to ETH, then bounced through various addresses in hopes of disguising their origin and making the funds more challenging to recover.
Some originally feared that the theft was enabled by an exploit on Hyperliquid itself, shortly after another Hyperliquid-based project was compromised, but the theft appears to have been a key leak rather than an exploit on the protocol.
Abracadabra loses more "Magic Internet Money" to third hack in two years
In their third major hack in two years, the Abracadabra defi lending project lost $1.8 million of their Magic Internet Money stablecoin. An attacker took advantage of a bug in the project smart contracts to borrow more than their provided collateral would normally allow. The attack was funded via Tornado Cash, and the exploiter then swapped the stolen tokens for ETH and laundered them back through Tornado.
The project disclosed the theft, describing the exploit as affecting "some deprecated contracts". They downplayed the theft, saying they'd bought back the stolen assets using treasury funds.
Abracadabra previously suffered a $13 million theft in March 2025, and a $6.5 million theft in January 2024.
Hyperdrive lending protocol exploited for $782,000
Exploiters drained $782,000 in crypto assets from two markets on the Hyperdrive lending protocol, which is built on the Hyperliquid layer-1 blockchain. The attacker apparently took advantage of a security flaw in one of the project's smart contracts to drain the funds.
Hyperdrive paused all markets while investigating the vulnerability, and patched the bug. They also compensated those who had lost money in the exploit.
SBI Crypto likely suffers $21 million theft
Crypto sleuth zachxbt observed $21 million in "suspicious outflows" from SBI Crypto, a crypto mining subsidiary of the Japanese SBI Group. The money was quickly laundered through instant exchanges and Tornado Cash, in ways zachxbt observed were similar to tactics of North Korean crypto thieves.
SBI Crypto has not made any public statements addressing the apparent theft.
Griffin AI exploited for $3 million one day after launch
One day after Griffin AI launched its GAIN token on Binance Alpha, an attacker minted 5 billion fake GAIN tokens on the Ethereum blockchain, then exploited a cross-chain endpoint to trick the bridge to the Binance chain into recognizing them as the real thing. The attacker was only able to sell a small fraction of their tokens, but they made off with approximately $3 million as the token plunged in price. According to CEO Oliver Feldmeier, the exploit was enabled by "a misconfigured layer Zero (cross-chain messaging) set-up and compromised key".
Griffin AI promises to allow customers to "build, deploy, and scale autonomous AI agents for crypto finance". These are essentially AI-powered bots that perform various functions — some of Griffin's advertised examples include a "robo-adviser" to provide "tailored investment strategies", and bots to do arbitrage trading or manage staked assets.
Seedify launchpad project suffers bridge exploit
An attacker exploited bridges for SFUND, the token issued by the Seedify launchpad and incubator. It appears the exploiter has profited around $1.7 million from the theft. Seedify issued a statement announcing the theft, and said the bridge contracts that were exploited had been deployed for three years. The SFUND token crashed in price by around 80% before recovering somewhat.
Seedify has been a launchpad for blockchain games, NFT projects, and other web3 products. The team recently has embraced "vibe coding" — a practice in which people rely heavily on AI to generate code.