The attacker siphoned at least $24 million USDC from the protocol, which they quickly swapped into ETH and laundered via Tornado Cash.
Ostium loses at least $24 million to oracle exploit
Polymarket customers lose $2.97 million, company blames third-party vendor
Polymarket, a crypto-based prediction markets platform, quickly made an announcement to claim that a third-party vendor had been compromised to allow an attacker to inject a malicious script into the website frontend. Polymarket has said it will refund affected customers.
Users of the SecondFi Cardano wallet lose $2.4 million in series of hacks
After the attacks commenced, SecondFi "rescued" another 129 million ADA (~$19.4 million) by moving the assets to a third party entity. They have announced that an external accounting firm will verify the funds and process user claims.
Taiko bridge exploited
Highly active MEV bot known as jaredfromsubway.eth drained for $7.7 million
On June 20, an attacker used a series of contracts to cause the bot to grant token approvals that were later used to drain 4,427 ETH ($7.7 million). Some of the funds were then laundered through Tornado Cash.
Aztec Connect hacked for a second time in less than a week
The hacks are part of a spate of exploits targeting legacy smart contracts belonging to projects including Raydium and DxSale. Although some projects have developed techniques to circumvent the immutable nature of blockchains and allow smart contracts to be upgraded or retired, many legacy contracts cannot be changed or shut down, leaving them vulnerable to attack indefinitely.
Deprecated project Aztec Connect exploited for $2.1 million
The theft is only the latest in a string of attacks targeting vulnerable legacy smart contracts, many of which cannot be deleted, paused, or changed due to blockchains' immutable nature. Raydium and DxSale are two other platforms that have recently suffered losses due to old, insecure code.
Secret bridge exploited for $4.67 million a week before anyone notices
The exploit, which occurred on June 10, went unnoticed until June 17, when a transaction failed with a message suggesting that more tokens had been bridged out of the Secret network than had been bridged in.
Secret has warned, "If you hold Axelar-bridged saXXX tokens on Secret, please be aware their backing was affected and your funds may be lost."
Raydium users lose $1.34 million after legacy smart contract exploited
Raydium has said it will compensate users who lost funds in the exploit.
Humanity Protocol loses $36 million to employee laptop compromise
With the keys, the attacker stole more than 6 million of Humanity's H token, then used other keys to upgrade a bridge and drain 141 million more tokens. With the bridge access, they also minted 300 million new H tokens. The attacker then quickly swapped the ill-gotten tokens for ETH, causing the H price to plummet by 80–90%.
Humanity Protocol markets itself as a competitor to Sam Altman's World (formerly Worldcoin), a decentralized identity project that aims to use iris scans to prove that users are unique humans. Humanity raised $20 million in 2025 from Pantera Capital and Jump Crypto.

![A circle overlaid with ][ symbols, followed by "Ostium" in orange capitals](https://primary-cdn.web3isgoinggreat.com/entryImages/logos/resized/ostium_300.webp)






