Bitcoin Depot is the largest operator of crypto ATMs globally and in the United States, with approximately 8,700 kiosks in the US and 9,200 worldwide.
Bitcoin Depot hacked for $3.67 million
Bitcoin ATM operator Bitcoin Depot has disclosed a March 23 hack in which attackers stole 50.903 BTC (~$3.67 million) from company wallets. According to the company's disclosure with the SEC, the exploiters gained access to the company's IT systems and wallet credentials, allowing them to steal the assets.
- SEC Form 8-K filed by Bitcoin Depot Inc. on April 6, 2026
- Top Crypto ATM Operators, Coin ATM Radar
Drift exploited for $285 million
The Solana-based Drift defi perpetual futures exchange was exploited for $285 million. The project alerted the community on social media, writing: "Drift Protocol is experiencing an active attack. ... This is not an April Fools joke."
The project later described the exploit as "a novel attack involving durable nonces, resulting in a rapid takeover of Drift's Security Council administrative powers." Once the attacker had access to admin capabilities, they quickly eliminated risk management limits on the protocol and drained huge quantities of tokens, which they swapped to USDC and then ETH. The attack was attributed to extremely sophisticated social engineering, likely by North Korean hackers.
Some have criticized USDC's issuer, Circle, for not freezing the stolen funds during the six hours they were held in USDC. Unlike ETH, USDC is controlled by a centralized company that can, and regularly does, freeze assets determined to have been stolen or connected to illicit activity.
The theft is among the largest in defi history.
Moonwell faces $1 million governance attack
The Moonwell lending protocol faced a governance attack on its deprecated Moonriver instance that could have drained $1 million from the project. Because Moonwell's MFAM governance token trades at fractions of a cent, an attacker was able to accumulate around 40 million tokens, submit a malicious proposal, and achieve quorum. Moonwell governance token holders scrambled to vote down the proposal before the voting ended on March 27.
Ultimately, facing being outvoted, the attacker dumped their MFAM holdings and the proposal was canceled as their balance had fallen below the proposal threshold.
This was only the most recent of Moonwell's troubles after the protocol suffered a $1.78 million loss in February due to an oracle misconfiguration and a $3.7 million loss in November 2025.
- Attack proposal, Moonwell governance [archive]
- Tweet thread by Blockful [archive]
Balancer Labs shuts down after $110 million hack
After a November 2025 exploit in which $110 million was drained from the Balancer defi protocol, the company behind the project has announced it will shut down. Besides the massive loss, the hack also caused users to flee the protocol, and Balancer's total value locked quickly plummeted from around $775 million to around $300 million. It has continued to decline since, now hovering around $150 million.
Balancer co-founder Fernando Martinelli has said he strongly considered shutting down the protocol entirely, but ultimately decided to continue the project as it generates a relatively small amount of revenue. Instead, the project will move to being operated by a DAO and operating company, which Martinelli hopes will allow them to dodge "real and ongoing legal exposure" and "the liability of past security incidents".
Although another Balancer co-founder has optimistically presented this as "the start of a better chapter" for Balancer, it remains to be seen whether a skeleton crew will be able to revive the project.
USR stablecoin depegs in $24 million exploit
The Resolv USD stablecoin, also known as USR, lost its intended dollar peg and dropped to around $0.14 after an exploiter was able to mint and sell tens of millions of unbacked tokens. USR is an asset-backed stablecoin that uses cryptoassets like bitcoin, ETH, and other stablecoins as collateral.
An exploiter took advantage of a flaw in USR's minting code to create tens of millions of USR tokens without depositing any assets to back them. The attacker then sold the unbacked USR, crashing the stablecoin's price to as low as $0.14. The attacker has profited at least 11,400 ETH (~$24 million), though they are still selling.
Some defi protocols paused USR-exposed strategies to avoid downstream impacts. Resolv issued a statement that the token's collateral pool was unaffected, though this is likely little comfort for those who purchased the unbacked USR.
Venus Protocol accumulates $2.15 million in bad debt after exploit
The BNB Chain's Venus Protocol lending protocol accumulated $2.15 million in bad debt after an exploiter manipulated the price of the Thena protocol's THE token. THE had very low liquidity, and the exploiter took advantage of it to manipulate the THE price oracle by borrowing against THE, using the borrowed funds to buy more THE, and repeating — causing the price oracle to reflect higher and higher prices. The attacker was able to avoid a supply cap on Venus by "donating" the funds rather than depositing them in the standard way.
While the exploit left the Venus Protocol with over $2 million in bad debt, it's not clear if the attacker even made money from the exploit. The exploiter's position was ultimately liquidated, collapsing the increase in THE price. However, it's possible the exploiter took advantage of the price discrepancy elsewhere to profit.
The Venus Protocol has had a number of issues in the past — notably in June 2023, when the team developing the BNB Chain had to intervene when the a thief borrowed $150 million on Venus against stolen tokens and then faced liquidation.
BlockFills goes bankrupt
Approximately a month after halting deposits and withdrawals, citing liquidity issues and "recent market and financial conditions", the American crypto lender BlockFills has filed for bankruptcy. Filings in Delaware bankruptcy court reveal the company has between $50 million and $100 million in assets and between $100 million and $500 million in liabilities. The list of creditors include customers like 007 Capital and Artha Investment Partners, and the firm has a $4.75 million loan outstanding to fellow crypto lender Nexo. Also on the list of creditors are the Chicago Blackhawks, with whom BlockFills signed a sponsorship deal in 2022.
BlockFills was backed by investors including Susquehanna and CME Ventures.
- Chapter 11 Voluntary Petition, Reliz Technology Group Holdings Inc.
Trader loses almost $50 million in Aave swap gone wrong
A trader using the Aave interface attempted to swap $50 million USDT for AAVE. However, due to the enormous size of the order, the purchase had dramatic impact on the aave price. The Aave interface warned the customer about the price impact, and the trader clicked a checkbox to accept the order terms. Ultimately, they received only 324 AAVE (~$37,600) in return for their $50 million, losing 99.9% of their assets in the process.
The Aave founder offered to refund the user the $600,000 in fees collected from the transaction, and acknowledged "there are additional guardrails the industry can build to better protect users".
$26.9 million erroneously liquidated on Aave after Chaos Labs oracle bug
Users of the Aave defi lending protocol who had borrowed from the wstETH/stETH pool suffered erroneous liquidations when a price oracle from Chaos Labs reported an inaccurately low price ratio between the two assets. The oracle bug caused some loans to report that they were below the required "health factor" (the ratio between the assets loaned and the amount of collateral provided by the borrower), triggering forcible liquidations across the platform amounting to $26.9 million.
Chaos Labs, presumably embarrassed to have lived up to its name, promised to reimburse users whose positions were improperly liquidated.
Thief pilfers NFTs priced at $230,000 from Gondi
A thief exploited a smart contract belonging to the Gondi NFT platform to steal 78 NFTs priced at $230,000. Perhaps the most shocking part of the theft is that the attacker managed to find NFTs still holding any value at all. Around half of the stolen NFTs were taken from a single wallet.
According to Gondi, the exploiter took advantage of functionality that allowed users to sell their NFTs to automatically repay loans.
Gondi has said it has reimbursed customers by buying them "comparable items" from the same collections as their stolen NFTs, although it seems questionable that this will satisfy customers who purchased products whose whole selling point is that they aren't interchangeable.
Solv Protocol exploited for $2.7 million
The Solv Protocol bitcoin defi lending and staking platform disclosed an exploit that they said affected fewer than ten users, but nevertheless netted the attacker 38 SolvBTC (a wrapped bitcoin token priced at $2.7 million). Although Solv has not disclosed specifics of the attack, some researchers have suggested it was a bug in the protocol's burn and mint functionality.
Returned crypto stolen again from Korean authorities
After a thief drained a crypto wallet of 4 million PRTG (notionally priced at $4.9 million, but highly illiquid) after blundering Korean tax officials posted the wallet's seed phrase to social media in a photo among other seized items, the thief returned the assets. However, the tokens were quickly stolen again by a second thief, as they'd been returned to the same vulnerable wallet. The first thief turned themselves in and was arrested by Korean law enforcement shortly after taking the funds; the second thief has not been identified.
Crypto stolen from Korean authorities after they post wallet seed phrase
When Korean authorities posted a photograph of seized cash and other items from a police raid, they included photos of cards containing crypto wallet seed phrases, which were proudly arranged on the table next to Ledger hardware wallets for the photo op. Because it only takes a seed phrase to gain control of a crypto wallet, someone who saw the press release quickly acted to move around 4 million PRTG tokens from the wallet. The tokens are notionally worth $4.9 million, although the token is not highly liquid.
The blunder was likely due to the authorities' lack of knowledge about cryptocurrency. The move was somewhat akin to authorities publicly posting a username and password for a criminal's bank account — though that would likely be an easier mistake to unwind.
- "$4.8M in crypto stolen after Korean tax agency exposes wallet seed", Bleeping Computer [archive]
Step Finance, SolanaFloor, and Remora Markets shut down after January hack
Step Finance announced that, following a $30 million theft in late January, the project would be shutting down. Along with it, they will shut down SolanaFloor — a Solana-focused media project — and Remora Markets — a Solana-based tokenized stocks platform.
According to Step Finance, "we explored every possible path forward, including financing and acquisition opportunities. Unfortunately, we were unable to secure a viable outcome and have made the difficult decision to end all operations effective immediately."
In reply to Step Finance's announcement, crypto investor Mike Dudas claimed that the project had contacted him about bridge financing, but that Step had never responded to his request for more information about the hack. "i responded: 'would need to see the security post mortem before i could consider investing here' <crickets>"
YieldBlox lending pool drained of $10.2 million
A lending pool operated by YieldBlox on the Stellar blockchain was emptied of around $10.2 million in an oracle manipulation attack on the Reflector oracle supplying prices for the USTRY/USDC market. Reflector has said that there was no flaw with their oracle, and that market illiquidity caused the problem. "Reflector quoted correct prices. ... but it's impossible to quote adequate prices for a market fully handled by a single market-maker with almost zero trading activity."
The attacker was able to manipulate the oracle price to show that USTRY was priced at $100 (rather than its actual trading price of around $1.05). Then, they borrowed against the overvalued asset, withdrawing XLM and USDC priced at $10.2 million. However, around 48 million of the stolen XLM (~$7.2 million) were frozen.
IoTeX bridge exploited for $2 million after private key compromise
IoTeX, a platform to connect IoT devices to blockchain networks, lost around $2 million after a private key compromise enabled an attacker to drain funds from the project's token safe. Initial loss estimates were as high as $8.8 million, although IoTeX CEO Raullen Chai stated that the actual loss was closer to $2 million.
Blockchain security researcher Specter has suggested there may be links between this attack and a $50 million theft from the Infini "stablecoin neobank" a year ago.
Goliath Ventures CEO charged with running $328 million Ponzi scheme
Federal authorities arrested Christopher Alexander Delgado, the CEO of Goliath Ventures (previously Gen-Z Ventures). According to the charging documents, what Delgado presented to prospective investors as a way to earn returns via crypto liquidity pools was actually a Ponzi scheme, where investors' money was just being used to pay off earlier investors. With the profits from his venture, Delgado allegedly threw lavish parties and purchased multiple multi-million dollar properties.
- Goliath Ventures - United States v. Christopher Alexander Delgado, US Attorney's Office for the Middle District of Florida
South Korean prosecutors lose $22 million of seized crypto to the wallet inspector, later recover it
Staff members working for South Korean prosecutors, for some reason, decided to use a "wallet checking tool" during an August 2025 audit of seized crypto assets. The tool they selected turned out to be a phishing tool, and five wallets were drained of 320 BTC.
On February 19, the office announced they had recovered the stolen assets and identified the thief.
Moonwell lending protocol suffers $1.78 million loss after second oracle misconfiguration in four months
After an oracle misconfiguration, the Moonwell defi lending protocol accumulated $1.78 million in bad debt. When the protocol showed that cbETH was priced at just over a dollar, rather than its actual market price of around $2,200, bots and humans alike rushed to take advantage of the mispricing. The error cascaded into liquidations across the platform.
This is the second time Moonwell has suffered a loss thanks to an oracle misconfiguration. In November 2025, the platform was left with almost $3.7 million in bad debt after a different asset was mispriced.
Although the vulnerable pull requests were at least partially developed by an AI tool, the security auditor who initially attributed the vulnerability to Claude Opus 4.6 later softened his criticism, noting that even senior developers could have made the same mistake. He did, however, criticize the project for a lack of sufficiently rigorous testing that should have caught the issue.