Attackers drained about 2.1 million USD from an old Thetanuts Finance vault in the latest DeFi attack. Whitehat defenders managed to recover roughly 2 million USD in option tokens.
The attack targeted an old vault that the protocol abandoned several years ago. Thetanuts stated that the vault has no connection to today's products or current systems.
Inside Thetanuts Vault DeFi exploits
Companies working on blockchain security warned about the incident on X (formerly Twitter). SlowMist identified the bug, which was due to a rounding issue in integer division in the contract's mint function.
After the vault was drained, the deposit formula became 0, as the system rounded down during integer division. Therefore, an attacker could create tokens for free. The bug allowed someone to create unlimited tokens.
PeckShield showed that the attacker swapped $105,000 in USDC for about 60 Ethereum (ETH). The wallet still holds roughly $34,000 in option tokens.
Follow us on X to get the latest news straight away.
#PeckShieldAlert @ThetanutsFi has been exploited for $2.1M. It seems $2M in option tokens have been whitehatted. The exploiter has swapped $105K $USDC for ~60 $ETH and holds $34K USDC in option tokens pic.twitter.com/QvyW1ENQFJ
— PeckShieldAlert (@PeckShieldAlert) June 15, 2026
Thetanuts also gave a public statement about the attack.
“Our initial investigation shows that this once again concerns an old vault we left behind several years ago. It has no connection to today's contracts or products. We will publish a report when we have more details,” the team stated on X.
The attack fits a pattern where attackers exploit old or abandoned code. Older contracts often remain on the blockchain even when the teams have stopped maintaining them.
BeInCrypto reported that attackers stole around $2.1 million USD from Aztec Connect, which was shut down three years ago. Another attack hit Raydium (RAY) old liquidity pools for about $1.3 million USD.
Subscribe to our YouTube channel to see leaders and journalists share their expertise.