defiexploits
963 views
3 Discussing
Hot
Latest
See original
Hacker drained the USPD DeFi protocol of $1 million in 12 minutes.
Unknown attacker on December 5, 2025, completely drained the DeFi protocol United States Peg Dollar (USPD) — a stablecoin that positioned itself as a 'regulatory-compliant' asset of the USA. Total losses amounted to $1.03 million.
The attack was made possible due to a critical vulnerability in the smart contract function mint(), which allowed anyone to mint an unlimited number of USPD without corresponding collateral. The exploit lasted only 12 minutes: the hacker created 1,030,000 USPD tokens, exchanged them for USDC and USDT through Curve and Balancer pools, and then withdrew the funds through Tornado Cash.
The attack was made possible due to a critical vulnerability in the smart contract function mint(), which allowed anyone to mint an unlimited number of USPD without corresponding collateral. The exploit lasted only 12 minutes: the hacker created 1,030,000 USPD tokens, exchanged them for USDC and USDT through Curve and Balancer pools, and then withdrew the funds through Tornado Cash.
🚨 #Web3 Security Incidents in February 2025 Lead to Massive Losses! 🚨
The Web3 space faced severe security breaches in February 2025, resulting in significant financial losses across multiple protocols. Here’s a breakdown of the biggest incidents:
🔹 DeFi Exploits: Several decentralized finance platforms suffered flash loan attacks and smart contract vulnerabilities, draining millions in assets.
🔹 Phishing & Wallet Drains: Attackers targeted high-profile Web3 users, using phishing scams and malicious dApps to steal funds.
🔹 Bridge Hacks Continue: Cross-chain bridges remained a major target, with hackers exploiting weak security measures to siphon off crypto.
🔹 Exchange Breaches: At least one centralized exchange reported unauthorized withdrawals due to compromised API keys.
💡 Security remains a top concern in Web3. Always verify smart contracts, enable multi-signature wallets, and use hardware wallets for protection.
📢 What’s your take on the increasing security risks in crypto? Drop your thoughts below! ⬇️🔥
#CryptoSecurity #Web3Hacks #DefiExploits #BlockchainSecurity #CryptoScams #StaySafe #CyberSecurity #Hacks #CryptoNews
The Web3 space faced severe security breaches in February 2025, resulting in significant financial losses across multiple protocols. Here’s a breakdown of the biggest incidents:
🔹 DeFi Exploits: Several decentralized finance platforms suffered flash loan attacks and smart contract vulnerabilities, draining millions in assets.
🔹 Phishing & Wallet Drains: Attackers targeted high-profile Web3 users, using phishing scams and malicious dApps to steal funds.
🔹 Bridge Hacks Continue: Cross-chain bridges remained a major target, with hackers exploiting weak security measures to siphon off crypto.
🔹 Exchange Breaches: At least one centralized exchange reported unauthorized withdrawals due to compromised API keys.
💡 Security remains a top concern in Web3. Always verify smart contracts, enable multi-signature wallets, and use hardware wallets for protection.
📢 What’s your take on the increasing security risks in crypto? Drop your thoughts below! ⬇️🔥
#CryptoSecurity #Web3Hacks #DefiExploits #BlockchainSecurity #CryptoScams #StaySafe #CyberSecurity #Hacks #CryptoNews
🛡️ Meta Pool Exploit: Liquid Staking Gets Drained
Like & comment if you're still bullish on LSTs.
Another day, another DeFi exploit. This time it’s Meta Pool — a liquid staking protocol on NEAR — losing control of validator permissions. The attacker used multisig manipulation to hijack funds and unstake assets, draining them rapidly.
This isn’t just a hit to Meta Pool, it’s a blow to trust in cross-chain LST platforms. It also raises a key question: who’s really in control of your “decentralized” assets?
As restaking narratives grow hotter, so do the risks of smart contract shortcuts.
⏳ Decentralization takes time — and true security isn’t programmable overnight.
#MetaPool $NEAR #DefiExploits #LiquidStakingMomentum #CryptoSecurity #SmartContractRisk
Like & comment if you're still bullish on LSTs.
Another day, another DeFi exploit. This time it’s Meta Pool — a liquid staking protocol on NEAR — losing control of validator permissions. The attacker used multisig manipulation to hijack funds and unstake assets, draining them rapidly.
This isn’t just a hit to Meta Pool, it’s a blow to trust in cross-chain LST platforms. It also raises a key question: who’s really in control of your “decentralized” assets?
As restaking narratives grow hotter, so do the risks of smart contract shortcuts.
⏳ Decentralization takes time — and true security isn’t programmable overnight.
#MetaPool $NEAR #DefiExploits #LiquidStakingMomentum #CryptoSecurity #SmartContractRisk
Login to explore more contents