SummerFi Exploit Shows AI Logic Bugs Now Top DeFi Threat
Bridge hacks and flash-loan drains are fading, but a single logic flaw in an AI-driven DeFi protocol can now cascade across six chains at once.
Every Zipp story tagged #Exploit, newest first.
Bridge hacks and flash-loan drains are fading, but a single logic flaw in an AI-driven DeFi protocol can now cascade across six chains at once.
The $6M loss is a third of the protocol's TVL; the accounting-logic flaw and the unpaused window before guardians acted will get equal scrutiny from audit shops and depositors.
The DeFi lending protocol lost just over $6M in a single exploit, the latest in a string of mid-cap DeFi venues taken down by attackers in 2025.
The attack is hitting a yield-aggregator specifically built for institutional-grade vault infrastructure, putting fresh attention on the security stack behind DeFi's automated strategies.
A five-month dormant wallet dumping its full $21.4M SOL hoard into ETH and then through a mixer is a textbook post-exploit cleanup, and a reminder that stolen Solana still finds an off-ramp to…
With recovery odds described as low, the project is stepping away from its identity-and-blockchain roots, a strategic retreat that signals how deep the damage runs.
The $403K bad debt was small, but the failure mode is one DeFi can't stop hitting: manipulating a protocol's view of a price rather than the price itself, this time through a tokenized Google share.
Taiko, an Ethereum layer-2 rollup, lost roughly $1.7M to an exploit, with the attacker already moving $189K in TKO to MEXC while still sitting on $1.52M in ETH.
The same bot that once consumed 7% of Ethereum gas in a single day lost its working capital to an attacker who exploited a careless token approval — a reminder that MEV profit is one phishing-style…
The attacker converted the full haul to ETH and routed 1,000 of it through Tornado Cash within hours — a textbook MEV-operator exit and a reminder that the bots eating Ethereum's mempool aren't…
The attack exploited automated approval logic rather than a smart-contract bug — a reminder that the infrastructure built to extract MEV is itself becoming a high-value target.
The swap into USDC and a centralized exchange is a classic laundering pivot — but the on-chain trail makes this one traceable, not invisible.
The Aztec Foundation says the breached product is a four-year-old immutable stage 2 rollup with no ties to current network contracts or the AZTEC token — but a related validation flaw just drained…
The funds came from a legacy AMM V3 program Raydium phased out in 2021 — no current UI users were exposed, but the exploit shows aged on-chain program surfaces remain a live attack surface.
Raydium, one of Solana's largest decentralized exchanges, confirmed a $1.34 million exploit targeting a retired…
More than 17 wallets linked to the project have been siphoned in an active exploit, with on-chain monitors flagging losses above $31M as the H token collapses on thin liquidity.
The attacker is swapping stolen $H straight into $ETH in real time — a textbook exit-liquidity drain that turns a smart-contract bug into an instant market crash for everyone holding the token.
The exploit traced through 17 wallets hit the H token harder than the dollar loss — and a founder-confirmed private-key compromise means the attack vector was a single point of failure, not a…
Hayes cited an unpatched cryptographic flaw in Zcash's Orchard Pool that could theoretically have allowed silent ZEC minting for years — and said privacy-coin narratives can't survive that kind of…
The vulnerability could have minted unlimited counterfeit ZEC without detection, and the fact that it survived years of cryptographic review is now the more uncomfortable read than the 30% drop.