# Exploit Related Articles

HTX News Center provides the latest articles and in-depth analysis on "Exploit", covering market trends, project updates, tech developments, and regulatory policies in the crypto industry.

Who Struck Step Finance? Treasury Breach Nets $27 Million

Step Finance, a Solana analytics platform, suffered a major treasury breach on January 31, 2026, resulting in the loss of 261,854 SOL (worth approximately $27–30 million). The stolen funds were unstaked and moved off-platform, triggering an 80% crash in the platform’s governance token. Security teams and external firms are investigating the attack, which may have involved stolen private keys or a staking exploit. Step Finance has taken emergency measures to secure remaining funds, restricted treasury access, and is cooperating with authorities. The incident caused significant market panic, and recovery efforts are underway, though the full technical details remain unclear.

bitcoinist02/02 10:31

Who Struck Step Finance? Treasury Breach Nets $27 Million

bitcoinist02/02 10:31

CrossCurve Bridge Exploit Drains About $3M, Rekindling Cross-Chain Risk

Cross-chain liquidity protocol CrossCurve suffered an exploit on February 2, with estimated losses around $3 million across multiple networks. The attack involved a spoofed cross-chain message that bypassed validation, allowing the attacker to trigger unauthorized token unlocks on the destination chain. The protocol urged users to pause interactions and launched an investigation. CEO Boris Povar later published ten Ethereum addresses linked to the stolen funds, offering a 10% bounty for their return within 72 hours and threatening legal action. The incident highlights persistent vulnerabilities in cross-chain bridges, where security often conflicts with user demand for speed. Verification failures and assumptions in smart contract logic remain critical risks, as a single flaw can lead to multi-network exploits.

ccn.com02/02 09:33

CrossCurve Bridge Exploit Drains About $3M, Rekindling Cross-Chain Risk

ccn.com02/02 09:33

Crypto Scams and Hacks Surge to $370M in January: CertiK

In January, cryptocurrency scams and hacks surged to $370.3 million, marking the highest monthly loss in 11 months and a fourfold increase from January of the previous year. The majority of the stolen funds came from a single social engineering scam that resulted in a $284 million loss. Phishing attacks accounted for over $311.3 million of the total. The month's largest incidents included a $28.9 million hack on Step Finance, a $26.4 million exploit of the Truebit protocol due to a smart contract bug, and a $13.3 million attack on SwapNet. Overall, 16 major hacks were recorded, causing $86.01 million in losses—a slight decrease from the previous year but a 13% rise from December. The figures represent a 214% increase from December's losses and highlight a significant escalation in crypto security breaches.

TheNewsCrypto02/02 08:13

Crypto Scams and Hacks Surge to $370M in January: CertiK

TheNewsCrypto02/02 08:13

CrossCurve Bridge Exploit Exposes $3 Million Loss in Cross-Chain Security Breach

CrossCurve, a cross-chain liquidity and bridge protocol, suffered a security breach resulting in approximately $3 million in losses. The exploit was caused by a missing security check in its smart contract, allowing attackers to send fake but valid-looking messages and drain tokens. The incident resembles the 2022 Nomad bridge hack and highlights that even protocols with multiple validation systems (like Axelar and LayerZero) remain vulnerable to single coding errors. CrossCurve and its backer, Curve Finance founder Michael Egorov, advise users to pause all interactions with the protocol, review exposures to CrossCurve-related pools, and await official updates.

TheNewsCrypto02/02 07:52

CrossCurve Bridge Exploit Exposes $3 Million Loss in Cross-Chain Security Breach

TheNewsCrypto02/02 07:52

A Well-Designed "Self-Detonation": Analysis of the PGNLZ Attack Incident

On January 27, 2026, an attacker executed a well-orchestrated exploit against the PGNLZ token on BNB Smart Chain, resulting in approximately $100k in losses. The attacker initiated a flash loan of 1,059 BTCB from Moolah Protocol, used it as collateral on Venus Protocol to borrow 30 million USDT, and then exchanged 23,337,952 USDT for 982,506 PGNLZ on PancakeSwap. These PGNLZ tokens were intentionally burned (sent to a dead address), drastically reducing the liquidity pool supply. This manipulation caused the price of PGNLZ to surge from approximately $0.10 to over $5,528 per token. The attacker then invoked a fee-on-transfer function, triggering a built-in burn mechanism (_executeBurnFromLP) that further depleted the pool, leaving only a minuscule amount of PGNLZ and artificially inflating the price to an extreme 40 billion times its original value. Finally, the attacker drained the liquidity pool, repaid the flash loan, and netted a significant profit. The root cause was identified as a flawed deflationary economic model with insufficient validation during fee processing and LP burns, allowing price manipulation. The incident underscores the importance of rigorous economic model design and multi-audit practices before contract deployment.

marsbit01/28 12:14

A Well-Designed "Self-Detonation": Analysis of the PGNLZ Attack Incident

marsbit01/28 12:14

SwapNet Exploit Drains $17M, Exposes DeFi Approval Risks

A significant security breach occurred at DEX aggregator SwapNet, resulting in a loss of approximately $16.8 million. The exploit was first identified by security firm PeckShield. The attacker swapped $10.5 million in USDC for Ether on Base network and bridged the funds to Ethereum. The vulnerability stemmed from users disabling the "One-Time Approval" feature designed to restrict token permissions. By doing so, they inadvertently granted direct and persistent approvals to underlying contracts, including SwapNet’s router, which the attacker exploited. Matcha Meta, the meta-DEX aggregator through which SwapNet was accessed, clarified that the issue did not originate from its core system but from this user configuration choice. SwapNet paused its contracts to mitigate further damage and investigate the incident. Users were urged to revoke approvals granted outside the One-Time Approval framework, especially for SwapNet’s router. The event underscores a critical DeFi trade-off: one-time approvals enhance security but add friction, while unlimited approvals improve usability but create persistent risk if a platform is compromised. This incident is part of a broader pattern of exploits targeting unverified code and standing approvals, highlighting ongoing risks in DeFi’s interconnected ecosystem. SwapNet has not yet released a technical post-mortem or confirmed user compensation.

TheNewsCrypto01/26 10:11

SwapNet Exploit Drains $17M, Exposes DeFi Approval Risks

TheNewsCrypto01/26 10:11

Makina recovers majority of funds from exploit as whitehat process returns 920 ETH

Makina has recovered the majority of funds from a 20 January exploit, with approximately 920 ETH returned through the SEAL Whitehat Safe Harbor program. The MEV builder involved received a 10% bounty. The total exploit amounted to around 1,299 ETH, with 920 ETH representing the bulk of the funds initially received by the builder. Recovery efforts continue for the remaining 276 ETH sent to a Rocket Pool validator. The exploit only affected the USDC side of Makina’s DUSD/USDC Curve pool, impacting liquidity providers but not other users. The incident highlights the role of whitehat frameworks and coordinated responses in mitigating DeFi losses, though it remains one of the larger exploits in early 2026.

ambcrypto01/22 17:59

Makina recovers majority of funds from exploit as whitehat process returns 920 ETH

ambcrypto01/22 17:59

SagaEVM Chain Exploit Sees $7M Drained, Funds Moved to Ethereum

On January 21, the SagaEVM chain, part of the Saga Layer-1 ecosystem, was paused following a security exploit. The team identified the attacker’s wallet and confirmed approximately $7 million in assets were stolen, with some funds bridged to Ethereum and converted to ETH or other tokens. The chain was halted at block height 6,593,800 to prevent further unauthorized transfers. The attack involved contract deployments, cross-chain interactions, and rapid liquidity withdrawals. Saga is working with exchanges to blacklist the address and is conducting a forensic investigation. The exploit affected SagaEVM and related EVM environments, but the mainnet and validator security remained uncompromised.

TheNewsCrypto01/22 11:22

SagaEVM Chain Exploit Sees $7M Drained, Funds Moved to Ethereum

TheNewsCrypto01/22 11:22

Makina exploit adds to growing list of DeFi attacks in early 2026

Makina, a DeFi protocol, was exploited on 20 January, losing over $4 million from its DUSD/USDC Curve pool. The attack was isolated to the USDC side and did not affect other tokens or user positions. The incident adds to a series of DeFi security breaches in early 2026, including Truebit ($26 million lost) and YO Protocol ($3.7 million lost). Most exploits stem from logic errors, configuration risks, or legacy contract issues rather than new techniques. Makina has initiated recovery efforts and a post-mortem is pending. The concentration of losses in a few high-impact incidents highlights persistent systemic risks in DeFi.

ambcrypto01/21 17:07

Makina exploit adds to growing list of DeFi attacks in early 2026

ambcrypto01/21 17:07

A Calculation Vulnerability Led to the Theft of 8,535 ETH from Truebit

On January 8, 2026, the Truebit Protocol was exploited, resulting in a loss of 8,535.36 ETH (approximately $26.44 million). The attack involved a critical integer overflow vulnerability in the token purchase price calculation function. The attacker executed four rounds of transactions by calling functions getPurchasePrice, 0xa0296215, and 0xc471b10b. In the first round, the attacker called getPurchasePrice with a large input value (240442509453545333947284131), which returned 0 due to an arithmetic flaw. Then, they invoked function 0xa0296215 with msg.value = 0, successfully minting a massive amount of TRU tokens. Finally, by calling function 0xc471b10b, they burned the minted tokens and received 5,105.06 ETH. The root cause was an unchecked addition operation (v12 + v9) in the price calculation logic (function 0x1446), which overflowed to a small value, making (v12 + v9) / v6 = 0. The contract used Solidity ^0.6.10 without overflow checks, enabling the exploit. This incident highlights the risks of older DeFi protocols with unpatched vulnerabilities, possibly identified through AI-assisted scanning. Projects are advised to conduct security audits, upgrade contracts, and monitor链上 activity to mitigate such threats.

marsbit01/13 07:36

A Calculation Vulnerability Led to the Theft of 8,535 ETH from Truebit