The Aave founder offered to refund the user the $600,000 in fees collected from the transaction, and acknowledged "there are additional guardrails the industry can build to better protect users".
Trader loses almost $50 million in Aave swap gone wrong
A trader using the Aave interface attempted to swap $50 million USDT for AAVE. However, due to the enormous size of the order, the purchase had dramatic impact on the aave price. The Aave interface warned the customer about the price impact, and the trader clicked a checkbox to accept the order terms. Ultimately, they received only 324 AAVE (~$37,600) in return for their $50 million, losing 99.9% of their assets in the process.
$26.9 million erroneously liquidated on Aave after Chaos Labs oracle bug
Users of the Aave defi lending protocol who had borrowed from the wstETH/stETH pool suffered erroneous liquidations when a price oracle from Chaos Labs reported an inaccurately low price ratio between the two assets. The oracle bug caused some loans to report that they were below the required "health factor" (the ratio between the assets loaned and the amount of collateral provided by the borrower), triggering forcible liquidations across the platform amounting to $26.9 million.
Chaos Labs, presumably embarrassed to have lived up to its name, promised to reimburse users whose positions were improperly liquidated.
Thief pilfers NFTs priced at $230,000 from Gondi
A thief exploited a smart contract belonging to the Gondi NFT platform to steal 78 NFTs priced at $230,000. Perhaps the most shocking part of the theft is that the attacker managed to find NFTs still holding any value at all. Around half of the stolen NFTs were taken from a single wallet.
According to Gondi, the exploiter took advantage of functionality that allowed users to sell their NFTs to automatically repay loans.
Gondi has said it has reimbursed customers by buying them "comparable items" from the same collections as their stolen NFTs, although it seems questionable that this will satisfy customers who purchased products whose whole selling point is that they aren't interchangeable.
Solv Protocol exploited for $2.7 million
The Solv Protocol bitcoin defi lending and staking platform disclosed an exploit that they said affected fewer than ten users, but nevertheless netted the attacker 38 SolvBTC (a wrapped bitcoin token priced at $2.7 million). Although Solv has not disclosed specifics of the attack, some researchers have suggested it was a bug in the protocol's burn and mint functionality.
Crypto stolen from Korean authorities after they post wallet seed phrase
When Korean authorities posted a photograph of seized cash and other items from a police raid, they included photos of cards containing crypto wallet seed phrases, which were proudly arranged on the table next to Ledger hardware wallets for the photo op. Because it only takes a seed phrase to gain control of a crypto wallet, someone who saw the press release quickly acted to move around 4 million PRTG tokens from the wallet. The tokens are notionally worth $4.9 million, although the token is not highly liquid.
The blunder was likely due to the authorities' lack of knowledge about cryptocurrency. The move was somewhat akin to authorities publicly posting a username and password for a criminal's bank account — though that would likely be an easier mistake to unwind.
- "$4.8M in crypto stolen after Korean tax agency exposes wallet seed", Bleeping Computer [archive]
Step Finance, SolanaFloor, and Remora Markets shut down after January hack
Step Finance announced that, following a $30 million theft in late January, the project would be shutting down. Along with it, they will shut down SolanaFloor — a Solana-focused media project — and Remora Markets — a Solana-based tokenized stocks platform.
According to Step Finance, "we explored every possible path forward, including financing and acquisition opportunities. Unfortunately, we were unable to secure a viable outcome and have made the difficult decision to end all operations effective immediately."
In reply to Step Finance's announcement, crypto investor Mike Dudas claimed that the project had contacted him about bridge financing, but that Step had never responded to his request for more information about the hack. "i responded: 'would need to see the security post mortem before i could consider investing here' <crickets>"
YieldBlox lending pool drained of $10.2 million
A lending pool operated by YieldBlox on the Stellar blockchain was emptied of around $10.2 million in an oracle manipulation attack on the Reflector oracle supplying prices for the USTRY/USDC market. Reflector has said that there was no flaw with their oracle, and that market illiquidity caused the problem. "Reflector quoted correct prices. ... but it's impossible to quote adequate prices for a market fully handled by a single market-maker with almost zero trading activity."
The attacker was able to manipulate the oracle price to show that USTRY was priced at $100 (rather than its actual trading price of around $1.05). Then, they borrowed against the overvalued asset, withdrawing XLM and USDC priced at $10.2 million. However, around 48 million of the stolen XLM (~$7.2 million) were frozen.
IoTeX bridge exploited for $2 million after private key compromise
IoTeX, a platform to connect IoT devices to blockchain networks, lost around $2 million after a private key compromise enabled an attacker to drain funds from the project's token safe. Initial loss estimates were as high as $8.8 million, although IoTeX CEO Raullen Chai stated that the actual loss was closer to $2 million.
Blockchain security researcher Specter has suggested there may be links between this attack and a $50 million theft from the Infini "stablecoin neobank" a year ago.
Goliath Ventures CEO charged with running $328 million Ponzi scheme
Federal authorities arrested Christopher Alexander Delgado, the CEO of Goliath Ventures (previously Gen-Z Ventures). According to the charging documents, what Delgado presented to prospective investors as a way to earn returns via crypto liquidity pools was actually a Ponzi scheme, where investors' money was just being used to pay off earlier investors. With the profits from his venture, Delgado allegedly threw lavish parties and purchased multiple multi-million dollar properties.
- Goliath Ventures - United States v. Christopher Alexander Delgado, US Attorney's Office for the Middle District of Florida
South Korean prosecutors lose $22 million of seized crypto to the wallet inspector, later recover it
Staff members working for South Korean prosecutors, for some reason, decided to use a "wallet checking tool" during an August 2025 audit of seized crypto assets. The tool they selected turned out to be a phishing tool, and five wallets were drained of 320 BTC.
On February 19, the office announced they had recovered the stolen assets and identified the thief.
Moonwell lending protocol suffers $1.78 million loss after second oracle misconfiguration in four months
After an oracle misconfiguration, the Moonwell defi lending protocol accumulated $1.78 million in bad debt. When the protocol showed that cbETH was priced at just over a dollar, rather than its actual market price of around $2,200, bots and humans alike rushed to take advantage of the mispricing. The error cascaded into liquidations across the platform.
This is the second time Moonwell has suffered a loss thanks to an oracle misconfiguration. In November 2025, the platform was left with almost $3.7 million in bad debt after a different asset was mispriced.
Although the vulnerable pull requests were at least partially developed by an AI tool, the security auditor who initially attributed the vulnerability to Claude Opus 4.6 later softened his criticism, noting that even senior developers could have made the same mistake. He did, however, criticize the project for a lack of sufficiently rigorous testing that should have caught the issue.
BlockFills crypto lender halts withdrawals
The Chicago-based institutional crypto lending firm BlockFills has halted deposits and withdrawals, citing "recent market and financial conditions" and a desire to "further the protection of clients and the firm". They've also noted the need to "restore liquidity to the platform".
Platforms limiting or halting withdrawals — particularly lending platforms — is reminiscient of the 2022 crypto crash, when falling crypto prices exposed crypto firms that had been engaging in highly risky or sometimes illegal behavior. As crypto prices fell, firms were unable to meet their loan obligations or faced margin calls, and the tightly interconnected web of lending within the crypto ecosystem often meant that one company failure cascaded into multiple more. It remains to be seen whether this is an isolated incident or the beginning of a trend as crypto prices hit revisit price lows not seen in over a year.
BlockFills claims to have more than 2,000 institutional clients globally, and boasted of facilitating more than $61 billion in transactions in 2025. The company's backers include Susquehanna Capital and CME Ventures.
Bithumb accidentally gives away $44 billion to customers
The South Korean cryptocurrency exchange Bithumb disclosed that it had accidentally given its customers more than 620,000 BTC (~$44 billion) in a promotional event gone wrong. Intending to reward each customer with at least ₩2,000 (~$1.40), the exchange accidentally rewarded each customer at least 2,000 BTC (almost $140 million).
The exchange announced that they had recovered 99.7% of the erroneously awarded tokens, leaving around 1,860 BTC (~$130 million) unaccounted for.
The incident has drawn further scrutiny from Korean regulators, who said that the error "has exposed the vulnerabilities and risks of virtual assets." Regulatory agencies in the country had already been cracking down on crypto firms following a $30 million hack of the Upbit crypto exchange in November 2025.
Gemini crypto exchange fires 25% of staff, blames AI
Gemini, the cryptocurrency exchange founded and run by Cameron and Tyler Winklevoss, will lay off as many as 200 employees globally. The news came amid an announcement that the company would be withdrawing from the UK, EU, and Australia. "These foreign markets have proven hard to win in for various reasons," they said. They also announced that they would be "parting ways" with their CFO, CLO, and COO.
As many companies do these days, the Winklevosses tried to pin the layoffs on AI, claiming that the engineers using AI are ten times more productive. "A smaller organization, leveraging the right tools, isn't just more efficient, it's actually faster," they wrote — in a blog post that itself reeks of AI.
CrossCurve users exploited for around $3 million
Hackers exploited a bug in smart contracts deployed by the defi protocol CrossCurve to steal an estimated $3 million across multiple blockchains. The thief was able to spoof cross-chain messages, causing the CrossCurve bridge to release assets not belonging to them.
CrossCurve took a conciliatory tone in on-chain messages sent to the thief, writing, "These tokens were wrongfully taken from users due to a smart contract exploit. We do not believe this was intentional on your part, and there is no indication of malicious intent." (Who among us hasn't accidentally stolen millions of dollars?) However, they warned, they planned to escalate to working with law enforcement and blockchain security firms to investigate and prosecute the theft if the funds were not returned within 72 hours.
$29 million stolen from from Step Finance treasury wallets
The Solana-based defi portfolio tracker Step Finance lost 261,854 SOL (~$28.7 million) when a thief gained access to treasury and fee wallets. It's not yet clear how the attacker was able to steal the funds, although Step Finance posted to Twitter that the theft occurred via a "well known attack vector". Step wrote that they were working with cybersecurity firms and law enforcement to address the incident.
Aperture Finance users lose at least $3.4 million
An attacker exploited a bug in an Aperture Finance smart contract to steal at least $3.4 million from users who had enabled "instant liquidity management" features. Aperture Finance is a defi platform that aims to allow users to trade by telling large language models their "intents".
Aperture has said they disabled portions of their web app impacted by the bug, and are working to try to trace and recover stolen funds.
$13.43 million stolen from Matcha Meta users in SwapNet exploit
Some users of Matcha Meta, a decentralized exchange aggregator on the Base blockchain, suffered losses after a thief exploited a vulnerability in its SwapNet integration. SwapNet is another DEX aggregator that integrates with Matcha Meta, and Matcha blamed a vulnerability in their smart contracts that enabled a thief to steal assets transferred via the integration.
Most of the lost funds came from a single user, who lost $13.34 million in assets. Other users lost a combined $90,000.
- "SwapNet Incident Post Mortem", Matcha Meta
Thief of millions in seized U.S.-controlled crypto alleged to be government crypto contractor's son
Two crypto thieves decided to settle an argument over who was wealthier by screensharing as they transferred crypto between wallets to prove ownership. In doing so, one of them — known online as "Lick" — revealed a wallet address that crypto sleuth zachxbt quickly tied to the theft of around $40 million from US government wallets containing seized crypto assets, including a $20 million theft zachxbt reported in October 2024. Lick's wallets contained around $90 million in total, including the stolen government assets and those stolen from other victims.
zachxbt has alleged that "Lick" is a man named John Daghita. After reporting Daghita's identity, "Lick" appeared to try to scrub his Telegram account, then dusted zachxbt's public crypto wallet from one of the theft addresses.
Daghitia is reportedly the son of Dean Daghita, the owner of Command Services & Support (CMDSS). In October 2024, CMDSS landed a contract with the US Marshals to manage seized crypto assets, which is still active. After zachxbt linked the younger Daghita to his father and CMDSS, CMDSS also scrubbed its online presence. Around that time, Lick began trolling zachxbt again, and later sent 0.6767 ETH (~$1,900) of the stolen funds to zachxbt.
CMDSS' website boasts that they are "a proven provider of mission-critical services to the Department of Defense and Department of Justice".