35 DeFi protocols hacked in 2026 already

Thirty-five DeFi protocol hacks in early 2026 caused over $453 million in losses, according to several analysts. January (12 incidents, $103M), February (8, $24M), March (14, $41M), and April (one major event, $285M) make up this breakdown. Notable exploits cited include Step Finance (private key) and Drift Protocol on Solana (admin keys). Common attack vectors are smart contract vulnerabilities, private key compromises, and oracle manipulations, highlighting the need for better key management and strengthened security protocols.

Common attack vectors in DeFi exploits (based on the 2026 data) fall into a few recurring categories. These account for the vast majority of the $453M+ lost across 35 incidents. I’ll break them down clearly with explanations, real examples from the table, and why they work.

1. Compromised Private Keys / Admin Keys (Human / Access Control Failures)

• What it is: Attackers gain control of the cryptographic keys (or multisig wallets) that own critical protocol functions—like withdrawals, upgrades, or treasury access. This is often via phishing, malware, social engineering, or poor key management (e.g., no hardware wallets, weak multisig setups, or leaked seeds).
• Why it’s devastating: Once keys are compromised, the attacker can drain funds directly—no smart contract bug needed. It hits « 3x harder per incident » than most other vectors.
• 2026 examples:
  • Step Finance (Jan): $40M via private key compromise.
  • IoTeX (Feb): $8M private key compromise.
  • Resolv (Mar): $24.5M private key compromise.
  • Drift Protocol (Apr): $285M via compromised admin keys + durable nonces (a Solana feature that lets transactions persist).
• Fix: Hardware security modules, proper multisig with timelocks, regular key rotation, and avoiding single points of failure.

2. Smart Contract Bugs / Logic Flaws (Code Vulnerabilities)

• What it is: Errors in the protocol’s code allow unauthorized actions. Common subtypes include:
  • Infinite minting/dumping (creating unlimited tokens).
  • Unlimited approvals (approving spending without limits).
  • Accounting flaws (miscalculating balances or shares).
  • Logic errors (wrong conditions for minting, staking, etc.).
  • Reentrancy or delegation exploits (though not always named explicitly).
• Why it works: DeFi code is public and immutable once deployed—bugs can’t be patched easily without upgrades (which themselves can be risky).
• 2026 examples:
  • Truebit (Jan): $26.4M Bonding Curve Exploit.
  • Matcha (Jan): $16.8M Unlimited Approval Exploit.
  • Saga (Jan): $7M Infinite Mint and Dump.
  • Aperture LM / Polycule (Jan): Protocol Logic flaws.
  • Goose Finance (Mar): $8,435 Share Accounting Flaw.
  • Many others labeled « Protocol Logic » or specific exploits like Mint & Stake Loop, Deposit Inflation, etc.
• Fix: Multiple professional audits, formal verification, bug bounties, and slower development with continuous monitoring.

3. Oracle Manipulations / Price Oracle Attacks (Data Feed Tampering)

• What it is: Protocols rely on oracles (e.g., Chainlink, Pyth, or custom ones) for real-world prices. Attackers manipulate the feed—often with flash loans—to fake asset prices, then borrow/drain at artificial rates.
• Why it’s effective: Oracles are a single point of failure between on-chain and off-chain data. Flash loans make it cheap to swing prices temporarily.
• 2026 examples:
  • Blend Pools V2 (Feb): $10.97M Price Oracle Manipulation.
  • Makina (Jan): $4.2M Flashloan Price Oracle.
  • Plutos Money (Feb): $390K Misconfigured Oracle.
  • LML/USDT Staking (Mar): $950K Price Manipulation.
  • Aave V3 (Mar): $862K CAPO Oracle Misconfig.
• Fix: Use multiple decentralized oracles, time-weighted averages, or on-chain verification with circuit breakers.

4. Flash Loan Attacks (Leveraged Temporary Borrowing)

• What it is: Flash loans let you borrow huge sums (millions) in one transaction with no collateral—as long as you repay in the same block. Attackers combine them with other vectors (oracles, logic flaws) to amplify exploits.
• Why it’s powerful: Zero upfront capital required; the entire attack happens atomically.
• 2026 examples: Explicitly listed in several (e.g., Wise Lending V2, Cyrus Finance « Flashloan Pool Shares, » Makina). Often the enabler behind oracle and logic attacks.
• Fix: Flash loan protections like transaction checks or rate limits (though this can hurt legitimate use).

5. Other Notable Vectors (Less Common but Still Significant)

• Arbitrary Calls / Donation Attacks: Allows calling any function or inflating pools via fake donations (e.g., Venus Core Pool, Curve LlamaLend).
• Cross-Chain / Message Spoofing: Faking messages between chains (CrossCurve).
• Misconfigurations: Wrong parameters or setups (Veil Cash Groth16, Aave CAPO).
• Niche ones: Sybil attacks, DNS hijacking, fake proofs, etc.

Key takeaway from 2026 data:

• Smart contract bugs and private key compromises dominate (as the original post highlights).
• Just 3 vectors (bugs, keys, arbitrary calls) caused ~68% of Q1 losses per security firms like QuillAudits.
• Many exploits are preventable with better operational security and code hygiene—human error and rushing launches are the root cause far more often than « unhackable » math failures.

DeFi’s permissionless nature is its strength, but it means security is everyone’s responsibility. Protocols that treat audits and key management as afterthoughts pay the price. If you’re using DeFi, stick to battle-tested protocols with transparent security track records, and never approve unlimited spends.

Reentrancy attacks are one of the oldest and most notorious smart contract vulnerabilities in DeFi and blockchain development. Even in 2026, they remain relevant—ranked as SC08 in the OWASP Smart Contract Top 10—because they exploit a fundamental property of how contracts interact: external calls can re-enter your contract before it finishes updating its own state.

This isn’t a « bug » in the blockchain itself—it’s a consequence of how Solidity (and similar languages) handles synchronous external calls combined with mutable state. Below is a deep, step-by-step breakdown.

1. Core Concept: Why Reentrancy Happens

Smart contracts execute atomically within a single transaction, but when your contract calls an external contract (e.g., send ETH, transfer tokens, or a callback hook), control temporarily passes to the external code. That external code can immediately call back into your original contract—before your function has finished executing.

• The EVM processes calls synchronously (one at a time).
• Your contract’s state variables (balances, totals, shares, etc.) haven’t been updated yet.
• The attacker exploits this stale state to repeat privileged actions (withdrawals, mints, borrows) multiple times.

Result: The contract thinks « everything is fine » because checks pass on outdated data, allowing repeated drains.

2. Classic Vulnerable Pattern (Single-Function Reentrancy)

Here’s the most famous example—the « EtherStore » pattern (still taught in every audit course because it appears in modern variants).Vulnerable Victim Contract (Solidity):

solidity

contract EtherStore {
    mapping(address => uint) public balances;

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }

    function withdraw(uint _amount) public {
        uint bal = balances[msg.sender];
        require(bal >= _amount, "Not enough balance");  // Check

        // ❌ Vulnerability: EXTERNAL CALL BEFORE state update
        (bool sent, ) = msg.sender.call{value: _amount}("");  // Interaction

        require(sent, "Failed to send Ether");

        balances[msg.sender] -= _amount;  // ❌ Effects happen LAST
    }
}

Attacker Contract:

solidity

contract Attacker {
    EtherStore public etherStore;

    constructor(address _etherStore) {
        etherStore = EtherStore(_etherStore);
    }

    function attack() external payable {
        etherStore.deposit{value: msg.value}();
        etherStore.withdraw(msg.value);  // Triggers the reentrancy loop
    }

    // This gets called automatically when Ether is sent
    receive() external payable {
        if (address(etherStore).balance >= 1 ether) {  // Still has funds
            etherStore.withdraw(1 ether);  // Re-enter BEFORE balance updated!
        }
    }
}

Attack Flow (Step-by-Step):

1. Attacker calls attack() with 1 ETH → deposits into EtherStore.
2. Attacker calls withdraw(1 ETH).
3. Victim checks balance (OK), sends 1 ETH to attacker.
4. Attacker’s receive() fires → immediately calls withdraw(1 ETH) again.
5. Victim checks balance again (still sees old value—state not updated yet) → sends another 1 ETH.
6. Repeat until the contract is drained (or gas runs out).
7. Only after all reentrancies finish does the original balances[msg.sender] -= _amount execute once.

The DAO hack (2016) was exactly this pattern: ~$60M drained in hours.

3. Modern Variants (2026 Era)

Reentrancy has evolved beyond simple ETH withdrawals:

• Cross-Function Reentrancy: One function (e.g., deposit) is re-entered via another (e.g., withdraw or transfer).
• Cross-Contract Reentrancy: Attacker uses an intermediate contract or proxy.
• Read-Only Reentrancy: No state change in the victim, but a view function returns stale/inflated values (e.g., share price during a withdraw). This lets an attacker borrow far more than collateral allows in a lending protocol. cyfrin.io
• Callback / Hook Reentrancy (most common in 2026): ERC-721/ERC-1155 on ERC721Received, ERC-777 tokens, or ERC-4626 vaults trigger callbacks on transfer/deposit.

Real 2026 Example (Tied to Early-Year Hacks):
Solv Protocol (Bitcoin yield platform) lost ~$2.7M in January/March 2026 via an ERC-3525 reentrancy. The vault’s deposit logic for ERC-3525 tokens (which inherit ERC-721 behavior) triggered the receiver callback before mint accounting was finalized.

This created a self-reentrancy: the callback re-called the mint function, double-minting massively inflated tokens (135 legitimate BRO → 567M counterfeit → $2.7M redeemed). It was labeled a « protocol logic flaw » or « double-mint » but was textbook callback reentrancy.

Many of the « Protocol Logic » or « Mint & Stake Loop » incidents in Q1 2026 could trace to similar unchecked callbacks or state inconsistencies.

4. Why It Still Happens in 2026

• Developers skip the Checks-Effects-Interactions (CEI) pattern.
• Custom logic + new token standards (ERC-3525, ERC-777 hooks, flash-loan callbacks) create unexpected re-entry points.
• Complex composability (vaults calling other protocols) multiplies risk.
• Audits sometimes miss « read-only » or cross-standard cases.

5. How to Prevent Reentrancy (Deep Defenses)

Primary Fix: Checks-Effects-Interactions (CEI) Pattern
Do all checks → update state → only then make external calls.

Fixed version of the example:

solidity

function withdraw(uint _amount) public {
    uint bal = balances[msg.sender];
    require(bal >= _amount);                  // Checks first

    balances[msg.sender] -= _amount;          // Effects BEFORE interaction

    (bool sent, ) = msg.sender.call{value: _amount}("");
    require(sent, "Failed");
}

Stronger Protections:

• ReentrancyGuard (OpenZeppelin standard): A mutex lock that blocks re-entry.solidityfunction withdraw(uint _amount) public nonReentrant { ... }
• Use pull-over-push: Store withdrawal requests; let users pull funds later (no external call in critical path).
• Libraries & Best Practices: Always inherit OpenZeppelin contracts for tokens/vaults.
• Audits + Tools: Slither (–detect reentrancy), Mythril, formal verification (Halmos), and fuzzing.
• Avoid: Raw call, unnecessary external calls, or assuming callbacks are safe.

Pro Tip for DeFi Users: Never interact with unaudited or newly launched protocols that handle deposits/withdrawals without visible ReentrancyGuard or CEI in their verified code. Reentrancy isn’t « solved » like some older bugs—it’s a design pattern you must enforce every time you write state-changing + external-call code. In the 2026 data, private keys and oracles dominated losses, but reentrancy (and its logic-flaw cousins) still quietly claims millions when teams cut corners. Protocols that treat it as table-stakes (like using OpenZeppelin) survive; others don’t.

The DAO Hack (June 2016) remains one of the most pivotal events in blockchain history—not just because it drained roughly one-third of a massive fund, but because it forced Ethereum to confront its core philosophy: « code is law » versus community consensus. It was the textbook example of a reentrancy attack (the same vulnerability we discussed earlier) and directly led to Ethereum’s controversial hard fork, birthing Ethereum Classic in the process.

blog.chain.link1. What Was The DAO?

• The Concept: Launched in late April 2016, « The DAO » (Decentralized Autonomous Organization) was an ambitious Ethereum-based venture capital fund. Investors bought DAO tokens with ETH during a 28-day crowdsale. Token holders could then vote on investment proposals—no central team, just smart contracts governing everything.
• The Hype and Scale: It raised ~$150 million worth of ETH (approximately 11.5–12.7 million ETH) from over 11,000 participants. At the time, this was the largest crowdfunding event in history and a landmark for Ethereum, which was only about a year old. gemini.com
• The Code: Built in Solidity, its smart contracts handled deposits, voting, and « splitting » (allowing token holders to exit and create child DAOs to withdraw their share of funds).

Warning signs existed: Security researchers flagged potential issues in the code even before the token sale ended, but fixes were still in progress when the hack hit.

2. The Hack: What Happened and How (Deep Technical Breakdown)

• Date: June 17, 2016 (a Saturday). The attack unfolded over a few hours.
• Amount Drained: ~3.6 million ETH (about 1/3 of the total funds). At prevailing prices, this was valued at roughly $50–70 million (ETH price dropped sharply from ~$20 to $13 afterward).

The Vulnerability: A classic reentrancy bug in the split DAO (or equivalent withdrawal/split) function. Simplified Vulnerable Logic (inspired by the actual DAO code):

solidity

function splitDAO(...) public {
    // ... checks and calculations ...
    
    // ❌ EXTERNAL CALL FIRST (sends ETH to create/transfer to child DAO)
    (bool success, ) = msg.sender.call{value: amount}("");  // This triggers fallback if recipient is a contract
    
    // State update happens LATER
    // balances[msg.sender] or DAO token accounting updated here
    ...
}

Attack Flow (Step-by-Step):

1. The attacker deploys a malicious smart contract (the « attacker DAO »).
2. They call split DAO on the main DAO contract, requesting to split off and create a child DAO.
3. The DAO contract sends the ETH to the attacker’s contract before updating its internal accounting (e.g., reducing the attacker’s DAO token balance or recorded contribution).
4. The ETH transfer triggers the attacker’s fallback () or receive () function (Solidity’s automatic callback).
5. Inside that fallback, the attacker recursively calls split DAO again—while the original call is still executing.
6. The DAO checks the (still-unupdated) balance, sees funds « available, » and sends another payout… and repeats.
7. This loop ran tens of thousands of times (~27,996 recursive calls in one transaction), draining 3.6M ETH into the child DAO.

The funds weren’t instantly stealable—they were locked in the child DAO for ~27–28 days (the « creation window » under DAO rules). This gave the community time to react. The attacker stopped short of draining everything, possibly to avoid detection or due to gas limits.

This was single-function reentrancy—exactly the pattern in the EtherStore example from our last discussion. The DAO’s code sent funds (Interaction) before updating state (Effects).

3. Immediate Aftermath

• Panic in the Ethereum community. The attacker was anonymous (identity still unknown today).
• Ethereum Foundation issued urgent alerts; the hack didn’t affect Ethereum’s core protocol—only The DAO’s contracts.
• Initial response ideas: A « soft fork » to blacklist the attacker’s transactions. But a bug was found in the proposed fix, delaying it.
• ETH price crashed; confidence in smart contracts plummeted.

4. The Hard Fork: Ethereum vs. Ethereum Classic

• The Debate: Should the community intervene and « roll back » the hack (treating it as theft) or honor « code is law » and let the funds stay stolen?
• Outcome: On July 20, 2016, a hard fork was implemented. It rewrote history—effectively reversing the malicious transactions and returning the stolen ETH to a recovery contract for original investors. This became the chain we now call Ethereum (ETH).
• The Split: A minority of miners and users refused the fork, preserving the original chain with the hack intact. This became Ethereum Classic (ETC)—still operating today under the slogan « Code is Law. » The stolen funds on ETC were later partially recovered or moved by « white hat » groups, but the philosophical divide remains.

5. Long-Term Impact and Lessons Learned

• Security Revolution: Sparked massive focus on smart contract audits, formal verification, and best practices. It popularized the Checks-Effects-Interactions (CEI) pattern and libraries like OpenZeppelin’s ReentrancyGuard. Reentrancy is now ranked high in every vulnerability list (e.g., SWC-107).
• Philosophical Shift: Proved that even « immutable » blockchains can be socially forked when stakes are high. It influenced how DAOs and governance are designed today (more safeguards, timelocks, etc.).
• DeFi Legacy: The 2026 hacks you shared earlier (private keys, oracle attacks) show we’ve moved beyond basic reentrancy—but the root issues (rushed code, overlooked edge cases) persist. The DAO hack is still the cautionary tale taught in every blockchain security course.
• Cultural Echo: It highlighted human elements in « decentralized » systems: debates, coordination, and the tension between immutability and justice.

In short, the DAO hack wasn’t just a $50–70M theft—it was Ethereum’s « growing pain » moment. It exposed how a single unchecked external call in a smart contract could cascade into a network-splitting crisis. The fix (the fork) saved the ecosystem but created a permanent fork in its ideology. If you’re building or investing in DeFi today, the DAO’s story is why audits, bug bounties, and battle-tested patterns aren’t optional—they’re survival.