Threat Feed
Updated 3s agoMeridian Finance — Flash Loan Attack
Meridian Finance BSC $12.4M
Price oracle manipulation via flash loan. Attacker drained lending pools across 3 markets. Funds bridged to Ethereum and mixed through Tornado Cash.
VaultX Protocol — Reentrancy Exploit
VaultX Ethereum $3.8M
Classic reentrancy in withdraw function. Unaudited V2 migration contract. Team confirmed, paused protocol. White-hat negotiation underway.
NovaDEX — Access Control Bypass
NovaDEX Arbitrum $890K
Admin function left public. Attacker modified fee parameters to drain LP rewards. Partial recovery via MEV bot front-running the exploit.
BridgeLink — Cross-Chain Relay Compromise
BridgeLink Multi-chain $7.2M
Validator key compromise on relay chain. Fraudulent messages passed validation threshold. Affects Ethereum↔Avalanche bridge. Deposits suspended.
YieldMax — Logic Error in Reward Distribution
YieldMax Polygon $145K
Rounding error in reward calculation allowed excess claims. Low sophistication, likely opportunistic. Patched within 2 hours.
OmniLend — Governance Takeover
OmniLend Ethereum $28.6M
Flash-loan funded governance attack. Attacker passed proposal to transfer treasury. 48h timelock bypassed via emergency function. Largest DeFi governance exploit of 2026.