Bitmor Hack
- Discovered On
- 2026-05-26
- Stolen Amount
- $6k
About $6k stolen from users of Bitmor, a Bitcoin-focused DeFi platform on Base, via a bug in the DCA contract that drained wallets with active approvals.
Over $494M stolen since 2020.
This page contains a list of known crypto hacks and exploits in which approved user funds are at risk. Many other crypto hacks only affect the funds kept in the exploited smart contract. But the exploits listed on this page abuse unlimited token approvals to steal approved funds. By using Revoke to manage your approvals, you can keep your funds safe from these exploits.
About $6k stolen from users of Bitmor, a Bitcoin-focused DeFi platform on Base, via a bug in the DCA contract that drained wallets with active approvals.
Close to $1.4M stolen from users of Ekubo, a DEX on Ethereum and Arbitrum. Users with active approvals to Ekubo are advised to revoke.
The DNS records of the popular DEX CoW Swap were compromised, redirecting users to a malicious site that stole funds. Check approvals made on the 14th of April.
NFT lending protocol GONDI disclosed a security incident tied to an approval vulnerability in its Purchase Bundler contract. Around $230k in NFTs were stolen.
Aperture Finance, an AI-powered intents platform, was exploited, allowing malicious actors to steal approved user funds from certain parts of the platform.
DEX Aggregator SwapNet was exploited, letting attackers steal over $13m. Matcha Meta users may also be at risk since SwapNet is integrated into their platform.
An older legacy version of thirdweb's bridge contract remained vulnerable and was eventually exploited to steal approved user funds. The contract has been disabled.
402bridge reported their admin private keys were leaked, allowing malicious actors to steal any approved user funds. Speculated to be a rug pull.
The dLEND product by dTRINITY was exploited to drain approved user funds. The team reported $56k stolen, all belonging to dTRINITY team members.
A vulnerability in Kame Aggregator's smart contracts was exploited. About $360k ended up stolen by secondary exploiters. The Kame team released a compensation plan.
DeFi protocol Arcadia Finance's automation services were hacked. Users should revoke any active approvals to their contracts and disable active automations.
Old, abandoned Bankroll Network contracts were exploited. Anyone with lingering approvals to the old contracts was still vulnerable.
Attackers gained access to Moby Trade's admin keys and pushed malicious upgrades, draining wallets with active approvals. $1.5m was recovered by the team and SEAL911.
Attackers gained access to Orange Finance's admin keys and executed malicious upgrades, draining wallets with active approvals to the protocol.
Fisclend was a DeFi protocol on ApeChain, World Chain and Sonic. Live for only a few months, they rugpulled in early January, stealing deposited and approved tokens.
Attackers compromised devices of core team signers, transferred multisig ownership, then pushed a malicious upgrade to Lending Pool contracts, draining approved wallets.
Attackers used a vulnerability in a smart contract facet to gain unauthorized access to user wallets that had infinite approvals to the LI.FI contract.
About $130k stolen from users of crosschain DEX Magpie. The attacker exploited a bug where the position of an approved selector wasn't checked.
Vulnerability discovered in Merkle Trade's newer EVM Swap & Deposit smart contract. Merkle rolled back to an older contract. About $20k stolen.
Over $1.8m stolen from users of an old, discontinued Dolomite contract from 2019. Users with lingering approvals to the old contract were drained.
ParaSwap discovered a vulnerability and executed a whitehat rescue. A few addresses were missed, resulting in about $24k stolen. ParaSwap is refunding users.
$2.1m stolen from users of Unizen. Attackers took advantage of an unverified external call after the DEX aggregation contract was upgraded.
Over $6m stolen from Seneca via arbitrary calldata parameters used to call transfers for approved tokens. 80% was returned after an onchain message.
Attackers gained access to Concentric's admin keys and executed malicious upgrades, draining wallets with active approvals to the protocol.
Over $3M stolen from users with active approvals to Socket, the underlying tech for bridges like Bungee Exchange and Rainbow Wallet's bridge.
Close to $2M in NFTs stolen from users of Floor Protocol, mostly Bored Apes and Pudgy Penguins. The vulnerability was patched by the team.
A reentrancy bug in old NFT Trader contracts was exploited. Yuga Labs and Boring Security DAO negotiated recovery from the main exploiter in exchange for a 10% bounty.
A malicious script was injected via the Ledger Connect Kit library used by many crypto websites. Check if you used any crypto sites on the 14th of December 2023.
Over $600k stolen from users of Unibot, an automated Telegram trading bot. The team refunded all affected users after the exploit.
Over $500k stolen from Maestro, an automated Telegram trading bot, via misconfigured permissions on router contract functionality. Users were reimbursed.
DNS settings were compromised via social engineering and pointed to a malicious website. Users who interacted with Galxe on the 6th of October may be at risk.
Over $180k stolen from CivTrade, a DEX aggregator by CivFund. Privileged functions were not properly restricted. Contracts have been paused.