Backtested Against 24 Historic DeFi Failures

Algorithmic stablecoin death spiral — massive UST redemptions triggered reflexive LUNA minting, hyperinflating supply from ~350M to 6.5T tokens and crashing the peg permanently. LFG deployed $2.4B Bitcoin reserve but it was insufficient to absorb $18B in UST redemptions. LUNA went from $80 to $0.00008; UST went from $1.00 to $0.02.

Large TITAN sell-off triggered IRON redemptions, which minted more TITAN, crashing its price further. The partial-collateral design meant IRON could not maintain peg once TITAN value collapsed to near-zero — a classic algorithmic stablecoin death spiral. TITAN supply hyperinflated from 1 billion to approximately 35 trillion tokens. The TWAP oracle lag accelerated the spiral by mispricing TITAN during rapid decline.

Attacker compromised 5 of 9 Ronin validator keys (4 Sky Mavis + 1 Axie DAO via gas-free RPC), drained 173,600 ETH and 25.5M USDC from the bridge

Attacker exploited a signature verification vulnerability in the Solana-side Wormhole contract, forging a VAA to mint 120,000 wETH without depositing collateral on Ethereum. The verify_signatures function did not validate that the instruction sysvar account was the real sysvar, allowing the attacker to substitute a fake sysvar with pre-set valid signatures, bypassing the 13/19 guardian threshold entirely.

Arithmetic overflow in checked_shlw function of the integer-mate u256 math library: the bitmask for the overflow guard was off-by-(2^64-1), allowing inputs exactly equal to the mask to pass silently. Attacker used a flash swap to bootstrap a precisely crafted narrow-tick CLMM position, triggered the overflow to receive near-infinite liquidity credits for near-zero token cost, then drained pool reserves via remove_liquidity. Attack repeated across pools. $162M frozen on-chain by Sui validators; $60M bridged to Ethereum.

Attacker exploited a vulnerability in the donateToReserves function combined with flash-loan-funded leveraged borrowing to manipulate eToken/dToken exchange rates. The donateToReserves function burned eTokens (collateral) without checking the caller's liquidity status, allowing the attacker to create deeply undercollateralized positions and then self-liquidate at the maximum 20% penalty, draining $197M across DAI, WBTC, stETH, and USDC markets.

A routine upgrade initialized the Merkle root to 0x00, which made every message valid by default. Attackers could copy-paste the first exploit transaction, change the recipient address, and drain funds without any special knowledge.

Attacker used flash loans ($1B+ from Aave, Uniswap V2, SushiSwap) to acquire BEAN3CRV-f and BEANLUSD-f Curve LP tokens, deposited them in the Silo to obtain ~79% of total Stalk governance voting power (exceeding the 2/3 supermajority threshold), and called emergencyCommit on BIP-18, a pre-submitted malicious governance proposal that transferred all Silo deposits and protocol-held assets to the attacker address. The entire attack occurred in a single Ethereum transaction. Beanstalk had no timelock on governance execution and no flash-loan resistance on voting power acquisition. The Omnicia audit had not covered the emergencyCommit function or LP token whitelisting.

Attacker used flash loans to manipulate the price of yUSD (a Yearn vault token used as collateral on Cream), inflating its value to borrow and drain $130M across multiple tokens. This was Cream's third major exploit in 8 months.

Admin key compromise — CEO Zhaojun arrested by Chinese police, private keys to bridge wallets controlled by single person, funds drained from multiple bridge contracts across Fantom, Ethereum, and other chains

Oracle price manipulation — Avraham Eisenberg manipulated the price of MNGO token on thin-liquidity markets, then used the inflated collateral to drain Mango's treasury via massive borrows

Vyper compiler reentrancy bug — multiple Curve pools using Vyper 0.2.15/0.2.16/0.3.0 were exploited due to a compiler bug in the reentrancy lock, allowing attackers to drain pools (alETH, msETH, pETH pools hit hardest)

Former developer retained privileged admin EOA role (0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1) over the unverified vault contract after deployment. The developer exploited this retained access to withdraw all user funds in a single transaction. The founder later acknowledged 'negligence in the authority transfer process'. Funds routed through Railgun mixer.

Algorithmic stablecoin unwinding — USN was a NEAR-native algorithmic stablecoin that lost its peg and had to be wound down by the NEAR Foundation after the mechanism could not sustain the peg, similar to Terra/UST but on a smaller scale. A $40M collateral gap from double-minting was discovered, requiring a NEAR Foundation bailout.

Flash loan price manipulation — attacker used flash loans to manipulate the USDC/USDT price on Curve Y pool, then deposited into Harvest fUSDT/fUSDC vaults at the manipulated price, withdrew at the real price, repeating the cycle ~32 times to drain $34M in 7 minutes

Seven-step flash loan attack targeting GM Cauldron cook() function. Attacker exploited the non-atomic GMX V2 order processing to manipulate solvency checks, minting ~13.4M unbacked MIM across five GM Cauldrons on Ethereum mainnet. The vulnerable contracts were 'deprecated' by the team but remained live and functional.

Attacker exploited floor division rounding in safe_decimal_math library when withdrawing from a wstETH market. By first inflating the lending_accumulator via a flash loan donation to the empty pool, each subsequent withdrawal burned only 1 zToken while receiving disproportionate underlying assets. $9.5M drained across multiple transactions.

Attacker exploited the MinimalForwarder's permissionless execute() function to inject arbitrary oracle price updates through the keeper trust chain. The MinimalForwarder trusted PositionKeeper which trusted Keeper which could call KiloPriceFeed.setPrices() — with no access control validation at the forwarder layer. Attacker manipulated prices across BSC, opBNB, Base, and Taiko simultaneously, profiting from artificially favorable trade settlements.

Attacker exploited a vulnerability in the RateX PT collateral oracle to manipulate the price of principal tokens used as collateral. By transiently inflating the oracle-reported PT collateral value, the attacker borrowed against phantom collateral value, draining lender pools of approximately $5.8M. The vulnerability was in the unaudited RateX collateral integration — the exact component that OShield had excluded from its audit scope.

ERC-3525 reentrancy in BRO (Bitcoin Reserve Offering) vault contract: doSafeTransferIn triggered the ERC-721-inherited onERC721Received callback before updating internal balance state, enabling an attacker to re-enter mint() and double-mint tokens. Attacker repeated 22 times, inflating 135 BRO tokens into ~567 million BRO, then swapped for 38 SolvBTC (~$2.7M). Note: user-reported figure of $4.7M is incorrect; confirmed loss is $2.7M.

Incomplete Groth16 trusted setup: Phase 2 circuit-specific contribution was skipped during deployment, leaving gamma2 and delta2 set identically to the BN254 G2 generator default. This degenerate verification key allowed any attacker to forge withdrawal proofs for arbitrary nullifier hashes by computing proof.C = -vk_x via elliptic curve arithmetic. Copycat of the Veil Cash exploit from days earlier. $427K drained by malicious attacker on Base; $1.83M secured by white-hat hacker Duha and Decurity firm on Ethereum. Note: user-reported figure of $0.26M is incorrect; confirmed gross loss is $2.26M.

PCV mechanism failure — direct incentive mechanism did not work as designed, protocol pivoted multiple times, merged with Rari Capital (which was exploited for $80M), eventually governance voted to return PCV to FEI holders and shut down

Leadership chaos — Chef Nomi exit scam (recovered), 0xMaki departure, Jared Grey controversies, treasury mismanagement, multiple failed product launches (Kashi, MISO compromised), developer exodus

CFO 0xSifu revealed as convicted fraudster Michael Patryn (QuadrigaCX co-founder Omar Dhanani) by @zachxbt. Treasury mismanagement including 4,250 TIME transferred to personal wallet. Daniele Sestagalli's Abracadabra ecosystem cross-contamination led to MIM depeg fears and correlated collapse across Frog Nation.