Web3 Security

On 2026-03-18, the dTRINITY dLEND lending protocol (an Aave v3 fork deployed on Ethereum mainnet) was exploited through a **flash loan abuse combined with a logic error** in the flash loan repayment accounting. An attacker manipulated the cbBTC reserve's liquidity index from ~1.0 …

On 2026-03-17 (block 30488585), a lending protocol deployed on Polygon zkEVM (chain ID 1101) was attacked through a logic error in its Compound-fork KToken implementation. The vulnerability is in internal function `0x3dff` (`redeemFresh`): when `redeemUnderlying()` is called, the …

**Transaction**: `0xfd7417af8433e3d9bcbed3f965307c800a24eb4e98f42cebfab6ca6064f5a642` **Chain**: Ethereum Mainnet (Chain ID 1) **Block**: 24671606 **Date**: 2026-03-16 17:38:59 UTC **Incident Name**: `usdc-permit-phishing-drain`

On BNB Smart Chain, an attacker exploited Venus Protocol's vTHE (THENA/THE) market by combining three pre-obtained approvals with a classic exchange-rate inflation technique. The attacker held ERC-20 `transferFrom` allowances for the THE token from six victim addresses and a …

On March 12, 2026 (BSC block 86066209), attacker EOA `0x0b9a1391269e95162bfec8785e663258c209333b` exploited a combination of the AM token's fee-on-transfer burn mechanism and Moolah lending protocol's collateralized borrowing to extract approximately **131,572 USDT** in profit.

On March 12, 2026 (block 24,643,151), a victim address (`0x98b9d979`) lost approximately $50.4 million worth of Aave-wrapped USDT (aEthUSDT) on Ethereum mainnet through a two-transaction attack. In the primary transaction, a registered CoW Protocol solver (`0x3980daa7`) submitted …

The DBXen protocol on BNB Chain was exploited at block 86,063,902 through an ERC2771 meta-transaction context confusion vulnerability in the `burnBatch()` function. The attacker abused the inconsistency between `_msgSender()` (used in the `gasWrapper` modifier) and `msg.sender` …

On March 11, 2026, the Gamma Protocol (a Compound-fork lending platform formerly known as Planet Finance) on BNB Chain was exploited for approximately **7,882 USDT** via a logic flaw in the publicly-callable `updateUserDiscount()` function. The attacker leveraged a flash-loaned …

On 2026-03-11, a failed attempt was made to exploit Planet Finance, a Compound-fork lending protocol on BNB Smart Chain, via an oracle price manipulation attack. Transaction `0x330ccbfa...` was initiated by attacker EOA `0x2eb7c45f` but **reverted** with status `0x0`, consuming …

On 2026-03-11, the WUKONG staking protocol on BNB Chain was exploited via a classic reentrancy attack against its `unstake()` function in the `StakingUpgradeableV10` implementation. The vulnerability arises because `unstake()` sends BNB to the caller (via a low-level `call`) …