On February 26, 2026, an attacker exploited a misconfigured Aave V3 fork lending pool on Ethereum mainnet (block 24,538,897). The root cause was a deployment-time oracle misconfiguration in the `AaveOracle` contract at `0x9dce7a180c34203fee8ce8ca62f244feeb67bd30`, where the …
Web3 Security
Smart contract auditing, blockchain client auditing, and on-chain exploit investigation by DARKNAVY
Security Capabilities
Contract Auditor
DFS-based multi-agent Solidity audit with adversarial validation
Solidity
Client Auditor
7-stage orchestrated audit for blockchain node codebases (Go, Rust, C/C++)
Go / Rust / C++
Exploit Investigator
Multi-agent pipeline for on-chain attack analysis with Analyst-Validator debate loop
7 Chains
Exploit Analysis Reports
HPay Staking ForceExit Drain
On February 25, 2026, the HPAY staking contract on BNB Chain (BSC) was exploited via a logic error in the unverified staking implementation at `0xbe189fe9f84ca531cd979630e1f14757b88dd80d`, accessed through the TransparentUpgradeableProxy at …
STO Deflationary Burn Drain
On February 23, 2026, the STO Protocol token on BNB Chain was exploited via a logic error in its deflationary sell-burn mechanism. The STO token's `_executePendingSellBurn()` function burns previously sold tokens from the PancakeSwap pair and calls `sync()` to update reserves …
TARA DODO CoopPool Exploit
An attacker on Ethereum mainnet (block 24,513,601) drained the TARA cross-chain bridge by exploiting a compromised bridge validator key. The vulnerability is an **access control failure**: the TARA light client contract (`0xcdf14446`) accepted ECDSA-signed bridge state …
Veil Cash Groth16 Forgery
On February 20, 2026, the Veil Cash privacy protocol on Base was exploited for 2.9 ETH (~$5.69K) through a zero-knowledge proof forgery attack. The root cause is a misconfigured Groth16 SNARK verifier contract at `0x1e65c075989189e607ddafa30fa1a0001c376cfd` where the delta …
Fee Token Skim Exploit
On BSC (BNB Smart Chain) block 81,556,796 (2026-02-16 12:51:23 UTC), an attacker exploited a fee-on-transfer token's built-in auto-liquidity mechanism to drain value from its PancakeSwap V2 liquidity pair. The vulnerable component is VictimToken …
Uniswap Router Approval Abuse
A custom, unverified swap router contract at `0xc87c815c03b6cd45880cbd51a90d0a56ecfba9da` on Ethereum mainnet contains a critical access control flaw that allows any caller to execute token swaps using another user's token approvals. On February 13, 2026 at 17:06:47 UTC (block …
ERC1155 Bonding Curve Reentrancy
On 2026-02-08 12:06:47 UTC (block 24,411,960), tx `0x7b3878969c2f44dae5e47d7c03616d5f17dfc46ea59ea75f135c468709a59ce7` on Ethereum drained four Decent.xyz "Crescendo" ERC1155 bonding curve contracts of nearly all their ETH reserves via reentrancy through the native ETH refund …
USDe Safe Module Flashloan
On 2026-02-07 (Ethereum mainnet, block 24,406,366), an attacker used a Balancer Vault flash loan callback to trigger a Gnosis Safe module at `0xf5e48ff26c60f3d2bdc0b38a570ce6373a927e19`, which executed `execTransactionFromModule` on the Safe …
NEUTRL nUSD Internal Balance
On Ethereum mainnet, transaction `0x047fcfa2cfb51879f19769dd25e2768be42985f9c2d8f483f2a0c18703834061` (2026-02-04 13:49:23 UTC) used a Morpho flash loan to route through Pendle’s NUSD Standardized Yield (SY) integration and drain NUSD, then swap to USDC. The attacker’s EOA …