The cost of insecurity.
Ranked by confirmed losses. Nation-state actors dominate the top of the table.
Top threat actors
#1
Lazarus Group Nation-state DPRK
Bybit ($1.4B), Drift Protocol ($285M), Ronin ($625M)
Social engineering, supply chain $3.4B+ Total stolen
25 Incidents
2016–present Active
#2
Unknown (Kelp DAO) Unknown
Kelp DAO bridge via forged LayerZero DVN messages
Bridge exploit $292M Total stolen
1 Incidents
Apr 2026 Active
#3
Mango Markets Attacker Individual
Self-identified, arrested, acquitted
Oracle manipulation $114M Total stolen
1 Incidents
Oct 2022 Active
#4
Euler Exploiter Unknown
Returned $176M after negotiation
Flash loan + logic bug $197M Total stolen
1 Incidents
Mar 2023 Active
Largest single exploits
| # | Protocol | Amount | Vector | Chain | Date |
|---|---|---|---|---|---|
| 1 | Bybit | $1.4B | Social Engineering | Ethereum | Feb 2025 |
| 2 | Ronin Bridge | $625M | Bridge | Ethereum | Mar 2022 |
| 3 | Poly Network | $611M | Access Control | Multi | Aug 2021 |
| 4 | Kelp DAO | $292M | Bridge | Multi | Apr 2026 |
| 5 | Drift Protocol | $285M | Social Eng. | Solana | Apr 2026 |
| 6 | Wormhole | $320M | Bridge | Multi | Feb 2022 |
| 7 | Nomad Bridge | $190M | Bridge | Multi | Aug 2022 |
| 8 | Euler Finance | $197M | Flash Loan | Ethereum | Mar 2023 |