AI & Machine Learning

Web3 Development

NFT & Metaverse

Blockchain Development

Blockchain Solutions

Products

Get in Touch
arrow-left Back to ‘Today at Nextrope Blog’

Smart Contract Attacks: The Most Memorable Blockchain Hacks of All Time

Paulina Lewandowska

30 Dec 2022
<strong><noscript><img class=

Due to their ability to automate financial procedures and transactions, smart contracts have the potential to completely change the way we conduct business. They are not impervious to security flaws, though, as is the case with other technologies. There have been a number of smart contract hacks in the past that have caused large losses and damaged the community's confidence. The most famous smart contract hacks ever will be covered in this article, along with the lessons that may be drawn from them. These incidents—from the DAO hack to the Bancor hack—have had a long-lasting effect on the blockchain sector and serve as reminders of the value of properly safeguarding smart contracts.

Table of Contents

The DAO hack

A decentralized venture capital fund for the cryptocurrency and decentralized technology industries was one of the goals of the Decentralized Autonomous Organization, or DAO. Its decentralized architecture was designed to cut expenses while giving investors more power and access. The DAO was designed to run decentralized, relying on the collective judgment of its investors.

A flaw in the coding of The DAO, a smart contract on the Ethereum blockchain, was found by a hacker on June 17, 2016. This gave the attacker the ability to ask the contract to send money to them repeatedly, leading to the theft of 3.6 million ETH, which was then valued at about $70 million. Due to two flaws in the contract's architecture, the exploit was made possible: a mechanism that first transmitted the ETH and then modified the internal token balance was not designed to account for the possibility of repeated calls.

A flaw in the coding of The DAO, a smart contract on the Ethereum blockchain, was found by a hacker on June 17, 2016. This gave the attacker the ability to ask the contract to send money to them repeatedly, leading to the theft of 3.6 million ETH, which was then valued at about $70 million. Due to two flaws in the contract's architecture, the exploit was made possible: a mechanism that first transmitted the ETH and then modified the internal token balance was not designed to account for the possibility of repeated calls.

The Veritaseum hack

A cryptocurrency called Veritaseum was introduced in 2017. A cyberattack at Veritaseum in April 2018 cost the company the equivalent of $8.4 million in cryptocurrencies.

The Veritaseum cryptocurrency's smart contract had a flaw that allowed for the hack to take place. By using a reentrancy attack, the flaw allowed an attacker to siphon money from the Veritaseum smart contract. In a reentrancy attack, an attacker can run a smart contract's function repeatedly before the state of the contract is changed, allowing the attacker to remove money from the contract before the state is updated to reflect the withdrawal.

The Veritaseum attack served as a reminder of the value of properly protecting smart contracts as well as the possible dangers of employing them. It also emphasized the necessity of rigorous testing and auditing of smart contracts to make sure they are safe and without flaws.

The Bancor hack

On the Ethereum blockchain, the Bancor network is a decentralized exchange that enables users to purchase and sell a range of different cryptocurrencies. The Bancor network was hacked in July 2018, and as a result, about $12 million worth of cryptocurrency was lost.

The hack was conducted by taking advantage of a weakness in the smart contract that controlled the Bancor network. Due to a vulnerability, an attacker was able to take over the Bancor contract and steal money from it. In order to stop more losses, the Bancor team was able to react to the attack promptly and halt trading on the site.

The Bancor attack served as a reminder of the value of properly protecting smart contracts as well as the possible dangers of employing them. It also emphasized the necessity of rigorous testing and auditing of smart contracts to make sure they are safe and without flaws.

Hacks in DEFI

Decentralized finance (DeFi) projects benefit greatly from smart contracts since they enable automated, self-executing financial processes and transactions. They are used to speed up, confirm, and enforce contract negotiations and performance.

Because smart contracts can be used to enable a variety of financial transactions and handle large quantities of money, smart contract security is crucial in DeFi projects. If a smart contract is not adequately protected, attackers may leverage its flaws to steal money from it or engage in other forms of contract manipulation. Users of the DeFi project may suffer large losses as a result, and the initiative's credibility and dependability may be harmed.

The bZx hack

A decentralized finance (DeFi) platform called bZx enables users to utilize smart contracts to borrow and lend cryptocurrency. bZx experienced two different attacks in February 2020 that took use of holes in its smart contracts.

On February 14, 2020, a hacker used a flaw in the bZx smart contract to steal about $6 million worth of cryptocurrency. This was the first theft. On February 18, 2020, a fresh vulnerability in the bZx smart contract was used by a different hacker to steal an additional $350,000 worth of cryptocurrency.

The bZx hacks were caused by flaws in the bZx smart contracts, which let attackers take advantage of them and steal money from them. The intrusions served as a reminder of the value of properly protecting smart contracts as well as the possible dangers of employing them. To ensure the security and lack of vulnerabilities in their smart contracts, DeFi projects must thoroughly test and audit them.

The Harvest Finance hack

The Harvest Finance hack was a security issue that happened in October 2020. An attacker used a smart contract weakness to steal cryptocurrencies valued at about $24 million. A decentralized finance (DeFi) technology called Harvest Finance enables users to generate yield by supplying liquidity to various financial marketplaces.

The hack happened when a perpetrator drained funds from the Harvest Finance smart contract by taking advantage of a flaw in it. Due to a vulnerability, the attacker was able to alter the contract and withdraw money from it without setting off the security features. The Harvest Finance team was able to stop trading on the platform to stop more losses after the hack was identified many hours after it happened.

The Akropolis hack

The Akropolis decentralized finance (DeFi) platform was attacked on November 12, 2020, when a protocol flaw resulted in the loss of about 2,030,841.0177 DAI from the impacted YCurve and sUSD pools. The problem was caused by a bug in the platform's SavingsModule smart contract's handling of the deposit logic, which gave the attacker the ability to create a significant number of pool tokens without the support of valued assets. This happened because the protocol did not correctly impose reentrancy protection on the deposit logic and validate supported tokens. Users of the Akropolis platform experienced severe disruption and losses as a result of the Smart Contract Hacks.

Conclusion - Smart Contract Hacks

One cannot stress the significance of properly safeguarding smart contracts. Smart contracts are capable of handling large quantities of value and a variety of financial activities. If a smart contract is not properly secured, it may cause consumers to suffer large losses and jeopardize the project's legitimacy and dependability.

Because of this, it is crucial that smart contracts undergo extensive testing and auditing. Smart contracts can be made secure and fault-free with the aid of testing and auditing. It is an essential stage in the creation process and can aid in safeguarding the security of blockchain projects and ensuring their smooth operation.

Tagi

Most viewed

Never miss a story

Stay updated about Nextrope news as it happens.

You are subscribed

Blockchain for Creators: Secure and Sustainable Infrastructure

Miłosz Mach

07 Nov 2025
Blockchain for Creators: Secure and Sustainable Infrastructure

In today’s digital creative space, where the lines between art and technology are constantly blurring, projects like MARMALADE mark the beginning of a new era - one where creators can protect their work and maintain ownership through blockchain technology.

For Nextrope, being part of MARMALADE goes far beyond implementing features like screenshot blocking or digital watermarking. It’s about building trust infrastructure - systems that empower creators to thrive in the digital world safely and sustainably.

A new kind of blockchain challenge

Cultural and educational projects come with a completely different set of challenges than typical DeFi systems. Here, the focus isn’t on returns or complex smart contracts - it’s on people: artists, illustrators, educators.

That’s why our biggest task was to design secure yet intuitive infrastructure - lightweight, energy-efficient, and accessible for non-technical users exploring Web3 for the first time.

“Our mission wasn’t to build another financial protocol. It was to create a layer of trust for digital creators.”
— Nextrope Team

Security that stays invisible

The best security is the kind you don’t notice.
Within MARMALADE, we focused on making creators' protection seamless:

  • Screenshot blocking safeguards artworks viewed in browsers.
  • Dynamic watermarking helps identify unauthorized copies.
  • Blockchain registry ensures every proof of ownership remains transparent and immutable

“Creators shouldn’t have to think about encryption or private keys - our job is to make security invisible.”

Sustainability by design

MARMALADE also answers a bigger question - how to innovate responsibly.
Nextrope’s infrastructure relies on low-emission blockchain networks and modular architecture that can easily be adapted for other creative or cultural initiatives.

This means the technology built here can support not only artists but also institutions, universities, and educators seeking to integrate blockchain in meaningful ways.

Beyond technology

For Nextrope, MARMALADE is more than a project — it’s proof that blockchain can empower culture and creators, not just finance. By building tools for digital artists, we’re helping them protect their creativity and discover how technology can amplify human expression.

Tagi

Plasma blockchain. Architecture, Key Features & Why It Matters

Miłosz Mach

21 Oct 2025
Plasma blockchain. Architecture, Key Features & Why It Matters

What is Plasma?

Plasma is a Layer-1 blockchain built specifically for stablecoin infrastructure combining Bitcoin-level security with EVM compatibility and ultra-low fees for stablecoin transfers.

Why Plasma Blockchain Was Created?

Existing blockchains (Ethereum, L2s, etc.) weren’t originally designed around stablecoin payments at scale. As stablecoins grow, issues like congestion, gas cost, latency, and interoperability become constraints. Plasma addresses these by being purpose-built for stablecoin transfers, offering features not found elsewhere.

  • Zero-fee transfers (especially for USDT)
  • Custom gas tokens (separate from XPL, to reduce friction)
  • Trust-minimized Bitcoin bridge (to allow BTC collateral use)
  • Full EVM compatibility smart contracts can work with minimal modifications

Plasma’s Architecture & Core Mechanisms

EVM Compatibility + Smart Contracts

Developers familiar with Ethereum tooling (Solidity, Hardhat, etc.) can deploy contracts on Plasma with limited changes making it easy to port existing dApps or DeFi, similar to other EVM-compatible infrastructures discussed in the article „The Ultimate Web3 Backend Guide: Supercharge dApps with APIs".

Gas Model & Token Mechanism

Instead of forcing users always to hold XPL for gas, Plasma supports custom gas tokens. For stablecoin-native flows (e.g. USDT transfers), there is often zero fee usage, lowering UX friction.

Bitcoin Bridge & Collateral

Plasma supports a Bitcoin bridge that lets BTC become collateral inside smart contracts (like pBTC). This bridges the security of Bitcoin with DeFi use cases within Plasma.
This makes Plasma a “Bitcoin-secured blockchain for stablecoins".

Security & Finality

Plasma emphasizes finality and security, tuned to payment workloads. Its consensus and architecture aim for strong protection against reorgs and double spends while maintaining high throughput.
The network launched mainnet beta holding over $2B in stablecoin liquidity shortly after opening.

Plasma Blockchain vs Alternatives: What Makes It Stand Out?

FeaturePlasma (XPL)Other L1 / L2
Stablecoin native designusually second-class
Zero fees for stablecoin transfersrare, or subsidized
BTC bridge (collateral)only some chains
EVM compatibilityyes in many, but with trade-offs
High liquidity early✅ (>$2B TVL)many chains struggle to bootstrap

These distinctions make Plasma especially compelling for institutions, stablecoin issuers, and DeFi innovators looking for scalable, low-cost, secure payments infrastructure.

Use Cases: What You Can Build with Plasma Blockchain

  • Stablecoin native vaults / money markets
  • Payment rails & cross-border settlement
  • Treasury and cash management flows
  • Bridged BTC-backed stablecoin services
  • DeFi primitives (DEX, staking, yield aggregation) optimized for stablecoins

If you’re building any product reliant on stablecoin transfers or needing strong collateral backing from BTC, Plasma offers a compelling infrastructure foundation.

Get Started with Plasma Blockchain: Key Steps & Considerations

  1. Smart contract migration: assess if existing contracts can port with minimal changes.
  2. Gas token planning: decide whether to use USDT, separate gas tokens, or hybrid models.
  3. Security & audit: focus on bridge logic, reentrancy, oracle risks.
  4. Liquidity onboarding & market making: bootstrap stablecoin liquidity, incentives.
  5. Regulation & compliance: stablecoin issuance may attract legal scrutiny.
  6. Deploy MVP & scale: iterate fast, measure gas, slippage, UX, security.

Tagi