Impermax Hack AnalysisOverview:On October 4, 2025, Abracadabra Money (@MIM_Spell), a decentralized lending platform on Ethereum that issues USD-pegged MIM (Magic Internet Money) loans, suffered a critical solvency bypass exploit via the cook() multi-action entrypoint., resulting in an estimated loss of ~$1.7 million USD. This protocol has been attacked for the third time in past 2 years; with heavy losses every time…

NumaMoney Hack AnalysisOverview:On 11th August 2025, Smart Contract Hack Overview:Attack Transaction: Attacker’s Address: Victim’s Address: Exploit Contract: Decoding the Smart Contract Vulnerability:Attack Sequence:Mitigation and Best Practices:Conclusion:

Peapods Finance Hack AnalysisOverview:Smart Contract Hack Overview:Victim Contract: Attack Transaction: Attacker Addresses: Decoding the Smart Contract Vulnerability:Mitigation and Best Practices:To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Our public audit reports can be found on https://github.com/Credshields/audit-reports. Schedule a…

Sharwa Finance Hack AnalysisOverview:On October 20, 2025, Sharwa Finance (@SharwaFinance), a decentralized margin-trading protocol on Arbitrum, suffered a critical price manipulation exploit that allowed attackers to extract approximately $146,000 USD in two separate incidents (~$61k and ~$85k).Sharwa Finance offered one-click leveraged long/short trading, using AMM-based price quotes (Uniswap V3-style getAmountOut/getAmountIn) to determine swap amounts, collateral health, and solvency metrics during trade…

Aperture Finance Hack AnalysisFig: Aperture Finance Hack BannerOverview:On January 25, 2026, Aperture Finance (@ApertureFinance) was exploited across multiple chains Ethereum, Arbitrum, and Base resulting in total losses exceeding $3.67 million USD. The root cause in incident was an arbitrary-call vulnerability caused by insufficient input validation, which allowed attackers to abuse existing ERC20 and NFT approvals and drain assets using transferFrom().The protocol is…

DMi Token Hack AnalysisFig: DMi Token Hack AnalysisOverview:On December 8, 2025, the DMi token (DMI/WBNB pair) on BSC Chain suffered a AMM reserve-manipulation exploit, resulting in an estimated theft of ~138.68 WBNB (~$124.4K USD) in a single atomic attack transaction.The vulnerability originated from a critical logic flaw in the DMi token’s transfer() implementation, which redirected /burned the entire transferred amount whenever the…

Abracadabra Hack AnalysisFig: Abracadabra Money Hack BannerOverview:On October 4, 2025, Abracadabra Money (@MIM_Spell), a decentralized lending platform on Ethereum that issues USD-pegged MIM (Magic Internet Money) loans, suffered a critical solvency bypass exploit via the cook() multi-action entrypoint., resulting in an estimated loss of ~$1.7 million USD. This protocol has been attacked for the third time in past 2 years; with heavy…

NGP Token Hack AnalysisOverview:On September 18, 2025, the NGP token (@newgoldprotocol) deployed on BNB Chain (BSC) suffered a price oracle manipulation attack (OWASP SCWE-028), resulting in an estimated loss of ~$2M USD.Note: SolidityScan AI Scanner was able to detect all of these NGP Token vulnerabilities that cost them ~2M USD in losses!The vulnerability stemmed from broken transfer fee logic combined with…

SuperRare Hack AnalysisOverview:On July 28, 2025, SuperRare’s (@SuperRare) RareStakingV1 contract was exploited for approximately $730,000 USD (~11.9M RARE tokens). The vulnerability stemmed from a broken access control check in the updateMerkleRoot() function, allowing any unauthorized users to submit malicious Merkle roots. This enabled an attacker to calculate a malicious Merkle root, submit it via a frontrunner transaction, and fraudulently claim the…

Arcadia Finance Hack AnalysisOverview:On July 15, 2025, Arcadia Finance (@ArcadiaFi)— a liquidity and asset management protocol — was exploited for nearly $3.5 million on Base. The attacker leveraged a critical trust assumption flaw in the RebalancerSpot contract. Specifically, a swapData parameter allowed arbitrary external calls to unvalidated router addresses.By registering their own malicious smart contract as both the router and a whitelisted ArcadiaAccount,…