A maintained index of Web3 exploit postmortems & incident reports in one place.
The catalog prioritizes primary sources:
- official protocol postmortems
- official incident reports or root-cause analyses
- first-party operator writeups when a document is not literally titled "postmortem"
- official X / Twitter posts only when they contain substantive incident detail, not just alerts or announcements
For multi-protocol incidents, first-party reports from directly affected protocols or infrastructure providers are also useful when they explain a distinct part of the failure or fallout.
| Year | Protocol / Project | Incident class | Primary writeup |
|---|---|---|---|
| 2026 | Aave | Downstream rsETH exposure after bridge compromise | rsETH Incident Report (April 20, 2026) |
| 2026 | LayerZero | Compromised RPC incident | rsETH Incident Statement |
| 2026 | LayerZero | KelpDAO rsETH bridge incident | KelpDAO Incident Statement |
| 2026 | Hyperbridge | MMR proof-verification exploit | Update on Recovery Efforts and Next Steps |
| 2025 | Balancer | Stable-pool rounding exploit | Nov 3 Exploit Post-Mortem |
| 2025 | Bunni | AMM accounting exploit | Exploit Post Mortem |
| 2025 | Cork Protocol | Multi-vector DeFi exploit | May 28 2025 Exploit Post-Mortem |
| 2024 | Gamma Strategies | Deposit-safety configuration exploit | Post-Mortem & Remediation Plan |
| 2024 | Radiant Capital | Signer compromise / malicious approvals | Radiant Capital Post-Mortem |
| 2024 | Sonne Finance | Donation attack on Compound v2 fork | Post-mortem, Sonne Finance exploit |
| 2024 | Radiant Capital | Empty-market precision exploit | Post-Mortem Report: Radiant Capital |
| 2023 | dYdX | Oracle / market-manipulation incident | Post Mortem on SUSHI and YFI Incident |
| 2023 | KyberSwap Elastic | Concentrated-liquidity accounting exploit | Post Mortem: KyberSwap Elastic Exploit November 2023 |
| 2023 | Balancer | DNS / frontend compromise | DNS Security Incident: Post Mortem |
| 2023 | Exactly Protocol | Input validation / permit misuse | Exactly Protocol Incident Post-Mortem |
| 2023 | Conic Finance | Read-only reentrancy and pool manipulation | Post Mortem - ETH and crvUSD Omnipool Exploits |
| 2023 | Levana Protocol | Oracle exploitation during chain congestion | Levana exploit postmortem |
| 2023 | Rodeo Finance | Oracle manipulation | Rodeo Finance Exploit - Post Mortem |
| 2023 | Sturdy Finance | Collateral-price manipulation | Exploit post-mortem |
| 2023 | FloorDAO | Rebase / staking logic exploit | Floor Post Mortem & Incident Summary |
| 2023 | Swarm Markets | Proxy-admin compromise | Swarm Markets exploit: Post Mortem |
| 2022 | Raydium | Private-key compromise | Detailed Post-Mortem and Next Steps |
| 2022 | Nomad | Bridge authentication failure | Nomad Bridge Hack: Root Cause Analysis |
| 2022 | Ronin | Validator-key compromise | Community Alert: Ronin Validators Compromised |
| 2022 | Beanstalk | Governance exploit | Beanstalk Governance Exploit |
| 2022 | Wormhole | Bridge signature-verification exploit | Wormhole Incident Report - 02/02/22 |
| 2022 | Umbrella Network | Chain exploit | Technical Post Mortem - Umbrella Chain Exploit |
| 2022 | KyberSwap | Frontend compromise | Post Mortem: Past KyberSwap Frontend Exploit (Sept 2022) |
| 2022 | Osmosis | Liquidity-pool accounting bug | Osmosis Updates from the Lab Recap, Osmocon and Exploit Fix |
| 2021 | C.R.E.A.M. Finance | Reentrancy via ERC777 hook integration | C.R.E.A.M. Finance Post Mortem: AMP Exploit |
| 2021 | C.R.E.A.M. Finance | Oracle / economic exploit | C.R.E.A.M. Finance Post Mortem: Flash Loan Exploit Oct 27 |
| 2021 | THORChain | Router exploits | Post-mortem: ETH Router Exploits 1 & 2 |
| 2021 | pNetwork | Bridge exploit | pNetwork Post Mortem: pBTC-on-BSC Exploit |
| 2021 | MonoX | Same-token swap bug | Exploit: Post Mortem |
| 2021 | Eleven Finance | Vault share-accounting bug | Eleven Finance NRV Vault Exploit and loss of funds - A post mortem |
| 2021 | Force DAO | Vault integration bug | xFORCE Exploit Post Mortem |
| 2020 | Harvest Finance | Curve price manipulation / flash-loan exploit | Harvest Flashloan Economic Attack Post-Mortem |
| 2020 | IOTA Trinity Wallet | Third-party dependency compromise | Trinity Attack Incident Part 1: Summary and next steps |
These are first-party X sources that contain actual postmortem value: root cause, attack path, timeline, scope, or remediation. Announcement-only posts are intentionally excluded.
| Year | Protocol / Project | Incident class | Official X / Twitter source |
|---|---|---|---|
| 2026 | LayerZero | KelpDAO rsETH bridge incident | KelpDAO Incident Statement |
| 2026 | Aave | rsETH incident remediation | rsETH technical recovery plan |
| 2026 | KelpDAO | rsETH bridge exploit | Post-incident analysis |
| 2026 | Drift Protocol | Multisig / admin-control compromise | Official statement |
| 2026 | CoW Swap | Domain-registration supply-chain compromise | POST MORTEM: Cow.fi Domain Hijack |
| 2026 | Veil Cash | Misconfigured Groth16 verifier | Official post-mortem |
| 2025 | dTRINITY / dLEND | Swap-adapter approval abuse | Post-Mortem for dLEND's Swap Adapter Attack |
| 2025 | LND | Protocol-logic exploit | Official post-mortem |
| 2024 | Pump.fun | Insider / privileged-access exploit | Official post-mortem |
| 2024 | Spectral Labs | Bonding-curve exploit | Official post-mortem |
| 2024 | Abracadabra Money | Precision-loss / rounding exploit | Official post-mortem |
| 2023 | Hypr Network | OP Stack bridge initialization bug | Hypr's OP Stack Bridge Post Mortem |
Additions are welcome when they link to a primary source. Prefer stable long-form sources when they exist.
- Prefer a long-form report when both a report and an X thread exist.
- Use the X / Twitter table only for first-party posts that contain concrete incident analysis.