2025 was a year of smart contract exploits. Protocols that passed multiple audits, protocols that had been battle-tested for years, protocols built by teams with deep security expertise. They all fell victim to attacks that revealed something uncomfortable: we\u2019re getting better at finding traditional bugs, but we\u2019re still missing fundamental flaws in how protocols think about economics, mathematics, and system\u00a0design.<\/p>\n
This retrospective examines the most technically interesting incidents of the year, ordered by what they teach us about smart contract security. We\u2019ll explore how economic invariant violations let attackers mint infinite tokens, how precision errors in AMM math turned tiny rounding mistakes into million-dollar exploits, and how system boundary failures exposed vulnerabilities that no single-component audit could\u00a0catch.<\/p>\n
These hacks reveal fundamental issues in protocol design, failures that go beyond simple mistakes and touch on core assumptions about how DeFi systems should\u00a0work.<\/p>\n
December 2025<\/strong><\/p>\n Yearn Finance suffered two related exploits in December 2025, both targeting legacy infrastructure that remained on-chain after protocol upgrades.<\/p>\n First exploit: Economic Invariant Violation ($9M)\u200a\u2014\u200aDecember\u00a01<\/strong><\/p>\n Yearn Finance\u2019s legacy yETH stableswap pool was drained in a single transaction. The attacker found a flaw in the share calculation logic that allowed minting a near-infinite number of yETH tokens. About 1,000 ETH (worth around $3 million) was sent to Tornado\u00a0Cash.<\/p>\n The attacker found an edge case in the stableswap formulas where share calculations could be manipulated. The vulnerability existed in the accounting logic itself. When the protocol calculated shares for deposits or withdrawals, the math could be manipulated to create shares out of thin\u00a0air.<\/p>\n Second exploit: Legacy Contract Risk ($300K)\u200a\u2014\u200aDecember\u00a017<\/strong><\/p>\n Following the first exploit, Yearn\u2019s V1 contracts were targeted. When protocols upgrade, old contracts don\u2019t disappear. They remain on-chain, potentially holding value. In Yearn\u2019s case, the V1 contracts still had funds locked in them, and those funds became a target after the first exploit drew attention to Yearn\u2019s legacy infrastructure.<\/p>\n Why it matters (auditor and organizational perspective):<\/strong><\/p>\n The first exploit shows an important gap in audit methodology. Static analysis tools don\u2019t verify economic invariants. Fuzzers test code paths, not economic models. Audit processes need to clearly verify that accounting logic maintains intended invariants across all operation sequences.<\/p>\n The second exploit highlights that legacy contracts represent ongoing risk. The first exploit may have drawn attention to Yearn\u2019s legacy infrastructure, leading to the second. Protocols need clear plans for sunsetting old contracts, migrating remaining value, and monitoring for unexpected interactions.<\/p>\n Mitigation:<\/strong> Implement invariant tests that assert share-to-value relationships hold across all operations. Use differential fuzzing to compare accounting calculations against reference implementations. Have clear deprecation strategies for legacy contracts with ongoing monitoring.<\/p>\n The vulnerability class:<\/strong> Economic invariant violation and legacy contract\u00a0risk.<\/p>\n Deep dive:<\/em> Yearn Finance DeFi Project Hacked for $9M<\/a> | PeckShield Alert<\/a> | Yearn Finance V1\u00a0Exploit<\/a><\/p>\n November 3,\u00a02025<\/strong><\/p>\n Small rounding errors in Balancer\u2019s stable pool calculations were amplified through high-frequency batch swaps, resulting in a $70\u2013128 million drain across multiple chains. Attackers executed hundreds or thousands of swaps, with each swap amplifying the previous rounding error until those tiny errors accumulated into massive value extraction.<\/p>\n How it\u00a0worked:<\/strong><\/p>\n Balancer\u2019s stable pools use complicated formulas to maintain price stability. These formulas involve rounding at multiple steps. In normal operation, rounding errors are small. But attackers found a way to structure batch swaps that consistently benefited from the rounding direction, extracting value through repeated operations.<\/p>\n Why it matters (protocol designer perspective):<\/strong><\/p>\n AMM math needs to be correct under adversarial conditions. Every rounding decision becomes a potential attack vector when dealing with large capital and the ability to execute many transactions quickly. Designers need to think adversarially: what happens if an attacker executes this operation a thousand\u00a0times?<\/p>\n What audits missed:<\/strong> Standard audit processes tested individual swaps, not sequences of hundreds or thousands. Rounding errors were measured as less than 1 wei per swap and treated as negligible. No invariant was asserted over N repeated operations. Fuzzers without stateful sequence modeling couldn\u2019t discover\u00a0this.<\/p>\n Mitigation:<\/strong> Assert invariants that hold across repeated operations. Test with adversarial batch sizes. Use formal verification to prove rounding error bounds remain acceptable under any sequence of operations.<\/p>\n The vulnerability class:<\/strong> Mathematical precision error in AMM formulas.<\/p>\n Deep dive:<\/em> Balancer DeFi Protocol Suffers Massive Exploit<\/a> | Balancer Hack Explained with Multi-Chain Details<\/a><\/p>\n July 9,\u00a02025<\/strong><\/p>\n GMX, a perpetuals trading protocol that handles billions in trading volume, was exploited for $42 million. The exploit didn\u2019t come from a bug in the core trading logic. It emerged at the boundaries between components: where oracles meet margin calculations, where liquidation logic interacts with bridge infrastructure.<\/p>\n How it\u00a0worked:<\/strong><\/p>\n The vulnerability existed in how these components interacted, not in any single component. When oracles update prices, margin requirements change, and liquidation logic responds. The attacker likely found a way to manipulate these interactions, perhaps by timing oracle updates with margin calculations. About $9.6 million was bridged to Ethereum immediately after the exploit, suggesting careful planning.<\/p>\n Why it matters (system architecture perspective):<\/strong><\/p>\n Well-audited individual components can still fail when integrated. The vulnerability doesn\u2019t exist in any single contract. It exists in the space between components, in how they communicate and interact. As protocols become more complicated and composable, the attack surface grows at component boundaries.<\/p>\n What audits missed:<\/strong> Traditional audit processes typically focus heavily on components in isolation. Integration testing exists, but it may not cover adversarial scenarios where an attacker can time operations across component boundaries.<\/p>\n Mitigation:<\/strong> Implement integration tests that simulate full system behavior. Use adversarial simulation frameworks that can model interactions between components. Test timing attacks where operations are sequenced to exploit component interactions.<\/p>\n The vulnerability class:<\/strong> System integration failure.<\/p>\n Deep dive:<\/em> GMX Exploit\u00a0Coverage<\/a><\/p>\n May 28,\u00a02025<\/strong><\/p>\n Cork Protocol lost about 3,761 wstETH (worth around $12 million) due to a vulnerability in how it handled liquid staking derivatives. Liquid staking derivatives like stETH, wstETH, and osETH introduce hidden state changes. The exchange rate between wstETH and ETH changes over time as staking rewards accumulate.<\/p>\n How it\u00a0worked:<\/strong><\/p>\n The exploit involved a mismatch between how Cork Protocol modeled wstETH\u2019s value accrual and how it actually works. The protocol likely assumed a static 1:1 relationship that doesn\u2019t hold. An attacker could deposit wstETH when the exchange rate is favorable, wait for it to accrue value, then withdraw more than they should be able\u00a0to.<\/p>\n Why it matters (organizational perspective):<\/strong><\/p>\n This highlights an organizational knowledge gap. Many development teams treat all ERC-20 tokens the same way, but liquid staking derivatives work differently. This isn\u2019t just a code problem. It\u2019s a knowledge management problem. Teams need processes to identify and document token-specific behaviors before integration.<\/p>\n Mitigation:<\/strong> Always use the token\u2019s exchange rate functions (e.g., wstETH.getStETHByWstETH()). Never assume a 1:1 relationship. Account for value accrual over time in any calculations involving LSDs.<\/p>\n The vulnerability class:<\/strong> Token mechanics misunderstanding.<\/p>\n Deep dive:<\/em> Cork Protocol Hacked for $12M, Smart Contracts Paused<\/a><\/p>\n These hacks reveal narrower but still instructive lessons about specific vulnerability classes.<\/p>\n September 2,\u00a02025<\/strong><\/p>\n Bunni, a concentrated liquidity protocol, was exploited through a precision\/rounding bug in its LP accounting system. The exact loss varies by source ($2.4M initially reported, later analysis suggests up to\u00a0$8.3M).<\/p>\n How it\u00a0worked:<\/strong><\/p>\n The attacker found a way to make repeated deposits and withdrawals that exploited rounding in their favor. Each operation extracted a tiny amount, but over many operations, those tiny amounts added up to millions.<\/p>\n Why it matters (testing methodology perspective):<\/strong><\/p>\n Most test suites model single operations, not operation sequences. A test might verify that a single deposit calculates shares correctly, but it won\u2019t catch precision errors that only appear after dozens of operations. Fuzzers that don\u2019t model stateful sequences miss these\u00a0issues.<\/p>\n Mitigation:<\/strong> Use established math libraries (e.g., PRBMath, ABDKMath). Test sequences of operations, not just single operations. Consider using higher precision internally even if external interfaces use standard precision.<\/p>\n The vulnerability class:<\/strong> Precision\/rounding error in LP accounting.<\/p>\n Deep dive:<\/em> Bunni V2 Exploit: $8.3M\u00a0Drained<\/a><\/p>\n October 30,\u00a02025<\/strong><\/p>\n Garden Finance was exploited for $5.5 million plus across multiple chains. The attacker exploited on one chain, then used cross-chain bridges to move stolen assets to other chains, swapping them through different DEXs to obscure the\u00a0trail.<\/p>\n Why it matters (threat modeling perspective):<\/strong><\/p>\n Multi-chain deployments create new attack surfaces. Threat models need to account for cross-chain attack vectors. Attackers might exploit your protocol on one chain, then use cross-chain infrastructure to escape or obscure their\u00a0tracks.<\/p>\n Mitigation:<\/strong> Design threat models that include cross-chain attack vectors. Understand how bridges work and their security assumptions. Consider implementing cross-chain monitoring and alerting.<\/p>\n The vulnerability class:<\/strong> Multi-chain attack\u00a0pattern.<\/p>\n Deep dive:<\/em> Garden Finance Breach\u00a0Coverage<\/a><\/p>\n September 8,\u00a02025<\/strong><\/p>\n Nemo Protocol on Sui was exploited for $2.4M. The attacker bridged stolen USDC via Circle from Arbitrum to Ethereum. The exploit happened despite Move\u2019s safety features.<\/p>\n Why it matters (tooling perspective):<\/strong><\/p>\n Move\u2019s type system prevents certain bugs, but it doesn\u2019t address an entire class of protocol-level vulnerabilities. If your protocol\u2019s economic logic is flawed, if your access control is weak, if your oracle integration is vulnerable, Move\u2019s type system doesn\u2019t\u00a0help.<\/p>\n The vulnerability class:<\/strong> Economic logic error in non-EVM ecosystem.<\/p>\n Deep dive:<\/em> Nemo Protocol Exploit\u00a0Details<\/a><\/p>\n Several other hacks in 2025 represent straightforward operational failures rather than novel technical vulnerabilities:<\/p>\n Unleash Protocol<\/strong> ($3.9M, December 30): Unauthorized drain, likely compromised permissionsArcadiaFi<\/strong> ($2.5M, July 15): Allowance\/approval abuse on Base\u00a0chainNewGoldProtocol<\/strong> ($2M, September 18): Token exploit, funds routed through Tornado\u00a0CashSuperRare<\/strong> ($730K, July 28): NFT platform\u00a0exploitUSPD<\/strong> ($1M, December 5): Token approval\u00a0exploit402bridge<\/strong> ($17K, October 28): Small bridge\u00a0exploit<\/p>\n These incidents follow well-known patterns: compromised admin keys, excessive token approvals, and access control failures. The solutions are known: use multisig for admin functions, implement proper access controls, monitor for excessive approvals.<\/p>\n Looking across 2025\u2019s hacks, several patterns emerge. Economic correctness matters as much as code security. Yearn\u2019s infinite mint and Balancer\u2019s rounding errors show that protocols need formal verification of their economic models, not just code audits. System boundaries hide complexity. GMX\u2019s exploit demonstrates that well-audited components can still fail when integrated. Integration testing and adversarial simulation are essential.<\/p>\n Precision and rounding remain dangerous. Bunni\u2019s exploit is a reminder that fixed-point arithmetic vulnerabilities persist. Test operation sequences, not just single operations. Cross-chain creates new attack surfaces. Garden Finance and Nemo Protocol show that multi-chain deployments require security models that account for cross-chain attack vectors. Language safety doesn\u2019t eliminate economic bugs. Nemo Protocol demonstrates that type-safe languages prevent certain bugs but don\u2019t address economic logic errors. Legacy contracts are ongoing risks. Yearn\u2019s December exploits show that deprecated contracts remain vulnerable, and one exploit can draw attention to legacy infrastructure. Have clear deprecation strategies and ongoing monitoring.<\/p>\n Audited, Tested, and Still Broken: Smart Contract Hacks of 2025<\/a> was originally published in Coinmonks<\/a> on Medium, where people are continuing the conversation by highlighting and responding to this story.<\/p>","protected":false},"excerpt":{"rendered":" 2025 was a year of smart contract exploits. Protocols that passed multiple audits, protocols that had been battle-tested for years, protocols built by teams with deep security expertise. They all fell victim to attacks that revealed something uncomfortable: we\u2019re getting better at finding traditional bugs, but we\u2019re still missing fundamental flaws in how protocols think […]<\/p>\n","protected":false},"author":0,"featured_media":124559,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-124558","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-interesting"],"_links":{"self":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/124558"}],"collection":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=124558"}],"version-history":[{"count":0,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/124558\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/media\/124559"}],"wp:attachment":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=124558"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=124558"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=124558"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Balancer: Rounding Error Exploitation ($70\u2013128M)<\/h3>\n
GMX: System Boundary Failure\u00a0($42M)<\/h3>\n
Cork Protocol: Liquid Staking Derivative Handling\u00a0($12M)<\/h3>\n
Interesting Edge\u00a0Cases<\/h3>\n
Bunni: Precision Error Accumulation ($2.4\u20138.3M)<\/h3>\n
Garden Finance: Multi-Chain Attack Pattern\u00a0($5.5M)<\/h3>\n
Nemo Protocol: When \u201cSafe\u201d Languages Aren\u2019t Enough\u00a0($2.4M)<\/h3>\n
The Rest: Operational Failures<\/h3>\n
Summary<\/h3>\n
Like this article? Click follow to stay\u00a0updated.<\/h4>\n