The DeFi industry is being pressured more than anticipated. Attackers have stolen more than $19 million from projects ranging from complex MEV infrastructure to privacy-focused protocols in just the last seven days. The trend is concerning: instead of focusing on straightforward smart contract bugs, modern exploits are increasingly targeting intricate system interactions.
In the most concerning instance, Aztec experienced two distinct exploits in three days. Due to a problem with the protocol’s escape hatch mechanism, the most recent attack depleted the project’s Private Rollup Bridge of about $2.5 million. This came after a previous vulnerability that involved discrepancies between transaction counts and committed rollup data.
The consecutive incidents demonstrate the difficulties in protecting increasingly complex Layer-2 and zero-knowledge architectures, where vulnerabilities may arise at the interface between on-chain and off-chain verification systems.
In the meantime, a highly inventive attack cost jaredfromsubway.eth, one of Ethereum’s most well-known MEV operators, about $15 million. The attacker altered the bot’s automated trading logic rather than taking advantage of a conventional smart contract vulnerability. The attacker persuaded the MEV system that there was a lucrative sandwich opportunity by fabricating wrapped assets and misleading liquidity pools. After that, the bot granted permissions that made it possible for its assets to be stolen.
Vulnerabilities being detected
The Labubu project lost about $1.15 million on the BNB Chain due to serious pool imbalances caused by a suspicious token parameter modification. There has been conjecture that the incident might have involved insider participation rather than an external attacker, due to the sequence of events, which includes ownership changes right before the exploit.
Namada, a blockchain that prioritizes privacy, also experienced a serious hack in which hackers hijacked approximately $600,000 from its MASP infrastructure.
At the same time, Taiko revealed a hack that compromised chain-state verification systems, resulting in losses of about $1 million and prompting users to withdraw money from affected bridges immediately.
When combined, these incidents show that the risks associated with crypto security are becoming more complex than simple coding errors. Attackers are increasingly taking advantage of operational flaws, automated tactics, cross-system interactions, and protocol design assumptions. The complexity of blockchain infrastructure makes defending it exponentially more challenging.