Security

Exploit

A deliberate attack using code vulnerabilities to steal funds or break protocol functionality.

Last Updated

2026-03-19

Related Concepts

What is Exploit?

In Web3, an exploit is a targeted attack that leverages bugs, logical errors, or unforeseen vulnerabilities in a smart contract's code to steal assets or manipulate a protocol.

Unlike a simple glitch, an exploit is an intentional abuse of code to produce an outcome the developers did not intend.

How does Exploit work?

An attacker (or security researcher) identifies a flaw in a protocol's code or economic logic.
The attacker crafts a specific sequence of transactions designed to trigger the flaw.
These transactions are broadcast to the network, often using high gas fees or flash loans to execute the attack quickly.
The smart contract executes the malicious instructions, resulting in the drainage of funds or the breaking of the protocol's state.
The stolen funds are often moved through "mixers" (like Tornado Cash) to hide the attacker's identity.

Why does Exploit matter?

Exploits are the single greatest threat to the DeFi ecosystem, often resulting in millions of dollars in losses. They highlight the principle that "code is law"if the code allows it, it can happen.

Key features of Exploit

Deliberate and malicious use of code flaws
Often targets complex DeFi logic (e.g., price oracles)
Result in significant financial loss or protocol failure
Irreversible once confirmed on the blockchain
Can be mitigated via audits and formal verification

Examples of Exploit

The "DAO Hack" in 2016 is one of the most famous exploits, using a "reentrancy" vulnerability to steal 3.6 million ETH.

More recently, "flash loan attacks" have been used to manipulate the price of tokens on DEXs to drain liquidity from lending protocols.

Security

Exploit

A deliberate attack using code vulnerabilities to steal funds or break protocol functionality.

Last Updated

2026-03-19

Related Concepts

Smart Contract

What is Exploit?

In Web3, an exploit is a targeted attack that leverages bugs, logical errors, or unforeseen vulnerabilities in a smart contract's code to steal assets or manipulate a protocol.

Unlike a simple glitch, an exploit is an intentional abuse of code to produce an outcome the developers did not intend.

How does Exploit work?

An attacker (or security researcher) identifies a flaw in a protocol's code or economic logic.
The attacker crafts a specific sequence of transactions designed to trigger the flaw.
These transactions are broadcast to the network, often using high gas fees or flash loans to execute the attack quickly.
The smart contract executes the malicious instructions, resulting in the drainage of funds or the breaking of the protocol's state.
The stolen funds are often moved through "mixers" (like Tornado Cash) to hide the attacker's identity.

Why does Exploit matter?

Exploits are the single greatest threat to the DeFi ecosystem, often resulting in millions of dollars in losses. They highlight the principle that "code is law"if the code allows it, it can happen.

Key features of Exploit

Deliberate and malicious use of code flaws
Often targets complex DeFi logic (e.g., price oracles)
Result in significant financial loss or protocol failure
Irreversible once confirmed on the blockchain
Can be mitigated via audits and formal verification

Examples of Exploit

The "DAO Hack" in 2016 is one of the most famous exploits, using a "reentrancy" vulnerability to steal 3.6 million ETH.

More recently, "flash loan attacks" have been used to manipulate the price of tokens on DEXs to drain liquidity from lending protocols.

Exploit

Web3 Security

What is Exploit?

How does Exploit work?

Why does Exploit matter?

Key features of Exploit

Examples of Exploit

External References

Exploit

Web3 Security

What is Exploit?

How does Exploit work?

Why does Exploit matter?

Key features of Exploit

Examples of Exploit

External References