Docs›Vault Incidents
Vault Incidents
The Vault Incidents page is a curated timeline of exploits, depegs, and governance failures that affected DeFi yield vaults — protocols where users deposit stablecoins to earn yield. Unlike the real-time risk score, this is a historical record with root-cause analysis.
Event categories
| Category | Description |
|---|---|
| Vault contract | Exploit or vulnerability in the vault's own smart contract code. |
| Strategy / protocol | The underlying yield strategy or protocol (e.g. Aave, Compound, Curve) had an incident. |
| Infrastructure | Bridge exploit, oracle manipulation, or cross-chain infrastructure failure affecting vault TVL. |
| Stablecoin | The stablecoin held in the vault depegged, causing vault share value to fall. |
| Governance / admin | Multisig compromise, malicious upgrade, or governance attack on the protocol. |
Attack mechanisms
| Mechanism | Description |
|---|---|
| Oracle manipulation | Price feed manipulated to allow under-collateralised borrows or inflated vault share prices. |
| Flash loan | Single-transaction loan used to temporarily distort pool prices or drain reserves. |
| Reentrancy | Contract called back before state is updated, allowing multiple withdrawals against one deposit. |
| Logic error | Bug in accounting, share calculation, or reward distribution. |
| Donation attack | Sending tokens directly to a contract manipulates share price calculations. |
| Collateral mispricing | LST or illiquid collateral mispriced relative to the underlying, creating exploitable spread. |
| Insolvency cascade | Undercollateralised positions trigger liquidations that propagate across protocols. |
| Liquidity freeze | Withdrawals blocked due to governance action, regulatory intervention, or protocol pause. |
| Bridge exploit | Validator compromise or logic error in a cross-chain bridge draining bridged stablecoin TVL. |
Event type badges
| Badge | Meaning |
|---|---|
| Exploit / Hack | Active smart contract exploit — funds lost or at immediate risk. |
| Rug / Drain | Insider-initiated fund drain or exit scam. |
| Depeg | Stablecoin held by the vault lost its peg, reducing vault NAV. |
| Oracle | Oracle manipulation — not necessarily an exploit but abnormal price feed. |
| Incident | Other category: governance issue, pause, admin action. |
Data source
Vault incident data is curated manually from public post-mortems, DeFiLlama's hacks database, Rekt News, protocol governance forums, and blockchain analysis. Each entry includes date, funds at risk, root cause category, and attack mechanism. Events are cross-referenced against the vault universe to link incidents to specific vaults tracked in the Vault Universe.