chaindrainMVP
Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

flash loan governanceDemo

Aug 23, 2025 · $33.2M · protocol

Narrative

On 2025-08-23, Thirdweb suffered a flash loan governance incident resulting in approximately $33,232,997 in losses. The exploit targeted the protocol layer. A flash loan was used to amplify the attack. Attribution: unattributed_criminal. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
flash_loan_governance
Secondary causes
Attack layer
protocol
Strategy
tech_vuln
Actor role
target
Attribution
unattributed_criminal
Attacker address
0xbec66bb9624a8ed5ba258048c657d7c61f507c57
Flash loan
yes
Audited at time
no
Bounty at time
no

AADAPT mappings

DEMO:AADAPT.TA0040DEMO:AADAPT.TA0009DEMO:AADAPT.T1565.003

Evidence

Disclosure date
Aug 26, 2025
Funds recovered
$11.8M
Audit firms at time
Post-mortem URLs (synthetic)
  • https://medium.com/thirdweb/post-mortem-thirdweb-2025-08-23
  • https://rekt.news/thirdweb-rekt
  • https://blog.thirdweb.xyz/incident-report
tx hashes (4)
  • 0xe27ee5a825dbb3c84d74d779304cb41689432111e51aba0465db83c85a9caf88
  • 0xcc79ee1f5c6f152f0caef5e8fcc1e425185d0aa4eeb1036a56866a232e3852fe
  • 0x37e6c0be6a5946148dd88ba3c4f48cf94f3b7a3cef01ccaa4dbef7f3cbf90b51
  • 0x94101423de39718e1a777c9e100e280d3024edba7e10e4f60da20a103e8eea59