chaindrainMVP
Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

proxy admin compromiseDemo

Mar 5, 2024 · $33.9M · protocol

Narrative

On 2024-03-05, Llama (Treasury Mgmt) suffered a proxy admin compromise incident resulting in approximately $33,879,710 in losses. The exploit targeted the protocol layer. Attribution: dprk_lazarus. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
proxy_admin_compromise
Secondary causes
private_key_leak
Attack layer
protocol
Strategy
tech_vuln
Actor role
target
Attribution
dprk_lazarus
Attacker address
Flash loan
no
Audited at time
no
Bounty at time
no

AADAPT mappings

DEMO:AADAPT.TA0006DEMO:AADAPT.TA0008DEMO:AADAPT.T1078.004

Evidence

Disclosure date
Mar 7, 2024
Funds recovered
$11.8M
Audit firms at time
Post-mortem URLs (synthetic)
  • https://medium.com/llama-treasury-mgmt/post-mortem-llama-treasury-mgmt-2024-03-05
  • https://rekt.news/llama-treasury-mgmt-rekt
  • https://blog.llama-treasury-mgmt.xyz/incident-report
tx hashes (2)
  • 0x36f2e75122b2e78a0b6fe18d58db426145d7ce5a52a884d7a24fced15fc971b3
  • 0xac2e4e481cce6e0a89413425d89945b6994d8ef6534880301e87fb6fdfcc5e51