chaindrainMVP
Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

flash loan governanceDemo

Feb 7, 2023 · $40M · protocol

Narrative

On 2023-02-07, CCIP (Chainlink) suffered a flash loan governance incident resulting in approximately $40,042,285 in losses. The exploit targeted the protocol layer. A flash loan was used to amplify the attack. Attribution: unattributed_criminal. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
flash_loan_governance
Secondary causes
Attack layer
protocol
Strategy
tech_vuln
Actor role
target
Attribution
unattributed_criminal
Attacker address
0x23c5531a0f67fb4699f8b88b424473eddeb7becb
Flash loan
yes
Audited at time
no
Bounty at time
no

AADAPT mappings

DEMO:AADAPT.TA0040DEMO:AADAPT.TA0009DEMO:AADAPT.T1565.003

Evidence

Disclosure date
Feb 9, 2023
Funds recovered
$21.1M
Audit firms at time
Post-mortem URLs (synthetic)
  • https://medium.com/ccip-chainlink/post-mortem-ccip-chainlink-2023-02-07
  • https://rekt.news/ccip-chainlink-rekt
tx hashes (2)
  • 0xd2023a8f93ec02e262cf17752e1009c6b3b3031131b10dd953548571871d5a1f
  • 0xb4418a660c273132f630d4e843e5ec173c5fb97c9a7a24deaa48282c58117d2a