Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

proxy admin compromiseDemo

Jan 19, 2026 · $216.8M · protocol

Narrative

On 2026-01-19, Orca suffered a proxy admin compromise incident resulting in approximately $216,788,144 in losses. The exploit targeted the protocol layer. Attribution: unattributed_criminal. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
proxy_admin_compromise
Secondary causes
access_control_missing
Attack layer
protocol
Strategy
tech_vuln
Actor role
target
Attribution
unattributed_criminal
Attacker address
0xd356687332b0d71779b8f72f133159911ae84539
Flash loan
no
Audited at time
no
Bounty at time
yes

AADAPT mappings

DEMO:AADAPT.TA0006DEMO:AADAPT.TA0008DEMO:AADAPT.T1078.004

Evidence

Disclosure date
Jan 21, 2026
Funds recovered
Audit firms at time
Post-mortem URLs (synthetic)
  • https://medium.com/orca/post-mortem-orca-2026-01-19
tx hashes (2)
  • 0x41c4c0df219d6cb113b67b26e9805856028d2f521800738414ee769adb20e3bf
  • 0x6b47013f301b1a491cb5221fcd2eafd2eca10069e68decc828bcc05f6740b29e