chaindrainMVP
Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

reentrancyDemo

Sep 30, 2024 · $4.9M · protocol

Narrative

On 2024-09-30, Circle (Circle Payments / Circle APIs) suffered a reentrancy incident resulting in approximately $4,893,036 in losses. The exploit targeted the protocol layer. Attribution: dprk_lazarus. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
reentrancy
Secondary causes
Attack layer
protocol
Strategy
tech_vuln
Actor role
target
Attribution
dprk_lazarus
Attacker address
0x8d8c97c83ff6ea21c3e7578dd1d178c5ca990b86
Flash loan
no
Audited at time
yes
Bounty at time
no

AADAPT mappings

DEMO:AADAPT.TA0004DEMO:AADAPT.TA0040DEMO:AADAPT.T1190

Evidence

Disclosure date
Oct 2, 2024
Funds recovered
$2.5M
Audit firms at time
OpenZeppelin
Post-mortem URLs (synthetic)
  • https://medium.com/circle-circle-payments-circle-apis/post-mortem-circle-circle-payments-circle-apis-2024-09-30
  • https://rekt.news/circle-circle-payments-circle-apis-rekt
tx hashes (3)
  • 0x6bde4e6bc8c51151c57ec50bdd6386e50b0c23a8b07b137b9c05ded8f61d65a6
  • 0x6169462f23370556441bb36e670a8f1684323ec919ac73d4159e9d6999c24470
  • 0xaeb313d2a59d96ae2abfd992d9226e878ee5a7b790389d1a56aa5c435dd8d06b