← back to feed·ETHACCESS-CONTROL2023-11-18 · 2y ago

Incident · DEFILLAMA

Kronos Research

API Key unauthorized access

Estimated loss

$26.00M

VERDICT —UNRATED

Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.

▰ METHOD

API Key unauthorized access

ACCESS-CONTROLBYTECODE CATCHABLE →AI SCANNABLE →

Root cause

Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.

Forensic narrative

Classification: Infrastructure. Technique: API Key unauthorized access. Target type: Other. Affected chains: Ethereum.

Sourced from

DefiLlama Hacks dataset · api.llama.fi/hacks

Technical record

chain: ethereum
protocol: Kronos Research
bug_class: access-control
date_occurred: 2023-11-18
loss_usd: $26,000,000
classification: Infrastructure
technique: API Key unauthorized access
target_type: Other
source_id: dl:adhoc:kronos-research:1700265600

Related — same bug class· access-control

2026-05-13

28d ago

ARB

ShapeShift FOX Colony (Colony Network)

executeMetaTransaction → resolver-repoint via setTarget → delegatecall drain

Uniswap V4 hook-contract logic exploit

Contract Vulnerability

Huma Finance V1 (deprecated)

refreshAccount() unconditional GoodStanding state flip → unauthorized drawdown

Unprotected Initializer Exploit

Contract Vulnerability

access-control

$209.0K

UNRATED