Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Stake Nova suffered a loss of approximately $137,014, representing about 95% of user deposits. The root cause was an unchecked validation issue in the RedeemNovaSol() function, which led to a flash-loan exploit that drained the liquidity pool. The vulnerability has now been fixed, the dApp has been taken offline, and the website is currently under maintenance. The team is offering a 10% on-chain bounty to the attacker; otherwise, they stated they will continue to pursue accountability. Attack method (per SlowMist): Business Logic Vulnerability. Reported loss: $ 137,014.
- chain
- —
- protocol
- Stake Nova
- bug_class
- flashloan
- date_occurred
- 2026-02-27
- loss_usd
- $137,014
- source_id
- sm:stake-nova::2026-02-27