**What this measures**
This factor counts the total number of distinct in-sample hack incidents affecting this protocol, as recorded in the hacks database with post-mortems completed. Each incident counts once regardless of loss size. The count is updated whenever a new incident is confirmed and post-mortemed. It is the primary input to the chronic-flag calculation (RD-F-078) and feeds directly into the protocol-level badge assignment.
**Why it matters**
A protocol that has been successfully exploited once has demonstrated at minimum one exploitable vulnerability in its codebase or operational posture. Six protocols in the dataset were exploited more than once, and in four of those cases the second exploit arrived within twelve months of the first -- either by bypassing an incomplete fix or by targeting a different but equally serious weakness. The prior-exploit count is a leading indicator of security-culture deficiency: it signals that either the code-quality bar is insufficient, the upgrade discipline is weak, or operational security is persistently below peer standards.
**Green / Yellow / Red**
Green: zero prior exploits in the database. Yellow: one prior exploit with a documented remediation, a re-audit, and no same-root-cause recurrence for at least twelve months. Red: two or more prior exploits, or one prior exploit without documented remediation or re-audit.
**Common gray cases**
Near-miss events (governance proposals voted down before execution, white-hat interventions with full fund recovery) are not counted as incidents unless the underlying vulnerability was successfully triggered even briefly. Curator judgment is required on partial-drain incidents where root cause is unconfirmed.
**Notable historical examples**
- **Compound Finance** ($147M, 2021): Second incident in twelve months; governance upgrade introduced the drip() vulnerability on an already-exploited Comptroller.
- **Radiant Capital** ($53M, 2024): Second incident targeting an entirely different vector (multisig key compromise) than the first (flash loan attack).
- **AlexLab** ($16.18M, 2025): Second exploit via vault permission hijack; first was a private key compromise, indicating independent systemic gaps.
- **Abracadabra Money** ($13M, 2025): Second incident via phantom collateral in a gmCauldron upgrade; different vector from first.
- **Platypus Finance** ($8.5M, 2023): Part of a pattern of three incidents in eight months.
Count the number of distinct incidents in the hack database affecting this protocol.
relatedAave V3 — CAPO (Correlated Asset Price Oracle) misconfigured price feed for a freshly-listed correlated asset → mispriced collateral → cascade of involuntary liquidations2026-03-12 · $862K · CAPO (Correlated Asset Price Oracle) misconfigured price feed for a freshly-listed correlated asset → mispriced collateral → cascade of involuntary liquidations · Auto-linked by C.4 triage 2026-05-07
→
causalAlexLab (Bitcoin DeFi / Stacks) — Vault permission hijack via malicious token self-listing; `as-contract` context abuse2025-06-06 · $16M · Vault permission hijack via malicious token self-listing; `as-contract` context abuse · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
causalAbracadabra Money — Logic bug — phantom collateral / post-liquidation state inconsistency2025-03-25 · $13M · Logic bug — phantom collateral / post-liquidation state inconsistency · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
causalRadiant Capital — Compromised multisig private keys → malicious contract upgrade → pool ownership transfer → drain2024-10-16 · $53M · Compromised multisig private keys → malicious contract upgrade → pool ownership transfer → drain · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
causalOnyx Protocol — Compound V2 empty-market donation attack — governance-added PEPE market exploited via rounding + exchange rate inflation2023-10-31 · $2M · Compound V2 empty-market donation attack — governance-added PEPE market exploited via rounding + exchange rate inflation · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
relatedBalancer V2 (+ Beethoven X fork) — Linear pool rounding-down logic → cached rate manipulation → boosted pool drain2023-08-27 · $2M · Linear pool rounding-down logic → cached rate manipulation → boosted pool drain · Auto-linked by C.4 triage 2026-05-07
→
causalDeus DAO / DEI stablecoin — Mis-ordered Parameters in burnFrom — Public Approval Override2023-05-06 · $7M · Mis-ordered Parameters in burnFrom — Public Approval Override · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
causalLevel Finance — Logic bug — referral reward claimMultiple() epoch not checked for reuse2023-05-01 · $1M · Logic bug — referral reward claimMultiple() epoch not checked for reuse · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
causalHundred Finance — ERC-4626-style cToken exchange rate manipulation + rounding error2023-04-15 · $7M · ERC-4626-style cToken exchange rate manipulation + rounding error · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
relatedEuler Finance — Donation Function Bypassing Health Check (Logic Bug in EIP-14 upgrade)2023-03-13 · $197M · Donation Function Bypassing Health Check (Logic Bug in EIP-14 upgrade) · Auto-linked by C.4 triage 2026-05-07
→
causalPlatypus Finance — Flash loan + emergencyWithdraw() solvency check bypass — collateral withdrawal without repaying borrowed USP2023-02-16 · $9M · Flash loan + emergencyWithdraw() solvency check bypass — collateral withdrawal without repaying borrowed USP · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
causalMidas Capital — Read-only reentrancy on Curve LP token virtual price — inflated collateral valuation2023-01-15 · $660K · Read-only reentrancy on Curve LP token virtual price — inflated collateral valuation · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
relatedRaydium — Compromised pool owner private key → withdraw_pnl() fee drain + SyncNeedTake parameter manipulation2022-12-16 · $4M · Compromised pool owner private key → withdraw_pnl() fee drain + SyncNeedTake parameter manipulation · Auto-linked by C.4 triage 2026-05-07
→
relatedCurve Finance (curve.fi frontend) — DNS nameserver compromise → malicious frontend injection → approval harvesting2022-08-09 · $575K · DNS nameserver compromise → malicious frontend injection → approval harvesting · Auto-linked by C.4 triage 2026-05-07
→
relatedVenus Protocol + Blizz Finance (two protocols, one event) — Oracle Min-Price Floor Exploit (Stale Price Feed During Depeg)2022-05-12 · $14M · Oracle Min-Price Floor Exploit (Stale Price Feed During Depeg) · Auto-linked by C.4 triage 2026-05-07
→
relatedWormhole Bridge (Solana ↔ Ethereum) — Signature verification bypass via deprecated sysvar → fraudulent SignatureSet → fake mint of 120k wETH on Solana2022-02-02 · $326M · Signature verification bypass via deprecated sysvar → fraudulent SignatureSet → fake mint of 120k wETH on Solana · Auto-linked by C.4 triage 2026-05-07
→
causalDAO Maker — Reinitializable init() function + emergencyExit() drain on token vesting contracts2021-09-04 · $4M · Reinitializable init() function + emergencyExit() drain on token vesting contracts · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
causalMerlin Labs (REKT 2) — Oracle Mispricing2021-05-27 · $550K · Oracle Mispricing · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→
causalUranium Finance — Math bug — constant product formula check broken by inconsistent parameter change (1000→10000)2021-04-28 · $57M · Math bug — constant product formula check broken by inconsistent parameter change (1000→10000) · Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
→