On December 1, 2025, Yearn suffered a multi-stage combined attack, resulting in a loss of approximately $9 million. The attackers used flash loans as leverage, exploiting vulnerabilities in the protocol's extreme scenario validation, logical branching, and precision control to gradually manipulate the liquidity pool, ultimately achieving near-unlimited minting of yETH LP and emptying the pool. This incident highlights the professionalization of DeFi attacks and exposes systemic deficiencies in the protocol's edge parameters, critical computations, and monitoring systems.

Prediction markets are evolving from niche experiments into financial infrastructure, with Polymarket's trading volume exceeding $5 billion and Kalshi receiving over $100 million in investment from Sequoia Capital. As product complexity increases, security risks also amplify. This article will analyze these risks from a Web3 security perspective and introduce ExVul's protection solutions.

On November 3, 2025, the Balancer protocol suffered a hacker attack on multiple public chains, including Arbitrum and Ethereum, resulting in a loss of $120 million in assets. The core of the attack stemmed from a dual vulnerability: loss of precision and manipulation of invariants. The key issue in this attack lay in the protocol's logic for handling small transactions.

9月23日，UXLINK项目多签钱包因私钥泄露遭遇攻击，约1130万美元加密资产被盗，并被转移至多家CEX/DEX。事件发生后，ExVul第一时间介入，协同项目方展开调查分析并实时监控资金流向。

北京时间2025年9月7日，Sui链上的 Nemo 被攻击，黑客通过操作py_index以窃取约259万美元。此次Nemo被盗根本原因是PyState错误地设置为可变引用。