# Crypto Hacks API > A live database of cryptocurrency and DeFi hacks, exploits and thefts — every major on-chain theft on record, powered by the public DeFiLlama hacks dataset, no key, nothing stored. Each incident carries the victim, the amount stolen in US dollars, the date, the attack technique (flash-loan oracle manipulation, reentrancy, private-key compromise, access-control exploit and more), a higher-level classification, the chain or chains involved, the target type (DeFi protocol, centralized exchange, bridge, wallet, token) and how much, if any, was later returned. The hacks endpoint returns the incident list newest-first, filterable by chain, technique, target type, classification, year and minimum loss. The biggest endpoint ranks the largest exploits of all time by dollars stolen — from the multi-billion-dollar bridge and exchange breaches down. The stats endpoint aggregates the whole dataset: total stolen, incident count, funds returned, and breakdowns by attack technique, chain, target type and year. This is the crypto-security and exploit-history cut — risk and post-mortem data distinct from the price, market, TVL, fees and on-chain APIs in the catalogue. ## Authentication All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys. ```bash curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/cryptohacks-api/..." ``` ## Pricing - **Free** (Free) — 20,000 calls/Mo, 3 req/s - **Starter** ($8/Mo) — 225,000 calls/Mo, 10 req/s - **Pro** ($23/Mo) — 950,000 calls/Mo, 28 req/s - **Scale** ($53/Mo) — 3,300,000 calls/Mo, 60 req/s ## Endpoints ### Hacks #### `GET /v1/hacks` — Incident list, newest first **Parameters:** - `chain` (query, optional, string) — Filter by chain Example: `Ethereum` - `technique` (query, optional, string) — Filter by technique (substring) Example: `reentrancy` - `target_type` (query, optional, string) — Filter by target type Example: `DeFi Protocol` - `year` (query, optional, string) — Filter by year Example: `2026` - `min_amount` (query, optional, string) — Minimum USD stolen Example: `1000000` - `limit` (query, optional, string) — Max results (1-500) Example: `50` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/cryptohacks-api/v1/hacks?chain=Ethereum&technique=reentrancy&target_type=DeFi+Protocol&year=2026&min_amount=1000000&limit=50" ``` **Response:** ```json { "data": { "count": 0, "hacks": [], "source": "DeFiLlama" }, "meta": { "timestamp": "2026-06-11T16:46:55.275Z", "request_id": "5960fc09-d94a-4737-a228-8a9b51fcfda7" }, "status": "ok", "message": "Hacks retrieved successfully", "success": true } ``` ### Biggest #### `GET /v1/biggest` — Largest exploits of all time by USD stolen **Parameters:** - `limit` (query, optional, string) — Max results (1-200) Example: `25` - `min_amount` (query, optional, string) — Minimum USD stolen Example: `100000000` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/cryptohacks-api/v1/biggest?limit=25&min_amount=100000000" ``` **Response:** ```json { "data": { "count": 32, "hacks": [ { "date": "2020-12-28", "name": "LuBian", "rank": 1, "chains": [ "Bitcoin" ], "source": null, "technique": "Private Key Compromised (Brute Force)", "amount_usd": 3500000000, "bridge_hack": false, "target_type": "Other", "classification": "Infrastructure", "returned_funds_usd": null }, { "date": "2025-02-21", "name": "Bybit", "rank": 2, "chains": [ "Ethereum" ], "source": null, "technique": "Safe Multisig wallet Phishing Exploit", "amount_usd": 1400000000, "bridge_hack": false, "target_type": "CEX", "classification": "Protocol Logic", "returned_funds_usd": 1400000000 }, { "date": "2022-03-23", "name": "Ronin Bridge", "rank": 3, "chains": [ "Ethereum" ], "source": null, "technique": "Private Key Compromised (Social Engineering)", "amount_usd": 624000000, "bridge_hack": true, …(truncated, see openapi.json for full schema) ``` ### Stats #### `GET /v1/stats` — Aggregate totals and breakdowns **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/cryptohacks-api/v1/stats" ``` **Response:** ```json { "data": { "source": "DeFiLlama", "biggest": { "date": "2020-12-28", "name": "LuBian", "amount_usd": 3500000000 }, "by_year": [ { "year": 2016, "count": 1, "amount_usd": 60000000 }, { "year": 2017, "count": 2, "amount_usd": 157700000 }, { "year": 2018, "count": 2, "amount_usd": 769000000 }, { "year": 2020, "count": 17, "amount_usd": 3683750000 }, { "year": 2021, "count": 71, "amount_usd": 2359683000 }, { "year": 2022, "count": 67, "amount_usd": 3338128449 }, { "year": 2023, "count": 97, "amount_usd": 1517474000 }, { "year": 2024, "count": 94, "amount_usd": 1272598700 }, { "year": 2025, "count": 97, "amount_usd": 2548655850 }, { "year": 2026, "count": 103, "amount_usd": 896879135 } ], …(truncated, see openapi.json for full schema) ``` ### Meta #### `GET /v1/meta` — Service metadata **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/cryptohacks-api/v1/meta" ``` **Response:** ```json { "data": { "note": "Amounts are US dollars; dates are ISO (YYYY-MM-DD). chains is a list. Filter hacks by chain=Ethereum, technique=reentrancy, target_type='DeFi Protocol', classification, year=2026 or min_amount=1000000.", "source": "DeFiLlama hacks (api.llama.fi/hacks, live)", "service": "cryptohacks-api", "endpoints": { "GET /v1/meta": "This document.", "GET /v1/hacks": "Incident list, newest first (filters: chain, technique, target_type, classification, year, min_amount, limit=50).", "GET /v1/stats": "Aggregate totals and breakdowns by technique, chain, target type and year.", "GET /v1/biggest": "Largest exploits of all time ranked by USD stolen (limit=25, min_amount optional)." }, "description": "A live database of cryptocurrency and DeFi hacks, exploits and thefts, from DeFiLlama. Every record carries the victim, the amount stolen in USD, the date, the attack technique, a classification, the chain(s), the target type and any funds returned. The hacks endpoint returns the incident list newest-first, filterable by chain, technique, target type, classification, year and minimum loss; the biggest endpoint ranks the largest exploits of all time; the stats endpoint aggregates total stolen, count, funds returned and breakdowns by technique, chain, target type and year. Live, no key, nothing stored. The crypto-security / exploit-history cut — distinct from the price, market, T …(truncated, see openapi.json for full schema) ``` --- Marketplace page: https://www.oanor.com/api/cryptohacks-api OpenAPI spec: https://www.oanor.com/api/cryptohacks-api/openapi.json