{"openapi":"3.1.0","info":{"title":"Crypto Hacks API","version":"1.0.0","description":"A live database of cryptocurrency and DeFi hacks, exploits and thefts — every major on-chain theft on record, powered by the public DeFiLlama hacks dataset, no key, nothing stored. Each incident carries the victim, the amount stolen in US dollars, the date, the attack technique (flash-loan oracle manipulation, reentrancy, private-key compromise, access-control exploit and more), a higher-level classification, the chain or chains involved, the target type (DeFi protocol, centralized exchange, bridge, wallet, token) and how much, if any, was later returned. The hacks endpoint returns the incident list newest-first, filterable by chain, technique, target type, classification, year and minimum loss. The biggest endpoint ranks the largest exploits of all time by dollars stolen — from the multi-billion-dollar bridge and exchange breaches down. The stats endpoint aggregates the whole dataset: total stolen, incident count, funds returned, and breakdowns by attack technique, chain, target type and year. This is the crypto-security and exploit-history cut — risk and post-mortem data distinct from the price, market, TVL, fees and on-chain APIs in the catalogue.","contact":{"name":"PremiumApi","url":"https://www.oanor.com/by/premiumapi"}},"servers":[{"url":"https://api.oanor.com/cryptohacks-api","description":"oanor gateway"}],"tags":[{"name":"Hacks"},{"name":"Biggest"},{"name":"Stats"},{"name":"Meta"}],"components":{"securitySchemes":{"oanorKey":{"type":"apiKey","in":"header","name":"x-oanor-key","description":"Get your key at https://www.oanor.com/developer/keys"}}},"security":[{"oanorKey":[]}],"paths":{"/v1/hacks":{"get":{"operationId":"get_v1_hacks","tags":["Hacks"],"summary":"Incident list, newest first","description":"","parameters":[{"name":"chain","in":"query","required":false,"description":"Filter by chain","schema":{"type":"string"},"example":"Ethereum"},{"name":"technique","in":"query","required":false,"description":"Filter by technique (substring)","schema":{"type":"string"},"example":"reentrancy"},{"name":"target_type","in":"query","required":false,"description":"Filter by target type","schema":{"type":"string"},"example":"DeFi Protocol"},{"name":"year","in":"query","required":false,"description":"Filter by year","schema":{"type":"string"},"example":"2026"},{"name":"min_amount","in":"query","required":false,"description":"Minimum USD stolen","schema":{"type":"string"},"example":"1000000"},{"name":"limit","in":"query","required":false,"description":"Max results (1-500)","schema":{"type":"string"},"example":"50"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"count":0,"hacks":[],"source":"DeFiLlama"},"meta":{"timestamp":"2026-06-11T16:46:55.275Z","request_id":"5960fc09-d94a-4737-a228-8a9b51fcfda7"},"status":"ok","message":"Hacks retrieved successfully","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/biggest":{"get":{"operationId":"get_v1_biggest","tags":["Biggest"],"summary":"Largest exploits of all time by USD stolen","description":"","parameters":[{"name":"limit","in":"query","required":false,"description":"Max results (1-200)","schema":{"type":"string"},"example":"25"},{"name":"min_amount","in":"query","required":false,"description":"Minimum USD stolen","schema":{"type":"string"},"example":"100000000"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"count":32,"hacks":[{"date":"2020-12-28","name":"LuBian","rank":1,"chains":["Bitcoin"],"technique":"Private Key Compromised (Brute Force)","amount_usd":3500000000,"bridge_hack":false,"target_type":"Other","classification":"Infrastructure"},{"date":"2025-02-21","name":"Bybit","rank":2,"chains":["Ethereum"],"technique":"Safe Multisig wallet Phishing Exploit","amount_usd":1400000000,"bridge_hack":false,"target_type":"CEX","classification":"Protocol Logic","returned_funds_usd":1400000000},{"date":"2022-03-23","name":"Ronin Bridge","rank":3,"chains":["Ethereum"],"technique":"Private Key Compromised (Social Engineering)","amount_usd":624000000,"bridge_hack":true,"target_type":"DeFi Protocol","classification":"Infrastructure"},{"date":"2021-08-10","name":"Poly Network","rank":4,"chains":["Ethereum","BSC","Polygon"],"technique":"Access Control Exploit","amount_usd":611000000,"bridge_hack":true,"target_type":"DeFi Protocol","classification":"Protocol Logic"},{"date":"2022-10-06","name":"Binance Bridge","rank":5,"chains":["BSC"],"technique":"Proof Verifier Bug","amount_usd":570000000,"bridge_hack":true,"target_type":"DeFi Protocol","classification":"Protocol Logic"},{"date":"2018-01-26","name":"Coincheck","rank":6,"chains":["NEM"],"technique":"Private Key Compromised (Unknown Method)","amount_usd":534000000,"bridge_hack":false,"target_type":"CEX","classification":"Infrastructure"},{"date":"2022-11-12","name":"FTX","rank":7,"chains":["Ethereum","Solana"],"technique":"Private Key Compromised (Unknown Method)","amount_usd":450000000,"bridge_hack":false,"target_type":"CEX","classification":"Infrastructure"},{"date":"2022-02-02","name":"Portal","rank":8,"chains":["Solana"],"technique":"Signature Exploit","amount_usd":326000000,"bridge_hack":true,"target_type":"DeFi Protocol","classification":"Protocol Logic","returned_funds_usd":326000000},{"date":"2024-05-31","name":"DMM Bitcoin","rank":9,"chains":["Bitcoin"],"technique":"Private Key Compromised (Unknown Method)","amount_usd":305000000,"bridge_hack":false,"target_type":"CEX","classification":"Infrastructure","returned_funds_usd":305000000},{"date":"2026-04-18","name":"Kelp","rank":10,"chains":["Ethereum","Arbitrum"],"technique":"LayerZero OFT bridge exploit","amount_usd":293000000,"bridge_hack":true,"target_type":"DeFi Protocol","classification":"Infrastructure"},{"date":"2026-04-01","name":"Drift Trade","rank":11,"chains":["Solana"],"technique":"Compromised Admin + Fake Token Price Manipulation","amount_usd":285000000,"bridge_hack":false,"target_type":"DeFi Protocol","classification":"Infrastructure"},{"date":"2018-04-21","name":"Gate","rank":12,"chains":[],"technique":"Private Key Compromised (Unknown Method)","amount_usd":235000000,"bridge_hack":false,"target_type":"CEX","classification":"Infrastructure"},{"date":"2024-07-18","name":"WazirX: India","rank":13,"chains":["Ethereum"],"technique":"Safe Multisig wallet Phishing Exploit","amount_usd":234900000,"bridge_hack":false,"target_type":"CEX","classification":"Infrastructure"},{"date":"2025-05-22","name":"Cetus CLMM","rank":14,"chains":["Sui"],"technique":"Spoof Token Exploit","amount_usd":223000000,"bridge_hack":false,"target_type":"DeFi Protocol","classification":"Protocol Logic"},{"date":"2023-09-23","name":"Mixin Network","rank":15,"chains":["Mixin"],"technique":"Database Attack","amount_usd":200000000,"bridge_hack":false,"target_type":"Other","classification":"Infrastructure"},{"date":"2023-03-13","name":"Euler V1","rank":16,"chains":["Ethereum"],"technique":"Flashloan Donate Function Logic Exploit","amount_usd":197000000,"bridge_hack":false,"target_type":"DeFi Protocol","classification":"Protocol Logic","returned_funds_usd":240000000},{"date":"2021-12-04","name":"Bitmart","rank":17,"chains":["Ethereum","BSC"],"technique":"Private Key Compromised (Unknown Method)","amount_usd":196000000,"bridge_hack":false,"target_type":"CEX","classification":"Infrastructure"},{"date":"2022-08-01","name":"Nomad","rank":18,"chains":["Ethereum"],"technique":"Trusted Root Exploit","amount_usd":190000000,"bridge_hack":true,"target_type":"DeFi Protocol","classification":"Protocol Logic"},{"date":"2022-04-17","name":"Beanstalk","rank":19,"chains":["Ethereum"],"technique":"Flashloan Governance Attack","amount_usd":181000000,"bridge_hack":false,"target_type":"DeFi Protocol","classification":"Ecosystem"},{"date":"2022-09-20","name":"Wintermute","rank":20,"chains":["Ethereum"],"technique":"Private Key Compromised (Brute Force)","amount_usd":160000000,"bridge_hack":false,"target_type":"Other","classification":"Infrastructure"},{"date":"2017-11-09","name":"Parity Multisig","rank":21,"chains":["Ethereum"],"technique":"Contract not initialized","amount_usd":150000000,"bridge_hack":false,"target_type":"DeFi Protocol","classification":"Protocol Logic"},{"date":"2021-09-29","name":"Compound V2","rank":22,"chains":["Ethereum"],"technique":"Math Mistake Exploit","amount_usd":147000000,"bridge_hack":false,"target_type":"DeFi Protocol","classification":"Protocol Logic"},{"date":"2021-12-13","name":"Vulcan Forged","rank":23,"chains":["Ethereum","Polygon"],"technique":"Private Key Compromised (Unknown Method)","amount_usd":140000000,"bridge_hack":false,"target_type":"DeFi Protocol","classification":"Infrastructure"},{"date":"2021-10-27","name":"CREAM Lending","rank":24,"chains":["Ethereum"],"technique":"Flashloan Price Oracle Attack","amount_usd":130000000,"bridge_hack":false,"target_type":"DeFi Protocol","classification":"Ecosystem"},{"date":"2025-11-03","name":"Balancer V2","rank":25,"chains":["Ethereum","Arbitrum","Base","Polygon","Sonic","Optimism"],"technique":"Composable Stable Pools Exploit","amount_usd":128000000,"bridge_hack":false,"target_type":"DeFi Protocol","classification":"Protocol Logic"}],"source":"DeFiLlama"},"meta":{"timestamp":"2026-06-11T16:46:55.397Z","request_id":"40dab09c-1822-4d5f-9ebb-79b92cf6da4a"},"status":"ok","message":"Biggest hacks retrieved successfully","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/stats":{"get":{"operationId":"get_v1_stats","tags":["Stats"],"summary":"Aggregate totals and breakdowns","description":"","parameters":[],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"source":"DeFiLlama","biggest":{"date":"2020-12-28","name":"LuBian","amount_usd":3500000000},"by_year":[{"year":2016,"count":1,"amount_usd":60000000},{"year":2017,"count":2,"amount_usd":157700000},{"year":2018,"count":2,"amount_usd":769000000},{"year":2020,"count":17,"amount_usd":3683750000},{"year":2021,"count":71,"amount_usd":2359683000},{"year":2022,"count":67,"amount_usd":3338128449},{"year":2023,"count":97,"amount_usd":1517474000},{"year":2024,"count":94,"amount_usd":1272598700},{"year":2025,"count":97,"amount_usd":2548655850},{"year":2026,"count":103,"amount_usd":896879135}],"top_chains":[{"key":"Ethereum","count":252,"amount_usd":8105888150},{"key":"Bitcoin","count":17,"amount_usd":4410158000},{"key":"BSC","count":98,"amount_usd":2741561234},{"key":"Solana","count":31,"amount_usd":1612749000},{"key":"Polygon","count":31,"amount_usd":1513687700},{"key":"Arbitrum","count":66,"amount_usd":1111262550},{"key":"NEM","count":1,"amount_usd":534000000},{"key":"Tron","count":9,"amount_usd":527580000},{"key":"Avalanche","count":18,"amount_usd":419503000},{"key":"Base","count":44,"amount_usd":414969000}],"by_target_type":[{"key":"DeFi Protocol","count":459,"amount_usd":7814368684},{"key":"CEX","count":40,"amount_usd":4494714000},{"key":"Other","count":21,"amount_usd":4049012000},{"key":"Wallet","count":7,"amount_usd":144950000},{"key":"Gaming","count":3,"amount_usd":70700000},{"key":"ICO","count":1,"amount_usd":7700000},{"key":"Chain","count":3,"amount_usd":7110000},{"key":"NFTfi","count":4,"amount_usd":5270000},{"key":"Token","count":8,"amount_usd":5198450},{"key":"Layer 1","count":1,"amount_usd":3900000}],"incident_count":551,"top_techniques":[{"key":"Private Key Compromised (Brute Force)","count":3,"amount_usd":3660865000},{"key":"Private Key Compromised (Unknown Method)","count":45,"amount_usd":2985441000},{"key":"Safe Multisig wallet Phishing Exploit","count":2,"amount_usd":1634900000},{"key":"Access Control Exploit","count":19,"amount_usd":752627000},{"key":"Private Key Compromised (Social Engineering)","count":4,"amount_usd":631820000},{"key":"Proof Verifier Bug","count":1,"amount_usd":570000000},{"key":"Flashloan Price Oracle Attack","count":29,"amount_usd":428270000},{"key":"Signature Exploit","count":2,"amount_usd":407700000},{"key":"Private Key Compromised","count":24,"amount_usd":332587000},{"key":"LayerZero OFT bridge exploit","count":1,"amount_usd":293000000}],"total_stolen_usd":16603869134,"returned_funds_usd":2387295733,"incidents_with_returns":29},"meta":{"timestamp":"2026-06-11T16:46:55.513Z","request_id":"f0d8018b-3959-45e1-9c64-c998bee1c60d"},"status":"ok","message":"Stats retrieved successfully","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/meta":{"get":{"operationId":"get_v1_meta","tags":["Meta"],"summary":"Service metadata","description":"","parameters":[],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"note":"Amounts are US dollars; dates are ISO (YYYY-MM-DD). chains is a list. Filter hacks by chain=Ethereum, technique=reentrancy, target_type='DeFi Protocol', classification, year=2026 or min_amount=1000000.","source":"DeFiLlama hacks (api.llama.fi/hacks, live)","service":"cryptohacks-api","endpoints":{"GET /v1/meta":"This document.","GET /v1/hacks":"Incident list, newest first (filters: chain, technique, target_type, classification, year, min_amount, limit=50).","GET /v1/stats":"Aggregate totals and breakdowns by technique, chain, target type and year.","GET /v1/biggest":"Largest exploits of all time ranked by USD stolen (limit=25, min_amount optional)."},"description":"A live database of cryptocurrency and DeFi hacks, exploits and thefts, from DeFiLlama. Every record carries the victim, the amount stolen in USD, the date, the attack technique, a classification, the chain(s), the target type and any funds returned. The hacks endpoint returns the incident list newest-first, filterable by chain, technique, target type, classification, year and minimum loss; the biggest endpoint ranks the largest exploits of all time; the stats endpoint aggregates total stolen, count, funds returned and breakdowns by technique, chain, target type and year. Live, no key, nothing stored. The crypto-security / exploit-history cut — distinct from the price, market, TVL, fees and on-chain APIs.","incident_count":551,"upstream_status":"ok","total_stolen_usd":16603869134},"meta":{"timestamp":"2026-06-11T16:46:55.641Z","request_id":"9001dba8-8448-4889-b88d-cf5e3a500823"},"status":"ok","message":"Meta","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}}},"x-oanor-pricing":[{"slug":"free","name":"Free","price_cents_month":0,"monthly_call_quota":20000,"rps_limit":3,"hard_limit":true},{"slug":"starter","name":"Starter","price_cents_month":795,"monthly_call_quota":225000,"rps_limit":10,"hard_limit":true},{"slug":"pro","name":"Pro","price_cents_month":2310,"monthly_call_quota":950000,"rps_limit":28,"hard_limit":true},{"slug":"scale","name":"Scale","price_cents_month":5290,"monthly_call_quota":3300000,"rps_limit":60,"hard_limit":true}],"x-oanor-marketplace-url":"https://www.oanor.com/api/cryptohacks-api"}