Why it matters

The history of crypto hacks is one of the most valuable datasets in the ecosystem. Every exploit teaches a lesson about what can go wrong — reentrancy, oracle manipulation, bridge key compromise, governance attacks. But this history is scattered across post-mortems, Twitter threads, and Rekt News articles with no structured way to query it. Building this in Geo connects exploits to the projects affected, the vulnerabilities involved, and the auditors who did or didn't catch them.

What to publish

  • Create Exploit/Hack entities for every major crypto security incident

  • For each incident, publish:

    • Name (e.g. "Ronin Bridge Hack", "The DAO Hack", "Wormhole Exploit")

    • Date of the incident

    • Protocol or project affected — link to Project entity

    • Amount lost (USD value at time of hack)

    • Amount recovered if any

    • Attack vector / root cause (reentrancy, flash loan, private key compromise, oracle manipulation, governance attack, social engineering, etc.)

    • Chain(s) involved

    • Brief description of how the attack worked

    • Post-mortem URL

    • Whether the attacker was identified

    • Outcome (funds returned, protocol shut down, hard fork, insurance payout, etc.)

  • Create relations to:

    • Projects affected — link to Project entities

    • Attack vector Topics (e.g. reentrancy, flash loan attacks, bridge exploits)

    • Auditors who audited the project before the hack — link to Company entities

    • Related exploits using the same technique

  • Create Topic entities for attack categories if they don't exist

Scope

All major incidents with losses over $1M. Likely 100–150 events covering 2016–present. Include both DeFi exploits and centralized exchange hacks.

Potential sources

Rekt News leaderboard, DeFiLlama hacks tracker, SlowMist hacked database, Chainalysis reports, project post-mortem blog posts, Halborn/Trail of Bits incident analyses, Crystal Blockchain intelligence.