Reentrancy attacks: major exploits and lessons for the crypto industry
Blockchain vulnerabilities pose a serious threat because they can lead to the theft of cryptocurrencies worth millions of dollars, massive investor losses, and ultimately the collapse of crypto projects.
One of the most significant security risks facing blockchain projects is the reentrancy attack.
What is a reentrancy attack and how does it work?
Every digital system contains operations that are triggered by a user or another service. These may include sending an email, processing a bank transfer, or making a request to a server.
Such operations usually go through several stages: initiation, execution, and completion. If a system fails to properly control the order of these stages, an attacker can interfere with the process and trigger the same operation again before the first execution has finished.
This is how a reentrancy attack works. Before the system records the result of the initial operation, the attacker invokes the system again, allowing the same action to be executed multiple times.
For example, if a banking system checks an account balance only at the beginning of a transfer, an attacker could attempt to initiate several transfers in rapid succession before the balance is updated. As a result, funds may be withdrawn incorrectly or in amounts that should not be possible.
In the cryptocurrency market, blockchains that rely on smart contracts may be vulnerable to reentrancy attacks, including Ethereum, Solana, TRON, Toncoin, and similar networks.
Which projects have been affected by reentrancy attacks?
The first cryptocurrency project to suffer a reentrancy attack was the infamous Ethereum-based decentralized protocol The DAO.
The DAO became the first decentralized investment fund to raise approximately $150 million. However, in 2016, attackers discovered a vulnerability in The DAO's smart contract, enabling them to carry out a reentrancy attack and drain approximately $70 million in ETH from the protocol.
Reentrancy attacks have also targeted the stablecoin liquidity pools of Curve Finance, one of the largest decentralized exchanges. The affected Curve Finance pools relied on smart contracts written using vulnerable versions of the Vyper programming language. Due to a flaw in those versions, the built-in protection against reentrancy attacks did not function correctly. Attackers exploited this vulnerability and successfully compromised the affected pools.
As a result of the reentrancy attack on Curve Finance, hackers stole approximately $47 million in cryptocurrency. According to Ancilia, more than 200 smart contracts were using the vulnerable version of Vyper. All of them were potentially exposed to reentrancy attacks, forcing developers to urgently upgrade them to secure versions.
There have also been cases of cross-chain reentrancy attacks, including the exploit that affected the well-known bridge* Wintermute. Attackers managed to intercept a signature used for transfers between the Ethereum and OP Mainnet (formerly Optimism) networks.
* Bridge —a specialized protocol that enables crypto assets and data to be transferred between different blockchains. Since blockchains cannot communicate directly with one another, a bridge serves as an intermediary, verifying transactions on one network and facilitating the issuance or release of corresponding assets on another.
As a result of this reentrancy attack, the attackers deployed a contract on the Optimism network, gained control of an address, and withdrew 20 million OP tokens (digital assets).
The impact of reentrancy attacks on the crypto industry
Between 2016 and 2021, smart contract vulnerabilities caused more than $1 billion in losses across the crypto industry. According to research by Gate, the majority of these incidents were caused by reentrancy attacks.
The 2016 attack on The DAO clearly demonstrated the severe risks that reentrancy vulnerabilities pose to blockchain projects.
The exploit not only caused substantial financial losses for investors but also affected the entire Ethereum ecosystem. The reentrancy attack on The DAO resulted in a split within the community and the emergency deployment of a hard fork* — the new blockchain on which Ethereum now operates.
* Hard fork — a change to the blockchain protocol that is incompatible with previous versions. After such an upgrade, all network participants must adopt the new rules. If part of the community continues using the old software version, the blockchain splits into two independent networks that share the same history up to the point of separation but evolve independently afterward.
Another important consequence of reentrancy attacks has been the rapid development of the bug bounty market. Crypto projects have become increasingly willing to reward independent security researchers for discovering vulnerabilities, as doing so is significantly less expensive than losing users' funds to a successful exploit. According to Immunefi, throughout 2025, projects increasingly disclosed critical vulnerabilities through specialized security platforms, while bug bounty programs became one of the key pillars of blockchain infrastructure security.
How can you protect yourself against a reentrancy attack?
Unfortunately, no project can provide a 100% guarantee against reentrancy attacks, even if its smart contracts undergo regular security audits.
There are specialized services, such as CertiK Skynet, that maintain security rankings for cryptocurrency projects and publish reports on completed security audits, all available to all users.
Modern reentrancy attacks are considerably more sophisticated than the classic attack demonstrated by The DAO incident. Today, cybersecurity researchers distinguish several major categories of such attacks:
- Cross-contract reentrancy — the attack is carried out through interactions between multiple smart contracts.
- Cross-function reentrancy — the attacker repeatedly invokes different functions within the same smart contract.
- Cross-chain reentrancy — the attack targets interactions between different blockchains through bridges and similar interoperability solutions.
- Read-only reentrancy — allows an attacker to manipulate a protocol's business logic without modifying the smart contract's state by exploiting incorrect intermediate data.
For this reason, developers must test not only individual smart contract functions but also every possible interaction scenario involving other contracts and protocols, since increasingly complex chains of contract calls are becoming the primary cause of successful reentrancy attacks.
Overall, to reduce the risks associated with reentrancy attacks, users should avoid concentrating all of their assets in the liquidity pools of a single protocol. If that protocol is compromised, the assets may be lost permanently. Instead, following the principles of financial diversification and distributing funds across multiple protocols can significantly reduce potential losses.
For additional protection against reentrancy attacks, users should exercise caution when interacting with newly launched protocols, especially those that have not yet undergone independent security audits. It is generally safer to use well-established protocols such as Uniswap, Balancer, Aave, and other mature platforms, which are less likely to be successfully exploited.
