On November 2023, BRAND suffered a access control — the first of 77 documented access control incidents in our archive where the loss figure was not publicly disclosed but the exploit pattern is documented below.
Attack Mechanics: How the BRAND Access Control Played Out
Exploit Class Applied to BRAND
The BRAND incident on November 2, 2023 is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it. In the full archive, BRAND is 1 of 77 documented access control incidents.
BRAND in Context
The BRAND incident joins a class whose largest loss to date is Corkprotocol (2025) at $12M.
Prior Access Control Before BRAND
The nearest access control incident before BRAND was CEXISWAP, 42 days earlier on September 21, 2023 ($30K lost). The same exploit class surfaced again within the access control attack surface.
BRAND Vulnerability Signature
The primary source categorises the BRAND exploit specifically as “Lack of access control”. This narrower label is entity-specific: it reflects how the BRAND contract failed, rather than the broad access control pattern alone.
Impact & Recovery for BRAND
BRAND Loss Figure
The loss figure for BRAND is not publicly disclosed. The primary source reports the exploit in non-USD terms, so no USD estimate is published here. For reference, the average loss across 77 access control incidents in our archive is $636K.
Timeline Since the BRAND Incident
The BRAND exploit occurred 2.4 years ago (894 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for BRAND
Public post-mortem / on-chain analysis for the BRAND incident: view source.
FAQ
How much did BRAND lose?
The BRAND loss figure is not publicly disclosed. The primary source reports the exploit in non-USD token terms, so no USD estimate is published here.
When did the BRAND hack happen?
The BRAND exploit was recorded on November 2, 2023 — 894 days ago.
What type of exploit hit BRAND?
The BRAND incident is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it.
How common is the Access Control pattern seen at BRAND?
Our archive contains 77 documented access control incidents. The BRAND incident is one of them.
How does BRAND compare to the largest Access Control attack?
The largest access control incident in our archive is Corkprotocol (2025) at $12M. The BRAND loss was not publicly disclosed.
What is the role of validators in Ethereum 2.0?
Validators participate in the consensus process by proposing and attesting to blocks, secured by their staked ETH.
What happens during the payment channel closure phase?
The channel is closed by submitting the final state to the blockchain, and funds are settled between parties.