On July 2023, Civfund was exploited in a access control, resulting in approximately $165K in losses. That makes the Civfund exploit the 181st largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Civfund Access Control Played Out
Exploit Class Applied to Civfund
The Civfund incident on July 8, 2023 is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it. In the full archive, Civfund is 1 of 77 documented access control incidents.
Civfund in Context
At $165K, the Civfund exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — Corkprotocol (2025) at $12M.
Prior Access Control Before Civfund
The nearest access control incident before Civfund was DEPUSDT_LEVUSDC, 23 days earlier on June 15, 2023 ($105K lost). The same exploit class surfaced again within the access control attack surface.
Civfund Vulnerability Signature
The primary source categorises the Civfund exploit specifically as “Lack of access control”. This narrower label is entity-specific: it reflects how the Civfund contract failed, rather than the broad access control pattern alone.
Impact & Recovery for Civfund
Civfund Loss Figure
The Civfund exploit caused $165,000 in losses — a minor (<$1M) incident and the 70th largest of 214 documented in 2023.
Where Civfund Sits Among Access Control Attacks
Ranked by loss size, Civfund is the 20th largest of 77 access control incidents documented. That puts the Civfund loss below the class average of $636K.
Timeline Since the Civfund Incident
The Civfund exploit occurred 2.8 years ago (1,011 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Civfund
Public post-mortem / on-chain analysis for the Civfund incident: view source.
FAQ
How much did Civfund lose?
The Civfund exploit in July 2023 resulted in $165,000 in losses — the 70th largest of 214 DeFi incidents that year.
When did the Civfund hack happen?
The Civfund exploit was recorded on July 8, 2023 — 1,011 days ago.
What type of exploit hit Civfund?
The Civfund incident is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it.
How common is the Access Control pattern seen at Civfund?
Our archive contains 77 documented access control incidents. The Civfund incident is one of them.
How does Civfund compare to the largest Access Control attack?
The largest access control incident in our archive is Corkprotocol (2025) at $12M. The Civfund loss is $165K.
According to the FASB update in 2023, how should crypto assets be measured initially?
Crypto assets should be measured initially at fair value according to the FASB update in 2023.
What does IoT stand for in the context of smart buildings?
Internet of Things.