shield Access Control · $15K loss

Inside the Pledge Access Control — $15K gone on December 3, 2024

Q: How much did Pledge lose?

The Pledge exploit in December 2024 resulted in $15,000 in losses — the 100th largest of 188 DeFi incidents that year.

Q: When did the Pledge hack happen?

The Pledge exploit was recorded on December 3, 2024 — 497 days ago.

Q: What type of exploit hit Pledge?

The Pledge incident is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it.

Q: How common is the Access Control pattern seen at Pledge?

Our archive contains 77 documented access control incidents. The Pledge incident is one of them.

Q: How does Pledge compare to the largest Access Control attack?

The largest access control incident in our archive is Corkprotocol (2025) at $12M. The Pledge loss is $15K.

Q: What is the new signature algorithm proposed in the document?

The pre-adaptor signature scheme.

Q: How do information demand and exchange rates affect cryptocurrency volatility according to the study?

Information demand and exchange rates are positively related to cryptocurrency volatility.

On December 2024, Pledge was exploited in a access control, resulting in approximately $15K in losses. That makes the Pledge exploit the 356th largest DeFi incident out of 690 documented in our archive.

Attack Mechanics: How the Pledge Access Control Played Out

Exploit Class Applied to Pledge

The Pledge incident on December 3, 2024 is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it. In the full archive, Pledge is 1 of 77 documented access control incidents.

Pledge in Context

At $15K, the Pledge exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — Corkprotocol (2025) at $12M.

Prior Access Control Before Pledge

The nearest access control incident before Pledge was NFTG, 7 days earlier on November 26, 2024 ($10K lost). The same exploit class surfaced again within the access control attack surface.

Impact & Recovery for Pledge

Pledge Loss Figure

The Pledge exploit caused $15,000 in losses — a minor (<$1M) incident and the 100th largest of 188 documented in 2024.

Where Pledge Sits Among Access Control Attacks

Ranked by loss size, Pledge is the 42nd largest of 77 access control incidents documented. That puts the Pledge loss below the class average of $636K.

Timeline Since the Pledge Incident

The Pledge exploit occurred 1.4 years ago (497 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.

Primary Reference for Pledge

Public post-mortem / on-chain analysis for the Pledge incident: view source.

FAQ

How much did Pledge lose?

The Pledge exploit in December 2024 resulted in $15,000 in losses — the 100th largest of 188 DeFi incidents that year.

When did the Pledge hack happen?

The Pledge exploit was recorded on December 3, 2024 — 497 days ago.

What type of exploit hit Pledge?

The Pledge incident is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it.

How common is the Access Control pattern seen at Pledge?

Our archive contains 77 documented access control incidents. The Pledge incident is one of them.

How does Pledge compare to the largest Access Control attack?

The largest access control incident in our archive is Corkprotocol (2025) at $12M. The Pledge loss is $15K.

What is the new signature algorithm proposed in the document?