On August 2022, Reaper Farm was exploited in a access control, resulting in approximately $1.7M in losses. That makes the Reaper Farm exploit the 74th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Reaper Farm Access Control Played Out
Exploit Class Applied to Reaper Farm
The Reaper Farm incident on August 1, 2022 is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it. In the full archive, Reaper Farm is 1 of 77 documented access control incidents.
Reaper Farm in Context
At $1.7M, the Reaper Farm exploit is a significant ($1M–$10M) event compared to the largest same-class incident in our archive — Corkprotocol (2025) at $12M.
Prior Access Control Before Reaper Farm
The nearest access control incident before Reaper Farm was Sandbox LAND, 174 days earlier on February 8, 2022. The same exploit class surfaced again within the access control attack surface.
Reaper Farm Vulnerability Signature
The primary source categorises the Reaper Farm exploit specifically as “Business Logic Flaw : Lack of access control mechanism”. This narrower label is entity-specific: it reflects how the Reaper Farm contract failed, rather than the broad access control pattern alone.
Impact & Recovery for Reaper Farm
Reaper Farm Loss Figure
The Reaper Farm exploit caused $1,700,000 in losses — a significant ($1M–$10M) incident and the 6th largest of 129 documented in 2022. This single incident represents 0.8% of all tracked losses that year.
Where Reaper Farm Sits Among Access Control Attacks
Ranked by loss size, Reaper Farm is the 6th largest of 77 access control incidents documented. That puts the Reaper Farm loss above the class average of $636K.
Timeline Since the Reaper Farm Incident
The Reaper Farm exploit occurred 3.7 years ago (1,352 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Reaper Farm
Public post-mortem / on-chain analysis for the Reaper Farm incident: view source.
FAQ
How much did Reaper Farm lose?
The Reaper Farm exploit in August 2022 resulted in $1,700,000 in losses — the 6th largest of 129 DeFi incidents that year.
When did the Reaper Farm hack happen?
The Reaper Farm exploit was recorded on August 1, 2022 — 1,352 days ago.
What type of exploit hit Reaper Farm?
The Reaper Farm incident is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it.
How common is the Access Control pattern seen at Reaper Farm?
Our archive contains 77 documented access control incidents. The Reaper Farm incident is one of them.
How does Reaper Farm compare to the largest Access Control attack?
The largest access control incident in our archive is Corkprotocol (2025) at $12M. The Reaper Farm loss is $1.7M.
What challenges are mentioned regarding the implementation of sustainability practices?
Difficulties include integrating sustainability into strategic planning and ensuring practices are applied consistently across departments.
How do foreign institutional investors impact CSR engagement?
The study aimed to explore this impact, but findings suggest it is complex.