On September 2024, Shezmu was exploited in a access control, resulting in approximately $4.9M in losses. That makes the Shezmu exploit the 46th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Shezmu Access Control Played Out
Exploit Class Applied to Shezmu
The Shezmu incident on September 20, 2024 is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it. In the full archive, Shezmu is 1 of 77 documented access control incidents.
Shezmu in Context
At $4.9M, the Shezmu exploit is a significant ($1M–$10M) event compared to the largest same-class incident in our archive — Corkprotocol (2025) at $12M.
Prior Access Control Before Shezmu
The nearest access control incident before Shezmu was Unverified_766a, 2 days earlier on September 18, 2024 ($100 lost). The same exploit class surfaced again within the access control attack surface.
Impact & Recovery for Shezmu
Shezmu Loss Figure
The Shezmu exploit caused $4,900,000 in losses — a significant ($1M–$10M) incident and the 14th largest of 188 documented in 2024. This single incident represents 1.3% of all tracked losses that year.
Where Shezmu Sits Among Access Control Attacks
Ranked by loss size, Shezmu is the 3rd largest of 77 access control incidents documented. That puts the Shezmu loss above the class average of $636K.
Timeline Since the Shezmu Incident
The Shezmu exploit occurred 1.6 years ago (571 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Shezmu
Public post-mortem / on-chain analysis for the Shezmu incident: view source.
FAQ
How much did Shezmu lose?
The Shezmu exploit in September 2024 resulted in $4,900,000 in losses — the 14th largest of 188 DeFi incidents that year.
When did the Shezmu hack happen?
The Shezmu exploit was recorded on September 20, 2024 — 571 days ago.
What type of exploit hit Shezmu?
The Shezmu incident is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it.
How common is the Access Control pattern seen at Shezmu?
Our archive contains 77 documented access control incidents. The Shezmu incident is one of them.
How does Shezmu compare to the largest Access Control attack?
The largest access control incident in our archive is Corkprotocol (2025) at $12M. The Shezmu loss is $4.9M.
What was the immediate effect on Moscow's MOEX index following the invasion?
It dropped almost 9% in the week following the invasion.
What does the study conclude about the predictive power of trading volume on cryptocurrency returns?
The study finds trading volume has a significant impact on the volatility of cryptocurrency returns.