On June 2023, Themis was exploited in a flash loan attack, resulting in approximately $370K in losses. That makes the Themis exploit the 134th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Themis Flash Loan Attack Played Out
Exploit Class Applied to Themis
The Themis incident on June 28, 2023 is classified as a Flash Loan Attack. Attackers borrow huge amounts via uncollateralised single-transaction loans and manipulate protocol state before repaying in the same block. In the full archive, Themis is 1 of 27 documented flash loan attack incidents.
Themis in Context
At $370K, the Themis exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — PolterFinance (2024) at $7M.
Prior Flash Loan Attack Before Themis
The nearest flash loan attack incident before Themis was DDCoin, 27 days earlier on June 1, 2023 ($300K lost). The same exploit class surfaced again within the flash loan attack attack surface.
Themis Vulnerability Signature
The primary source categorises the Themis exploit specifically as “Manipulation of prices using Flashloan”. This narrower label is entity-specific: it reflects how the Themis contract failed, rather than the broad flash loan attack pattern alone.
Impact & Recovery for Themis
Themis Loss Figure
The Themis exploit caused $370,000 in losses — a minor (<$1M) incident and the 53rd largest of 214 documented in 2023. This single incident represents 0.1% of all tracked losses that year.
Where Themis Sits Among Flash Loan Attack Attacks
Ranked by loss size, Themis is the 6th largest of 27 flash loan attack incidents documented. That puts the Themis loss below the class average of $577.3K.
Timeline Since the Themis Incident
The Themis exploit occurred 2.8 years ago (1,021 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Themis
Public post-mortem / on-chain analysis for the Themis incident: view source.
FAQ
How much did Themis lose?
The Themis exploit in June 2023 resulted in $370,000 in losses — the 53rd largest of 214 DeFi incidents that year.
When did the Themis hack happen?
The Themis exploit was recorded on June 28, 2023 — 1,021 days ago.
What type of exploit hit Themis?
The Themis incident is classified as a Flash Loan Attack. Attackers borrow huge amounts via uncollateralised single-transaction loans and manipulate protocol state before repaying in the same block.
How common is the Flash Loan Attack pattern seen at Themis?
Our archive contains 27 documented flash loan attack incidents. The Themis incident is one of them.
How does Themis compare to the largest Flash Loan Attack attack?
The largest flash loan attack incident in our archive is PolterFinance (2024) at $7M. The Themis loss is $370K.
According to the FASB update in 2023, how should crypto assets be measured initially?
Crypto assets should be measured initially at fair value according to the FASB update in 2023.
What is the main focus of the study?
Analyzing the impact of ESG performance on firm value in Brazil.