On May 2024, NORMIE was exploited in a business logic flaw, resulting in approximately $490K in losses. That makes the NORMIE exploit the 119th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the NORMIE Business Logic Flaw Played Out
Exploit Class Applied to NORMIE
The NORMIE incident on May 26, 2024 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, NORMIE is 1 of 144 documented business logic flaw incidents.
NORMIE in Context
At $490K, the NORMIE exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — – EulerFinance (2023) at $200M.
Prior Business Logic Flaw Before NORMIE
The nearest business logic flaw incident before NORMIE was TGC, 14 days earlier on May 12, 2024 ($32K lost). The same exploit class surfaced again within the business logic flaw attack surface.
Impact & Recovery for NORMIE
NORMIE Loss Figure
The NORMIE exploit caused $490,000 in losses — a minor (<$1M) incident and the 27th largest of 188 documented in 2024. This single incident represents 0.1% of all tracked losses that year.
Where NORMIE Sits Among Business Logic Flaw Attacks
Ranked by loss size, NORMIE is the 24th largest of 144 business logic flaw incidents documented. That puts the NORMIE loss below the class average of $6.08M.
Timeline Since the NORMIE Incident
The NORMIE exploit occurred 1.9 years ago (688 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for NORMIE
Public post-mortem / on-chain analysis for the NORMIE incident: view source.
FAQ
How much did NORMIE lose?
The NORMIE exploit in May 2024 resulted in $490,000 in losses — the 27th largest of 188 DeFi incidents that year.
When did the NORMIE hack happen?
The NORMIE exploit was recorded on May 26, 2024 — 688 days ago.
What type of exploit hit NORMIE?
The NORMIE incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.
How common is the Business Logic Flaw pattern seen at NORMIE?
Our archive contains 144 documented business logic flaw incidents. The NORMIE incident is one of them.
How does NORMIE compare to the largest Business Logic Flaw attack?
The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The NORMIE loss is $490K.
What unique aspect does the MIDAS component of the GARCH-MIDAS model allow for in the analysis?
It allows investigating macroeconomic and financial variables at a lower frequency as potential drivers of Bitcoin volatility.
Which AutoML tools were evaluated in the study for time series forecasting?
AutoGluon, Auto-Sklearn, and PyCaret were evaluated across various metrics using diverse datasets.