shield Reentrancy · $350K loss

SumerMoney Hack: How $350K Was Lost in a Reentrancy (2024)

Q: How much did SumerMoney lose?

The SumerMoney exploit in April 2024 resulted in $350,000 in losses — the 34th largest of 188 DeFi incidents that year.

Q: When did the SumerMoney hack happen?

The SumerMoney exploit was recorded on April 12, 2024 — 732 days ago.

Q: What type of exploit hit SumerMoney?

The SumerMoney incident is classified as a Reentrancy. A malicious contract re-enters a vulnerable function before state is updated, letting it drain funds multiple times.

Q: How common is the Reentrancy pattern seen at SumerMoney?

Our archive contains 51 documented reentrancy incidents. The SumerMoney incident is one of them.

Q: How does SumerMoney compare to the largest Reentrancy attack?

The largest reentrancy incident in our archive is Curve (2023) at $41M. The SumerMoney loss is $350K.

Q: What is the main challenge addressed by the proposed attack method?

Finding adversarial examples in a black-box setting using only predicted confidence scores.

Q: What are the two types of security challenges specifically mentioned as being addressed by blockchain in e-commerce?

The challenges are data breaches/data theft and phishing attacks.

On April 2024, SumerMoney was exploited in a reentrancy, resulting in approximately $350K in losses. That makes the SumerMoney exploit the 137th largest DeFi incident out of 690 documented in our archive.

Attack Mechanics: How the SumerMoney Reentrancy Played Out

Exploit Class Applied to SumerMoney

The SumerMoney incident on April 12, 2024 is classified as a Reentrancy. A malicious contract re-enters a vulnerable function before state is updated, letting it drain funds multiple times. In the full archive, SumerMoney is 1 of 51 documented reentrancy incidents.

SumerMoney in Context

At $350K, the SumerMoney exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — Curve (2023) at $41M.

Prior Reentrancy Before SumerMoney

The nearest reentrancy incident before SumerMoney was SMOOFSStaking, 44 days earlier on February 28, 2024. The same exploit class surfaced again within the reentrancy attack surface.

Impact & Recovery for SumerMoney

SumerMoney Loss Figure

The SumerMoney exploit caused $350,000 in losses — a minor (<$1M) incident and the 34th largest of 188 documented in 2024. This single incident represents 0.1% of all tracked losses that year.

Where SumerMoney Sits Among Reentrancy Attacks

Ranked by loss size, SumerMoney is the 17th largest of 51 reentrancy incidents documented. That puts the SumerMoney loss below the class average of $2.87M.

Timeline Since the SumerMoney Incident

The SumerMoney exploit occurred 2 years ago (732 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.

FAQ

How much did SumerMoney lose?

The SumerMoney exploit in April 2024 resulted in $350,000 in losses — the 34th largest of 188 DeFi incidents that year.

When did the SumerMoney hack happen?

The SumerMoney exploit was recorded on April 12, 2024 — 732 days ago.

What type of exploit hit SumerMoney?

The SumerMoney incident is classified as a Reentrancy. A malicious contract re-enters a vulnerable function before state is updated, letting it drain funds multiple times.

How common is the Reentrancy pattern seen at SumerMoney?

Our archive contains 51 documented reentrancy incidents. The SumerMoney incident is one of them.

How does SumerMoney compare to the largest Reentrancy attack?

The largest reentrancy incident in our archive is Curve (2023) at $41M. The SumerMoney loss is $350K.

What is the main challenge addressed by the proposed attack method?

Finding adversarial examples in a black-box setting using only predicted confidence scores.

What are the two types of security challenges specifically mentioned as being addressed by blockchain in e-commerce?

The challenges are data breaches/data theft and phishing attacks.