All articles
Web3 FoundationsJuly 1, 202612 min read

Why Do Crypto Protocols Get Hacked? A Beginner's Explanation

Most crypto hacks aren't break-ins. A security auditor explains, in plain English, how protocols really lose money and how to read a project's security posture.

By Carlos (Bloqarl)

TL;DR

  • Most crypto hacks are not movie break-ins. Nobody guesses a password or smashes a wall. The attacker uses the machine exactly as its flawed rules allow.
  • There are really only a few big families of loss: a logic mistake the code follows perfectly, a lie fed to the code through a bad price feed, and borrowed money used to bend a rule for a single block.
  • A smart contract is a public, permissionless, often immutable machine that holds real money. That combination is exactly what makes flaws so expensive.
  • You do not need to read code to protect yourself. You need to read the project's security posture: audited by whom, how recently, is there a bug bounty, and what is the team's track record.
  • The honest anchor for this whole topic: a hacker doesn't pick the lock. They walk the building until they find the one window someone left open.

How do crypto hacks actually happen?

Most crypto protocols get hacked because the code contains a rule that does the wrong thing, and an attacker simply follows that rule to drain the money. No password is broken. No firewall is bypassed. The contract does precisely what it was told to do, and what it was told to do had a hole in it.

Forget the Hollywood image of a hooded figure typing furiously to "break in." In Web3, the money lives inside a smart contract, which is a small program on a blockchain that runs itself and can hold and move funds by itself. That program is public. Its code and its full history are open for anyone in the world to read at their leisure. So the attacker's job is not to break the machine. It is to study the machine more carefully than the people who built it, find the one spot where the rules don't quite match what the builders meant, and use that spot on purpose.

That is the mental model that makes all of this click: a hacker doesn't pick the lock, they find the one window left open. The vault door can be perfect. If there is an open window on the third floor, the door never mattered. Almost every crypto hack you have ever heard about is some version of an open window that the builders walked past a hundred times without noticing.

Once you hold that image, the scary headlines get a lot less mysterious. Let's walk through the real families of "open windows," in plain words.

What is a smart contract bug?

A smart contract bug is the most common open window, and it is worth understanding because it explains the majority of losses.

A bug here is not a typo that makes the app crash. It is a gap between what the developers intended and what the code actually does. The developer meant "let people withdraw what they deposited." The code, as written, accidentally means "let people withdraw more than once before the balance updates." Those two sentences look almost identical to a human. To the machine, they are completely different instructions, and the machine follows the one that is actually written, not the one that was intended.

Here is the part that trips up beginners: the contract is not malfunctioning during a hack. It is working perfectly. It follows its rules flawlessly. The problem is that one of the rules was wrong. This is why "the code ran exactly as written" and "the protocol got drained" are both true at the same time. A permanent misspelling is still a misspelling, and the machine will read it out loud forever.

A classic example is called reentrancy. In plain terms: the contract sends you your money before it updates its record of how much you have left. So in the split second after it pays you but before it writes down "this person has now withdrawn," you tell it to pay you again. And again. The contract, following its own honest rules, keeps paying, because on paper you still have a balance. It is like an ATM that hands you cash first and checks your account later, and you keep pulling the lever before it catches up. You can go deeper on this exact pattern in reentrancy explained. Reentrancy is just one window. There are many: a missing check on who is allowed to call a function, a rounding error that leaves value on the table, an assumption that the first user and the millionth user behave the same. Different windows, same shape of problem. The code did what it said. What it said was wrong.

This is exactly what a security review hunts for, and why getting the code right before launch matters so much. Once a contract is live and immutable, the window can never be closed. We covered what that review involves in what is a smart contract.

What is an oracle attack?

The second big family is not about broken code at all. The code can be flawless. The problem is that the code is being fed a lie.

Many crypto protocols need to know a fact about the outside world, most often a price. A lending app has to know "how much is this collateral worth?" before it decides how much you can borrow. But a smart contract lives inside the blockchain. It cannot look up a price on its own the way you would glance at a chart. So it asks a helper called an oracle, whose whole job is to report outside facts, like a price, back to the contract.

Now picture the open window. The contract trusts the oracle completely. It has to. So if an attacker can make the oracle report a wrong number, even for one instant, the contract will believe it and act on it. This is an oracle manipulation attack. The attacker doesn't touch the contract's logic. They poison the input. If a lending protocol reads a price that says your collateral is worth ten times its real value, it will happily let you borrow ten times what you should. You walk away with the loan, the fake price snaps back to reality, and the protocol is left holding a loss.

The lesson for a beginner is subtle but important: a protocol is only as honest as the facts it is told. Perfect code plus a lying data source still equals a loss. This is why serious auditors spend a lot of time asking not just "is the math right?" but "where does this number come from, and who could bend it?"

How do flash loans turn a small crack into a disaster?

Here is the third family, and it is the one that makes the other two so much scarier. It is also the one beginners find most surprising, because it breaks a rule they didn't know they were relying on.

In the normal world, to move a lot of money you need to already have a lot of money. That single fact keeps most people honest, because attacks that require millions in capital are out of reach for almost everyone. Crypto quietly removed that fact.

A flash loan lets anyone borrow an enormous amount with no collateral at all, on one condition: they must pay it back within the same transaction, in the same block, which is a single, indivisible slice of blockchain time. If they don't pay it back, the whole thing is cancelled as if it never happened, so the lender is never at risk. From the outside it feels like magic: borrow ten million dollars, use it, return it, all in one atomic instant.

Now combine that with the two windows above. On its own, a small price glitch or logic flaw might only be worth a few dollars, because bending the rule requires enough capital to move the market. But a flash loan hands the attacker unlimited capital for one block. Suddenly they can borrow a fortune, shove a price around to fool an oracle, exploit the logic flaw at massive scale, repay the loan, and keep the difference, all before the transaction finishes. The flash loan is not the hack. It is the amplifier that turns a small crack into a flood. It removes the "you need to be rich to attack this" safety net that traditional finance always relied on. For the mechanics, see flash loans and their security implications.

Why can't they just undo the hack and give the money back?

Because in Web3 there is no undo button, and that is by design.

A blockchain has no manager to call, no fraud department to email, no "reverse this transaction" option. Once the attacker's transaction is confirmed, it is final. The same property that makes Web3 powerful, that no company can freeze your funds or veto you, is the exact property that means no company can freeze the attacker or claw the money back either. You cannot keep the freedom and add a safety net on top. They were always the same mechanism.

This is why timing matters so much. In traditional finance, security can be reactive: something goes wrong, you catch it, you reverse it. In Web3, security has to be proactive, because after the fact there is usually nothing to do. The window has to be found and closed before anyone opens it, because once the money leaves, it is gone. That is the whole reason careful review before launch is not a nice-to-have. It is the entire game.

How can you tell if a project is secure?

This is the part that actually protects you, and the good news is you do not need to read a single line of code to do it. You are not checking the code. You are reading the project's security posture, which is the set of signals that tell you how seriously the team takes the open-window problem. Here is what to look at.

  • Audited by whom, and how recently. "Audited" on its own is nearly meaningless. Anyone can pay for a rubber stamp. The real questions are: which firm did it, do they have a reputation worth protecting, and was the audit recent? Code changes constantly. An audit from two years ago on code that has been rewritten five times since tells you very little. Match the audited version against the version actually running.
  • More than one set of eyes. A serious project usually has multiple independent reviews, not a single one it can wave around. One auditor can miss a window. It is much harder for several independent teams to miss the same one.
  • A bug bounty program. This is one of the strongest signals a beginner can spot. A bug bounty is a public standing offer: "if you find a flaw in our code, we will pay you to tell us instead of exploiting it." A team that runs a real, well-funded bounty is a team that knows it might have missed something and wants to be told. That humility is a very good sign. A team that insists its code is perfect and unhackable is telling you it doesn't understand its own risk.
  • Track record and transparency. How has the team behaved over time? Have they shipped safely, disclosed issues honestly, and responded fast when something went wrong? A project that publishes its audit reports openly, warts and all, is far more trustworthy than one that hides them or only quotes the flattering line.

Put simply, the instinct to build is this: stop asking "is this safe?" and start asking "who checked this, how seriously, and what did they actually promise?" No honest auditor will ever tell you a contract cannot be hacked. What a strong security posture tells you is that skilled people looked hard, from multiple angles, recently, and left the door open for others to keep looking. That is risk reduction done seriously, and it is the most a beginner can reasonably ask for. You can layer this on top of the general habits in how to earn in DeFi safely and the mechanics of what DeFi actually is.

Related questions

Are most crypto hacks caused by weak passwords or stolen keys? Those exist, and they matter for your personal wallet. But the large protocol hacks you read about are usually different. They are not about a stolen password. They are about a flaw in the protocol's own code or the data it trusts, used against it in public. The attacker never needed your secrets. They needed an open window in the machine.

If a protocol is audited, can it still be hacked? Yes. An audit lowers the odds of a disaster a lot, and using audited protocols is far wiser than using unaudited ones. But an audit is a thorough search under time and scope limits, not a promise of perfection. "We found nothing" means skilled people looked hard and didn't find a problem this time. It is not proof that none exists. Always check who audited it, how recently, and whether it covers the code that is actually live.

What is the most common type of crypto hack? The single most common family is a smart contract logic flaw: the code does something slightly different from what the developers intended, and an attacker uses that gap. Oracle manipulation (feeding the code a false price) and flash-loan-amplified attacks (using borrowed capital to bend a rule for one block) are the other two big families you will see again and again.

Can hacked crypto ever be recovered? Sometimes, but rarely, and never automatically. Because transactions are final, there is no built-in reversal. Recovery, when it happens, usually comes from off-chain effort: negotiating with the attacker, tracing funds through exchanges, or legal pressure. None of that is guaranteed, which is exactly why prevention before launch matters far more than reaction after.

Do I need to understand code to stay safe in crypto? No. Reading code is the auditor's job. Your job as a user is to read the security posture: who reviewed it, how recently, is there a bug bounty, and how has the team behaved. That literacy is worth more than any technical skill for staying out of trouble.

Where to go next

Crypto protocols do not usually get hacked by clever break-ins. They get hacked because a rule in the code was wrong, or the data feeding the code was a lie, or borrowed money bent a rule for a single block, and there is no undo button to fix it afterward. A hacker doesn't pick the lock. They find the one window left open. Once you see it that way, the headlines stop being magic and start being something you can reason about.

The best way to build that instinct is to watch these open windows appear with your own eyes instead of just reading about them. That is exactly what we built Why Protocols Get Hacked for, part of Your First 90 Days in Web3, a free, guided course by the security firm Zealynx, taught with a real auditor's eye. Start the checkpoint below. It is free and needs no account. While you are at it, what is a smart contract explains the machine these attacks target, and how a blockchain works explains the ledger that makes every transaction final.

Tagged

Smart Contract SecurityWeb3Hacks