Best crypto insights delivered straight to your inbox.
- The Thetanuts attack was blamed on a flaw in the vault’s redemption logic, according to security researchers.
- Most of the stolen funds were reportedly recovered through whitehat efforts, with only a smaller portion converted into ETH by the attacker.
- Thetanuts says its current products and smart contracts were not affected by the exploit.
Thetanuts Finance, the DeFi options protocol, has confirmed that it has suffered an exploit that drained $2.1 million from a legacy vault tied to it.
According to Thetanuts, the compromised contract had been deprecated years ago.
Blockchain security firm PeckShieldAlert, which flagged the incident before Thetanuts confirmed the exploit, reported that it seemed $2 million in option tokens appeared to have been recovered through whitehat efforts.
The remaining funds, about $105,000 in USDC, were swapped by the exploiter for approximately 60 ETH, according to PeckShieldAlert’s on-chain analysis. The attacker also holds $34,000 in USDC-denominated option tokens.
What led to the exploit of Thetanuts Finance legacy vault?
A vulnerability in the vault’s redemption logic is the root of the exploit, according to security researcher ExVul, who published a breakdown on X.
Thetanuts Finance responded within hours, writing on X, “Our preliminary investigation indicates that this is once again, a deprecated vault that we have migrated from years ago.”
The protocol stated, “It has no relation to any of our current contracts or products,” while adding that it would publish a full post-mortem once it gathers more details.
Blockaid’s exploit detection system also picked up the attack independently, issuing a community alert flagging active exploitation of the Thetanuts contract on Ethereum. The security platform also shared the exploiter’s address and the exploited contract’s address as well.
Are deprecated protocols under attack?
The Thetanuts incident adds to a growing list of deprecated protocols that have been attacked recently.
The most recent, apart from Thetanuts, is Aztec Connect, a privacy bridge abandoned since 2023, which lost $2.1 million through a separate verification flaw in its immutable smart contracts, as Cryptopolitan reported. In that case, the team had renounced all admin keys, leaving no one able to patch or pause the code.
So far in the month of June, the total value hacked in terms of DeFi exploits has crossed $46 million, and it is only midway into the month. At this pace, it may rival or exceed May, which saw its own fair share of protocol breaches.
Thetanuts has tried to assure its users of its current contracts that they are not at risk; however, the latest events have made it clear to users that abandoned code is not safe code, and so are the funds tied to them.
The smartest crypto minds already read our newsletter. Want in? Join them.
FAQs
What happened in the Thetanuts Finance exploit?
An attacker exploited a flaw in the redemption math of a deprecated Thetanuts Finance vault on Ethereum, draining approximately $2.1 million on June 15, 2026. PeckShield reported that around $2 million in option tokens were recovered by a whitehat, while the exploiter swapped about $105,000 in USDC for roughly 60 ETH.
Are current Thetanuts Finance users affected?
No. Thetanuts Finance stated that the exploited vault was deprecated years ago and "has no relation to any of our current contracts or products," according to the team's post on X.
What was the vulnerability that enabled the attack?
Security researcher ExVul identified the root cause as a flaw in the legacy vault's redemption math, which used a `backing * amount / totalSupply` formula to calculate share payouts, allowing the attacker to withdraw more funds than they were entitled to.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Hannah Collymore
Hannah is a writer and editor with nearly a decade of blog writing and event reporting experience in the crypto space. At Cryptopolitan, Hannah contributes to the news page, reporting and analyzing the latest developments in DeFi, RWA, crypto regulation, AI and frontier tech industries. She graduated from Arcadia university with a degree in Business Administration.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)