DBXen DeFi protocol hacked
The DBXen DeFi protocol was exploited for $150,000 due to an ERC2771 bug that let an attacker claim years of staking rewards [https://www.cryptotimes.io/2026/03/12/dbxen-staking-hack-attacker-exploits-erc2771-bug-to-drain-150k/].
The attacker exploited a vulnerability in the ERC2771 standard, which is designed to allow contracts to receive gasless transactions from meta-transaction relays. This allowed the attacker to bypass intended access controls. The attacker was able to claim staking rewards dating back to the protocol's launch, far exceeding what a legitimate user could claim. The total value drained was approximately $150,000. DBXen developers have paused the staking contract and are working on a fix and reimbursement plan for affected users. Details of the reimbursement plan are expected soon.
