New: machine-readable WebSocket feed

Stream on-chain exploits the moment they happen.

Defimon detects DeFi attacks across 8 chains and streams them as structured JSON over WebSocket — raw and LLM-confirmed. Built for DeFi incident response.

Just want the free alerts? Join the public Telegram channel

Live Monitoring

8 Networks

<300ms detection

24/7 Vigilance

How it works

From handshake to action in three steps — and a few lines of code.

Connect

Open a WebSocket to the feed with your API key. One key works for both streams across all 8 networks.

Stream

Receive every detected attack as a single JSON object the instant it's found — or subscribe to the curated, LLM-confirmed stream for lower noise.

Act

Parse the payload and route it into your own systems — hedge a position, snapshot state, page on-call, or trigger a circuit breaker. No scraping, no parsing Telegram.

connect.js

const ws = new WebSocket(
  "wss://ws.defimon.xyz/ws/attacks?api_key=YOUR_API_KEY"
);

ws.onmessage = (event) => {
  const attack = JSON.parse(event.data);

  // Machine-readable: act on it however you like
  if (attack.balance_change > 100_000) {
    hedge(attack.victim_address, attack.network);
  }
};

Machine-readable

One JSON object per attack

No parsing screenshots. No scraping a channel. Structured, enriched payloads your code can act on in milliseconds.

{
  "network": "mainnet",
  "severity": "CRITICAL",
  "attack_type": "suspicious_contract_call_with_profit",
  "transaction_hash": "0x074ec9317d8336db37e8c348fbdd7515573ff4088239c77ab429f522509aeeb1",
  "exploit_address": "0x06f5…0fcd",
  "attacker_address": "0x0f18…dd17",
  "victim_address": "0xff1f2b4adb9df6fc8eafecdcbf96a2b351680455",
  "block_number": 25043217,
  "block_timestamp": 1781438400,
  "balance_change": 2190000.0,
  "matched_traces": "",
  "protocols": {
    "is_full_enrichment": true,
    "hacker_profit": 2190000.0,
    "victim_info": {
      "name": "Aztec Connect",
      "symbol": null,
      "tvl": null,
      "site_url": "https://aztec.network",
      "protocol_id": 318,
      "is_protocol": true
    },
    "balance_changes": [
      { "address": "0x0f18…dd17", "balance_change_usd": 2190000.0, "is_eoa": true },
      { "address": "0xff1f…0455", "balance_change_usd": -2190000.0, "is_eoa": false, "name": "Aztec Connect", "is_protocol": true }
    ]
  }
}

Raw, real-time. Fires the instant a suspicious transaction is detected — fully enriched with the victim protocol, TVL, and per-address balance changes.

Read the full payload spec

Intelligence that matters

Every second counts in DeFi. Get the edge you need.

Sub-Second Detection

Exploits are detected within milliseconds of execution and pushed straight to your socket — the fastest signal in the industry.

Full On-Chain Enrichment

Every payload carries the victim protocol, TVL, token symbols, and per-address USD balance changes — no extra lookups required.

LLM-Confirmed Signal

A second, curated stream where an LLM pipeline filters out MEV and arbitrage false positives and attaches a human-readable explanation.

Three ways to watch the chain

From a free public channel to a real-time machine-readable feed.

Defimon Alerts

Public Telegram channel

Free

DeFi incidents & exploits (~24h delay)

On-chain messages from attackers

Security monitoring of Immunefi protocols

Community-driven discussion

No account needed.

Defimon Signals

Premium Telegram channel

$50/mo

Human-readable, LLM-verified alerts

Automatic victim-protocol detection

Root-cause analysis, near real-time

Protocol & TVL context, trading signals

Telegram Stars · CryptoBot · Tribute

For builders

WebSocket Feed

Machine-readable API

$200/mo

Structured JSON over WebSocket

Both feeds: raw + LLM-confirmed exploits

Full enrichment: victim, TVL, balance changes

8 networks, one API key, <300ms detection

Includes Defimon Signals channel access

Pay in crypto · Cancel anytime

Prefer Telegram for the WebSocket feed? Pay with Telegram Stars in the bot →

Why the feed wins

Designed for DeFi protocol teams and incident response.

	Defimon WebSocket	Any public source such as X	Build your own
Detection latency	<300ms	Up to ~24h delay	Varies — high effort
Machine-readable JSON
LLM-confirmed stream
Protocol & TVL enrichment		Partial
Per-address balance changes
Networks covered	8	8	Per-chain infra
Maintenance burden	None	None	Constant
Cost	$200/mo	Free	$$$ infra + eng

Recent Security Analysis

In-depth reports on the latest DeFi security incidents

Ethereum

November 30, 2025

Yearn yETH $9M Numerical Solver Exploit

Total Impact

$9.00M

Yearn's yETH weighted stableswap pool exploited through numerical instability in fixed-point iteration solver. Attacker collapsed product term to zero, switching pool to constant-sum invariant, then triggered arithmetic underflow to mint 2.35×10⁵⁶ LP tokens.

Read Full Report

Multi-chain

November 3, 2025

Balancer V2 $128M Rounding Exploit

Total Impact

$128.00M

Balancer V2 Composable Stable Pools exploited across multiple chains through rounding direction inconsistency in rate scaling logic. Attacker manipulated pool invariant to deflate BPT prices.

Read Full Report

Typus Finance $3.44M Oracle Manipulation Attack

Sui

October 15, 2025

Typus Finance $3.44M Oracle Manipulation Attack

Total Impact

$3.44M

Typus Finance lost $3.44M through oracle manipulation exploiting missing authorization check in custom oracle module. Attacker manipulated prices to drain TLP pool via arbitrage.

Read Full Report

Frequently asked

Be Among The First to Know

In DeFi, a small delay costs millions.
Get the threat intelligence to rely on.

@DefimonAlerts

@DecurityHQ