23 hack event(s)
Description of the event: According to FXStreet, the community accused Daniel Wood of the DeFi project based on the Tron blockchain and the anonymous developer of the JustSwap whitelist project SharkTron for running away. Although the specific losses are not yet known, Twitter users reported that they lost 366 million to 400 million TRX (worth about 10 million US dollars). The TRON Foundation officially tweeted that it has contacted Binance to jointly track down the stolen funds and related personnel, and that some funds have been frozen by Binance. The TRON Foundation will also cooperate with other exchanges to track stolen funds. In addition, the TRON Foundation recommends that the victims submit a report to the local police.
Amount of loss: $ 10,000,000 Attack method: Rug Pull
Description of the event: The transfer logic of TRON's DeFi project CherryFi calls the safeTransfer function to perform specific transfer operations. However, the USDT transfer logic does not return a value, which causes the safeTransfer call to never succeed, which leads to the lockup of funds, and therefore users cannot perform USDT transfers in and out. It is understood that the CherryFi code has not been audited.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: The hacker at the beginning of the TKnzni address continued to launch a transaction rollback attack on the LuckLambo104 contract address beginning with TGsyJF by creating an attack contract, and profited 6,588 TRX. The contract was created at 23:00 on February 01 and was attacked the day after it went live. The current contract balance has returned to zero.
Amount of loss: 6,588 TRX Attack method: Roll back attack
Description of the event: The hacker at the beginning of the TFNsSk address initiated a transaction rollback attack on the Tron Lounge DApp contract beginning with TRON TR3n2D through a self-created contract, and has made a profit of 54,653 TRX so far.
Amount of loss: 54,653 TRX Attack method: Roll back attack
Description of the event: The hackers launched a trade rollback attack on TRON's Dice contracts through self-created contracts, and have gained 18,808 TRX to date.
Amount of loss: 18,808 TRX Attack method: Roll back attack
Description of the event: The attacker adopted a "card position" rollback betting method for the game mechanics: the first gameplay investment of the game is profitable early, and the "player" deploys the contract to invest at the beginning of each round, thereby making the investment The return is maximized, so far the attacker has made a total of 102,652 TRX.
Amount of loss: 102,652 TRX Attack method: Rule Exploitation
Description of the event: The attackers launched a roll back attack on the contracts, which so far has yielded a total of 67,695 TRX.
Amount of loss: 67,695 TRX Attack method: Roll back attack
Description of the event: The attackers launched a trade rollback attack on the contracts, which so far has yielded a total of 113,913 TRX.
Amount of loss: 113,913 TRX Attack method: Roll back attack
Description of the event: There was an unusually large transaction in the game contract of the TronCity project. The total balance of 257,112 TRX in the game contract was emptied at one time.
Amount of loss: 257,112 TRX Attack method: Rug Pull
Description of the event: Hackers launched a series of attacks on TronChip, earning a total of 61,867 TRX.
Amount of loss: 61,867 TRX Attack method: Random number attack
Description of the event: The hackers launched an attack by rolling back the transaction, and so far, the attack has been profitable.
Amount of loss: - Attack method: Roll back attack
Description of the event: The attacker launched multiple roll back attacks on the DApp contract address beginning with TLGUt5. So far, it has gained 45,200 TRX, and the contract balance of the attacked contract is almost zero.
Amount of loss: 45,200 TRX Attack method: Roll back attack
Description of the event: At 1:00 am on June 30, the App of Torrent super community was shut down. All of the wallet assets were moved out two weeks ago, and investors are currently unable to cash out.
Amount of loss: - Attack method: Rug Pull
Description of the event: Hackers have made a profit of 50,845 TRX by creating multiple contracts to launch a trade rollback attack on SPOKpark, a Tron DApp game. The SPOKpark website is no longer accessible.
Amount of loss: 50,845 TRX Attack method: Roll back attack
Description of the event: The hacker has gained 27,000 TRX by launching a trade rollback attack on the DappRoulette contract with a self-created contract.
Amount of loss: 27,000 TRX Attack method: Roll back attack
Description of the event: The DiceGame game suffered a roll back attack, and the hackers at the TYUcGmi address gained a total of 5,150 TRX.
Amount of loss: 5,150 TRX Attack method: Roll back attack
Description of the event: At 4:12 AM on May 3, Beijing time, a contract call transferred 26.73 million TRX (valued at RMB 4.27 million) from the TronBank contract, and the contract balance returned to zero. About two hours after the theft, wojak, the owner of THeRTT**, who transferred the 26.73 million TRX address, appeared. According to wojak, he wrote a script to analyze the bytecode of the TRON virtual machine, scan the contracts in batches and initiate transactions to see if there is any way to make money, but accidentally hit a bug in the Tronbank contract. At first he didn't even know that the money came from Tronbank. Some people in the community suggested that wojak return the money to the Tronbank developers, but wojak believes that this is not his problem. Developers should write test examples, do audits, and at least run some formal verifications (obviously they didn’t do anything). He is willing to return the money intact to every investor in Tronbank, not the developer of the project. Based on the available information, it is still too early to conclude that "the developer placed a backdoor in the contract". There are only two objective conclusions that can be drawn at present: 1. TRX Pro has a backdoor in the contract on the main network; 2. The code certified on TSC does not match the actual contract operation logic.
Amount of loss: 26,730,000 TRX Attack method: Contract Vulnerability
Description of the event: The TRON Wheel Of Fortune DApp is being attacked by a transaction rollback, with a total loss of 7,856 TRX, and the attack is still ongoing. Previously, security personnel found that the hacker continued to conduct transaction rollback attacks on multiple DAPP contract addresses through the same method.
Amount of loss: 7,856 TRX Attack method: Roll back attack
Description of the event: The hacker launched 1,203 attacks on the TronWow, made a total of 2,167,377 TRX profits.
Amount of loss: 2,167,377 TRX Attack method: Random number attack
Description of the event: Tron Dapp TronBank was attacked by Fake token attack at 1 am, about 170 million BTT were stolen in 1 hour (worth about 850,000 yuan). Monitoring showed that the hacker created a fake token BTTx to initiate the "invest" function to the contract, and the contract did not determine whether the sender's token id was consistent with the BTT real token id1002000.
Amount of loss: 170,000,000 BTT Attack method: Oracle Attack