1507 hack event(s)
Description of the event: Grand Base, a real world assets platform built on the Base layer-2 blockchain, the team behind the project claimed that the deployer wallet had been compromised, allowing an attacker to drain the project's liquidity pool. Altogether, 615 ETH (~$2 million) was taken from the project.
Amount of loss: $ 2,000,000 Attack method: Unknown
Description of the event: According to on-chain analyst ZachXBT's monitoring, the group of scammers who stole 8 figs with Magnate, Kokomo, Lendora, Solfire, etc is back with a new project on Blast @Leaperfinance. Last week they funded an address on Blast with ~$1M of laundered funds from the previous rugs and have begun adding liquidity to bait people in. Over time, the fraudulent team increased their TVL to over a million dollars, then stole all user funds deposited into the protocol, and forged KYC documents using low-level auditing companies. Currently, this fraudulent group has initiated scams on platforms such as Base, Solana, Scroll, Optimism, Arbitrum, Ethereum, and Avalanche.
Amount of loss: - Attack method: Scam
Description of the event: The Bitcoin-native lending protocol, Zest Protocol twitted that it experienced an attack. The attacker lent out an amount exceeding the value of their collateral by artificially inflating its value. The attack has been mitigated, and all unauthorized access has been disabled. The attacker removed 324,000 STX from the protocol, and this loss will be compensated from the Zest Protocol's treasury, ensuring full reimbursement of user assets.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Fake Masa on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 502,000 Attack method: Rug Pull
Description of the event: The price of Empower AI (EMPAI) on Ethereum has dropped by 100%. A whale 0xE4808...f3bA has dumped 1,000,000,000,000 EMPAI for about 66.44 WETH (valued at around $23,750).
Amount of loss: $ 237,500 Attack method: Rug Pull
Description of the event: Fake Monad on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 266,000 Attack method: Rug Pull
Description of the event: Jupiter, a trading aggregator in the Solana ecosystem, tweeted that they noticed a large number of spam bots hitting our RPCs and limited them. Users are advised to try their operations again. The team is working super hard on helping users in this new congested environment and dealing with extraordinary volume.
Amount of loss: - Attack method: Spam bots
Description of the event: Fake Truflation on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 256,600 Attack method: Rug Pull
Description of the event: Fake Oasis AI on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 301,600 Attack method: Rug Pull
Description of the event: The full-chain Web3 ecosystem xBlast, built inside Telegram, disclosed on Twitter that it had been hacked. The attacker transferred XBL tokens from its project's main wallet address and sold them for approximately 22 ETH. xBlast's proposed solution is to deploy a new XBL token and restore liquidity, promising fair compensation for all losses.
Amount of loss: $ 84,500 Attack method: Unknown
Description of the event: Wall Street Memes (WSM)’s pre-sale contract was attacked, resulting in a loss of ~2.5M WSM, worth of ~$18,000.
Amount of loss: $ 18,000 Attack method: Flash Loan Attack
Description of the event: The Twitter account of Wormhole co-founder Robinson Burkey was hacked, and a suspicious link was posted.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: CondomSOL on Solana has exited, and its Twitter account is no longer accessible. The wallet associated with CondomSOL raised 4,965 SOL, equivalent to approximately $922,000.
Amount of loss: $ 922,000 Attack method: Rug Pull
Description of the event: In the Blast ecosystem, the project Avolend Finance is suspected to be a rug pull. Currently, its official website and Twitter account cannot be accessed.
Amount of loss: - Attack method: Rug Pull
Description of the event: FixedFloat, a decentralized exchange, tweeted that they have encountered another attack, with hackers exploiting vulnerabilities in their third-party services. The company assured that both company and user funds remain unaffected.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: The DeFi protocol OpenLeverage has been attacked, resulting in a loss of approximately $260,000. In light of this, OpenLeverage has decided to discontinue the OpenLeverage trading and lending protocol. OpenLeverage is initiating processes for users to close trades/borrowings and withdraw funds safely. All protocol actions will remain paused until withdrawal processes begin early next week.
Amount of loss: $ 260,000 Attack method: Unknown
Description of the event: The founder of yield-trading protocol Pendle Finance tweeted that the team has confirmed being unable to access the official Pendle Twitter account and is currently investigating to resolve the issue. During this period, hackers used the Pendle official Twitter account to post phishing links. On the same day, the Pendle founder tweeted that the team had regained control of the official Pendle Twitter account.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: The Solana ecosystem is grappling with a spate of drained wallets. A cause has yet to be definitively determined, but some of the thefts were linked to the use of trading bots like Solareum. According to security researcher Plum, the Solareum Telegram trading bot vulnerability obtained approximately $1 million worth of SOL from victims.
Amount of loss: $ 1,000,000 Attack method: Unknown
Description of the event: Lava suffered a flash loan attack, resulting in approximately $340,000 in losses. All lending markets are reportedly paused as the investigation is ongoing.
Amount of loss: $ 340,000 Attack method: Flash Loan Attack
Description of the event: Decentralized lending protocol Prisma Finance was hacked, with a loss of approximately 3,257.7 ETH (equivalent to around $11.6 million USD). The protocol has currently been suspended for investigation. Officials remind vault owners to disable authorization for related LST and LRT contract delegations.
Amount of loss: $ 11,600,000 Attack method: Contract Vulnerability