1722 hack event(s)
Description of the event: Scroll ecosystem stablecoin project Essence Finance is suspected of rugpulled, its stablecoin CHI has fallen by more than 92% to $0.077 in the past 24h, more than $20 million of collateral is suspected to have been removed.
Amount of loss: $ 20,000,000 Attack method: Rug Pull
Description of the event: According to a MistTrack tweet, a suspicious outflow was detected from a wallet controlled by the U.S. government (0xc9E...34c): nearly $20 million was transferred to 0x3486ee700ccaf3e2f9c5ec9730a2e916a4740a9f, including: 5.4M USDC, 1.12M USDT, 13.7M aUSDC and 178 ETH. Most tokens were swapped into ETH. Approximately 19.3M worth of tokens were later returned to the U.S. government address.
Amount of loss: $ 20,000,000 Attack method: Unknown
Description of the event: Base chain detected a price manipulation attack targeting unverified lending contracts, where the attacker gained around $1 million in tokens through excessive borrowing.
Amount of loss: $ 1,000,000 Attack method: Price Manipulation
Description of the event: The contract of Ramses Exchange on Arbitrum was attacked, resulting in a loss of approximately $93,000.
Amount of loss: $ 93,000 Attack method: Contract Vulnerability
Description of the event: A dog-themed memecoin project called SHARPEI abruptly cashed out $3.4 million, tanking the token price by more than 96% in seconds. The project had been promoted by crypto influencers, but hit a snag when a pitch deck for the project leaked. The deck contained multiple lies, including claims to have hired multiple "KOLs" who later denied involvement, and false claims of partnerships with various platforms and projects. As the token price stuttered along with these revelations, insiders apparently decided to quit while they were ahead, and cashed out in a quick and coordinated sale.
Amount of loss: $ 3,400,000 Attack method: Rug Pull
Description of the event: The X account of MuratiAI (@MuratiAI), an AI network and bot platform centered around anime, is suspected to have been hacked, with phishing links being posted. Until further notice, please refrain from clicking any links or responding to any messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to on-chain investigator ZachXBT, the crypto payment service provider Transak recently fell victim to a ransomware attack. Transak reported that the incident occurred when an attacker accessed an employee's laptop without authorization through a sophisticated phishing attack. The attacker used the stolen credentials to log into the system of a third-party KYC vendor used for document scanning and verification services. As a result, the attacker gained access to specific user information stored in the vendor’s dashboard.
Amount of loss: - Attack method: Phishing Attack
Description of the event: Scroll-based DEX protocol Ambient Finance announced on X platform that their domain has been hijacked. Until further notice, please do not interact with the Ambient Finance frontend.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: The official X account of Eigenlayer, the Ethereum re-staking protocol, is suspected to have been hacked. The hacker has posted a fake phishing link; please do not interact with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: DeFi analyst Anon Vee posted on X that several users have reported that the Orderly Network ecosystem project IBXtrade is suspected of a rug pull. It is reported that IBXtrade launched a pre-sale three days ago with a target to raise 2,000 SOL (approximately $3.2 million) and refund any unselected participants. The pre-sale ended up raising over 160,000 SOL (about $24 million), with participants originally expecting the project to return $21.8 million. However, instead of issuing refunds, the IBXtrade team created a poll on a website entirely under their control, asking whether the pre-sale cap should be raised. The poll eventually passed, and IBXtrade claimed to have refunded 65,000 SOL ($9.7 million) to participants. In reality, the team simply transferred these SOL to multiple addresses they created, and users reported not receiving any refunds.
Amount of loss: - Attack method: Rug Pull
Description of the event: Tapioca DAO experienced a significant security breach, with attackers obtaining relevant private keys through social engineering attacks and stealing approximately $4.7 million in cryptocurrency. On October 25, Tapioca DAO released an incident analysis report stating that the security breach occurred because attackers successfully compromised the private keys of a core contributor responsible for smart contract development. SEAL911 confirmed that the attackers were part of a North Korean hacking group that used a contagious interview attack method to inject malware onto the contributor's computer, thereby gaining access to the private keys of their address to carry out the theft.
Amount of loss: $ 4,700,000 Attack method: Social Engineering
Description of the event: ZK startup Lagrange's X account has been allegedly compromised, and a scam link related to the LGR token has been posted. Please stay vigilant and be cautious of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to AggrNews, the Instagram account of Kabosumama, the owner of the Shiba Inu Kabosu, the inspiration behind the popular DOG project "Doge" meme, has been hacked. Kabosumama previously posted on her blog, stating that she was unable to log in. Additionally, BWEnews reported that the hacker is particularly cunning, having posted a fake update about a new family member. The hacker launched a memecoin ahead of time, luring victims into investing, only to pull out and run with the funds shortly after.
Amount of loss: - Attack method: Account Compromise
Description of the event: Radiant Capital posted on X acknowledging issues with its lending markets on BNB Chain and Arbitrum. Trading on Base and Mainnet markets has been paused. According to SlowMist’s security team analysis, the incident occurred after the Radiant attacker illegally gained control of 3 multisig permissions and upgraded to a malicious contract to steal funds. The incident analysis report released by Radiant reveals that the attackers successfully compromised the devices of at least three core contributors through sophisticated malware injection techniques. These compromised devices were then used to sign malicious transactions.
Amount of loss: $ 50,000,000 Attack method: Multisignature Theft
Description of the event: The official X account of Bitcoin L2 Zulu Network appears to have been compromised. The hacker has posted a fake phishing link. Please avoid interacting with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the decentralized intellectual property (IP) platform KOR Protocol appears to have been compromised. The hacker has posted a fake phishing link. Please avoid interacting with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by Scam Sniffer, the X account of Ordinals Wallet was hacked, and a phishing link was posted. Upon review, the related post has already been deleted.
Amount of loss: - Attack method: Account Compromise
Description of the event: A suspicious attack involving HYDT tokens has occurred on BSC, resulting in a loss of approximately $58,000.
Amount of loss: $ 58,000 Attack method: Price Manipulation
Description of the event: The X account of the crypto data tracking service Spot On Chain has reportedly been compromised. It was said to have posted a fake EIGEN airdrop phishing link this morning, while also disabling the comment section for the tweet. Users are advised to be cautious and avoid interacting with the link.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the staking protocol Symbiotic has been suspected of being hacked. The hacker has already posted a fake phishing link. Please do not interact with it.
Amount of loss: - Attack method: Account Compromise