888 hack event(s)
Description of the event: According to the intelligence of the SlowMist security team, the Numbers Protocol (NUM) token project on the ETH chain was attacked, and the attacker made a profit of about $13,836. The main reason for this attack is that the NUM token does not have a permit function and has a callback function, so a fake signature can be passed in to deceive the cross-chain bridge and cause the user's assets to be transferred out unexpectedly.
Amount of loss: $ 13,836 Attack method: Contract vulnerabilities
Description of the event: The SheepFarm project on the BNB chain was attacked by a vulnerability. After analysis, it was found that because the register function of the SheepFarm contract could be called multiple times, the attacker 0x2131c67ed7b6aa01b7aa308c71991ef5baedd049 used the register function multiple times to increase his own gems, and then used the upgradeVillage function to accumulate yield while consuming gems properties, and finally call the sellVillage method to convert yield to money before withdrawing money. The attack caused the project to lose about 262 BNB, about $72,000.
Amount of loss: 262 BNB Attack method: Contract vulnerabilities
Description of the event: The Ranger project on the BSC chain was an exit scam, and the Ranger token fell by 95%. The contract deployer sent the tokens to an external account, which was then sold for a profit of about $77,000. Do not confuse this project with similarly named tokens and symbols, refer to the contract address: bsc: 0xc9efd09c8170e5ce43219967a0564a9b610e5ea2.
Amount of loss: $ 77,000 Attack method: Scam
Description of the event: Rug pull occurred in the DeFiAI project, and the contract deployer made a profit of about 40 million US dollars. According to SlowMist MistTrack analysis, funds have been transferred to Fixedfloat and MEXC.
Amount of loss: $ 40,000,000 Attack method: Scam
Description of the event: The price of the Flare project has dropped by more than 95%, which is suspected to be a Rug Pull scam project. Flare token deployers and associated addresses received approximately 4 billion Flare tokens. The scam has so far made around $18.5 million.
Amount of loss: $ 18,500,000 Attack method: Scam
Description of the event: The DFX Finance project on the ETH chain was attacked, and the attackers made a profit of about $231,138. According to SlowMist analysis, the main reason for this attack is that the Curve contract flash loan function does not have re-entrancy protection, which causes the attack to re-enter the deposit function to transfer tokens to judge the balance of flash loan repayments. The account so that the attacker can successfully withdraw money to profit.
Amount of loss: $ 231,138 Attack method: Reentry attack
Description of the event: According to the monitoring of the SlowMist security team, the brahTOPG project on the ETH chain was attacked, and the attacker made a profit of about $89,879. The main reason for this attack is that the Zapper contract strictly checks the data passed in by the user, which leads to the problem of arbitrary external calls. The attacker uses this arbitrary external call problem to steal the tokens of users who are still authorized to the contract.
Amount of loss: $ 89,879 Attack method: Any external call
Description of the event: The MooCakeCTX project suffered a flash loan attack, and the attackers made a profit of $143,921. According to Fairyproof’s analysis, the suspected reason is that the contract reinvested (the earn function was not called) before the user pledged (depositAll function) without settlement of the reward, that is, when the user pledged, the contract did not settle the previous reward and conduct new investment. This will cause users to get the previous pledge dividends immediately after the pledge. After the attacker borrows 50,000 cake tokens using a flash loan in the same block, he pledges it twice in a row, and then withdraws the pledged cake tokens and returns them to make a profit.
Amount of loss: $ 143,921 Attack method: Flash loan attack
Description of the event: Ethereum L2 protocol Loopring tweeted that it was hit by a large-scale DDoS attack. While the funds were not at risk, the service was down for 11 hours. Currently, domain access on the mobile app side has been reconfigured and the Loopring wallet service has been restored.
Amount of loss: - Attack method: DDos attack
Description of the event: An address on the BNB Chain minted more than $1 billion of pGALA tokens out of thin air, and sold them through PancakeSwap to make a profit. The pGALA contract hacker has made a profit of $4.3 million. One Smart Money address arbitraged nearly $6.5 million in this attack, even more than the attacker's profit. Multi-link is tweeted by the protocol pNetwork, and the pGALA contract on the BNB Chain needs to be redeployed due to the misconfiguration of the cross-chain bridge. Huobi Global announced that it would re-list GALA after proposing that the GALA purchased after the abnormal event would be renamed pGALA, and the project party agreed to pay full compensation to the holders of the currency before the accident.
Amount of loss: $ 10,800,000 Attack method: Cross-chain bridge configuration error
Description of the event: Crypto derivatives exchange Deribit tweeted that $28 million in losses from Deribit’s hot wallet was stolen, but customer funds were safe and the losses were covered by company reserves. According to the analysis of SlowMist MistTrack, the loss included 6967.65 ETH, 691 BTC and about 3.41 million USDC, and then the attacker exchanged USDC for 2143.95 ETH.
Amount of loss: $ 28,000,000 Attack method: Stolen hot wallet
Description of the event: Solend, a lending protocol on Solana, tweeted that an oracle attack against USDH affecting Stable, Coin98, and Kamino’s isolated pools was detected, resulting in $1.26 million in bad debt. Additionally, Solend claims that all other pools, including the Main pool, are safe.
Amount of loss: $ 1,260,000 Attack method: Oracle attack
Description of the event: The multi-chain exchange protocol Rubic tweeted that an administrator’s wallet address, which manages the RBC/BRBC cross-chain bridge and staking rewards, was stolen, and the team suspected that malware stole the private key. The attacker sold about 34 million RBC/BRBC on Uniswap and PancakeSwap, the user's staking funds are safe and the smart contract is not exploited.
Amount of loss: $ 303,758 Attack method: Admin private key leaked
Description of the event: According to Cointelegraph, Skyward Finance, the NEAR on-chain asset issuance platform, suffered a vulnerability exploit and has lost 110 NEAR tokens (about $3 million). The Ref Finance and Skyward teams have been informed of the existence of the vulnerability. The attackers reportedly purchased large amounts of Skyward Tokens on Ref Finance, then redeemed them through the Treasury on Skyward Finance, and then earned more than the value of the Skyward Tokens originally invested.
Amount of loss: $ 3,000,000 Attack method: Contract vulnerabilities
Description of the event: The FITE (FTE) project is suspected of Rug pull, its website fit[.]app has been shut down, and social media has been deleted. Scammers have transferred 1900 BNB to Tornado Cash.
Amount of loss: 1900 BNB Attack method: Scam
Description of the event: The ownership of the MEV infrastructure Eden Network deployer address was hacked and took control of the EDEN token contract. The attacker claims that a new token contract will be deployed, and Eden Network can redeem ownership after purchasing 200 ETH of NEDEN.
Amount of loss: - Attack method: Private key leak
Description of the event: The THORChain network of the cross-chain DeFi protocol was interrupted. The official said that the consensus problem has been identified and a patch will be released. The code pushes cosmos.Uint (instead of uint64) into the string, which causes the string to get an arbitrarily large integer instead of the actual value, causing the memo string to be on a different node. On October 28th, THORChain was back online and produced blocks. The network is signing block transactions, so pending transactions should start going through. Once the queue is cleared, the transaction will be re-enabled. Expect 2-3 hours. During the network outage, investors did not lose any funds. However, the exchange deposits and withdrawals of Thorchain's native currency RUNE have been suspended on centralized exchanges such as Kucoin.
Amount of loss: - Attack method: Network interruption
Description of the event: FriesDAO was attacked and lost about $2.3 million. An attacker gained control of the FriesDAO protocol operator's wallet through the Profanity wallet generator vulnerability, which would force the use of the private key of the address generated by the tool. FriesDAO stated in the official Discord channel that the official developers are currently trying to negotiate with the attackers to negotiate a white hat bounty in exchange for the return of the stolen funds.
Amount of loss: $ 2,300,000 Attack method: Profanity Wallet Generator Vulnerability
Description of the event: Browser security plug-in Pocket Universe tweeted that a new vulnerability was discovered in Opensea’s old contracts that could be used to steal users’ NFTs, potentially emptying wallets once the transaction was signed. It can steal any NFT users listed on Opensea before May 2022 (i.e. before Seaport upgrades), mainly involving the Wyvern protocol, which grants proxy contracts the right to withdraw user NFTs, and this new exploit will Trick the user into signing a transaction, giving the attacker ownership of the user's proxy contract. Cosine, the founder of SlowMist, tweeted that it is necessary to be vigilant about the new use of this old problem, which is related to the old OpenSea protocol, but many users of the old protocol have not cancelled the relevant authorization, and this use is invalid for the new OpenSea protocol (Seaport).
Amount of loss: - Attack method: Contract vulnerabilities
Description of the event: Team Finance tweeted that the protocol’s management funds were hacked during the migration from Uniswap v2 to v3, with an identified loss of approximately $14.5 million worth of tokens. On October 31, the Team Finance white hat hacker address has returned $13.4 million in digital assets, including 548.7 ETH ($860,000) to FEG, 765,000 DAI and 11.8 million TSUKA ($626,000) to Tsuka, about 5 million DAI and 74.6 trillion CAW (~$5.5 million) to CAW, 209 ETH ($328,000) to KNDX, smithbot.eth has returned 263 billion KNDX ($292,000) to KNDX.
Amount of loss: $ 14,500,000 Attack method: Contract vulnerabilities