921 hack event(s)
Description of the event: According to official news, the NFT project Azuki confirmed that its Twitter account was hacked, and the team has regained control of the account. Hackers posted two tweets on Azuki's Twitter account, prompting users to claim the virtual land, one of which was pinned to the top. Azuki officials remind users to be alert to this scam and not to click on any links.
Amount of loss: $ 1,740,000 Attack method: Twitter was hacked
Description of the event: Kevin Rose, the founder of the NFT project Moonbirds, tweeted that his personal wallet was hacked and 25 Chromie Squiggles and other NFTs were lost, with an estimated loss of more than $1 million. Arran Schlosberg, vice president of engineering at Proof Collective, said their NFTs are safe after Kevin Rose was hacked and lost $1 million. Schlosberg said the phishing attack tricked Rose into signing a malicious signature, and the hackers then transferred his valuable NFT.
Amount of loss: $ 1,000,000 Attack method: Phishing Attack
Description of the event: The Robinhood Twitter account was hacked and used to promote a fraudulent crypto project. The hackers announced the launch of a new token called $RBH, which they say will be priced at $0.0005 on Binance Smart Chain. About 25 people purchased the fraudulent tokens for a total of just under $8,000 before the link was removed. Robinhood said in a blog post that the unauthorized content posted on Robinhood Twitter, Instagram and Facebook was removed within minutes, and the team believes the source of the incident was a third-party vendor.
Amount of loss: $ 8,000 Attack method: Twitter was hacked
Description of the event: Dogechain ecological multi-purpose GameFi and DeFi agreement Doglands may have exit scams. The contract addresses on the project chain are 0x106E6a2D5433247441c1Cdf4E3e24a0696a46d0, 0x12b17 and 0x0e815, which drain all the reserves in the LP tokens, with a value of about $204000. The funds have now been transferred to Ethereum through the cross-chain bridge and transferred to multiple addresses. Doglands has deleted the official Twitter and website.
Amount of loss: $ 204,000 Attack method: Rug Pull
Description of the event: It is reported that the FFF token deployed on the BSC has an abnormal additional issue event. This event is that the administrator of the original project party purchased the additional issue through the pre-set additional issue contract, and then sold the additional issued tokens and transferred the acquired assets in part. More than US $1.03 million of FFF tokens were sold in this issue.
Amount of loss: $ 1,030,000 Attack method: Abnormal issuance
Description of the event: Thoreum Finance was hacked. According to analysis, because the transfer function of the non-open source contract 0x79fe created by the Thoreum Finance project party is suspected to have a loophole, when the from and to addresses of the transfer function are the same, due to the use of temporary variables to store the balance, the balance will double when you transfer to yourself , the attacker repeated the operation many times, and finally made a profit of 2,000 BNB, involving an amount of about 580,000 US dollars.
Amount of loss: $ 580,000 Attack method: Contract Vulnerability
Description of the event: The OMNI Real Estate Token (ORT) project on BSC was attacked. The cause of the attack is suspected to be a loophole in the contract code. The attacker’s address is: 0x9BbD94506398a1459F0Cd3B2638512627390255e, one of the attack contracts is 0x0eFfECA3dBCBcda4d5e4515829b0d42181700606, the initial gas source of the attack is FixedFloat, and the attacker made more than 236 BNB, worth about $57.
Amount of loss: $ 70,705 Attack method: Contract Vulnerability
Description of the event: Due to the read-only-reentrancy problem (read-only-reentrancy) when interacting with the Curve liquidity pool, the cross-chain money market solution Midas Capital was attacked and exploited in the Polygon liquidity pool of the stablecoin protocol Jarvis, and has lost $650,000.
Amount of loss: $ 650,000 Attack method: Reentry Attack
Description of the event: Encrypted KOL NFT God tweeted that due to hackers hacking into its Twitter, Substack, Gmail, Discord and wallets, it lost all its encrypted assets and NFTs, and the hackers also posted fraudulent links through the stolen accounts. The reason for being hacked was that the Ledger was set as a hot wallet instead of a cold wallet on the new device, and the mnemonic was imported and used in the wallet on the networked computer. Then yesterday, after downloading the video streaming software OBS for the game live broadcast, I clicked on Google. The sponsored links of the website downloaded malware that gave hackers access to their funds. Yu Xian, the founder of SlowMist, said that the core reason is that the computer runs a game program with a Trojan horse, and then the mnemonic of encrypted assets is connected to the Internet on this computer, so it may be stolen by hackers.
Amount of loss: - Attack method: Malicious software
Description of the event: According to SlowMist, LendHub, the HECO ecological cross-chain lending platform, was suspected of being attacked and lost nearly 6 million US dollars. The main hacker profit address is 0x9d01..ab03. The reason for this attack is that there are two lBSV cTokens in LendHub, one of which has been abandoned in April 2021 but has not been removed from the market, which resulted in both the old and new lBSV existing in the market. Moreover, the Comptrollers corresponding to the old and new lBSV are not the same, but both have prices in the market, which results in a split in the calculation of liabilities in the old and new markets. Attackers take advantage of this problem to redeem mortgages in the old market and carry out lending operations in the new market, maliciously extorting protocol funds in the new market. At present, the main profit address for hackers is 0x9d01..ab03, and the source of the hacker attack fee is the 100 ETH received from Tornado.Cash on January 12. SlowMist said that through the threat intelligence network, some traces of hackers have been obtained.
Amount of loss: $ 6,000,000 Attack method: Contract Vulnerability
Description of the event: RoeFinance was attacked. The victim pool (0x574f) has just been emptied, with a total loss of about $80000. This is a typical price manipulation attack.
Amount of loss: $ 80,000 Attack method: Price Manipulation
Description of the event: A vulnerability known as CVE-2022-3656 affects more than 2.5 billion users of Google Chrome and Chromium-engine-based browsers. This vulnerability allows the theft of sensitive files such as encrypted wallets and cloud provider files. The vulnerability was discovered by examining how the browser interacts with the file system. Specifically, the browser did not properly check whether a symlink pointed to an inaccessible location, allowing sensitive files to be stolen. This problem is often referred to as symbolic link following. Attackers may use encrypted phishing sites to strategically gain access to users' sensitive files.
Amount of loss: - Attack method: Browser Vulnerability
Description of the event: On January 10, Sui Name Service, an eco-domain name service provider, posted a message on social media that its Discord server was attacked by a former employee today, and the attacker posed as an administrator. At present, the Sui Name Service is restoring role labels for users.
Amount of loss: - Attack method: Discord was hacked
Description of the event: The price of BRA token on BNB Chain is zero. According to the analysis, the token will be taxed during the transaction, and the tax collected will be directly sent to the transaction pair, and the tax will be added twice. Under this mechanism, after many such transactions, the number of tokens in the transaction pair continues to increase. At the same time, any user can call the skim function to retrieve the extra tokens in the transaction pair, which results in the actual number of tokens exceeding its issuance limit. This BRA token attack has caused 820 WBNB losses. The address of the attacker (0xE2Ba15be8C6Fb0d7C1F7bEA9106eb8232248FB8B).
Amount of loss: 820 WBNB Attack method: Abnormal over-issuance of tokens
Description of the event: The official Twitter account of Chimpers, the NFT project, was hacked and embezzled, and multiple links to fake websites were published to lure users to forge NFT through the links.
Amount of loss: - Attack method: Discord was hacked
Description of the event: The Web3 Twitter marketing platform Twity tweeted that there was a security vulnerability in its system, the Telegram account of the technician was leaked, and the chat record contained project information and wallet private key, resulting in the disclosure of administrator account information. The team is currently holding an emergency meeting to study solutions. All user assets and NFT information will be snapped. The specific solution will be published separately after it is formulated.
Amount of loss: - Attack method: Telegram was hacked
Description of the event: Mycelium, a perpetual agreement, tweeted that due to the oracle feeding problem of the ETH-USD trading pair, MLP suffered a loss of 4~6% from robot arbitrage (the current pool size is about $6.6 million, and the estimated loss is about $300,000), but the team has fixed the loophole and resumed trading. The reason for this is that due to the fact that Binance began blocking US IPs in late December, one of Mycelium's three oracle data vendors went offline, and the other vendor also seemed to have gone wrong overnight, resulting in prices relying only on Coinbase and Bitfinex. Coinciding with about 4 pm yesterday, Bitfinex's ETH-USD feed price fluctuated significantly, and the spread was extremely large, perhaps the arbitrage robot detected the spread and began to arbitrage at a higher than usual amount, resulting in a loss of MLP.
Amount of loss: $ 300,000 Attack method: The oracle price problem
Description of the event: The official Twitter account of CyberKongz in the NFT project was attacked by hackers, who replaced the homepage links, etc. with phishing links and released false Mint information. At present, the account has been renamed and is under freezing protection.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Nikhil Gopalani, chief operating officer of Nike's encrypted fashion brand RTFKT, tweeted that he was attacked by a phisher and lost more than $173,000, including 19 CloneX NFTs, 18 RTKFT Space Pods, 11 CryptoKicks, etc. Gopalani believes the phishing attack may have been the result of accidentally providing confidential information to hackers posing as Apple representatives.
Amount of loss: $ 173,000 Attack method: Phishing attack
Description of the event: Luke Dashjr, one of the original Bitcoin Core developers, claimed on Twitter that attackers had managed to compromise multiple wallets, with more than 216 BTC (approximately $3.6 million) stolen. Dashjr initially blamed the attack on a leaked PGP key, but later said the PGP leak was just part of a broader hack in which the attacker also bypassed two-factor authentication and gained access to his wallet.
Amount of loss: 216 BTC Attack method: Private Key Leaked