1208 hack event(s)
Description of the event: On September 24th, according to @Definalist on the X platform, scammers had deposited fake APT tokens into South Korea's largest exchange, Upbit. After these fake tokens were deposited into numerous user accounts, many users proceeded to directly sell them. The only explanation for this situation is that Upbit's wallet system only checked the type and data and processed deposits and withdrawals.
Amount of loss: - Attack method: Wallet Vulnerability
Description of the event: On September 25th, Cyvers Alerts tweeted that a certain EOA address received 5000 ETH from HTX yesterday, and this morning, they noticed that HTX had conducted a hot wallet migration. It has been confirmed that one of HTX's hot wallets was compromised, resulting in a loss of 8 million USD, and the hacker's address has been disclosed. HTX has issued a public statement on the blockchain, addressing the hacker and offering a 5% white hat bonus if the stolen funds are returned by October 2nd; otherwise, they will transfer the information to law enforcement authorities for further action and to prosecute the hacker. Justin Sun also stated that HTX has fully covered the losses incurred from the attack and has successfully resolved all related issues. All user assets are safe and the platform is operating completely normally.
Amount of loss: $ 8,000,000 Attack method: Unknown
Description of the event: On September 23, the Mixin Network cloud service provider database was attacked, the amount of funds involved was ~$200M.
Amount of loss: $ 200,000,000 Attack method: Unknown
Description of the event: On September 22nd, SlowMist tweeted that the website conducts phishing attacks by writing malicious MEV bot codes. Victims have deployed the code they copied from the site. However, there is a risk with the start and withdrawMoney functions in the code, which first calculate the hacker's address and later transfer the incoming funds directly after the user deploys the contract and calls it. The phishing website is https://unimevbot.com. The hacker's on-chain address is 0xfBcf33613A2609C050525395ec6885F6538fEC60.
Amount of loss: - Attack method: Phishing Attack
Description of the event: On September 21st, the Linear stable coin $LUSD appears to be under an exploit attack. While the team investigates, do not buy LUSD, do not trade $LUSD. Liquidations are paused and users accounts are not at risk.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: On September 21st, a large liquidity of BNBpay was removed. Deployer profited ~$114k from this liquidity removal.
Amount of loss: $ 114,000 Attack method: Rug pull
Description of the event: On September 21st, a large liquidity of YZER was removed. Deployer profited ~$28.6k from this liquidity removal.
Amount of loss: $ 28,600 Attack method: Rug Pull
Description of the event: On September 20th, the DeFi liquidity protocol Balancer fell victim to a DNS hijacking attack. Funds have been directed to an address starting with 0x6457, resulting in a total loss of approximately $238,000. The attacker’s fee came from the phishing group AngelDrainer. The attacker may be related to Russia.
Amount of loss: $ 238,000 Attack method: DNS Hijacking Attack
Description of the event: On September 20th, the Discord trading bot, None, posted an announcement stating that due to a critical exploit within their infrastructure. The team have lost a significant amount of funding, as well as the team tokens that were crucial for their operations. Furthermore, three core team members have left, rendering None unable to continue its operations. Users still have 30 days to withdraw their tokens and funds; thereafter, the project will be shut down.
Amount of loss: - Attack method: Infrastructure vulnerability
Description of the event: On September 20th, SlowMist tweeted that Coinbase Wallet recently integrated the Web3 messaging network protocol (http://xmtp.org). As long as the user's wallet address opens the messaging network, it may receive any information sent by the messaging protocol. Many attackers used this feature to send messages with phishing links to wallet users. Relevant wallet users need to be vigilant and not click on unknown links.
Amount of loss: - Attack method: Phishing Attack
Description of the event: On September 17th, ThalaLabs' Twitter account was compromised, and a phishing website was posted, which is linked to a known wallet drainer.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: On September 17th, the OneMint Discord account was compromised. The attacker posted malicious links and shut down channels like support.
Amount of loss: - Attack method: Discord was hacked
Description of the event: Mark Cuban, a billionaire entrepreneur and owner of the Dallas Mavericks, fell victim to a hack on September 16th. Altogether, he was set back by around $870,000 across 10 cryptocurrencies. He said he moved his remaining funds to Coinbase custody.
Amount of loss: $ 870,000 Attack method: Wallet Stolen
Description of the event: A massive suspicious withdrawal occurred on cryptocurrency exchange Remitano, with $2.7 million worth of cryptocurrency being withdrawn. Some blockchain analysts believe the exchange may have been hacked. Tether has frozen an address allegedly used by an attacker that held $1.4 million worth of cryptocurrency.
Amount of loss: $ 2,700,000 Attack method: Wallet Stolen
Description of the event: On September 13th, the Hong Kong Securities and Futures Commission issued a statement titled "Regarding Unregulated Virtual Asset Trading Platforms," stating that the virtual asset trading platform JPEX did not have a license from the Commission and had not applied for one. On September 14th, the JPEX community discovered that the withdrawal limit on the JPEX platform was only 1000 USDT, while the withdrawal fee was as high as 999 USDT, effectively preventing users from withdrawing their funds. As of today, September 25th, at 5:00 PM, in the JPEX virtual asset trading platform fraud case, the Hong Kong police have received reports from a total of 2360 victims, involving an approximate amount of 1.49 billion Hong Kong dollars (approximately 1.39 billion yuan).
Amount of loss: $ 190,632,239 Attack method: Scam
Description of the event: The cryptocurrency exchange CoinEx suffered a hacker attack. The cause of the incident was initially determined to be the leakage of hot wallet private keys. The damage caused is estimated to have reached US$70 million, and the impact has affected multiple blockchains. CoinEx tweeted that it had identified and quarantined suspicious wallet addresses related to the hack and that deposit and withdrawal services had been suspended. On September 13, SlowMist found during the analysis process that CoinEx hackers were related to Stake.com hackers and Alphapo hackers. CoinEx hackers may be the North Korean hacker group Lazarus Group.
Amount of loss: $ 70,000,000 Attack method: Private Key Leakage
Description of the event: Milady founder Charlotte Fang said that a developer of Milady misappropriated approximately $1 million from the Bonkler treasury of Milady's official project. The developer also seized the code base and asked the team to hand over more funds and NFT reserves. Currently, the X accounts of miladymaker and remilionaire are controlled by this developer. Charlotte Fang said the relevant members have been identified and will be held accountable to the fullest extent of the law. Minting of Bonkler NFTs is temporarily suspended and Bonkler’s community vaults, contracts, and NFTs are safe. Other series of NFTs from Milady parent company Remilia are not affected for the time being.
Amount of loss: $ 1,000,000 Attack method: Insider Manipulation
Description of the event: Stablecoin issuer Paxos admitted in a statement that the account that paid out nearly 20 BTC in fees in a single transaction in the early hours of September 11 belonged to the company. Paxos claims that end users have not been affected and all user funds are safe. The announcement comes after users on the X platform speculated that PayPal could be responsible for the transaction, as analytics platform OXT identified relevant wallet accounts belonging to PayPal. A Paxos spokesperson said: "PayPal takes no responsibility for this as this error was caused by Paxos itself. This transaction affected Paxos company operations, Paxos customers and end users were not affected, and all customer funds are safe. This was caused by a vulnerability in a single transfer, which has now been fixed. Paxos is contacting miners to recover the funds."
Amount of loss: $ 500,000 Attack method: Transfer Vulnerability
Description of the event: Ether co-founder Vitalik Buterin's X account is suspected to have been hacked and posted a link (actually a phishing link) to a free Proto Danksharding Memorial NFT pickup related to ConsenSys. ZachXBT says the hackers have now stolen $700,000. Upon review, the tweet containing the phishing link has been removed.
Amount of loss: $ 700,000 Attack method: Twitter was hacked
Description of the event: On September 10, according to on-chain intelligence from the SlowMist security team, when the LDO token contract is processing a transfer operation, if the transfer amount exceeds the amount actually held by the user, the operation will not trigger the rollback of the transaction. Instead, it will directly return a `false` as the processing result. This approach is different from many common ERC20 standard token contracts. Due to the above characteristics, there is a potential risk of "fake top-up", and malicious attackers may try to use this feature to conduct fraud. On September 11, Lido stated that this behavior was expected and complies with ERC20 token standards. LDO and stETH are still safe. The Lido Token Integration Guide will be updated with LDO details to show this more obviously.
Amount of loss: - Attack method: False top-up