1627 hack event(s)
Description of the event: The Fake TRUMP (MAGA) on BNBChain is suspected of a rug pull, and the current token price has dropped by 100%.
Amount of loss: $ 957,552 Attack method: Rug Pull
Description of the event: MintRisesPrices on BNBChain suffered a reentrancy attack, resulting in a loss of approximately $59,000.
Amount of loss: $ 59,000 Attack method: Reentrancy Attack
Description of the event: On July 1, according to Protos, the crypto-friendly bank Evolve Bank & Trust recently admitted that despite discovering "unauthorized activity"—specifically, the theft of 33 TB of user data—a month ago, they only publicly disclosed the incident last week. Reportedly, the stolen data pertains to 155,586 accounts associated with companies like Bitfinex, Nomad, and Copper. The bank stated that the data breach was due to an employee clicking on a malicious link and that the attack was halted within a few days, with no further unauthorized activity detected.
Amount of loss: - Attack method: Information Leakage
Description of the event: According to Cyber's official Twitter, the Discord server @BuildOnCyber of the decentralized social L2 Cyber (formerly CyberConnect) was compromised. A phishing link was posted in the announcements channel and all permissions have been stripped. Do not interact with the attached announcement, Do not click any links.
Amount of loss: - Attack method: Account was compromised
Description of the event: APEMAGA on Ethereum suspected to have been attacked, resulting in a loss of approximately $32,000.
Amount of loss: $ 32,000 Attack method: Unknown
Description of the event: According to Decrypt, the social media account of the renowned heavy metal band Metallica were recently hacked. The hackers used these accounts to promote scam cryptocurrency tokens. Several celebrities were also implicated, becoming tools for the scam's promotion. The hackers posted false information to entice fans and investors into purchasing worthless tokens.
Amount of loss: - Attack method: Account was compromised
Description of the event: On June 24, the UAE-based blockchain gaming studio Farcana tweeted that one of their FAR wallets was hacked. On the same day, Farcana tweeted a clarification stating that it was a third-party market maker that was attacked, and the official wallet and FAR smart-contract had not experienced any exploits.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: According to monitoring by on-chain detective ZachXBT, the online gambling platform Sportsbet was also suspected to be attacked by the same hacker as BtcTurk, resulting in a loss of over $3.5 million.
Amount of loss: $ 3,500,000 Attack method: Unknown
Description of the event: According to the latest official blog post by the Ethereum Foundation, their email account was hacked, and phishing emails were sent to 35,794 recipients. The email falsely claimed that the Foundation was partnering with LidoDAO to offer a 6.8% Ethereum staking yield. If users clicked the link in the email and approved the transaction, their wallets would be drained. The Foundation quickly halted the malicious emails, closed the attack vector, and ensured that the hackers could no longer access the email account. The investigation revealed that the hackers obtained 81 new email addresses during the attack, but no victims lost any funds.
Amount of loss: - Attack method: Account was compromised
Description of the event: Cryptocurrency portfolio management company CoinStats temporarily suspended user activities after 1,590 crypto wallets were affected by a security incident. CoinStats stated, "The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident. None of the connected wallets and CEXes were impacted. Thanks to the immediate incident reponse from the CoinStats team, only 1.3% of all CoinStats Wallets were affected, totaling 1,590 wallets. The list might change as the investigation is ongoing but we don’t expect significant changes." On June 26, Narek Gevorgyan released a security incident update, stating that the security vulnerability was due to the company's AWS infrastructure being hacked. Evidence indicates that it was done through one of employees who was socially engineered into downloading malicious software onto his work computer.
Amount of loss: $ 2,000,000 Attack method: Malicious Software
Description of the event: The Turkish cryptocurrency exchange BtcTurk has acknowledged that they suffered a hack that impacted ten hot wallets containing multiple cryptocurrencies. The exchange halted deposits and withdrawals while investigating, and said they are working with law enforcement. Furthermore, the exploiter sold substantial amounts of some cryptocurrencies, including Luna Classic, causing major price movements in those tokens.
Amount of loss: $ 90,000,000 Attack method: Network Attack
Description of the event: The rapper 50 Cent has claimed that his Twitter account and website were hacked to promote a memecoin called GUNIT.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: The Fake CGPT on BNBChain is suspected of a rug pull, and the current token price has dropped by 100%.
Amount of loss: $ 19,550 Attack method: Rug Pull
Description of the event: According to monitoring by the SlowMist security team, Dyson on BNBChain was attacked, resulting in a loss of approximately $31,000.
Amount of loss: $ 31,000 Attack method: Contract Vulnerability
Description of the event: The meme coin WIFCOIN_ETH was suspected to be attacked, with a loss of ~$16K.
Amount of loss: $ 16,000 Attack method: Unknown
Description of the event: The Omnichain NFT protocol Holograph protocol was exploited, resulting in a loss of approximately $14.4 million. According to the team, a former contractor exploited an infinite mint vulnerability in their smart contract to release an additional 1 billion HLG tokens, which were further dumped. This malicious actor, who had funded the operator contract roughly 26 days before the attack, deployed an unverified contract on Mantle, which was used to mint the additional tokens caused by a function that exploited the protocol's verification method.
Amount of loss: $ 14,400,000 Attack method: Contract Vulnerability
Description of the event: AutoChain Global's contract on BNBChain was suspected to be attacked, with a loss of approximately $113,000.
Amount of loss: $ 113,000 Attack method: Contract Vulnerability
Description of the event: On June 14, NFT perpetual contract trading platform nftperp announced on Twitter that a critical bug had been found in the clearingHouse contract. All vulnerable contracts have been suspended until further notice. On June 15, nftperp stated that all funds lost due to the vulnerability had been successfully recovered. The developers are currently prioritizing the resumption of the contracts so trading and withdrawal can go live.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: After the attack on June 10, UwU Lend was exploited again by the same attacker, resulting in a loss of $3.72 million. The attacker held a significant amount of USDE tokens obtained from the first attack, which allowed them to leverage the remaining USDE funds and drain other UwU lending pools.
Amount of loss: $ 3,720,000 Attack method: Contract Vulnerability
Description of the event: On June 10, 2024, according to the security monitoring system MistEye by SlowMist, the digital asset lending platform UwU Lend on the EVM chain was attacked, resulting in a loss of approximately $19.3 million. The attacker manipulated the price oracle by making large exchanges in the CurveFinance pool, affecting the price of the sUSDE token, and used the manipulated price to arbitrage other assets from the pool.
Amount of loss: $ 19,300,000 Attack method: Contract Vulnerability