1755 hack event(s)
Description of the event: The BGM token on BSC was attacked, resulting in losses exceeding $450K, with the attacker profiting through price manipulation.
Amount of loss: $ 450,000 Attack method: Price Manipulation
Description of the event: On November 8, a hacker breached the CoinPoker’s hot wallet, resulting in the unauthorized draining of approximately $2M USD. The attack spanned across multiple blockchain networks, including BNB Chain, Ethereum, and Polygon networks. Later, it funneled through Tornado Cash to obscure the trail and to launder the funds.
Amount of loss: $ 2,000,000 Attack method: Third-party Vulnerability
Description of the event: According to on-chain detective ZachXBT, the cryptocurrency gambling platform MetaWin was reportedly attacked, resulting in the theft of over $4 million on the Ethereum and Solana blockchains.
Amount of loss: $ 4,400,000 Attack method: Unknown
Description of the event: According to on-chain investigator ZachXBT, American rapper Wiz Khalifa's X account was hacked, posting fake announcements about a WIZ token. The hacker responsible is reportedly the same person who compromised Andy Ayrey's (Truth Terminal founder) X account a few days earlier. Please exercise caution and stay aware of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: SUNRAY FINANCE experienced a private key compromise, allowing the exploiter to gain control of the SUN and ARC tokens and sell them off, draining the funds from DEX pairs. So far, the attacker has stolen approximately $2.855 million.
Amount of loss: $ 2,855,000 Attack method: Private Key Leakage
Description of the event: According to monitoring by Scam Sniffer, Lottie Player suffered a supply chain attack, impacting projects such as 1inch and Movement.
Amount of loss: - Attack method: Supply Chain Attack
Description of the event: According to on-chain detective ZachXBT on his personal channel, cryptocurrency exchange M2 was hacked, resulting in the theft of approximately $13 million from several on-chain hot wallets.
Amount of loss: $ 13,700,000 Attack method: Unknown
Description of the event: The official X account of the hardware wallet Keystone is suspected to have been hacked. Users are advised to remain vigilant and be cautious of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: On Oct 31st, Collaterizable Leverage Lending Platform Shoebill Finance experienced a security incident affecting the BTC Market on the BOB chain. The incident stemmed from an unexpected interaction within the oracle configuration during the integration of solvBTC and solvBTC.BBN assets. This interaction inadvertently created an exploitable condition that was leveraged by the attacker through a multi-stage exploit.
Amount of loss: $ 1,520,000 Attack method: Oracle Misconfiguration
Description of the event: Andy Ayrey, founder of the AI bot project Truth Terminal, announced the launch of a new token IB on X. It is suspected that his account may have been hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: Scroll ecosystem stablecoin project Essence Finance is suspected of rugpulled, its stablecoin CHI has fallen by more than 92% to $0.077 in the past 24h, more than $20 million of collateral is suspected to have been removed.
Amount of loss: $ 20,000,000 Attack method: Rug Pull
Description of the event: According to a MistTrack tweet, a suspicious outflow was detected from a wallet controlled by the U.S. government (0xc9E...34c): nearly $20 million was transferred to 0x3486ee700ccaf3e2f9c5ec9730a2e916a4740a9f, including: 5.4M USDC, 1.12M USDT, 13.7M aUSDC and 178 ETH. Most tokens were swapped into ETH. Approximately 19.3M worth of tokens were later returned to the U.S. government address.
Amount of loss: $ 20,000,000 Attack method: Unknown
Description of the event: Base chain detected a price manipulation attack targeting unverified lending contracts, where the attacker gained around $1 million in tokens through excessive borrowing.
Amount of loss: $ 1,000,000 Attack method: Price Manipulation
Description of the event: During a routine GM token burn, Aark Digital encountered a callback error due to a third-party contract modification. To resolve this, Aark Digital initiated a contract upgrade and GM delisting to adjust affected user balances. Users holding GM were required to convert GM to USDC. Aark Digital ran a script to process these conversions, receiving inputs like target user, amount, token address, and decimals from event data. While executing, a single user’s USD Value shifted erroneously from 0.498942 to 498,942 * (10 ^ 12), due to an incorrect balance update (not from a deployed contract error). Exploiting this security vulnerability, the attacker caused Aark Digital a loss of 1,499,841 USDC and 159.09 ETH.
Amount of loss: $ 1,900,000 Attack method: Incorrect Balance Update
Description of the event: The contract of Ramses Exchange on Arbitrum was attacked, resulting in a loss of approximately $93,000.
Amount of loss: $ 93,000 Attack method: Contract Vulnerability
Description of the event: In October 2024, Cryptobottle on Polygon suffered three separate attacks, with total losses amounting to approximately $527,000. The attack on October 24 was the largest of the three, where the attacker exploited a critical vulnerability to disable the balance check in the swap() method after a callback. This allowed them to make arbitrary swaps to acquire a large amount of NAS tokens, which they then sold, resulting in a loss of around $490,000 for the project.
Amount of loss: $ 527,000 Attack method: Contract Vulnerability
Description of the event: A dog-themed memecoin project called SHARPEI abruptly cashed out $3.4 million, tanking the token price by more than 96% in seconds. The project had been promoted by crypto influencers, but hit a snag when a pitch deck for the project leaked. The deck contained multiple lies, including claims to have hired multiple "KOLs" who later denied involvement, and false claims of partnerships with various platforms and projects. As the token price stuttered along with these revelations, insiders apparently decided to quit while they were ahead, and cashed out in a quick and coordinated sale.
Amount of loss: $ 3,400,000 Attack method: Rug Pull
Description of the event: The X account of MuratiAI (@MuratiAI), an AI network and bot platform centered around anime, is suspected to have been hacked, with phishing links being posted. Until further notice, please refrain from clicking any links or responding to any messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to on-chain investigator ZachXBT, the crypto payment service provider Transak recently fell victim to a ransomware attack. Transak reported that the incident occurred when an attacker accessed an employee's laptop without authorization through a sophisticated phishing attack. The attacker used the stolen credentials to log into the system of a third-party KYC vendor used for document scanning and verification services. As a result, the attacker gained access to specific user information stored in the vendor’s dashboard.
Amount of loss: - Attack method: Phishing Attack
Description of the event: Scroll-based DEX protocol Ambient Finance announced on X platform that their domain has been hijacked. Until further notice, please do not interact with the Ambient Finance frontend.
Amount of loss: - Attack method: DNS Hijacking Attack