806 hack event(s)
Description of the event: An official incident report from Impermax Finance stated that a hacker was able to steal approximately 9M IMX from several wallets controlled by the team. The IMX was not sold immediately after the hackers stole the funds. So the official team decided to get a head start by dumping a lot of tokens on the market before the hackers did anything. The Impermax lending protocol is completely immune to this, as the attack is caused by stolen private keys, not a bug in the smart contract.
Amount of loss: 9,000,000 IMX Attack method: Private key stolen
Description of the event: SpaceGodzilla was attacked by price manipulation and lost approximately 25,379 USDT.
Amount of loss: $ 25,379 Attack method: price manipulation
Description of the event: Staking platform Freeway tweeted, “The price of its token FWT fluctuated violently on July 13 and is currently under investigation. Freeway’s blockchain bridging service provider Coffe was attacked, and a large number of FWT tokens were bridged from Coffe’s It was removed from the wallet and subsequently sold. There was no damage to the Freeway platform, nor was the Supercharger affected. However, Freeway temporarily disabled FWT withdrawals, deposits and purchases on the platform.”
Amount of loss: - Attack method: Unknown
Description of the event: Multi-chain NFT protocol Citizen Finance claims to have been attacked by an outside party that gained access to the private keys of BNB and the Polygon chain. The attackers used their access to transfer 244 BNB (~$55,000), 57,637 MATIC (~$32,300), and 7,000 USDC, for a total of about $94,300.
Amount of loss: $ 94,300 Attack method: Private key leak
Description of the event: More than 70,000 addresses connected to Uniswap were airdropped tokens that tricked users into approving transactions that would allow attackers to control their wallets. The airdrop links users to a phishing site that resembles the real Uniswap site. Users are tricked into signing contracts, and cryptocurrencies and NFTs are stolen from wallets. One of the wallets lost more than $6.5 million worth of ether and bitcoin, and the other lost about $1.68 million worth of cryptocurrency.
Amount of loss: $ 12,900,000 Attack method: Phishing attack
Description of the event: Decentralized NFT financialization protocol Omni X has been attacked and stolen funds have been transferred to Tornado.cash. The main reason for this attack is that the burn function will call the callback function externally to cause the reentrancy problem, and the liquidation function uses the old vars value for judgment, resulting in the user's status identification even after reentrancy and then borrowing. Being set as unborrowed results in no repayments.
Amount of loss: 1,300 ETH Attack method: Reentry attack
Description of the event: BIFROST officially released a report saying that the BTC address registration server of the BiFi service was attacked. According to the analysis, the attack was limited to the BTC address registration server, and neither the smart contract nor the BiFi protocol detected the vulnerability. BiFi issues and uses an address for each user who deposits BTC. The deposit addresses are signed and delivered to the address issuing server and the addresses are reflected on BiFi only in the case when the signature is verified. In the attack, the server key of the address issuing server was exposed and the attacker was able to self-sign their own deposit address. Since the attacker could generate a valid signature on the deposit address, BiFi mistakenly recognized the attacker’s BTC transfer as a BTC deposit into BiFi. As a result, the attacker was able to borrow 1,852 ETH with fake deposit.
Amount of loss: 1,852 ETH Attack method: The server key was exposed
Description of the event: A fake Shade Inu Token project deployer removed approximately $101,000 (424 BNB) of liquidity from the liquidity pool. After investigation, this Shade Inu Token was identified as a scam, the project launched a fake Shade Inu Token, created a WBNB/SadeIT pool with the initial 200 BNB and provided liquidity to it, so the deployer made a total profit of about $53,000 ( 224 BNB).
Amount of loss: 224 BNB Attack method: Scam
Description of the event: The centralized liquidity DeFi application Crema Finance on the Solana chain announced its shutdown due to a hacker attack. The official Twitter of the protocol quoted information from the on-chain browser SolanaFM, saying that the value of the lost encrypted assets was $8.782 million. Early this morning, Crema Finance disclosed the attacked thread, saying that hackers bypassed contract checks by creating a fake price change data account (Tickaccount), and then used fake price data and flash loans to steal huge fees from the fund pool. On July 7, Crema Finance said on Twitter that after a long negotiation, Crema Finance attackers agreed to collect 45,455 SOL (about $1.682 million) as a white hat bounty, and had returned 6,064 Ethereum and 23,967.9 SOL (approximately $8.1 million).
Amount of loss: $ 1,682,000 Attack method: Flash loan attack
Description of the event: According to Forbes, the official Twitter and YouTube accounts of the British Army were hacked and posted about cryptocurrencies and NFTs. The Twitter account retweeted posts promoting NFTs, and the YouTube account uploaded a video about Elon Musk and cryptocurrencies. Currently, all NFTs and encrypted content have been removed from both accounts.
Amount of loss: - Attack method: Media account hacked
Description of the event: Quiuixotic, the largest NFT platform in the Optimism ecosystem, has a serious vulnerability, and a large number of user assets have been stolen. Users who have traded on this market should cancel their authorization as soon as possible. According to SlowMist analysis, only the sell order is checked in the fillSellOrder function of the market contract, and the buyer's buy order is not checked. Therefore, the attacker first creates an arbitrary NFT contract, calls the fillSellOrder function to generate a sell order, and passes the buyer parameter as the victim's address and the paymentERC20 parameter as the token address to be stolen, then the user who is authorized to the market contract can be transferred. Tokens are transferred for profit.
Amount of loss: 220,000 OP Attack method: The buyer's purchase order is not checked
Description of the event: Polygon Chief Information Security Officer Mudit Gupta tweeted that two remote procedure call (RPC) interfaces of Polygon and Fantom were affected by a Domain Name System (DNS) hijacking attack on Friday. The reason was that a hacker hijacked Ankr's Domain Name System (DNS) to steal the user's seed stage, and Ankr quickly recovered the error and said no funds were lost.
Amount of loss: - Attack method: DNS Hijacking
Description of the event: Metaverse project Quint was hacked and lost $130,000. The root cause of the attack is that when the reStake function executes the reStake reward reStake, the reward amount of the LP token is not updated, so that the attacker can claim the issued reward multiple times.
Amount of loss: $ 130,000 Attack method: Bonus update bug
Description of the event: $MAD was hacked, and the hacker transferred all $MAD in the contract by directly calling the transfer function of the contract holding the token, and finally made a profit of $556 BNB (worth about $115,681), which was then transferred to Tornado.Cash. The reason is that the sensitive function was not checked in the contract that holding tokens, resulting in anyone can directly call the 0x9763a894 function to transfer out the tokens held in the contract.
Amount of loss: $ 115,681 Attack method: Function vulnerability
Description of the event: The NFT liquidity solver XCarnival was attacked, the hacker made a profit of 3,087 ETH (about 3.8 million US dollars), and the hacker has returned 1,467 ETH after the negotiation. The core of this vulnerability is that when borrowing, there is no judgment on whether the NFT in the order has been withdrawn.
Amount of loss: 1,620 ETH Attack method: Contract vulnerabilities
Description of the event: Harmony Horizon bridge was hacked. According to the analysis of SlowMist MistTrack, the attackers made more than 100 million US dollars, including 11 ERC20 tokens, 13,100 ETH, 5,000 BNB and 640,000 BUSD. On the 26th, Harmony founder Stephen Tse said on Twitter that Horizon was attacked not because of a smart contract vulnerability, but because of a private key leak. Although Harmony stored the private keys encrypted, the attacker decrypted some of them and signed some unauthorized transactions. At present, Harmony has migrated Horizon's verification authority on the Ethereum side to 4/5 multi-signature.
Amount of loss: $ 100,000,000 Attack method: Private key leak
Description of the event: ConvexFinance officially tweeted that a DNS attack caused users to approve malicious contracts on some interactions on the website, and the problem has been fixed.
Amount of loss: 215 ETH Attack method: DNS Attack
Description of the event: Ribbon Finance said in a tweet that the homepage of the URL suffered a DNS attack, causing 2 users to approve a malicious contract for vault deposits. At present, the team has solved the problem, and the funds in all contracts are in a safe state. After analyzing the data on the chain, SlowMist believes that it is the same attacker as Convex. At the same time, it is found that a user of Ribbon Finance lost 16.5 WBTC in the attack.
Amount of loss: 16.5 BTC Attack method: DNS Attack
Description of the event: One-stop asset management solution DeFiSaver tweeted that it experienced an attempted DNS attack and, according to its analysis, no users were affected. DeFi Saver said that what the DNS attack has in common with Convex Finance and Ribbon Finance is the domain name registration service Name cheap, reminding other projects to use it with caution.
Amount of loss: - Attack method: DNS Attack
Description of the event: The pandorachainDAO project suffered a flash loan attack, resulting in a loss of assets worth about $128,000.
Amount of loss: $ 128,000 Attack method: Flash loan attack