1679 hack event(s)
Description of the event: The parallel-execution EVM public chain Artela announced on the X platform that their official Discord was hacked today. The attacker took control of the Discord channel and spread fake airdrop messages. The team took immediate action, removed the fraudulent posts, and the Discord has now been restored.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by the SlowMist security team, the staking and lending protocol HFLH on BNB Chain has been attacked. Users are advised to stay vigilant.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: On-chain sleuth ZachXBT revealed that McDonald's Instagram account was allegedly hacked and used to promote the meme token GRIMACE.
Amount of loss: - Attack method: Account Compromise
Description of the event: The website frontend of Solana ecosystem real estate trading protocol Parcl has been hacked, extracting tokens from users' Solana wallets and displaying fake transaction results in Phantom. Parcl’s official X account also appears to have been compromised, posting information related to PARCL rewards.
Amount of loss: - Attack method: Frontend Attack
Description of the event: The X account of AvaLabs COO Luigi D'Onorio DeMeo appears to have been compromised. Please do NOT interact with any addresses or links it has posted.
Amount of loss: - Attack method: Account Compromise
Description of the event: The decentralized AI blockchain platform Sahara AI announced on the X platform that their official Discord has been compromised. Users are advised not to click on any links or respond to any messages until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to on-chain investigator ZachXBT, a suspicious transfer was made from a potential victim for 4064 BTC ($238M). The funds were quickly moved to ThorChain, eXch, Kucoin, ChangeNow, Railgun, and Avalanche Bridge. As of August 27th, $505,000 has been recovered.
Amount of loss: $ 238,000,000 Attack method: Unknown
Description of the event: Vow suffers an attack due to a contract vulnerability, resulting in a loss of approximately $1.2 million.
Amount of loss: $ 1,200,000 Attack method: Contract Vulnerability
Description of the event: iVest DAO was attacked due to a smart contract vulnerability, resulting in a loss of approximately $172,000.
Amount of loss: $ 172,000 Attack method: Contract Vulnerability
Description of the event: The official Discord server of RARI Foundation has been hacked. Please refrain from using the server until the team has regained control.
Amount of loss: - Attack method: Account Compromise
Description of the event: An external attacker gained access to credentials for managing Nexera Fundrs platform's smart contracts. Using these credentials, the attacker transferred NXRA tokens from Fundrs' staking contracts on Ethereum. Out of the 47.24 million NXRA tokens stolen, the attacker was only able to sell 14.75 million tokens (approximately $449,000). Nexera successfully removed the remaining 32.5 million NXRA balance from the attacker's wallet, preventing further loss.
Amount of loss: $ 1,830,000 Attack method: Malicious Software
Description of the event: The Ronin Bridge project experienced unusual cross-chain asset withdrawals, suggesting a potential attack. According to the SlowMist security team, the vulnerability was caused by the modification of weight to an unexpected value, allowing funds to be withdrawn without passing any multi-signature threshold checks. The attacker extracted approximately 4,000 ETH and 2 million USDC from the bridge, amounting to a value of around $12 million. As of August 7th, white hats have returned $12 million worth of assets and received a $500,000 bug bounty.
Amount of loss: $ 12,000,000 Attack method: Contract Vulnerability
Description of the event: OMPx was attacked, resulting in a loss of approximately $107,000. The attacker obtained initial funds through Railgun, and the stolen funds have already been deposited into Railgun.
Amount of loss: $ 107,000 Attack method: Unknown
Description of the event: According to monitoring by the SlowMist security team, SATOSHI (SATS) was attacked on Ethereum on August 3rd.
Amount of loss: $ 5,000 Attack method: Contract Vulnerability
Description of the event: According to an official tweet from Ethereum Layer 2 network Starknet, their Discord server has been compromised. The official team advises users not to click on any links until the situation is fully resolved.
Amount of loss: - Attack method: Account Compromise
Description of the event: Convergence Finance was attacked. 58M CVG have been minted and sold by the hacker for approximately $210,000 ( the whole portion of tokens dedicated to staking emissions); Approximately $2,000 of unclaimed rewards from Convex have also been stolen. A lack of validation in the input given by the user in the function claimMultipleStaking of the reward distribution contract is the root cause of the exploit.
Amount of loss: $ 210,000 Attack method: Contract Vulnerability
Description of the event: Terra blockchain experienced a security breach that led to the theft of tokens. The attackers exploited a known vulnerability related to the third-party module IBC hooks, stealing the value of cross-chain assets, including USDC stablecoins and Astroport tokens. The Terra team has taken emergency measures to prevent further losses and coordinated with validators to apply a patch to fix the vulnerability. According to Zaki Manian, co-founder of Sommelier Finance, although the vulnerability was patched in the Cosmos ecosystem back in April, Terra did not include this patch in their June upgrade, resulting in the vulnerability being re-exposed and exploited.
Amount of loss: $ 5,280,000 Attack method: Third-party Vulnerability
Description of the event: The Ethereum Layer 2 network Metis issued a warning on Twitter stating that their Discord has been compromised. They advised users not to click on any "airdrop links" or any other links.
Amount of loss: - Attack method: Account Compromise
Description of the event: Anzen Finance, the issuer of RWA stablecoins, announced on the X platform that on July 30, due to an error in the Blast vault contract, a white hat hacker exploited the vault to steal 500,000 USDz. The white hat returned $450,000 in a timely manner and received a $50,000 bounty as a reward.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: On July 26th, the official Twitter account of SAT20 Labs was hacked, and the attacker posted tweets containing links to install malware.
Amount of loss: - Attack method: Account Compromise