1513 hack event(s)
Description of the event: TrustTheTrident ($SELLC) suffered an attack that resulted in approximately $95,000 in losses.
Amount of loss: $ 95,000 Attack method: Contract Vulnerability
Description of the event: A spokesperson for Floating Point Group (FPG), a trading platform for crypto institutions, said it was hit by a cyber attack on June 11 and has lost between $15 million and $20 million in cryptocurrency. fpg has taken security measures and successfully obtained SOC 2 certification after hiring external auditors to conduct a series of cybersecurity audits and penetration tests last December. After the security breach was discovered, FPG froze all third-party accounts and implemented protective measures for all wallets. The company's account isolation measures limited the overall impact of the attack.
Amount of loss: $ 20,000,000 Attack method: Security Vulnerability
Description of the event: NFT giant whale Franklin is suspected to have posted a warning on his Twitter handle @ElectionDayMad1 with text and video that his Twitter account @franklinisbored was stolen, please do not send any cryptocurrency or click on any links, and that none of the tweets from the early morning of June 9 were posted by him.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: According to official sources, a bug in Arbitrum's sequencer code previously caused a brief outage in the network's batch transaction submission feature, which prevented transactions from being confirmed on the main chain. The bug has since been fixed and the bulk transaction submission feature has been restored.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred on the USEA token on BNB Chain with a loss of about $1.1 million, and the deployer minted a total of 700 million USEAs via the mint function, then transferred them to EOA addresses and sold 1114468 BUSD via PancakeSwap V3.
Amount of loss: $ 1,100,000 Attack method: Rug Pull
Description of the event: Ordinals eco-wallet Xverse tweeted: Xverse has fixed a bug that caused wallet helpers to be stored unencrypted on local devices, and all users should update the Chrome extension to the latest version. The risk of this bug is minimal if it is confirmed that no helper words leave the user's local device. However, if users are concerned about the threat, they can migrate their assets to a newly generated wallet. This error does not affect Xverse iOS and Android apps.
Amount of loss: - Attack method: Mnemonic leaked
Description of the event: NFDAO (NFD) bulk liquidity has been removed. The deployer's associated wallet removed the liquidity and made a profit of about $88,300. bsc address: 0xe1AFC0A3c9aA2537DEea233EF7dc0952ceEDfDA3.
Amount of loss: $ 88,300 Attack method: Rug Pull
Description of the event: According to a tweet from MistTrack, the Twitter account of Cole, co-founder of the NFT project Pudgy Penguins, appears to have been attacked, seemingly by the PinkDrainer hacker group. Please do not click on suspicious links.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: On June 3, multiple Atomic Wallet users posted on social media that their wallet assets had been stolen. Atomic says less than 1% of monthly active users are currently affected/reported. According to SlowMist, Atomic Wallet officially offlined cloudflare’s download site and sha256sum verification site in an emergency. From this, it is speculated that there may be a security problem in the link of downloading the historical version.
Amount of loss: $ 100,000,000 Attack method: Unknown
Description of the event: Jump Crypto, the digital asset trading arm of Jump Trading, said on Twitter that its security team discovered a stack overflow vulnerability in CosmWasm, a smart contract platform designed by the Cosmos ecosystem. The bug would stop users uploading new smart contracts on Cosmos-based blockchains from functioning on those chains entirely.
Amount of loss: - Attack method: Overflow Vulnerability
Description of the event: DD Coin was attacked and lost about 126,000 USDT. The attacker initially received 1 BNB of funds from Tornado Cash about 17 days ago. DD Coin has lost 21%.
Amount of loss: $ 126,000 Attack method: Flash Loan Attack
Description of the event: The Cellframe Network, a blockchain network based on sharding architecture, is suspected of being attacked by a flash loan. The attacker made a profit of 245 BNB (approximately 74,000 US dollars), and the token CELL has fallen by more than 65%. According to MistTrack analysis, the attacker's address (0x252...079) on Ethereum had withdrawn 1.37 ETH from Binance.
Amount of loss: $ 74,000 Attack method: Flash Loan Attack
Description of the event: The LSDFi protocol unshETH stated that at around 22:00 on May 31, one of the deployment private keys of the unshETH contract was leaked. For the sake of caution, the official has urgently suspended the withdrawal of unshETH's ETH. According to the security model, unshETH's ETH deposit (TVL up to 35 million US dollars) is protected by multi-signature + time lock and is not at risk.
Amount of loss: $ 375,000 Attack method: Private Key Leakage
Description of the event: On-chain detective ZachXBT tweeted that a Rug Pull occurred on Pixel Penguin, a charity project created by Hopeexist1, which claimed to raise funds to help him fight cancer. At present, the social accounts of Hopeexist1 and Pixel Penguin have been deleted, and the Pixel Penguin contract is worth only $117,000 (61.686 ETH).
Amount of loss: $ 117,000 Attack method: Rug Pull
Description of the event: Twitter user @ChrisONCT cited on-chain data to expose a suspected scam Meme coin project Waifu AI World (WFAI). The token economics announced by the project stated that 95% of the supply was allocated to LPs. However, shortly after WFAI went online, 4 new wallets spent a total of 14.4 ETH in four transactions to purchase 647 trillion WFAI, accounting for approximately 83.2% of supply (777 trillion). At present, the project party has blacklisted the wallets that purchased 457 trillion WFAI, and now the total supply of WFAI is 320 trillion, which means that 190 trillion tokens are held by insiders, accounting for 60% of the total token supply. And DWF Labs spent about 20 ETH to purchase 624.9 billion WFAI yesterday afternoon; DEXTools trust score changed from extremely low to extremely high within a few hours.
Amount of loss: - Attack method: Scam
Description of the event: A MEV bot (0xb2…2B96 is the MEV bot call contract, 0xb4…0343 is the single-use MEV bot) borrowed 95,000 WETH (worth nearly $180 million) via flash loan to attack Sashimi Swap. The bot swept away the last remaining money in Sashimi’s investment contract and slETH contract, but only about $3,500. It is reported that Sashimi Swap was attacked in December 2021 and lost $210,000, and the project was subsequently abandoned.
Amount of loss: $ 3,500 Attack method: Flash Loan Attack
Description of the event: The perpetual DEX El Dorado Exchange (EDE) is suspected to have been attacked with losses of about $580,000, and an address has been sending small amounts of money to Arbitrum's ELP-1 pool and withdrawing large amounts immediately afterwards. The attacker claimed that the protocol backdoor allowed the developer to force the liquidation of any positions and would return the funds if the developer admitted to price manipulation. 334,000 USDC were returned by the attacker on May 30. By May 31, the attackers had returned more than $400,000 in stolen funds. Dorado revealed that the attackers charged 10% of the stolen funds as a fee when returning them.
Amount of loss: $ 580,000 Attack method: Contract Vulnerability
Description of the event: The Rug Pull of the BSC project BlockGPT occurred, involving assets of over 816 BNB (about 256,000 US dollars), and 800 BNB have been transferred to Tornado Cash so far.
Amount of loss: $ 256,000 Attack method: Rug Pull
Description of the event: DWallet Labs discovered a zero-day vulnerability in TRON multi-signature accounts that put more than $500 million in digital assets at risk. What about the threshold and number of signers defined in the account. The bug has now been disclosed and fixed, so no user assets are now at risk.
Amount of loss: - Attack method: Multisig Vulnerability
Description of the event: Blockchain security researcher iczc tweeted that a vulnerability was found in Polygon zkEVM and received a bug bounty from Immunefi L2. The vulnerability prevents asset migration from L1 to L2 by preventing assets bridged from L1 to Polygon zkEVM (L2) from being properly claimed in L2. iczc found in the code logic of processing claim tx pre-execution results that malicious attackers can bypass the "isReverted" pre-execution check on claim transactions by setting the gas fee to non-zero, allowing them to send a large number of Low-cost claims DoS attacks on sequencers and validators, increasing computational overhead. Also, transactions are not immediately removed from the pool after execution. The status is updated from Pending to Selected and continues to exist in the PostgreSQL database. Currently, there is only one trusted sequencer capable of fetching transactions from the transaction pool and executing them. Therefore, another vulnerability is to maliciously mark any deposit amount by sending a failed transaction. This will cause claim transactions that correctly use credits to be rejected because the credits are already used. This makes the L2 network unusable for new users. The Polygon zkEVM team fixed this vulnerability by removing the specific gas logic for claiming transactions, with no funds at risk.
Amount of loss: - Attack method: Logic Vulnerability