1522 hack event(s)
Description of the event: The Ara project was attacked by a flash loan. The attackers are suspected to have made about $124,000 in BUSD. attacker address: 0xF84efA8a9F7E68855CF17EAaC9c2f97A9d131366.
Amount of loss: $ 124,000 Attack method: Flash Loan Attack
Description of the event: Seems like @VPandaCommunity rugged for ~265K $BSC-USD $VPC has dropped -97.4%, the stolen funds has already been transferred to 0x33d2a4...af65
Amount of loss: $ 265,000 Attack method: Rug Pull
Description of the event: Cross-chain money market solution Midas Capital has been hacked, causing losses of more than $600,000 after an integer rounding problem in its lending protocol (derived from a fork of the well-known Compound Finance v2 codebase) was exploited. The same situation was also exploited in the previous attack on Hundred Finance. The attacker deposited 400 BNB into Tornado Cash, and some other proceeds were bridged to Ethereum.
Amount of loss: $ 600,000 Attack method: Contract Vulnerability
Description of the event: Recently, a security firm discovered a stack overflow vulnerability in the Move VM that does not limit the depth of recursive calls, which can cause a total network shutdown, prevent new validator nodes from joining the network, and potentially even cause a hard fork. mainnet_v1.2.1, Aptos mainnet_v1.4.3 and earlier are all affected by this vulnerability. Suimainnet_v1.2.1, Aptosmainnet_v1.4.3, and Move-language versions after June 10, 2023 fix this vulnerability.
Amount of loss: - Attack method: Overflow Vulnerability
Description of the event: Decentralized trading platform Hashflow is suspected to have suffered an authorization-related attack, though this may be a white-hat hacking operation. The loss from the theft was approximately $600,000, and all affected users were able to retrieve all of their assets.
Amount of loss: $ 600,000 Attack method: Authorization Attack
Description of the event: DEP/USDT and LEV/USDC pools were stolen with 105,800 stablecoins worth (36,000 USDC and 69,960,000 USDT), and the attackers initially received 1 ETH of initial funding from Tornado Cash.
Amount of loss: $ 105,800 Attack method: Unknown
Description of the event: The DeFi lending protocol Sturdy is suspected to have been hacked, and information on the chain suggests that the attack may have been carried out through price manipulation. The attackers have transferred 442.6 ETH to Tornado Cash.
Amount of loss: $ 770,000 Attack method: Price Manipulation
Description of the event: A governance attack on the BSC eco-protocol Atlantis Loans, in which attackers gained control of the contract and replaced it with a contract containing backdoor functionality to transfer user assets, is currently costing approximately $1 million. The attackers created the malicious governance proposal in the GovernorBravo contract on June 7, 2023.
Amount of loss: $ 1,000,000 Attack method: Governance Attack
Description of the event: ZenGo CEO Ouriel Ohayon tweeted that BitBoy Crypto founder Ben Armstrong's Twitter account was hacked and used to promote a crypto scam to steal users' NFT assets, the same scam that hit garry tan, peter schiff and others, asking users to be aware of the risks involved.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: TrustTheTrident ($SELLC) suffered an attack that resulted in approximately $95,000 in losses.
Amount of loss: $ 95,000 Attack method: Contract Vulnerability
Description of the event: A spokesperson for Floating Point Group (FPG), a trading platform for crypto institutions, said it was hit by a cyber attack on June 11 and has lost between $15 million and $20 million in cryptocurrency. fpg has taken security measures and successfully obtained SOC 2 certification after hiring external auditors to conduct a series of cybersecurity audits and penetration tests last December. After the security breach was discovered, FPG froze all third-party accounts and implemented protective measures for all wallets. The company's account isolation measures limited the overall impact of the attack.
Amount of loss: $ 20,000,000 Attack method: Security Vulnerability
Description of the event: NFT giant whale Franklin is suspected to have posted a warning on his Twitter handle @ElectionDayMad1 with text and video that his Twitter account @franklinisbored was stolen, please do not send any cryptocurrency or click on any links, and that none of the tweets from the early morning of June 9 were posted by him.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: According to official sources, a bug in Arbitrum's sequencer code previously caused a brief outage in the network's batch transaction submission feature, which prevented transactions from being confirmed on the main chain. The bug has since been fixed and the bulk transaction submission feature has been restored.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred on the USEA token on BNB Chain with a loss of about $1.1 million, and the deployer minted a total of 700 million USEAs via the mint function, then transferred them to EOA addresses and sold 1114468 BUSD via PancakeSwap V3.
Amount of loss: $ 1,100,000 Attack method: Rug Pull
Description of the event: Ordinals eco-wallet Xverse tweeted: Xverse has fixed a bug that caused wallet helpers to be stored unencrypted on local devices, and all users should update the Chrome extension to the latest version. The risk of this bug is minimal if it is confirmed that no helper words leave the user's local device. However, if users are concerned about the threat, they can migrate their assets to a newly generated wallet. This error does not affect Xverse iOS and Android apps.
Amount of loss: - Attack method: Mnemonic leaked
Description of the event: NFDAO (NFD) bulk liquidity has been removed. The deployer's associated wallet removed the liquidity and made a profit of about $88,300. bsc address: 0xe1AFC0A3c9aA2537DEea233EF7dc0952ceEDfDA3.
Amount of loss: $ 88,300 Attack method: Rug Pull
Description of the event: According to a tweet from MistTrack, the Twitter account of Cole, co-founder of the NFT project Pudgy Penguins, appears to have been attacked, seemingly by the PinkDrainer hacker group. Please do not click on suspicious links.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: On June 3, multiple Atomic Wallet users posted on social media that their wallet assets had been stolen. Atomic says less than 1% of monthly active users are currently affected/reported. According to SlowMist, Atomic Wallet officially offlined cloudflare’s download site and sha256sum verification site in an emergency. From this, it is speculated that there may be a security problem in the link of downloading the historical version.
Amount of loss: $ 100,000,000 Attack method: Unknown
Description of the event: Jump Crypto, the digital asset trading arm of Jump Trading, said on Twitter that its security team discovered a stack overflow vulnerability in CosmWasm, a smart contract platform designed by the Cosmos ecosystem. The bug would stop users uploading new smart contracts on Cosmos-based blockchains from functioning on those chains entirely.
Amount of loss: - Attack method: Overflow Vulnerability
Description of the event: DD Coin was attacked and lost about 126,000 USDT. The attacker initially received 1 BNB of funds from Tornado Cash about 17 days ago. DD Coin has lost 21%.
Amount of loss: $ 126,000 Attack method: Flash Loan Attack