1486 hack event(s)
Description of the event: Freddie ($FREDDIE) has Rugged. The scammer initially obtained 2.96 ETH from Orbiter Finance Bridge and added 2 ETH liquidity, then exchanged 4,999T FREDDIE for 28 ETH ($52,344.4), and mortgaged 22.5 ETH to Lido.
Amount of loss: $ 52,344.4 Attack method: Rug Pull
Description of the event: Derpman ($DMAN) Rugged. The scammer initially obtained 4 ETH from Binance, added 3 ETH to liquidity, then exchanged 1,200T DMAN for 48.55 ETH ($89,611.09), and transferred these ETHs to 0x4d1f…915.
Amount of loss: $ 89,611.09 Attack method: Rug Pull
Description of the event: GeniusMeme ($GNS) has Rugged 33.6 ETH($62,180.81). The scammer initially received 4 ETH from Binance and added 3 ETH to liquidity.
Amount of loss: $ 62,180.81 Attack method: Rug Pull
Description of the event: Pepega ($PEPG) has Rugged 30 ETH ($55,609.2). The scammer initially received 3.58 ETH from Binance and added 2.8 ETH to liquidity.
Amount of loss: $ 55,609.2 Attack method: Rug Pull
Description of the event: MChainCapital suffered a flash loan attack and lost about $18,871. TX: https://etherscan.io/tx/0xf72f1d10fc6923f87279ce6c0aef46e372c6652a696f280b0465a301a92f2e26
Amount of loss: $ 18,871 Attack method: Flash Loan Attack
Description of the event: The encrypted art platform Art Coin deployed a liquidity pool (LP pool) on Uniswap V3 on May 7. After a user discovered a loophole in the pre-sale process of Art Coin’s ART token Uniswap V3, he immediately sold the ART he bought at 0.01 ETH during the pre-sale period, and obtained 181 ETH in the liquidity, worth about 331,000 US dollars. Some have questioned the legitimacy of the user's actions, saying the user performed a Rug Pull. The Art Coin founder has since released a statement saying the bug was due to miscommunication: “Two developers will help us understand LP and set it up. Due to miscommunication, we set up LP before distributing tokens. Therefore, When we sent out the first batch of tokens, the bots ran out of it like crazy."
Amount of loss: $ 331,000 Attack method: LP Vulnerability
Description of the event: The stablecoin DEI launched by the DeFi protocol DEUS has been hacked, and the loss has exceeded $6.3 million. Over $5 million was lost on Arbitrum and $1.3 million on the BSC chain. This appears to be a public destroy bug. On May 7, one of the DEI hacker addresses (starting with 0xdf610228) returned about 1.07 million DAIs. on May 8, DEUS tweeted to confirm that the DEI attackers had returned 2,023 ETH.
Amount of loss: $ 6,300,000 Attack method: Contract Vulnerability
Description of the event: The public chain REI Network stated in a telegram announcement that its official Twitter account was hacked, do not believe the airdrop information, and wait for further notice. After checking, the Twitter account has deleted the airdrop-related information, but released a new tweet 2 hours ago, and the relevant official personnel in the Telegram group have not yet confirmed whether the latest tweet is a phishing link.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: YODA coin project happened Rug Pull, YODA token price fell 100%, @yodacoineth_ has deleted his social account/group. Scammers have transferred 68 ETH (~$130,000) to FixedFloat.
Amount of loss: $ 130,000 Attack method: Rug Pull
Description of the event: A Rug Pull on the meme coin project WSB Coin, again involving an address on-chain marked “ZJZ.eth,” dumped most of the WSB team’s supply for $635,000 (334 ETH).
Amount of loss: $ 635,000 Attack method: Rug Pull
Description of the event: Neverfall protocol Hacked, $75,000 Lost. The attackers have deposited funds into TornadoCash.
Amount of loss: $ 75,000 Attack method: Contract Vulnerability
Description of the event: Yuga Labs tweeted that the Twitter account of the company's new CEO, Daniel Alegre, was hacked and is now under hacker control. Yuga Labs reminds users not to click on any minting links, nor to interact with any twitter accounts named Daniel Alegre until the official update notice is released, the Yuga Labs team is working with twitter to regain control of the account .
Amount of loss: - Attack method: Twitter was hacked
Description of the event: XIRTAM, a project built on the Arbitrum ecology, is a reputation building platform that does not require KYC. It advocates building digital reputation step by step through the XIRTAM system in an anonymous and decentralized manner. At the same time, users can get rewards for participating in activities on XIRTAM. The project party is on the 3rd Rug Pull. However, unlike the usual practice of the Rug Pull project, the runaway XIRTAM project party did not transfer the raised 1909 ETH to the currency mixing service to hide the identity and the direction of the funds, but deposited all the funds in Binance. In this regard, Binance stated that the funds involved in the XIRTAM project have been frozen and will cooperate with law enforcement agencies to investigate.
Amount of loss: 1,909 ETH Attack method: Rug Pull
Description of the event: LEVEL Finance, a project on BNB, was hacked and lost $1 million. The hackers created an unverified contract 7 days before the attack, used a delegate function to extract LVL tokens in 15,000 increments, converted 214,000 LVL tokens into 3,345 BNB and transferred them to Tornado Cash.
Amount of loss: $ 1,000,000 Attack method: Contract Vulnerability
Description of the event: The EOS project pcash was attacked and lost about $2 million.
Amount of loss: $ 2,000,000 Attack method: Unknown
Description of the event: DeFi protocol 0VIX on the Polygon chain was exploited for around $2 million. The attack was carried out by an attacker manipulating the oracle, who then performed a flash loan attack on the project. The agreement was suspended after the attack.
Amount of loss: $ 2,000,000 Attack method: Oracle Attack
Description of the event: Bobie, the founder of 0xScope, the Web3 knowledge graph protocol, tweeted that the liquidity of the zkSync ecological DEX Merlin was exhausted, and hackers stole $1.82 million in funds and bridged to Ethereum. According to analysis, this is an internal Rug Pull, and Merlin internal members maliciously used the privileges of the owner's wallet.
Amount of loss: $ 1,820,000 Attack method: Rug Pull
Description of the event: Ordinals Finance has been identified as an exit scam project that caused $1 million in losses. The deployer withdraws OFI tokens from the OEBStaking contract, exchanges them for ETH and transfers them to the EOA address (0x34e...25cCF), which in turn transfers 550 ETH (approximately $1 million) to Tornado Cash. All social media accounts and websites of the project have been deleted.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: The crypto exchange Kucoin stated that its official Twitter account was stolen for about 45 minutes from 00:00 on April 24 (UTC+2) on the 24th, and the attacker posted false activities, causing multiple users to lose assets. As of 02:00 (UTC+2) on April 24, 22 transactions have been identified, including ETH/BTC related to fake activity, with a total value of 22,628 USDT. Kucoin will fully compensate all verified asset losses caused by social media leaks and fake activities.
Amount of loss: $ 22,628 Attack method: Twitter was hacked
Description of the event: UniSat Wallet tweeted: “Due to a vulnerability in our code base, the UniSat Marketplace that just launched has suffered a lot of double-spend attacks. In the test last week, we simulated different double-spend attack methods and improved the code. and enhancements. Unfortunately, certain issues were still exposed in the initial public release. Currently, we have preliminary findings, and out of a total of 383 transactions, 70 transactions have been identified as affected. We will report on In the next few days, we will further investigate and compensate the losses of users related to this incident.” It is reported that UniSat Marketplace is an inscription market based on PSBT and supporting BRC-20 assets on the Bitcoin chain.
Amount of loss: - Attack method: Double Spend Attack