1519 hack event(s)
Description of the event: The Arbitrum ecological Swaprum project has a Rug Pull, the price of SAPR has dropped by 100%, Swaprum has deleted the social account, and the scammer bridged 1628 ETH (about 2.94 million US dollars) to Ethereum and transferred it to Tornado Cash.
Amount of loss: $ 3,000,000 Attack method: Rug Pull
Description of the event: On May 19, Blockworks Research stated on Twitter that the Bitcoin Layer 2 network Stacks has experienced several obstacles in the past few months: 1. There is a serious loophole in the STX "stacking" mechanism; 2. Confused review It becomes common during Stacks mining; 3. Stacks chain block reorganization is more common.
Amount of loss: - Attack method: Block Reorganization
Description of the event: The DeFi protocol WDZD Swap on BSC was exploited and lost about $1.1 million. The attackers made nine malicious transactions that drained 609 Binance-Pegged ETH from contracts related to the WDZD project.
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: Alexpf.eth, co-founder and CEO of NFT exchange EZswap, tweeted: "OpenSea is suspected of having a royalty loophole. Recently, OpenSea seems to have changed the owner's identification standard, which means that NFT projects cannot set or change royalties. This error is very serious. Seriously, it's been around for 2 days."
Amount of loss: - Attack method: Royalty Vulnerability
Description of the event: The EOS Network Foundation tweeted that the EOS EVM has released version v0.4.2, which fixes a serious security vulnerability found in the EOS EVM. The EOS EVM contracts, EOS EVM nodes, and EOS EVM RPC components implemented by the EOS mainnet all need to be upgraded.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: The Web3 content publishing platform Mirror application is currently experiencing an outage under load.
Amount of loss: - Attack method: Load
Description of the event: The DeFi protocol land was suspected of being attacked and lost about 150,000 US dollars. The reason for the attack was the lack of mint permission control.
Amount of loss: $ 150,000 Attack method: Contract Vulnerability
Description of the event: The LW token on BSC was attacked, with a loss of 48,415 USDT, and the price of LW token plummeted by 69%. The attackers have transferred about 150 BNB to Tornado Cash.
Amount of loss: $ 48,415 Attack method: Contract Vulnerability
Description of the event: The SNK project was attacked. The hacker used SNK's invitation reward mechanism to make a profit of 190,000 US dollars.
Amount of loss: $ 190,000 Attack method: Reward Mechanism Flaw
Description of the event: The WEEB project was attacked by price manipulation. The hacker used the performUpkeep function in the WEEB token to burn the balance of a large number of WEEB tokens in the pair, thereby increasing the price of WEEB and making a profit of 16 ETH.
Amount of loss: 16 ETH Attack method: Price Manipulation
Description of the event: The ethereum-based meme cryptocurrency FLOKI has suffered a lightning loan attack with a loss of over $50,000. Stolen TX: https://etherscan.io/tx/0x118b7b7c11f9e9bd630ea84ef267b183b34021b667f4a3061f048207d266437a
Amount of loss: $ 50,000 Attack method: Flash Loan Attack
Description of the event: Hakuna Matata ($HAKUNA) Rugged. The scammer initially obtained 2.76 ETH from Orbiter Finance Bridge and added 2 ETH liquidity, then exchanged 4,999T HAKUNA for 17 ETH ($31,683.11), and mortgaged 13.5 ETH to Lido.
Amount of loss: $ 31,683.11 Attack method: Rug Pull
Description of the event: FTX ($HIS) Rugged. The scammer initially obtained 2.76 ETH from Orbiter Finance Bridge and added 2 ETH liquidity, then exchanged 4,999T HIS for 13 ETH ($24,568.11), and mortgaged 11.5 ETH to Lido.
Amount of loss: $ 24,568.11 Attack method: Rug Pull
Description of the event: Freddie ($FREDDIE) has Rugged. The scammer initially obtained 2.96 ETH from Orbiter Finance Bridge and added 2 ETH liquidity, then exchanged 4,999T FREDDIE for 28 ETH ($52,344.4), and mortgaged 22.5 ETH to Lido.
Amount of loss: $ 52,344.4 Attack method: Rug Pull
Description of the event: Derpman ($DMAN) Rugged. The scammer initially obtained 4 ETH from Binance, added 3 ETH to liquidity, then exchanged 1,200T DMAN for 48.55 ETH ($89,611.09), and transferred these ETHs to 0x4d1f…915.
Amount of loss: $ 89,611.09 Attack method: Rug Pull
Description of the event: GeniusMeme ($GNS) has Rugged 33.6 ETH($62,180.81). The scammer initially received 4 ETH from Binance and added 3 ETH to liquidity.
Amount of loss: $ 62,180.81 Attack method: Rug Pull
Description of the event: Pepega ($PEPG) has Rugged 30 ETH ($55,609.2). The scammer initially received 3.58 ETH from Binance and added 2.8 ETH to liquidity.
Amount of loss: $ 55,609.2 Attack method: Rug Pull
Description of the event: MChainCapital suffered a flash loan attack and lost about $18,871. TX: https://etherscan.io/tx/0xf72f1d10fc6923f87279ce6c0aef46e372c6652a696f280b0465a301a92f2e26
Amount of loss: $ 18,871 Attack method: Flash Loan Attack
Description of the event: The encrypted art platform Art Coin deployed a liquidity pool (LP pool) on Uniswap V3 on May 7. After a user discovered a loophole in the pre-sale process of Art Coin’s ART token Uniswap V3, he immediately sold the ART he bought at 0.01 ETH during the pre-sale period, and obtained 181 ETH in the liquidity, worth about 331,000 US dollars. Some have questioned the legitimacy of the user's actions, saying the user performed a Rug Pull. The Art Coin founder has since released a statement saying the bug was due to miscommunication: “Two developers will help us understand LP and set it up. Due to miscommunication, we set up LP before distributing tokens. Therefore, When we sent out the first batch of tokens, the bots ran out of it like crazy."
Amount of loss: $ 331,000 Attack method: LP Vulnerability
Description of the event: The stablecoin DEI launched by the DeFi protocol DEUS has been hacked, and the loss has exceeded $6.3 million. Over $5 million was lost on Arbitrum and $1.3 million on the BSC chain. This appears to be a public destroy bug. On May 7, one of the DEI hacker addresses (starting with 0xdf610228) returned about 1.07 million DAIs. on May 8, DEUS tweeted to confirm that the DEI attackers had returned 2,023 ETH.
Amount of loss: $ 6,300,000 Attack method: Contract Vulnerability