1909 hack event(s)
Description of the event: The crypto index project BasketDAO was exploited on the Ethereum Mainnet due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $107,000. The root cause of the exploit is an arbitrary low-level call in the approval process of their smart contracts.
Amount of loss: $ 107,000 Attack method: Contract Vulnerability
Description of the event: The interoperability protocol Socket tweeted that the protocol experienced a security incident. An attacker exploited a vulnerability on a newly added module under the Socket Aggregator system. The module was responsible for swapping tokens on behalf of users. The vulnerability in said module allowed the attacker to steal funds from users who had given infinite approval of tokens to the Socket Gateway contract. The attack was carried out through 2 malicious transactions on Ethereum. The total exploited value is estimated to be around $3.3m. On January 23rd, Socket announced the successful recovery of 1032 ETH from the funds involved in the incident. A recovery and distribution plan for users will be promptly released.
Amount of loss: $ 3,300,000 Attack method: Contract Vulnerability
Description of the event: BorzoiCoin (BORZOI) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 300,000 Attack method: Rug Pull
Description of the event: PulseXIncentiveToken (INC) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 272,207 Attack method: Rug Pull
Description of the event: FoxFunnies (FXN) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 303,972 Attack method: Rug Pull
Description of the event: MOE (MOE) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 318,021 Attack method: Rug Pull
Description of the event: Another $2.7 million is gone after an apparent thief was able to exploit a smart contract that was intended to distribute payouts to Hector's token holders. They then swapped the tokens from the USDC stablecoin to ETH. Investors in the project are furious, especially because various parties had warned Hector Network about apparently insecure practices. Hector Network's team, meanwhile, have not acknowledged the theft, although a law firm involved in the project liquidation promised a statement would be forthcoming.
Amount of loss: $ 2,700,000 Attack method: Unknown
Description of the event: SolDragon (DRAGON) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 304,600 Attack method: Rug Pull
Description of the event: Speero (SPEERO) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 300,000 Attack method: Rug Pull
Description of the event: Audify (AUDI) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 290,000 Attack method: Rug Pull
Description of the event: StarkPepe (SPEPE) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 268,000 Attack method: Rug Pull
Description of the event: BoxyDude (BOX) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 303,435 Attack method: Rug Pull
Description of the event: MAR3AI (MAR3) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 297,917 Attack method: Rug Pull
Description of the event: The community-driven ZK L2 network ZKFair's official Discord has been hacked.Do not click any links until the team regain control of the server.
Amount of loss: - Attack method: Account Compromise
Description of the event: The @Wise_Lending market was exploited today, resulting in ~177 ETH loss (~$464K). Our initial analysis shows the share accounting logic is flawed with a precision issue to drain the market funds.
Amount of loss: $ 464,000 Attack method: Contract Vulnerability
Description of the event: Independent crypto data aggregator CoinGecko's Twitter accounts @CoinGecko and @GeckoTerminal was compromised. One of their team members clicked on a fraudulent Calendly link by accident, granting unauthorized app access to a hacker who then posted on their behalf.
Amount of loss: - Attack method: Account Compromise
Description of the event: A Rug Pull occurred with the XAI token on the BNB Chain, where the deployer dumped 20,779 billion XAI tokens, making a profit of approximately $220,000.
Amount of loss: $ 220,000 Attack method: Rug Pull
Description of the event: Fake ElonTroll on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 92,000 Attack method: Rug Pull
Description of the event: The U.S. Securities and Exchange Commission (SEC) stated on Monday in a release that its Twitter account was compromised on January 9th due to an unauthorized party gaining control of the associated phone number through a "SIM card swap" attack. After gaining control of the phone number, the unauthorized party reset the password for the SEC's Twitter account. Access to the phone number was obtained through the telecommunications provider, not through the SEC's systems.
Amount of loss: - Attack method: Account Compromise
Description of the event: The MangoFarm project is suspected of a rug pull. The official Twitter account of the MangoFarm is no longer accessible.
Amount of loss: $ 2,000,000 Attack method: Rug Pull