1910 hack event(s)
Description of the event: The MangoFarm project is suspected of a rug pull. The official Twitter account of the MangoFarm is no longer accessible.
Amount of loss: $ 2,000,000 Attack method: Rug Pull
Description of the event: According to a report by Cointelegraph, the cryptocurrency venture capital firm Polychain Capital has confirmed that its founder and CEO, Olaf Carlson-Wee, has had his Twitter account compromised. Hackers have posted phishing links containing false airdrops. Polychain has urged Twitter users to avoid interacting with Carlson-Wee's account until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: Cryptocurrency payment service provider Coinspaid experienced multiple unauthorized transactions, with hackers stealing cryptocurrency assets worth $7.5 million.
Amount of loss: $ 7,500,000 Attack method: Unknown
Description of the event: The SocialFi and GameFi platform XKingdom Tech, built on Arbitrum, has exit-scammed, resulting in approximately $1.2 million in losses. The stolen funds were bridged to Ethereum and transferred to Tornado Cash.
Amount of loss: $ 1,200,000 Attack method: Rug Pull
Description of the event: Aragon Network DAO recently found itself targeted in a cryptocurrency scam, resulting in a substantial loss of approximately 800,000 USDC. The attack employed a multi-faceted approach, combining counterfeit ERC-20 tokens that imitated legitimate assets, the creation of deceptive vanity addresses, and the strategic use of automated monitoring bots.
Amount of loss: $ 800,000 Attack method: Scam
Description of the event: The Twitter account of the security firm CertiK was compromised. The attackers posted false information claiming that the Uniswap router contract is vulnerable to a reentrancy attack, along with phishing links. Subsequently, CertiK tweeted that "A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee. "
Amount of loss: - Attack method: Account Compromise
Description of the event: The liquidity mining project Narwhal’s token experienced two considerable drops within a two day period leading to an overall slippage of approximately 99%. The project’s official X account @Narwhal_fyi, announced that they had experienced an exploit, but did not give any specific details. On-chain links suggest this incident was an exit scam. Approximately $1 million worth of funds were deposited into Tornado Cash with a further $410,000 sitting in two wallets.
Amount of loss: $ 1,500,000 Attack method: Rug Pull
Description of the event: The liquidity management protocol Gamma has been attacked, and its post-mortem indicates that there was a flaw in the deposit agent configuration. This flaw allowed the attacker to manipulate the price up to the price change threshold and mint a disproportionately high number of LP tokens.
Amount of loss: $ 6,180,000 Attack method: Price Manipulation
Description of the event: Liquidity layer & AMM Chronos tweeted that its concentrated liquidity pools managed by @dyson_money have been exploited in a manner similar to the gamma exploit. Users are advised to revoke contracts associated with these pools. This vulnerability is specific to concentrated liquidity pools, and all other V2 pools remain safe and unaffected. The rest of the funds are secure.
Amount of loss: $ 148,000 Attack method: Flash Loan Attack
Description of the event: The multi-chain lending protocol Radiant Capital is suspected to have been targeted in a hacker attack, with total losses on Arbitrum ~4.5 million USD.
Amount of loss: $ 4,500,000 Attack method: Flash Loan Attack
Description of the event: Wizz Wallet, the wallet of the Atomicals protocol, posted on Twitter that builders within the Atomicals ecosystem, including the Wizz team, have experienced DDoS attacks.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Atomicals Market (Marketplace and Explorer for Atomicals and ARC-20) tweeted that they're currently under ddos attacks.
Amount of loss: - Attack method: DDoS Attack
Description of the event: NFPrompt announced on its social media platform that the team detected issues with Web2 wallet service. They assured users about the security of their funds and recommended using self-custodied Web3 wallets. For users facing issues, they were advised to open a ticket in the project's Discord channel to mitigate the problem.
Amount of loss: - Attack method: Unknown
Description of the event: A global IP of FREE Digital Collectibles, Art and community Wabalaba Land's Discord has been compromised. Do not click any links until the team regain control of the server.
Amount of loss: - Attack method: Account Compromise
Description of the event: Cross-chain bridge protocol Orbit Chain has suffered an attack, resulting in a loss of $81.6 million. Orbit Chain has tweeted that the team has requested major cryptocurrency exchanges worldwide to freeze the stolen assets.
Amount of loss: $ 81,600,000 Attack method: Unknown
Description of the event: DeFi lending protocol Compound Labs tweeted that their account was compromised yesterday for ~4 hours until they regained control of the account and removed the spam messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: ChannelsFinance on BSC was attacked, resulting in losses of over $320K. The contract uses an old Compound v2 protocol which has a known vulnerability.
Amount of loss: $ 320,000 Attack method: Price Manipulation
Description of the event: OKX Wallet BRC20 marketplace has experienced a vulnerability where a large number of fake sats are displayed in the order book. Users are advised to immediately cease trading sats to avoid purchasing false assets and potential asset loss. On December 30th, OKX announced on Twitter that the Ordinals market has been restored, and trading for the affected currencies has resumed as usual. For genuine users who mistakenly purchased tokens due to this issue, the platform will compensate them after completing the assessment.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: There is a vulnerability in the INSC NFT contract, and multiple hackers have exploited it to steal NFTs and transfer them to Blur and OpenSea for sale. According to Blur market data, the floor price of INSC (ins-20) has dropped to 0.0048 ETH, with a decrease of 96.76% in the last 24 hours.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Fake FomoFi (FOMO) on BNB Chain is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 189,600 Attack method: Rug Pull