1916 hack event(s)
Description of the event: The community-driven ZK L2 network ZKFair's official Discord has been hacked.Do not click any links until the team regain control of the server.
Amount of loss: - Attack method: Account Compromise
Description of the event: The @Wise_Lending market was exploited today, resulting in ~177 ETH loss (~$464K). Our initial analysis shows the share accounting logic is flawed with a precision issue to drain the market funds.
Amount of loss: $ 464,000 Attack method: Contract Vulnerability
Description of the event: Independent crypto data aggregator CoinGecko's Twitter accounts @CoinGecko and @GeckoTerminal was compromised. One of their team members clicked on a fraudulent Calendly link by accident, granting unauthorized app access to a hacker who then posted on their behalf.
Amount of loss: - Attack method: Account Compromise
Description of the event: A Rug Pull occurred with the XAI token on the BNB Chain, where the deployer dumped 20,779 billion XAI tokens, making a profit of approximately $220,000.
Amount of loss: $ 220,000 Attack method: Rug Pull
Description of the event: Fake ElonTroll on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 92,000 Attack method: Rug Pull
Description of the event: The U.S. Securities and Exchange Commission (SEC) stated on Monday in a release that its Twitter account was compromised on January 9th due to an unauthorized party gaining control of the associated phone number through a "SIM card swap" attack. After gaining control of the phone number, the unauthorized party reset the password for the SEC's Twitter account. Access to the phone number was obtained through the telecommunications provider, not through the SEC's systems.
Amount of loss: - Attack method: Account Compromise
Description of the event: The MangoFarm project is suspected of a rug pull. The official Twitter account of the MangoFarm is no longer accessible.
Amount of loss: $ 2,000,000 Attack method: Rug Pull
Description of the event: According to a report by Cointelegraph, the cryptocurrency venture capital firm Polychain Capital has confirmed that its founder and CEO, Olaf Carlson-Wee, has had his Twitter account compromised. Hackers have posted phishing links containing false airdrops. Polychain has urged Twitter users to avoid interacting with Carlson-Wee's account until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: Cryptocurrency payment service provider Coinspaid experienced multiple unauthorized transactions, with hackers stealing cryptocurrency assets worth $7.5 million.
Amount of loss: $ 7,500,000 Attack method: Unknown
Description of the event: The SocialFi and GameFi platform XKingdom Tech, built on Arbitrum, has exit-scammed, resulting in approximately $1.2 million in losses. The stolen funds were bridged to Ethereum and transferred to Tornado Cash.
Amount of loss: $ 1,200,000 Attack method: Rug Pull
Description of the event: Aragon Network DAO recently found itself targeted in a cryptocurrency scam, resulting in a substantial loss of approximately 800,000 USDC. The attack employed a multi-faceted approach, combining counterfeit ERC-20 tokens that imitated legitimate assets, the creation of deceptive vanity addresses, and the strategic use of automated monitoring bots.
Amount of loss: $ 800,000 Attack method: Scam
Description of the event: The Twitter account of the security firm CertiK was compromised. The attackers posted false information claiming that the Uniswap router contract is vulnerable to a reentrancy attack, along with phishing links. Subsequently, CertiK tweeted that "A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee. "
Amount of loss: - Attack method: Account Compromise
Description of the event: The liquidity mining project Narwhal’s token experienced two considerable drops within a two day period leading to an overall slippage of approximately 99%. The project’s official X account @Narwhal_fyi, announced that they had experienced an exploit, but did not give any specific details. On-chain links suggest this incident was an exit scam. Approximately $1 million worth of funds were deposited into Tornado Cash with a further $410,000 sitting in two wallets.
Amount of loss: $ 1,500,000 Attack method: Rug Pull
Description of the event: The liquidity management protocol Gamma has been attacked, and its post-mortem indicates that there was a flaw in the deposit agent configuration. This flaw allowed the attacker to manipulate the price up to the price change threshold and mint a disproportionately high number of LP tokens.
Amount of loss: $ 6,180,000 Attack method: Price Manipulation
Description of the event: Liquidity layer & AMM Chronos tweeted that its concentrated liquidity pools managed by @dyson_money have been exploited in a manner similar to the gamma exploit. Users are advised to revoke contracts associated with these pools. This vulnerability is specific to concentrated liquidity pools, and all other V2 pools remain safe and unaffected. The rest of the funds are secure.
Amount of loss: $ 148,000 Attack method: Flash Loan Attack
Description of the event: The multi-chain lending protocol Radiant Capital is suspected to have been targeted in a hacker attack, with total losses on Arbitrum ~4.5 million USD.
Amount of loss: $ 4,500,000 Attack method: Flash Loan Attack
Description of the event: Wizz Wallet, the wallet of the Atomicals protocol, posted on Twitter that builders within the Atomicals ecosystem, including the Wizz team, have experienced DDoS attacks.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Atomicals Market (Marketplace and Explorer for Atomicals and ARC-20) tweeted that they're currently under ddos attacks.
Amount of loss: - Attack method: DDoS Attack
Description of the event: NFPrompt announced on its social media platform that the team detected issues with Web2 wallet service. They assured users about the security of their funds and recommended using self-custodied Web3 wallets. For users facing issues, they were advised to open a ticket in the project's Discord channel to mitigate the problem.
Amount of loss: - Attack method: Unknown
Description of the event: A global IP of FREE Digital Collectibles, Art and community Wabalaba Land's Discord has been compromised. Do not click any links until the team regain control of the server.
Amount of loss: - Attack method: Account Compromise