1627 hack event(s)
Description of the event: MEV Bot JokInTheBoxETH was attacked, lost ~$34K. The root cause of the exploit was poorly implemented unstake function fo the staking contract. Since the unstake function does not check the state of the variable "unstake", the exploiter could unstake multiple times and drian the assets.
Amount of loss: $ 34,000 Attack method: Contract Vulnerability
Description of the event: $1.5 million was stolen from the liquidity pool on the Blast network’s gaming platform YOLO Games. The root cause was the lack of permission checks in the "exitPool" function, allowing anyone to impersonate liquidity providers and drain the pool. The attacker has already returned 90% of the stolen assets.
Amount of loss: $ 1,500,000 Attack method: Contract Vulnerability
Description of the event: Ethereum Layer 2 protocol Loopring posted on Twitter that the some Loopring Smart Wallets were targeted in a security breach. The attack exploited wallets with only one Guardian, specifically the Loopring Official Guardian. The hacker initiated a Recovery process, falsely posing as the wallet owner to reset ownership and withdraw assets. The attack succeeded by compromising Loopring's 2FA service, allowing the hacker to impersonate the wallet owner and gain approval for the Recovery from the Official Guardian. Subsequently, the attacker transferred assets out of the affected wallets.
Amount of loss: $ 5,000,000 Attack method: Security Vulnerability
Description of the event: Lykke, the zero-fee crypto exchange, was suspected to be exploited, which resulted in a loss of assets worth over $22.4 million. The root cause of the exploit is unknown at the moment, and the team has yet to acknowledge the occurrence of the exploit. The stolen assets include roughly 158 BTC from the Bitcoin network and over 2161 ETH from the Ethereum Mainnet, among other assets.
Amount of loss: $ 22,400,000 Attack method: Unknown
Description of the event: Gemholic, a crypto project, is accused of a rug pull after moving $3.5M in recently recovered funds and vanishing from social media.
Amount of loss: $ 3,400,000 Attack method: Rug Pull
Description of the event: According to monitoring by the SlowMist security team, the TLN Protocol on BNBChain has been attacked again. On May 31, TLN Protocol suffered a loss of approximately $280,000 due to a contract vulnerability exploited by hackers.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, SteamSwap(STM) on BNBChain was attacked, resulting in a loss of approximately $105K.
Amount of loss: $ 105,000 Attack method: Price Manipulation
Description of the event: Renzo's co-founder, Lucas Kozinski, posted a warning on Twitter stating that the @RenzoProtocol Twitter account has been compromised. He advised not to click any links and mentioned that the team is working with Twitter to resolve the issue.
Amount of loss: - Attack method: Account was compromised
Description of the event: CoinGecko reported that its third-party email platform GetResponse experienced a data breach on June 5. The compromised data includes users' names (if provided during registration), email addresses, IP addresses, and metadata related to email open locations. However, user accounts and passwords were not affected.
Amount of loss: - Attack method: Information Leakage
Description of the event: According to monitoring by the SlowMist security team, NCD on BNBChain was attacked, resulting in a loss of approximately $20,000.
Amount of loss: $ 20,000 Attack method: Contract Vulnerability
Description of the event: DEX Velocore experienced a security breach on June 2nd, 2024, resulting in financial losses approximating $6.8 million in ETH. The primary cause of the incident was faulty logic within the velocore__execute() function of the ConstantProductPool. When a user makes a swap on Velocore, the Vault contract makes an external call to this function to calculate the result of the swap.
Amount of loss: $ 6,800,000 Attack method: Contract Vulnerability
Description of the event: DMM Bitcoin, a Japanese cryptocurrency exchange, announced it lost 48 billion yen ($305 million) worth of bitcoin (BTC) due to a hack.
Amount of loss: $ 305,000,000 Attack method: Unknown
Description of the event: According to monitoring by the SlowMist security team, the TLN Protocol on BNBChain was attacked, resulting in a loss of approximately $280,000.
Amount of loss: $ 280,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, the MixedSwapRouter on Arbitrum was attacked, resulting in a loss of approximately 293,000 WINR, valued at around $16,000.
Amount of loss: $ 16,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist security team, potential suspicious activity has been detected in the GameFi protocol MetaDragon, and users are advised to remain vigilant. MetaDragon stated that users need to convert their META NFTs into tokens as soon as possible to minimize community losses. The META NFT contract has just been hacked. The hacker converted many NFTs in wallets to META tokens and sold them. The attack path originated from the META NFT.
Amount of loss: $ 181,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, EXcommunity on BNBChain is suspected of being attacked, resulting in a loss of approximately $37,000.
Amount of loss: $ 37,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist security team, the liquidity aggregator protocol Orion's contract was attacked, resulting in a loss of approximately $616,000.
Amount of loss: $ 616,000 Attack method: Contract Vulnerability
Description of the event: Sebastiani, co-founder of The Sandbox, posted on X platform that one of The Sandbox team members was hacked and his Twitter account used to send SCAM tweets and DMs, disguised as if these were official.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: According to the SlowMist security team, RedKeysGame on BNBChain was attacked, resulting in a loss of approximately $10,000.
Amount of loss: $ 10,584 Attack method: Contract Vulnerability
Description of the event: According to community feedback, the Base ecosystem's meme coin NORMIE has been attacked. The attacker exploited a design flaw in the NORMIE token's cross-chain bridge, manipulating the price on the Base Chain using flash loans. Since transactions with NORMIE on the Base Chain incur taxes, these taxes are automatically directed to a wallet controlled by the project team. The attacker injected a large amount of funds into this wallet via flash loans, significantly diluting the token's supply and causing a flash crash in the price.
Amount of loss: $ 882,000 Attack method: Flash Loan Attack