980 hack event(s)
Description of the event: The stablecoin trading project Platypus encountered a flash loan attack on AAVE, resulting in a total asset loss of approximately $9 million. According to the analysis, the vulnerability seems to lie in the verification of the MasterPlatypusV4 contract by the emergencyWithdraw function, which will only fail when the borrowed assets exceed the borrowing limit. The function then proceeds to transfer all of the user's deposit assets regardless of the value of the user's borrowed assets.
Amount of loss: $ 9,000,000 Attack method: Flash Loan Attack
Description of the event: The DEX tool Dexible was suspected of being attacked and lost about $2 million. According to the analysis, there is a logical loophole in the selfSwap function of the Dexible contract, which will call the fill function. This function has a call to the attacker's custom data, and the attacker constructs a transferfrom function in this data, and transfers other users (0x58f5f0684c381fcfc203d77b2bba468ebb29b098) address and its own attack address (0x684083f312ac50f538cc4b634d85a2feafaab77a), causing the tokens authorized by the user to the contract to be transferred by the attacker.
Amount of loss: $ 2,000,000 Attack method: Function Vulnerability
Description of the event: Multichain's AnyswapV4Router contract suffered a rush attack, and the attacker made a profit of about 87 Ethereum, about $130,000. After analysis, the attacker used the MEV contract (0xd050) to pre-emptively call the anySwapOutUnderlyingWithPermit function of the AnyswapV4Router contract before the normal transaction was executed (the user authorized WETH but has not yet performed the transfer), although the function uses the permit signature of the token verification, but the stolen WETH this time does not have a relevant signature verification function, and only triggers a deposit function in a fallback. In subsequent function calls, the attacker can directly use the safeTransferFrom function to transfer the WETH authorized by the _underlying address to the attacked contract to the attack contract without signature verification.
Amount of loss: $ 130,000 Attack method: Rush Attack
Description of the event: The email account of domain name registrar Namecheap has been hacked and hackers are using the account to send phishing emails. According to a report by BleepingComputer, the phishing campaign originated from SendGrid, an email platform used by Namecheap to send marketing emails and renewal notifications. The phishing emails pretended to be from logistics provider DHL and cryptocurrency wallet MetaMask. The email posing as MetaMask stated that the recipient's account had been suspended and would need to complete a KYC verification process before it could be reactivated. The email also contained a Namecheap marketing link that redirected users to a fake MetaMask page that asked users to enter their seed phrase or private key, seeking to steal the recipient's personal information and cryptocurrency wallet assets. The official MetaMask response stated that MetaMask will not collect KYC information, nor will it send emails to users about their accounts.
Amount of loss: - Attack method: Phishing Attack
Description of the event: Cybersecurity startup Unciphered has carried out an attack on encrypted hardware wallets made by OneKey. In a video on YouTube, Unciphered demonstrates a so-called "man-in-the-middle" wallet attack method that exploits a vulnerability to extract a mnemonic seed phrase, or private key, from a OneKey Mini hardware wallet. OneKey acknowledged the vulnerability in a statement and said that no one was affected as it had updated the security patch. OneKey said it has paid a bounty to Unciphered.
Amount of loss: - Attack method: "Man-in-the-middle" attack
Description of the event: The project fcdep (EPMAX) on BSC was attacked by flash loan, and the loss was about 350,000 US dollars.
Amount of loss: $ 350,000 Attack method: Flash Loan Attack
Description of the event: The DeFi aggregation platform dForce was attacked in Arbitrum and Optimism, and the attackers made a profit of about 3.65 million US dollars. According to the analysis of SlowMist, the root cause of this attack is that the attacker used the process of first transferring Native tokens and then burning LP when removing liquidity in wstETH/ETH Pool, triggering the callback of receiving Native tokens to re-enter to manipulate the virtual price and Liquidate other users for profit. On February 13, dForce tweeted that the attackers had returned all stolen funds to the project multi-signature addresses on Arbitrum and Optimism, and all affected users would be compensated.
Amount of loss: $ 3,650,000 Attack method: Price Manipulation
Description of the event: SushiSwap's BentoBoxv1 contract was attacked, and the hacker made a profit of about $26,000. According to analysis, the attack is due to the Kashi Medium Risk ChainLink price update later than the mortgage/loan. In the two attack transactions, the attacker flashloaned 574,275 and 785,560 xSUSHI respectively. After mortgage and loan, the price of kmxSUSHI/USDT in LINK Oracle dropped by 16.9%. By exploiting this price gap, the attacker can call the liquidate() function to liquidate and obtain 15,429 and 11,333 USDT.
Amount of loss: $ 26,000 Attack method: Price Manipulation
Description of the event: Umami Finance, a DeFi protocol on Arbitrum, offers yield products to institutional clients. On January 31, they announced they were suspending yields, saying they were concerned about regulatory tactics. Soon after, the project CEO started dumping tokens on the market, cashing out 44,000 UMAMI tokens. These were ostensibly priced at $800,000, and although the sell-off sent UMAMI prices crashing by more than 60%, the CEO still netted around $380,000 in USDC.
Amount of loss: $ 380,000 Attack method: Rug Pull
Description of the event: A fake token project named "Nostr" on the Ethereum chain has run away, and its funds have been transferred to a new EOA address 0xeeB8EB5CC144eDddDB204c3ABA499de6b6081696. In the end, the fraudsters made a profit of 232.1 ETH, worth about $370,000. The token contract is 0xA2be922174605BAd450775C76CEb632369480336.
Amount of loss: 232.1 ETH Attack method: Rug Pull
Description of the event: The LianGoPay project announced on February 7 that its assets in the LGTPool pledge contract on the BNB Chain were stolen, 6,148,859 LGT reward coins were stolen, and the loss was about 1.6 million US dollars. According to analysis, the reason for the theft was that the owner administrator of LGTPool created a fake LP token pledge pool (Pool No. 3), and then the thief put a large amount of LP tokens into the pool for pledge, and obtained 6.14 million pieces LGT reward token.
Amount of loss: $ 1,600,000 Attack method: Leveraging fake LP staking pools
Description of the event: SperaxUSD, the Arbitrum ecological stablecoin protocol, tweeted that an attacker increased the token balance of his address to 9.7 billion without providing the corresponding collateral, and before the Sperax team and Arbitrum ecosystem partners jointly stopped, Approximately $300,000 was liquidated.
Amount of loss: $ 300,000 Attack method: Contract Vulnerability
Description of the event: Orion Protocol, an exchange aggregation platform, suffered a reentrancy attack and lost about $3 million in assets. The attackers have transferred some of the cryptocurrency to Tornado Cash. Orion Protocol CEO Alexey Koloskov tweeted that no users suffered any losses in the incident and all users’ funds are safe, including staking, Orion Pool, bridges, and liquidity providers. Assets at risk are held in in-house brokerage accounts run by the Orion team. This problem is not caused by a flaw in the core protocol code, but may be caused by a bug in a mix of third-party libraries in its experimental and smart contracts used by private brokers.
Amount of loss: $ 3,000,000 Attack method: Reentry Attack
Description of the event: Non-custodial lending platform BonqDAO and crypto infrastructure platform AllianceBlock were hacked due to a bug in BonqDAO's smart contracts, resulting in losses of approximately $120 million. Among them, hackers removed approximately 114 million WALBT ($11 million), AllianceBlock’s wrapped native token, and 98 million BEUR tokens ($108 million) from a BonqDAO vault. According to the analysis of SlowMist, the root cause of the attack is that the attacker uses the oracle machine to quote the required collateral, which is much lower than the profit obtained by the attack, thereby manipulating the market and liquidating other users by maliciously submitting wrong prices. In addition, AllianceBlock stated that the incident has nothing to do with the BonqDAO vault, no smart contracts were breached, and both teams are working on eliminating liquidity to mitigate hackers converting stolen tokens into other assets.
Amount of loss: $ 120,000,000 Attack method: Price Manipulation
Description of the event: The BEVO NFT Art Token (BEVO) on BSC was exploited with a total loss of approximately $45,000. The root cause is that BEVO is a deflationary token, and the attacker calls the function deliver(), the value of _rTotal will decrease, which will further affect the return value of getRate() used to calculate the balance. After the attacker manipulates the token balance, he calls the function skim to transfer the increased PancakePair balance to his own account. Finally, the attacker calls the function deliver() again and exchanges the increased BEVO back to WBNB.
Amount of loss: $ 45,000 Attack method: Deflationary Tokens
Description of the event: According to official news, the NFT project Azuki confirmed that its Twitter account was hacked, and the team has regained control of the account. Hackers posted two tweets on Azuki's Twitter account, prompting users to claim the virtual land, one of which was pinned to the top. Azuki officials remind users to be alert to this scam and not to click on any links.
Amount of loss: $ 1,740,000 Attack method: Twitter was hacked
Description of the event: Kevin Rose, the founder of the NFT project Moonbirds, tweeted that his personal wallet was hacked and 25 Chromie Squiggles and other NFTs were lost, with an estimated loss of more than $1 million. Arran Schlosberg, vice president of engineering at Proof Collective, said their NFTs are safe after Kevin Rose was hacked and lost $1 million. Schlosberg said the phishing attack tricked Rose into signing a malicious signature, and the hackers then transferred his valuable NFT.
Amount of loss: $ 1,000,000 Attack method: Phishing Attack
Description of the event: The Robinhood Twitter account was hacked and used to promote a fraudulent crypto project. The hackers announced the launch of a new token called $RBH, which they say will be priced at $0.0005 on Binance Smart Chain. About 25 people purchased the fraudulent tokens for a total of just under $8,000 before the link was removed. Robinhood said in a blog post that the unauthorized content posted on Robinhood Twitter, Instagram and Facebook was removed within minutes, and the team believes the source of the incident was a third-party vendor.
Amount of loss: $ 8,000 Attack method: Twitter was hacked
Description of the event: Dogechain ecological multi-purpose GameFi and DeFi agreement Doglands may have exit scams. The contract addresses on the project chain are 0x106E6a2D5433247441c1Cdf4E3e24a0696a46d0, 0x12b17 and 0x0e815, which drain all the reserves in the LP tokens, with a value of about $204000. The funds have now been transferred to Ethereum through the cross-chain bridge and transferred to multiple addresses. Doglands has deleted the official Twitter and website.
Amount of loss: $ 204,000 Attack method: Rug Pull
Description of the event: It is reported that the FFF token deployed on the BSC has an abnormal additional issue event. This event is that the administrator of the original project party purchased the additional issue through the pre-set additional issue contract, and then sold the additional issued tokens and transferred the acquired assets in part. More than US $1.03 million of FFF tokens were sold in this issue.
Amount of loss: $ 1,030,000 Attack method: Abnormal issuance