1914 hack event(s)
Description of the event: Expanso (EXPSO) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 87,317 Attack method: Rug Pull
Description of the event: CJewels (JWL) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 65,784 Attack method: Rug Pull
Description of the event: Kyber Network tweeted that KyberSwap Elastic has experienced a security incident. According to the analysis of the SlowMist security team, the root cause of this attack is that in calculating the number of tokens needed for the exchange from the current price to the boundary scale price, the liquidity will be added to the portion of the fee compounding because of KyberSwap Elastic's reinvestment curve, thus causing its calculation result to be larger than expected, which can cover the user's need for exchange, but the actual price has already crossed the boundary scale, which makes the protocol think that the liquidity within the current scale has already met the need for exchange, and therefore does not carry out liquidity update. The protocol assumes that the liquidity within the current scale is sufficient to cover the redemption needs, and therefore does not update the liquidity. The result is that the liquidity is increased twice when the reverse exchange crosses the boundary scale, allowing the attacker to obtain more tokens than expected. On Nov. 27, the Kyber Network tweeted that the KyberSwap team had contacted the owner of the frontrun bots that had withdrawn approximately $5.7 million from the KyberSwap pool on Polygon and Avalanche. After negotiations, the owners of the frontrun bots have agreed to return 90% of their users' funds to a designated address. In return, they will receive a 10% bounty. On December 13th, the KyberSwap team recovered approximately $508,000 worth of funds from the owners of frontrun bots. To date, the total amount of funds returned by the owners of frontrun bots is approximately $5.17 million.
Amount of loss: $ 54,700,000 Attack method: Liquidity Exploit
Description of the event: Lido officials say that over the course of the last 24 hours, Lido DAO contributors were made aware of a platform vulnerability that affected an active Node Operator using the Lido on Ethereum protocol (InfStones) sometime over the course of the previous few months. The vulnerability was disclosed to InfStones in July 2023 by security researchers dWallet Labs. The Node Operator has announced that the vulnerability has been 184 addressed. The vulnerability is related to the possible exposure of root-level access to 25 validator servers that may not be related to the Lido protocol, including possibly key material, to external attackers. It is not clear to contributors at this time if servers and/or keys related to Lido validators were included in the scope of affected systems or not.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: Fake TrustPad (TPAD) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 240,006 Attack method: Rug Pull
Description of the event: DarkProtocol (DARK) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 230,833 Attack method: Rug Pull
Description of the event: Dor (DOR) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 240,270 Attack method: Rug Pull
Description of the event: Web (WEB) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 217,791 Attack method: Rug Pull
Description of the event: Creso (CRE) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 233,693 Attack method: Rug Pull
Description of the event: IPMB (IPMB) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 232,074 Attack method: Rug Pull
Description of the event: DigiFund (DFUND) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 237,894 Attack method: Rug Pull
Description of the event: RepubliK (RPK) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 235,995 Attack method: Rug Pull
Description of the event: PAPABEAR (PAPA) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 235,249 Attack method: Rug Pull
Description of the event: Changpeng Zhao (CZ) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 302,028 Attack method: Rug Pull
Description of the event: AISurf (AISC) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 237,074 Attack method: Rug Pull
Description of the event: HTX (formerly Huobi) and its related Heco Bridge were hacked for a combined $113.3 million.
Amount of loss: $ 113,300,000 Attack method: Unknown
Description of the event: Dor (DOR) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 258,467 Attack method: Rug Pull
Description of the event: CredixFinance (CREDIX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 82,906 Attack method: Rug Pull
Description of the event: Loopring's Twitter account has been hacked; please do not click on the phishing link.
Amount of loss: - Attack method: Account Compromise
Description of the event: Crypto quantization company Kronos Research tweeted that they experienced unauthorized access of some of their API keys.
Amount of loss: $ 26,000,000 Attack method: API Key Attack