806 hack event(s)
Description of the event: Trade.io confirmed via their Medium blog that someone or some entity gained access to the assets, resulting in over 50 million in Trade (TIO) tokens being stolen from the firm’s cold storage wallets. The 50 million tokens are valued at $7.5 million at the current $0.15 price per TIO. The ongoing investigation has revealed that some of the TIO tokens had made their way to cryptocurrency exchanges Bancor and Kucoin. Kucoin has suspended TIO transactions, while Bancor has permanently removed TIO.
Amount of loss: 50,000,000 TIO Attack method: Unknown
Description of the event: RatingToken, a third-party big data platform owned by Cheetah, has detected that DAPP World Conquest developed based on EOS was hacked. Subsequently, the official issued an announcement on its Discord to confirm the fact of the attack. The hacker used the tax payment rules of the game to reject subsequent buyers, which led to the abnormal end of the game. The hacker took all the EOS in the fund pool, and only 0.0155 EOS was left in the contract.
Amount of loss: 4,555 EOS Attack method: Rules for paying taxes using games
Description of the event: The attacker exploited the vulnerabilities in the EOSBet contract to falsify the transfer prompt.
Amount of loss: 145,321 EOS Attack method: Transfer error prompt
Description of the event: The attacker created a malicious contract masquerading as an ERC20 token, and the "transfer" function re-invokes the payment channel contract repeatedly, each time exhausting some ETH.
Amount of loss: 165.38 ETH Attack method: Reentrancy attack
Description of the event: The owner permission of the contract account had been modified, after that, 18,000 EOS was transferred to the EOS account fuzl4ta23d1a.
Amount of loss: 18,000 EOS Attack method: Owner permissions are modified
Description of the event: After EOSBet broke the security vulnerability of hackers using counterfeit currency bets to win real coins, at 2 o'clock in the afternoon, EOS contract account oo1122334455 issued a token named "EOS", and allocated one billion fake EOS tokens to EOS accounts in full dapphub12345, and then transfer the fake tokens to the account iambillgates (the account that carried out the attack) from this account. After the attacking account used a small fake EOS to verify the attack, a large-scale attack was carried out from 14:31:34 to 14:45:41. There were 11,800 fake EOS listing orders to buy BLACK, IQ, and ADD, and all of them were traded.
Amount of loss: 11,803 EOS Attack method: Fake EOS token attack
Description of the event: The attacker exchanged true EOS token with fake token within the vulnerability in the code,winning without betting
Amount of loss: 4,000 EOS Attack method: Code vulnerabilities
Description of the event: The game contract does not check the transfer action must initiated by eosio.token or token contract of the game itself.
Amount of loss: - Attack method: Contract vulnerabilities
Description of the event: Hackers with unauthorized access to the exchange’s hot wallets had stolen roughly $60 million in bitcoin, bitcoin cash, and MonaCoin. That being said, the exact amount of bitcoin cash stolen remains unknown.
Amount of loss: $ 59,000,000 Attack method: Stolen hot wallet
Description of the event: the attacker exchanged true EOS token with fake token within the vulnerability in the code, winning without betting.
Amount of loss: 42,000 EOS Attack method: Code vulnerabilities
Description of the event: Because of its random algorithm associated with the time, the same bet will yield different results at different times. Hackers use this feature to reject failed lottery results.
Amount of loss: 4,000 EOS Attack method: Replay attack
Description of the event: The attacker uses the replay attack to obtain multiple winnings in one go.
Amount of loss: 5,000 EOS Attack method: Replay attack
Description of the event: The law of the random number generated by DEOSBET was cracked by hackers.
Amount of loss: 4,000 EOS Attack method: Random number attack
Description of the event: On September 2, 2018, the EOS WIN random number was cracked and 2000 EOS was lost, this attack was not disclosed to the public.
Amount of loss: 2,000 EOS Attack method: Random number attack
Description of the event: The law of the random number generated by Lucky's rock-paper-scissors game was cracked by hackers, and the attacker won the prize by continuing to use rock at the specified time, which has a 38% chance of winning.
Amount of loss: - Attack method: Random number attack
Description of the event: RAM was swallowed up by the malicious contract, and the game party failed to check the caller of transfer action, which led to the exchange of real token with fake token and "Transfer Error Prompt" vulnerability
Amount of loss: - Attack method: RAM was swallowed up by the malicious contract, and the game party failed to check the caller of transfer action, which led to the exchange of real token with fake token and "Transfer Error Prompt" vu
Description of the event: Ethereum Fomo 3D was hacked and hacker used special attack techniques to take the bonus.
Amount of loss: 10,469.66 ETH Attack method: Transaction congestion attack
Description of the event: Ethereum Fomo 3D was hacked, Fomo 3D website 24-hour access reduced 21.95 percent, 24-hour flow decreased 38.32%
Amount of loss: - Attack method: DDoS attack
Description of the event: KICKICO has experienced a security breach, which resulted in the attackers gaining access to the account of the KICK smart contract — tokens of the KICKICO platform. The team learned about this incident after the complaints of several victims, who did not find tokens worth 800 thousand dollars in their wallets. During the investigation, it was found that the total amount of stolen funds is 70,000,000 KICK, which at the current exchange rate is equivalent to $ 7.7 million.
Amount of loss: 7,000 KICK Attack method: Private key leak
Description of the event: The EOS Fomo3D game contract suffered an overflow attack and the cash pooling became negative.
Amount of loss: 60,686 EOS Attack method: Overflow vulnerability