1914 hack event(s)
Description of the event: Lamas Finance's Discord is under attack, phishing site is lamas[.]co/airdrop, please do not click on the link, mint or approve any transactions.
Amount of loss: - Attack method: Account Compromise
Description of the event: On September 1, community users discovered that Gitcoin’s official twitter account was suspected to have been stolen. The thief had used the account to post some phishing information. On September 9, Gitcoin tweeted that it had regained access to the official Twitter account. In the details of the incident later released by the official, Gitcoin stated that it still did not know how the thief bypassed the 2FA verification, but it would continue to investigate and implement stricter security measures in the future.
Amount of loss: - Attack method: Account Compromise
Description of the event: The BabyShia project implemented an exit scam. The deployer (0xCbcd8) has earned 133 ETH (about $226,000).
Amount of loss: $ 226,000 Attack method: Rug Pull
Description of the event: For months, Ethereum layer 2 solution Starkware has repeatedly warned users that their funds would be lost if they did not take action before upgrading, but some users apparently did not see these notifications, which resulted in many users being locked out. Locked out of StarkWare accounts, losing access to funds, totaling $550,000 in affected accounts. Due to community pressure, Starkware has re-enabled the ability to upgrade wallets.
Amount of loss: $ 550,000 Attack method: Wallet not upgraded
Description of the event: The private key of the BitBrowser browser user was suspected to be leaked, and many members of the encryption community reported that the private key was stolen. BitBrowser issued a notice, admitting that the cached data of the server may have been invaded, and the case has been reported. Users whose wallets have enabled extended data synchronization are at risk of being stolen. It is recommended to take immediate measures to transfer wallet assets. Cos, the founder of SlowMist, said on Twitter that the leakage of the private key of BitBrowser users has caused at least $520,000 in losses.
Amount of loss: $ 520,000 Attack method: Private Key Leakage
Description of the event: SVT tokens were attacked by flash loans, and the economic model loopholes of SVT transaction contracts were exploited. The attackers made approximately $400,000 in profit from repeated buying and selling operations. According to MistTrack analysis, the attacker’s initial funds came from SwftSwap, and 1070 BNB has been transferred to Tornado Cash.
Amount of loss: $ 400,000 Attack method: Flash Loan Attack
Description of the event: PEPE said on Twitter that 16 trillion pieces of PEPE were sold yesterday because three former members deleted the multi-signature permissions after stealing tokens. However, Jeremy Cahen, founder of the NFT market Not Larva Labs, issued a post saying that the "truth" announced by PEPE was a complete lie, and said that he and the community were used by the PEPE team. On August 26, PEPE tweeted that PEPE's Telegram group is currently locked, the group owner's old Telegram account was hacked, and the group has been taken over by hackers.
Amount of loss: $ 15,080,000 Attack method: Insider Manipulation
Description of the event: NFT collector SOL Big Brain lost about $1.5 million. Attackers compromised the Telegram account of a portfolio company founder and used it to send messages to SOL Big Brain, which double-checked that the sender was indeed the company founder and followed instructions. However, the attackers have set up a contract that uses wallets that allow phishing to drain SOL Big Brain. He lost $740,000 in stablecoins, $550,000 in ETH, and $200,000 in GEAR tokens.
Amount of loss: $ 1,500,000 Attack method: Phishing Attack
Description of the event: Base on-chain exit scam Magnate Finance has seen its TVL drop by ~$6.4M as the deployer modifies the price oracle provider and removes all assets. On-chain sleuth ZachXBT says the Magnate Finance deployer address is linked to exit scams Solfire, Kokomo Finance. Magnate Finance's website and social platforms are currently down and its Telegram group has been deleted. According to MistTrack monitoring, funds have cross-chained from Base to ETH, Arbitrum, and Optimism.
Amount of loss: $ 6,400,000 Attack method: Rug Pull
Description of the event: Bankruptcy claims agency Kroll experienced a cybersecurity incident that resulted in the disclosure of non-sensitive customer data of certain claimants in pending bankruptcy cases, FTX said on Twitter. FTX's own system is not affected by this incident. BlockFi claimant data was also compromised in the incident. On August 26, FTX issued a document stating that in response to the Kroll cybersecurity incident, FTX has taken precautionary measures to temporarily freeze the affected user accounts in the customer claims portal.
Amount of loss: - Attack method: Information Leakage
Description of the event: Balancer says it has received reports of a critical vulnerability affecting multiple V2 pools. Emergency mitigation procedures have been implemented to secure the majority of TVL, but some funds remain at risk. Users are advised to immediately withdraw affected LPs. According to news on August 28, Balancer’s losses have exceeded $2.1 million, and multiple fund pools on Ethereum, Fantom, and Optimism have been affected.
Amount of loss: $ 2,100,000 Attack method: Flash Loan Attack
Description of the event: A fake "LayerZero" token on the BSC chain has had a lot of liquidity removed. The deployer removed 4,827.99 WBNB worth about $1 million. The contract address of the fake token is 0x2266362f414Bf2476C5465dc2eA953Fe2A99AE1c.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: Derivatives marketplace Thales issued an announcement that a core contributor’s PC/Metamask had been hacked and that some hot wallets acting as casual deployers ($25k) or admin bots ($10k) had been compromised. Do not interact with any Thalesmarket contracts on the BNB Chain and revoke any contracts that are pending approval. All funds are safe on Optimism, Arbitrum, Polygon and Base. Thales said that due to the attack, support for the BSC will be officially dropped.
Amount of loss: $ 35,000 Attack method: Information Leakage
Description of the event: Harbor Protocol, the Cosmos ecological cross-chain stablecoin protocol, tweeted that Harbor Protocol was exploited, causing stablecoin minting and part of the funds in stOSMO, LUNA and WMATIC vaults to be depleted. From the information gathered so far, the attackers used the following address to perform all operations: comdex1sma0ntw7fq3fpux8suxkm9h8y642fuqt0ujwt5. Harbor Protocol lost 42,261 LUNA, 1,533 CMDX, 1,571 stOSMO, and 18,600,000,000,000,000 WMATIC-WEI in the attack.
Amount of loss: $ 20,000 Attack method: Contract Vulnerability
Description of the event: The DeFi lending protocol Exactly Protocol was attacked and lost more than 7,160 ETH (approximately $12.04 million). The two contract attackers attack by calling the function kick() multiple times and use the developer contract on Ethereum to transfer deposits to Optimism and eventually transfer the stolen funds back to Ethereum. The root cause of the Exactly Protocol attack is #insufficient_check, the attacker bypasses the permission check in the leverage function of the DebtManager contract by directly passing an unverified fake market address and changing _msgSender to the victim address. Then, in an untrusted external call, the attacker re-enters the crossDeleverage function in the DebtManager contract and steals the collateral from the _msgSender class. Exactly Protocol tweeted that the suspension of the agreement has been lifted, users can perform all operations, and no liquidation has occurred. The hack only affected users using the peripheral contract (DebtManager), the protocol is still functioning normally.
Amount of loss: $ 7,300,000 Attack method: Unchecked Input Data
Description of the event: On-chain analyst ZachXBT tweeted that there was an issue with Made by Apes’ SaaSy Labs APl, an on-chain licensing application platform launched by BAYC, allowing access to personal details for MBA applications. This issue was reported to Yuga Labs before disclosure and has since been fixed. Yuga Labs responded that it is currently uncertain whether there is a case of data misuse, is contacting anyone who may have exposed information, and will provide fraud and identity protection to any users who may need it.
Amount of loss: - Attack method: Information Leakage
Description of the event: The lending protocol SwirlLend team stole about $2.9 million in cryptocurrency from Base and $1.7 million worth of cryptocurrency from Linea, all of which were cross-chained to Ethereum. As of now, the deployer has transferred 254.2 ETH to Tornado Cash. SwirlLend's official Twitter and Telegram accounts have been logged out, and its official website is also inaccessible.
Amount of loss: $ 460,000 Attack method: Rug Pull
Description of the event: The Base ecological project RocketSwap was attacked. The attacker cross-chained the stolen assets to Ethereum, resulting in a loss of 471 ETH (approximately $868,000). RocketSwap said: "The team needs to use offline signatures and put the private key on the server when deploying Launchpad. It is currently detected that the server has been brute-forced, and because the farm contract uses a proxy contract, there are multiple high-risk permissions that lead to the transfer of farm assets."
Amount of loss: 471 ETH Attack method: Private Key Leakage
Description of the event: The official Sei Network Discord server has been compromised, please do not click on any links until the team confirms that they have regained control of the server.
Amount of loss: - Attack method: Discord was hacked
Description of the event: The official Twitter account of Ethereum expansion solution Metis was stolen. According to officials, team members fell victim to a Sim Swap attack, resulting in malicious actors being able to take over the account for approximately 30 hours.
Amount of loss: - Attack method: Account Compromise