1509 hack event(s)
Description of the event: The ApolloX project was attacked due to a flaw in the ApolloX signature system. The attacker used the signature system flaw to generate 255 signatures, with a total of 53,946,802 $APX extracted from the contract, worth about $1.6 million.
Amount of loss: $ 1,600,000 Attack method: Signature system flaws
Description of the event: The Baby Elon project on BNBChain had a rug pull on June 8, and they took 623 BNB (~$179,000) and quickly moved the funds to Tornado Cash.
Amount of loss: 623 BNB Attack method: Rug Pull
Description of the event: A Rug Pull occurred on the project BabyElon on BNB Chian, the token dropped 98%, and the scammers have transferred 623 BNB to Tornado Cash, with a loss of about $180,000.
Amount of loss: $ 180,000 Attack method: Rug Pull
Description of the event: Equalizer Finance suffered flash loan attacks on four chains: Ethereum, BSC, Polygon and Optimism. The main reason for this attack is that the FlashLoanProvider contract of the Equalizer Finance protocol is not compatible with the Vault contract. According to officials, funds on Ethereum and BSC have been recovered, but funds on Optimism and Polygon remain unaccounted for.
Amount of loss: $ 50,000 Attack method: Compatibility Issue
Description of the event: The blockchain network Elrond is suspected of having a security breach, and hackers "obtained" nearly 1.65 million $EGLD "out of thin air" and sold it through the decentralized exchange Maiar. On June 8, Elrond founder and CEO Beniamin Mincu tweeted that the previous bug has been resolved, all funds and users are safe, and almost all stolen funds have been recovered.
Amount of loss: $ 113,000,000 Attack method: Virtual Machine Vulnerability
Description of the event: Discord servers for Yuga Lab projects Bored Ape Yacht Club (BAYC) and Otherside appear to have been affected by phishing attacks. The attackers allegedly stole more than 145 ethereum ($256,000) worth of tokens. It appears that the community administrator's account was compromised, which gave attackers access to the administrator account on the server. They then went on to post a link to a phishing site that encouraged users to link their wallets to access "exclusive giveaways." Subsequently, the NFT project BAYC stated on its official Twitter that its Discord server was briefly attacked today, and the team quickly resolved the problem, but some NFTs were still affected.
Amount of loss: 145 ETH Attack method: Discord was hacked
Description of the event: The fomo-dao project is suspected of being attacked, and the attacker has made a profit of $110,000, which has been transferred to Tornado.cash.
Amount of loss: $ 110,000 Attack method: Flash Loan Attack
Description of the event: The Discord of Homeless Friends NFT was attacked, homelessfriends[.]net is a phishing website.
Amount of loss: - Attack method: Discord was hacked
Description of the event: The work of Animoon with 9999 NFTs is taken from Pokémon. They claim to have signed a non-disclosure agreement (NDA) with Pokémon partner TopDeck. But with no evidence of an actual P2E game being developed, the Animoon team disappeared, deleting their Twitter account and website.
Amount of loss: $ 6,300,000 Attack method: Rug Pull
Description of the event: The project CoFiXProtocol on BNB Chian suffered a price manipulation attack, and the attackers made a profit of about $140,000.
Amount of loss: $140,000 Attack method: Price Manipulation
Description of the event: A Rug Pull occurred in StarMan, the coin price fell 99.5%, and the scammers have transferred about 640.4 BNB to Tornado Cash. Losses were valued at approximately $196,000.
Amount of loss: $ 196,000 Attack method: Rug Pull
Description of the event: Rug Pull on Armadillo Coin on BNB Chian, scammers have transferred 663.4 BNB to Tornado.Cash.
Amount of loss: 663.4 BNB Attack method: Rug Pull
Description of the event: Mirror Protocol, a synthetic asset protocol built on Terra, has been attacked again, was attacked again, with more than $2 million in capital losses. The capital pools of Bitcoin, Ethereum and Polkadot have been exhausted, and the remaining capital pools are linked to stocks. If the vulnerability is not fixed before the market opens at 4:00 EST (16:00 GMT), all of its token asset pools will be at risk.
Amount of loss: $ 2,000,000 Attack method: Oracle Price Vulnerability
Description of the event: DeFi project Novo is suspected of being attacked, and hackers have transferred 280 BNB (about $89,600) to Tornado.cash.
Amount of loss: 200 BNB Attack method: Contract Vulnerability
Description of the event: On May 30, after the launch of the new Terra chain, the price of the oracle machine of LUNC (Luna Classic) reached $5, while the actual price was much lower than $5. An Anchor platform user noticed the vulnerability and deposited about 20 million tokens. Lido Bonded Luna Token, and successfully lent 40 million UST, eventually withdrawing and making a profit of about $800,000.
Amount of loss: $ 800,000 Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred in the NFT metaverse game project Pokemoney on BNBChian, its Token PMY has dropped by 99.98%%, and about 11,800 BNB (about 3.5 million US dollars) have been withdrawn and transferred.
Amount of loss: $ 3,500,000 Attack method: Rug Pull
Description of the event: Terra research forum member FatMan tweeted that the Mirror Protocol, a synthetic asset protocol developed by Terraform Labs, has a longstanding vulnerability. Since October 2021, attackers have exploited this vulnerability for multiple attacks within a period of 7 months, and the highest single profit exceeded $4 million ($4.3 million using $10,000), none of which was recovered by Terraform Labs Or the Mirror team found out. By the time the bug was fixed, the attacker's total profit from exploiting the bug could have exceeded $30 million. FatMan said the bug was discovered and questioned by Mirror forum members 11 days ago and has since been fixed, but the Mirror team has not made any statement on the matter.
Amount of loss: $ 90,000,000 Attack method: Contract Vulnerability
Description of the event: DecentraWorld’s DEWO token price plummeted, the founding team of DecentraWorld drained the project’s funds and stole 3,127 BNB (about $1 million), and the project’s official website and Twitter account were deleted.
Amount of loss: 3,127 BNB Attack method: Rug Pull
Description of the event: The first algorithmic stablecoin project on Binance Smart Chain, bDollar, suffered a price manipulation attack, and the attacker made a profit of 2,381 WBNB (worth about $730,000). This attack mainly exploits the design loophole of the claimAndReinvestFromPancakePool function in the DAO fund proxy contract CommunityFund when adding liquidity. It does not fully consider that after the price is maliciously raised, the project party will passively use the funds in its own contract when adding liquidity. The situation of high-level connection.
Amount of loss: 2381 WBNB Attack method: Price Manipulation
Description of the event: The project behind the Llamaverse, the Llamascape NFT series, was hacked. Hackers targeted their Discord server and scammers took around 30-40 ETH.
Amount of loss: 30-40 ETH Attack method: Discord was hacked