1627 hack event(s)
Description of the event: Saxon James Musk has Rug Pull. Project developers suddenly sold their token share for around 1355 WBNB (~$442,000), causing the token price to plummet by over 68%.
Amount of loss: 1,355 WBNB Attack method: Rug Pull
Description of the event: A hacker compromised the wallet belonging to Steven Galanis, the CEO of Cameo, an app that allows people to pay various celebrities to record short messages for them. The hacker took 9,457 ApeCoin (~$69,000), 2.3 ETH (~$3,900), a Bored Ape NFT, three Otherside land plots, and other various NFTs. The hacker then flipped the Bored Ape for 77 ETH (~$131,000), and the other NFTs for a combined 16 ETH (~$27,000).
Amount of loss: $ 231,000 Attack method: Apple ID was hacked
Description of the event: According to SlowMist, the GenomesDAO project on MATIC was attacked by hackers, resulting in the unexpected withdrawal of funds in its LPSTAKING contract. This incident is because the LPSTAKING contract of GenomesDAO can be arbitrarily repeatedly initialized and set key parameters, resulting in the malicious exhaustion of the collateral in the contract.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: On August 4, Team at Velodrome, an AMM project built on Optimism, noticed that $350,000 had been taken from a team-operated wallet that was normally used for operational funds. They announced they were beginning an investigation into the theft, which they initially believed was due to a compromised wallet. Their team member Gabagool tweeted more details, underscoring that no user funds were lost. On August 13, Gabagool posted a long confession to his Twitter account, writing that he had stolen the $350,000, and had previously taken $56,000 over the course of two months, to try to "revenge trade" the money he had lost in the crypto crash. Explaining why he took the $350,000, he wrote, "I thought I could make the 56k back and return all of the funds, which was delusional". He also wrote that "the majority of the funds have been returned to the Velodrome team. The rest will be." Velodrome later confirmed they had recovered all of the stolen money.
Amount of loss: - Attack method: Internal evil
Description of the event: A large-scale incident of currency theft occurred on the Solana public chain, and a large number of users were transferred SOL and SPL tokens without their knowledge. According to SlowMist MistTrack statistics, more than 8,000 Solana wallets have been stolen so far. Assets are valued at approximately $4.5 million.
Amount of loss: $ 8,000,000 Attack method: Unknown
Description of the event: A large-scale coin theft event occurred on the Solana public chain, and a large number of users were transferred SOL and SPL tokens without their knowledge. The SlowMist security team analyzed the Slope wallet application at the invitation of the Slope team. The analysis showed that the version of the Slope wallet released on or after June 24, 2022 has the phenomenon of sending private keys or mnemonic words to third-party application monitoring services. However, from the investigation of the Slope wallet application, there is no temporary way to clearly prove that the root cause of the incident is the problem of the Slope wallet.
Amount of loss: $ 4,000,000 Attack method: Unknown
Description of the event: The Nomad Bridge, a cross-chain interoperability protocol, was attacked by hackers. This attack was due to the fact that the trusted root of the Nomad Bridge Replica contract was set to 0x0 during initialization, and the old root was not invalidated when the trusted root was modified. Constructing arbitrary messages to steal funds from the bridge, the attacker was able to extract over $190 million in value from the attack. So far, more than 40 addresses have returned over $36 million to Nomad.
Amount of loss: $ 154,000,000 Attack method: Contract Vulnerability
Description of the event: Reaper Farm's ReaperVaultV2 contract was maliciously exploited, resulting in more than $1.6 million worth of damage. Attackers exploited a vulnerability in the ReaperVaultV2 contract that could destroy other users' vault shares and withdraw tokens, thereby withdrawing large amounts of tokens from multiple vaults.
Amount of loss: $ 1,698,423 Attack method: Contract Vulnerability
Description of the event: The ZB exchange was hacked with a total loss of around $4.3 million. ZB has notified the community on August 2 that deposits and withdrawals will be suspended due to a "sudden failure". The reason is "Sudden failure of the core application". It's worth noting that the attack actually happened on August 1, but it was overshadowed by the overwhelming news of the Nomad exploit.
Amount of loss: $ 4,300,000 Attack method: Wallet Stolen
Description of the event: According to SlowMist Intelligence, Nirvana, a stablecoin project on the Solana chain, was attacked by a flash loan. The attacker used a flash loan to borrow 10,250,000 USDC from Solend by deploying a malicious contract, and then called the Nirvana contract buy3 method to buy a large amount of ANA tokens. Nirvana contract swap method to sell part of ANA, get USDT and USDC, after repaying the flash loan, a total profit of 3,490,563.69 USDT, 21,902.48 USDC and 393,230.32 ANA tokens, then the hacker sold ANA tokens and passed all the dirty money through the cross-chain bridge transfer.
Amount of loss: $ 3,500,000 Attack method: Flash Loan Attack
Description of the event: CEO Michael Stollery of Titanium Blockchain Infrastructure Services (TBIS) pled guilty to securities fraud in connection to a $21 million cryptocurrency scam. The company promoted its BAR token during 2017–2018, and did not register with the SEC for its ICO. TBIS made false claims including that they had ties to companies including Apple, Boeing, and IBM, and offered various services that did not actually exist. At least 75 people participated in the ICO, giving TBIS a combined $21 million, some of which went directly to Stollery's bank account and personal expenses like a condo in Hawaii.
Amount of loss: $ 21,000,000 Attack method: Scam
Description of the event: DeFi project DRAC Network appeared Rug Pull, with the price of the token $TEDDY dropping 99.4%. 10,000 $BNB and 2 million $BUSD have been slowly transferred to Binance. It is said that the deployer deployed the contract and transferred a large quantity of $TEDDY to 0xdbe8ef79a1a7b57fbb73048192edf6427e8a5552, then pump and dump the price of $TEDDY.
Amount of loss: $ 4,500,000 Attack method: Rug Pull
Description of the event: Web3 music streaming service platform Audius community treasury was hacked, losing 18.5 million AUDIO Tokens. The hackers exchanged the funds for about 705 ETH on Uniswap. Audius officially stated that the problem has been found and is currently being repaired. All Audius smart contracts on Ethereum must be stopped, including tokens. The team believes that there is no further capital risk. Before the repair is completed, token balances, transfers, etc. will be temporarily unavailable. use.
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: The online game Neopets said it encountered a hack and is currently investigating a customer data breach. The Neopets hack may affect 69 million users, and a hacker named TarTarX sold the source of the Neopets website for 4 bitcoins code and database. Neopets recently launched NFTs for its online virtual world games.
Amount of loss: - Attack method: Information Leakage
Description of the event: The Tableland Discord server was compromised by malicious actors, successfully impersonating moderators on the channel and leading community members to a fake Tableland domain that funneled targeted assets from member ETH wallets. The perpetrators utilized a fakemint scheme, which lured community members using a pretense of an exclusive, limited mint. Instead, target victims were taken to a malicious website that tricked some of them into granting specific wallet permissions. Once granted, the perpetrators were able to siphon away Tableland Rigs and other NFTs
Amount of loss: $ 45,819 Attack method: Discord was hacked
Description of the event: My Big Coin founder Crater has been found guilty of a cryptocurrency fraud scheme. Crater founded My Big Coin in 2013 to provide virtual payment services through the fraudulent digital currency "My Big Coins," which he marketed to investors between 2014 and 2017 by misrepresenting the nature and value of Coins . Crater and his colleagues falsely claimed that Coins was a fully functional cryptocurrency backed by $300 million in gold, oil and other valuable assets. In reality, the coins are not backed by gold or other valuable assets, have no partnership with Mastercard, and are not easily transferable. Over the course of the scheme, Crater misappropriated more than $6 million in investor funds for personal gain and merchandise spending, including spending on antiques, art and jewelry worth hundreds of thousands of dollars.
Amount of loss: $ 6,000,000 Attack method: Scam
Description of the event: Raccoon Network and Freedom Protocol are scam projects, scammers have transferred 20 million BUSD (IDO) to address 0xf800...469336.
Amount of loss: $ 20,000,000 Attack method: Scam
Description of the event: The permissions of the relevant administrators of the Discord of the Tableland project party were stolen. It is understood that after joining an external Discord server, Tableland members clicked the verification steps of a bot named "Dyno" and clicked a bookmark button with malicious javascript, and were then prompted to interact with the bookmark, triggering the malicious script to run. The attacker got hold of the admin account and posted a link on the announcement channel containing a fake website, anyone who clicked on the link and followed the wallet instructions would grant the attacker access to any NFTs held in their account.
Amount of loss: - Attack method: Discord was hacked
Description of the event: The NFT access list tool PREMINT issued an alert through its official Twitter, because some users reminded that the tool's website was hacked, and the collections of NFT collectors have been stolen. Subsequently, the blockchain security company SlowMist confirmed that the PREMINT website was attacked by hackers. Hackers carried out phishing attacks by implanting malicious JS (JavaScript) files in the website, deceiving users to sign the transaction of "set approvals for all", thereby stealing users. of NFT assets. The attack lost about 280 ETH in total, amounting to $381,818, making it one of the biggest NFT hacks of the year.
Amount of loss: 280 ETH Attack method: Malicious Code Injection Attack
Description of the event: On July 16, hackers compromised the Twitter account of well-known NFT artist DeeKay. The 180,000 followers of DeeKay's hacked Twitter account saw it post a link announcing a limited number of new airdrops, which directed them to a phishing site that mimicked DeeKay's real site. One victim lost 4 Cool Cat NFTs and 3 Azuki NFTs with reserve prices around 4 ETH (~$5,350) and 12 ETH (~$16,200) respectively. The total value of the stolen NFTs was approximately $150,000. DeeKay said he wasn't sure how his Twitter account was stolen, but "guessed that 2FA was shut down at a specific time."
Amount of loss: $ 150,000 Attack method: Twitter was hacked