1914 hack event(s)
Description of the event: The Twitter account of Manta Network, a Poca eco-privacy project, which was previously stolen and posted false airdrops, has been restored.
Amount of loss: - Attack method: Account Compromise
Description of the event: A suspected Rug Pull occurred on the Chibi Finance project on Arbitrum, and $1 million worth of cryptocurrency was drained. The stolen funds have been converted into approximately 555 ETH and transferred to Tornado Cash after bridging from Arbitrum to Ethereum.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: ZK Rollup Order Book DEX Protocol ZigZag tweeted, "Our Discord has been hacked, please note that there is no airdrop activity at ZigZag at this time, please do not click on phishing links. We are working to resolve this issue and will provide an update when control is regained."
Amount of loss: - Attack method: Account Compromise
Description of the event: On June 27th, Entangle Protocol's Discord was hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: ‘Blockchain for dog nose wrinkles’ Ponzi makes off with $127m. A South Korean company lured investors with its new technology: a blockchain app that can identify dogs by their nose wrinkles.The investigation found that what the company promoted to be its dog nose wrinkle reader was fake.The South Korean police say investors have lost more than $100 million in what it describes as a “typical Ponzi.”
Amount of loss: $ 127,000,000 Attack method: Scam
Description of the event: Shido has been exploited for ~976 $BNB (~$238.5K). The exploiter transferred 1 $BNB to Tornado Cash and bridged the stolen funds to Ethereum, subsequently transferring 125 $ETH to Tornado Cash.
Amount of loss: $ 238,500 Attack method: Contract Vulnerability
Description of the event: The U.S. Commodity Futures Trading Commission (CFTC) recently filed a lawsuit in the U.S. District Court for the Northern District of California against William Koo Ichioka, an alleged digital asset and foreign exchange Ponzi scheme, alleging that he mishandled more than $21 million in investor assets and used new customer funds to create the illusion of profits in his Ponzi scheme.William Koo Ichioka raised money from William Koo Ichioka raised funds from more than 100 individuals and entities, promising to trade forex through the operation of a commodity interest pool called Ichioka Ventures. He advertised the service on his website claiming that the promised returns matched the performance of his investments, as he himself was a white knuckle investor who had made millions of dollars. According to his trading strategy, Ichioka promised a 10% return every 30 business days to those who participated in his program. However, his trades suffered huge losses. To hide the losses, he provided false documents to inflate the amount of money in his commodity interest pool accounts and provided participants with false account statements. Ichioka also used other participants' funds to pay for the alleged gains. Although Ichioka claimed that he was investing for his clients, he actually used client funds for personal expenses. He commingled participants' assets with his own and used them to purchase luxury items such as jewelry, cars, and watches.
Amount of loss: $ 21,000,000 Attack method: Scam
Description of the event: The Twitter account of decentralized exchange Slingshot has been compromised by scammer Pink Drainer, who posted links to fake websites and claimed that users could claim airdrop tokens. Users are advised to be aware of the risks and not to click on the links.
Amount of loss: - Attack method: Account Compromise
Description of the event: The project named "IPO" (Twitter handle @IPO_web3) is suspected to have suffered a Rug Pull, losing around 102,000 BSC-USD, the project's tokens are down 32%, and the stolen funds are now located in addresses beginning with 0x35fe.
Amount of loss: $ 102,000 Attack method: Rug Pull
Description of the event: Astaria, the NFT lending platform, tweeted: "At 12:42 BST on June 20, Astaria became aware of an issue with the basic execution of BeaconProxy.sol that allowed an attacker to manipulate the beacon to load a malicious execution that would allow the attacker to invoke the self-destruct feature. All funds and NFTs are secure and no action is required at this point, Astaria is in a suspended state and cannot initiate new loans. The suspended state is to protect all assets in the protocol and we can confirm that no funds are missing. Just now Astaria successfully executed a white hat recovery script that saved all ERC20 and ERC721 assets of all LPs and borrowers. Astaria has been in public beta since May 25. The recovery script extracted all funds and NFTs to Astaria multi-signature addresses using the updated contract implementation and recovery code. We are drafting a plan for the next steps and will follow up as soon as possible."
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: The Ara project was attacked by a flash loan. The attackers are suspected to have made about $124,000 in BUSD. attacker address: 0xF84efA8a9F7E68855CF17EAaC9c2f97A9d131366.
Amount of loss: $ 124,000 Attack method: Flash Loan Attack
Description of the event: Seems like @VPandaCommunity rugged for ~265K $BSC-USD $VPC has dropped -97.4%, the stolen funds has already been transferred to 0x33d2a4...af65
Amount of loss: $ 265,000 Attack method: Rug Pull
Description of the event: Cross-chain money market solution Midas Capital has been hacked, causing losses of more than $600,000 after an integer rounding problem in its lending protocol (derived from a fork of the well-known Compound Finance v2 codebase) was exploited. The same situation was also exploited in the previous attack on Hundred Finance. The attacker deposited 400 BNB into Tornado Cash, and some other proceeds were bridged to Ethereum.
Amount of loss: $ 600,000 Attack method: Contract Vulnerability
Description of the event: Recently, a security firm discovered a stack overflow vulnerability in the Move VM that does not limit the depth of recursive calls, which can cause a total network shutdown, prevent new validator nodes from joining the network, and potentially even cause a hard fork. mainnet_v1.2.1, Aptos mainnet_v1.4.3 and earlier are all affected by this vulnerability. Suimainnet_v1.2.1, Aptosmainnet_v1.4.3, and Move-language versions after June 10, 2023 fix this vulnerability.
Amount of loss: - Attack method: Overflow Vulnerability
Description of the event: Decentralized trading platform Hashflow is suspected to have suffered an authorization-related attack, though this may be a white-hat hacking operation. The loss from the theft was approximately $600,000, and all affected users were able to retrieve all of their assets.
Amount of loss: $ 600,000 Attack method: Authorization Attack
Description of the event: DEP/USDT and LEV/USDC pools were stolen with 105,800 stablecoins worth (36,000 USDC and 69,960,000 USDT), and the attackers initially received 1 ETH of initial funding from Tornado Cash.
Amount of loss: $ 105,800 Attack method: Unknown
Description of the event: The DeFi lending protocol Sturdy is suspected to have been hacked, and information on the chain suggests that the attack may have been carried out through price manipulation. The attackers have transferred 442.6 ETH to Tornado Cash.
Amount of loss: $ 770,000 Attack method: Price Manipulation
Description of the event: A governance attack on the BSC eco-protocol Atlantis Loans, in which attackers gained control of the contract and replaced it with a contract containing backdoor functionality to transfer user assets, is currently costing approximately $1 million. The attackers created the malicious governance proposal in the GovernorBravo contract on June 7, 2023.
Amount of loss: $ 1,000,000 Attack method: Governance Attack
Description of the event: ZenGo CEO Ouriel Ohayon tweeted that BitBoy Crypto founder Ben Armstrong's Twitter account was hacked and used to promote a crypto scam to steal users' NFT assets, the same scam that hit garry tan, peter schiff and others, asking users to be aware of the risks involved.
Amount of loss: - Attack method: Account Compromise
Description of the event: TrustTheTrident ($SELLC) suffered an attack that resulted in approximately $95,000 in losses.
Amount of loss: $ 95,000 Attack method: Contract Vulnerability