1208 hack event(s)
Description of the event: Hackers carried out ransomware attacks against Tower Semiconductor Ltd (TSEM), a maker of wireless chips and camera sensors listed on the Israeli Nasdaq, and demanded hundreds of thousands of dollars in bitcoin ransoms. For safety reasons, TSEM shut down some running servers and suspended production in some factories.
Amount of loss: - Attack method: Ransomware
Description of the event: The transfer logic of TRON's DeFi project CherryFi calls the safeTransfer function to perform specific transfer operations. However, the USDT transfer logic does not return a value, which causes the safeTransfer call to never succeed, which leads to the lockup of funds, and therefore users cannot perform USDT transfers in and out. It is understood that the CherryFi code has not been audited.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Nine Chainlink node operators were subjected to so-called "spam attacks." The attackers obtained approximately 700 ETH (worth approximately $335,000 at the time) from their "hot wallets".
Amount of loss: 700 ETH Attack method: Spam attacks
Description of the event: The well-known darknet market Empire Market has closed its operations. When it exited, the website defrauded about 2638 bitcoins from 1.3 million users, worth nearly 30 million U.S. dollars.
Amount of loss: $ 30,000,000 Attack method: Scam
Description of the event: Bitfly tweeted that another massive 51% attack on ETC today resulted in the restructuring of more than 7,000 blocks, equivalent to about two days of mining time. All missing blocks are removed from balances that have never expired, and all expenditures are checked for missing transactions.
Amount of loss: - Attack method: 51% attack
Description of the event: GitHub user "1400 BitcoinStolen" said that a huge amount of his Bitcoin money had disappeared in the hack. This user uses a bitcoin purse Electrum, the user has no security update the software, so when he transfers the currency, it prompts to update and fix potential problems, but when he according to tip operation, the software takes advantage of a vulnerability to connect the hacker server, 1400 bitcoins (worth $16 million) is placed into the hacker's wallet.
Amount of loss: $ 16,000,000 Attack method: Fake software update
Description of the event: Encrypted wallet provider Ledger recently experienced database leaks and wallet vulnerabilities, putting users' bitcoins at risk. The chief technology officer of Ledger stated that in terms of database leakage, the attacker accessed part of our e-commerce and marketing database through a third-party misconfigured API key on our website, allowing unauthorized access to our customers’ contact information and Order data. Ledger fixed this issue on the same day and disabled the API key.
Amount of loss: - Attack method: Information Leakage
Description of the event: The New Zealand Stock Exchange (NZX) went offline for two days in a row due to a cyber attack. NZX said on Tuesday it was first hit by a distributed denial of service (DDoS) attack from abroad. The emails threatening DDoS attacks came from Fancy Bear, a well-known Russian hacking group.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Twitter users reported that DeFi's liquidity mining project Degen.Money exploited a double approval vulnerability to get users' Money. The first authorization gives the pledge contract, and the second authorization gives the right to transfer money, which will result in the user's funds being taken away by the attacker. YFI founder Andre Cronje says the project does have risks.
Amount of loss: - Attack method: Double Authorization Vulnerability
Description of the event: The Filecoin space race started, and the CDSI alliance node "t02398" suffered a large number of malicious and illegal attacks. The attacker sent a large number of messages through the filtered whitelist to block the node, consuming a lot of calculations on the Lotus node, making the node unable to complete the task normally and eventually losing computing power.
Amount of loss: - Attack method: DDoS Attack
Description of the event: South Korea’s third largest digital currency exchange, Coinbit, was seized and investigated by South Korean police. Its chairman and operator were suspected of internal transactions and manipulation of market prices. The police claimed that the company was suspected of using illegal means to earn at least 100 billion won in illegal profits (approximately 85 million US dollars), and Coinbit was also suspected of forging more than 99% of its transaction volume.
Amount of loss: $ 85,000,000 Attack method: Scam
Description of the event: Some cybercriminals have been counterfeiting the BTC ERA trading platform in order to infect potential users with malware. The cybersecurity company discovered that the perpetrators had been sending emails allegedly from BTC ERA to induce users to invest and pay.
Amount of loss: - Attack method: Phishing attack
Description of the event: According to Coindesk, a hacker has stolen more than 1,000 user data from crypto-tax service provider CryptoTrader.Tax and is trying to sell information on dark web forums.
Amount of loss: - Attack method: Information Leakage
Description of the event: The DeFi project YFValue (YFV) officially released an announcement stating that the team found a loophole in the YFV pledge pool yesterday, and malicious participants used the vulnerability to reset the YFV timer in the pledge separately. There is a risk of being locked in $170 million in funds. Currently, a malicious participant is trying to blackmail the team using this vulnerability.
Amount of loss: $ 170,000,000 Attack method: Staking Pool Vulnerability
Description of the event: KuCoin, a cryptocurrency exchange, warned of fraudulent websites using its brand to try to steal cryptocurrencies. The website provides false rewards to induce users to deposit digital assets.
Amount of loss: - Attack method: Phishing attack
Description of the event: OKEx has confirmed that the latest 51% attack caused ETC losses of approximately $5.6 million. Out of concerns about the security of the ETC mainnet, it is considering removing ETC from the exchange. According to a report released by OKEx on Saturday, OKEx will repay all the ETC lost by users.
Amount of loss: $ 5,600,000 Attack method: 51% attack
Description of the event: The Hong Kong police arrested three men on suspicion of defrauding nearly 230,000 Hong Kong dollars (US$30,000) from Bitcoin ATMs. This is the first such case in Hong Kong. These exchanges suspect that criminals have used the “loopholes” of ATMs to withdraw cash without official authorization.
Amount of loss: $ 30,000 Attack method: Scam
Description of the event: The DeFi liquidity farming anonymous project BASED officially announced that it would redeploy the pledge pool. The official tweeted that a hacker tried to freeze "Pool1" permanently, but the attempt failed, and "Pool1" will continue as planned. The mortgage funds and BASED tokens are currently safe.
Amount of loss: - Attack method: Unknown
Description of the event: A cryptocurrency trader tweeted that a hacker hacked into his Ledger crypto wallet and stole more than 100,000 ERC-20 tokens. In addition, the trader said his account was safe because he had just reset his password last week.
Amount of loss: 100,000 ERC-20 Attack method: Unknown
Description of the event: On August 13, 2020, the well-known Ethereum DeFi project YAM officially issued a post on Twitter indicating that there were loopholes in the contract. The price plummeted by 99% within 24 hours, resulting in the “permanent destruction” of the governance contract, with a value of 750,000 USD Curve tokens. It is locked and cannot be used. Since the value of totalSupply was taken during rebase, the value of totalSupply calculated incorrectly will not be immediately applied to initSupply through mint, so before the next rebase, the community still has a chance to recover this error and reduce losses. But once the next rebase is executed, the entire mistake will become irreparable.
Amount of loss: $ 750,000 Attack method: Contract Vulnerability