1522 hack event(s)
Description of the event: According to official sources, the DeFi oracle Umbrella Network was stolen over 3 million UMB tokens due to a loophole in the ChainSwap contract of the cross-chain asset bridge.
Amount of loss: 3,000,000 UMB Attack method: Contract Vulnerability
Description of the event: According to official sources, Dora Factory, a multi-chain service infrastructure based on Polkadot, suffered a contract vulnerability in the cross-chain asset bridge ChainSwap. The 7,872 DORA locked in the ChainSwap cross-chain bridge contract was taken out by hackers and sold through Uniswap.
Amount of loss: $ 42,373 Attack method: Contract Vulnerability
Description of the event: Circle Internet Financial, the issuer of the US dollar stable currency USDC, reported in a regulatory filing with the US Securities and Exchange Commission (SEC) that Circle Internet Financial lost US$2 million in email fraud last month. Circle stated that the email fraud incident did not affect customer funds and accounts, Circle's information system is still safe, and the US$2 million is the company's own funds.
Amount of loss: $ 2,000,000 Attack method: Scam
Description of the event: Lookout Threat Lab security researchers exposed more than 170 Android applications, and the number of deceived users exceeded 93,000. Among them, 25 applications managed to evade the Google Play Store detection and successfully launched, but this is mainly because they do not involve any malicious operations, and may even be purely to fool users. Lookout security researchers pointed out that these counterfeit applications belong to the BitScam and CouldScam series respectively, claiming to provide cloud-based cryptocurrency mining services that can aggregate the computing power of users' mobile devices and share mining revenue. These apps are not free, and various additional payment excuses such as subscriptions and upgrades will be made. Prices range from 12.99 to 259.99 US dollars, and cryptocurrencies such as BTC or ETH are accepted as payment methods. LookoutThreatLab estimates that these malware creators defrauded 300,000 U.S. dollars through illegal sales and 50,000 U.S. dollars in cryptocurrency through fake payments and upgrade services.
Amount of loss: $ 350,000 Attack method: Scam
Description of the event: Cobra, the anonymous creator and principal of Bitcoin.org, tweeted that the Bitcoin.org website is being subjected to an "absolutely large-scale" distributed denial of service (DDoS) attack, as well as a Bitcoin ransom demand. Currently Bitcoin.org is accessible.
Amount of loss: - Attack method: DDoS Attack
Description of the event: A blackmailer with an ID of ZeroX is suspected of using a 0day vulnerability attack to steal 1TB of Saudi Aramco's corporate data resources. According to the ID's post on the dark web forum, the data leaked this time involves the complete information of 14,254 employees, internal analysis reports, pricing tables, refinery locations, enterprise-related system project specifications, and the most important customer data, etc. Sensitive information, the earliest data range can be traced back to 1993, spanning 28 years. The blackmailer gave Saudi Aramco a validity period of 662 hours (approximately 28 days) and demanded to pay 50 million U.S. dollars in Monero or sell it for 5 million U.S. dollars. This has also become a large-scale data breach after Saudi Aramco was hacked in 2012, 35,000 computers were affected, and 75% of the company’s computer data was deleted.
Amount of loss: - Attack method: Information Leakage
Description of the event: RAI Finance, a cross-chain transaction protocol based on the Polkadot blockchain, issued a post stating that due to the vulnerability of the ChainSwap smart contract, the RAI access and payment permission addresses connected to it were also hacked and stolen. The total amount of stolen RAI in the account reached 2.9 million. On July 5, Rai Finance tweeted that after investigation by the team, hackers had returned 2.2 million RAIs to ChainSwap Deployer. The total loss caused by this incident was reduced to 670,000 RAI.
Amount of loss: $ 414,013 Attack method: Affected by ChainSwap Attack
Description of the event: Based on Monero’s privacy-centric DeFi protocol Haven Protocol (XHV), it released analysis reports and measures for three serious attacks related to it in late June. The chain rollback plan will be initiated and a hard fork will be implemented. Fix the known vulnerabilities in protocol minting. Regarding specific attacks, on June 24, 203,000 xUSD and 13.5 xBTC were minted in two attacks; on June 27, an unknown amount of XHV was minted due to a vulnerability in the conversion verification of xAsset; June 29 , The attacker exploited a vulnerability that allowed the minting of 9 million xUSD.
Amount of loss: $ 8,186,549 Attack method: Minting Attack
Description of the event: The DEX trading tool DEXTools (DEXT) tweeted that it was recently hacked and affected some DEXT holders.
Amount of loss: - Attack method: Unknown
Description of the event: The XDX Swap (DDEX) on the Heco chain's cross-chain decentralized exchange DDEX was attacked. The attacker made a profit of 85.17 ETH (approximately $176,000) and cross-chained it to Ethereum. The DDEX code appears to have a backdoor. With the support and cooperation of DDEX, Star Labs, and HECO White Hat Security Alliance, XDX Swap has successively recovered most of the funds involved in this attack, with a total value of more than 5 million US dollars.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: The cross-chain asset bridge Chainswap announced the details of the hacking incident today, saying that at 04:30 AM UTC on July 2nd, they noticed an abnormality on the cross-chain bridge. Some users reported that their tokens were actively removed from wallets interacting with ChainSwap. After it was taken out, the ChainSwap team immediately froze the cross-chain bridge, shut down all nodes, and deployed the fix within 30 minutes. The team of the affected project received an alert. According to the announcement, the stolen assets include 32237576.17 TSHP, 80052.82027 CORRA, 643405.7157 BLANK, 2922720 RAI, 19392.27712 ROOM, 4820309.98 DEXT, 210,108.22 UMB, 55476328.8 FAIR. Chainswap stated that after negotiating with hackers, it has recovered some of the CORRA and RAI tokens, and the total loss is estimated to be 800,000 US dollars. At present, a small amount of affected tokens have been repurchased from the market and returned to the contract wallet. The rest will be fully paid by Chainswap Vault Compensation. In addition, Chainswap will also issue compensation to affected users.
Amount of loss: $ 800,000 Attack method: Contract Vulnerability
Description of the event: THORChain, a decentralized cross-chain transaction protocol, tweeted that a malicious attack against THORChain was discovered. THORChain nodes have responded and isolated defenses. The capital loss caused by this attack was US$140,000, but THORChain stated that user funds will not be affected. The fund pool will be used to make up for the leaked funds. The team stated that the path of the attack was that EthBifrost had a logical error in processing the same symbol as ETH. THORChain claimed that it repaired Bifrost within 30 minutes and adopted node defense to stop Bifrost and THORNode. The team said it will also invest funds for ongoing code reviews and monitoring.
Amount of loss: $ 140,000 Attack method: False top-up
Description of the event: European Union legal body Europol has cracked down on the Belgian Ponzi scheme Vitae. Europol raided 17 locations associated with the site, which were advertised as social media sites with their own cryptocurrencies, confiscating German currency and luxury cars totalling over 1 million euros. The company operates in Switzerland under the name VITAE AG.
Amount of loss: $ 1,119,810 Attack method: Scam
Description of the event: The algorithmic stablecoin project SafeDollar on Polygon is suspected of being hacked, and an unconfirmed contract seems to have taken away 250,000 USD in USDC and USDT.
Amount of loss: $ 250,000 Attack method: Flash loan attack
Description of the event: The hacking of the revenue aggregator Merlin Lab stems from a logical loophole in MerlinStrategyAlpacaBNB. The contract mistakenly uses the BNB transferred by the beneficiary as mining revenue, which makes the contract issue more MERL as a reward. After repeated operations, the attacker made a profit of 300,000 US dollars.
Amount of loss: $ 300,000 Attack method: Logic Vulnerability
Description of the event: The DeFi protocol xWin Finance based on Binance Smart Chain was attacked by lightning loans. The xWin Finance token XWIN has fallen by nearly 90% in 24 hours. The attacker used xWin Finance's "reward mechanism" to continuously add and remove liquidity to obtain rewards. Under normal circumstances, due to the small amount of users added, the gains may be small, or even not enough to pay the handling fees; but in the face of huge amounts of funds, the rewards will become abnormally high.
Amount of loss: $ 281,599 Attack method: Flash Loan Attack
Description of the event: The BSC on-chain project StableMagnet ran away and lost USD 24 million. On August 12, the Greater Manchester Police Department announced that it had arrested the suspects of the StableMagnet Finance team who had previously taken away $22 million of users on the BSC. The police found a large amount of stolen Ethereum in the encrypted U disk. According to statistics, this money accounted for 90%($ 22,250,000) of the stolen cryptocurrency, and it is now beginning to reconnect with the legitimate owner.
Amount of loss: $ 1,750,000 Attack method: Rug Pull
Description of the event: The Ethereum 2.0 staking solution SharedStake released an attacked report, stating that the reason the SharedStake token was minted before the official launch was due to the use of vulnerabilities in time-locked contracts (that is, smart contracts that perform certain operations at a fixed time) by internal personnel. The vulnerability was submitted to the team by the white hat Lucash-dev on April 26. Because a team member had permission to view the vulnerability, he used the vulnerability to cast a value of about 50 on the main network four times on June 19 and 23. Ten thousand USD tokens were sold and mortgaged after the official launch. Although there is not enough evidence, the core members of SharedStake suspect that it was the work of a new team member.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: Nerve Finance, a stablecoin trading platform based on the Binance Smart Chain (BSC), tweeted that the Nerve-related machine gun pool in the revenue aggregator Eleven Finance have been attacked by sparks. After analysis, the reason for the exploit is that the emergencyBurn() function does not calculate the balance correctly and does not execute the destruction. On September 30th, hackers have returned approximately $4.5 million in stolen funds.
Amount of loss: $ 300,000 Attack method: Flash loan attack
Description of the event: According to Bloomberg News, the founder of the cryptocurrency investment platform Africrypt lost contact and 69,000 bitcoins (currently valued at approximately US$2.3 billion) on the platform were transferred. At 4 o'clock, Ameer Cajee, chief operating officer of Africrypt, told the client that the platform was hacked and asked them not to report the lost funds to the authorities. The investor has since hired a lawyer to conduct an investigation, but the lawyer has not been able to contact the founder of the company and has notified the South African Criminal Investigation Department. In addition, the lawyer found that funds on the Africrypt platform were transferred from their accounts and customer wallets, and made it untraceable through the Bitcoin mixer.
Amount of loss: $ 2,300,000,000 Attack method: Scam