1909 hack event(s)
Description of the event: One-stop asset management solution DeFiSaver tweeted that it experienced an attempted DNS attack and, according to its analysis, no users were affected. DeFi Saver said that what the DNS attack has in common with Convex Finance and Ribbon Finance is the domain name registration service Name cheap, reminding other projects to use it with caution.
Amount of loss: - Attack method: DNS Attack
Description of the event: The pandorachainDAO project suffered a flash loan attack, resulting in a loss of assets worth about $128,000.
Amount of loss: $ 128,000 Attack method: Flash Loan Attack
Description of the event: The LV PLUS (Token LVP) project has been identified as a Rug Pull project. So far, the project has resulted in losses of about $1.5 million. LV PLUS claims to be affiliated with the "LV Metaverse", and the main reason for the loss, which is defined as a Rug Pull, is that the LV PLUS contract deployer sent tokens to certain wallets - these wallet addresses subsequently sold the project's tokens, causing the project's market to crash .
Amount of loss: $ 1,500,000 Attack method: Rug Pull
Description of the event: The whaleswap.finance project was attacked, and at least 5946 BUSD and 5964 USDT were lost. The reason may be that there is a problem with the K value verification of the whaleswap.finance Pair contract. Whenever the user exchanges, there is a problem with the parameter magnitude passed in the K value verification, which causes the K value verification to fail. The attacker first borrows a BSC-USD through a flash loan, and then returns the flash loan when the K value verification parameter is on the order of 10000^4. The parameter verification level used in the K value verification is 10000^2, which causes the K verification to fail.
Amount of loss: 5946 BUSD+5964 USDT Attack method: K value verification vulnerability
Description of the event: A Rug Pull occurred in the DHE project, causing the price of DHE tokens to drop by more than 91%. Total losses are currently around $142,000.
Amount of loss: $ 142,000 Attack method: Rug Pull
Description of the event: The SNOOD ERC-777 smart contract was attacked, causing the liquidity of the UniswapV2Pair token to be completely drained (104 ETH).
Amount of loss: 104 ETH Attack method: Reentrancy Attack
Description of the event: Clothing brand LACOSTE's Discord was hacked, and scammers posted phishing links on the announcement channel. Recently, the Discords of several projects have been attacked, including Clyde, Good Skellas, Duppies, Oak Paradise, Tasties, Yuko Clan, Mono Apes, ApeX Club, Anata, GREED, CITADEL, DegenIslands, Sphynx Underground Society, FUD Bois, and Uncanny Club etc.
Amount of loss: - Attack method: Discord was hacked
Description of the event: Crypto Financial Services Provider Babel Finance Suspends Customer Withdrawals due to crypto market turmoil. In July, documents revealed that Babel Finance lost more than $280 million in bitcoin (BTC) and ether (ETH) as its proprietary trading failure. Specifically, it lost around 8,000 BTC and 56,000 ETH in June after facing liquidation due to a severe market downturn.
Amount of loss: 8,000 BTC + 56,000 ETH Attack method: Proprietary trading failure
Description of the event: Inverse Finance suffered a flash loan attack, resulting in a loss of approximately 1068.215 ETH (approximately $1.26 million). This is the second time that Inverse Finance has suffered a flash loan attack in the past two months. The main reason for this attack is the use of insecure oracles to calculate LP prices.
Amount of loss: $ 1,260,000 Attack method: Flash Loan Attack
Description of the event: KnownOrigin officially tweeted that its discord had been attacked, and reminded users not to click on any links. Other servers hacked in recent days include those of Curiosity, Meta Hunters, Parallel, Goat Society, RFTP and Gooniez.
Amount of loss: - Attack method: Discord was hacked
Description of the event: Fswap was attacked by a hacker on June 13. Fswap stated that the attack was a vulnerability incident of a non-attacked project and a malicious loan attack. Hackers borrowed money from BISWAP to FSWAP for transaction attacks. The hacker made about 1,751 WBNB worth about $500,000.
Amount of loss: 1,751 WBNB Attack method: Flash Loan Attack
Description of the event: The ElonMVP token suffered a Rug Pull, the token price fell by 99%, and over 622 BNB were transferred to Tornado.Cash, with a loss of about $130,000.
Amount of loss: $ 130,000 Attack method: Rug Pull
Description of the event: On June 12, the price of the HEGE token plummeted by more than 97%. The current loss amount is approximately $429,000.
Amount of loss: $ 429,000 Attack method: Rug Pull
Description of the event: The treasure swap project was attacked. The attacker only used 0.000000000000000001 WETH to exchange all the WETH tokens in the transaction pool. The reverse of the source code found that the swap function of the attacked contract lacked the K value check. At present, the attacker has completed the attack on the two contracts 0xe26e436084348edc0d5c7244903dd2cd2c560f88 and 0x96f6eb307dcb0225474adf7ed3af58d079a65ec9, and accumulated a profit of 3,945 BNB.
Amount of loss: 3,945 BNB Attack method: K-value Verification Vulnerability
Description of the event: On June 11, the SHELL token price fell by more than 56%. The project owner minted 150 million tokens at one address, then transferred them and sold some of them in 12 transactions for about $180,000.
Amount of loss: $ 180,000 Attack method: Rug Pull
Description of the event: Optimism and Wintermute both released announcements, disclosing to the community a loss of 20 million OP tokens. At the time of the release of OP tokens, Optimism entrusted Wintermute to provide liquidity services for OP in the secondary market. As part of the agreement, Optimism will provide Wintermute with 20 million OP tokens. To receive the tokens, Wintermute gave Optimism a multi-signature address, to which Optimism transferred 20 million OPs after Optimism test sent two transactions and Wintermute confirmed it was correct. After Optimism transferred the coins, Wintermute found that they had no way to control these coins, because the multi-signature addresses they provided were only deployed on the Ethereum mainnet for the time being and have not yet been deployed to the Optimism network. To gain control of these tokens, Wintermute immediately initiated remediation operations. However, attackers have already noticed this vulnerability and deployed multi-signature to this address on the Optimism network before Wintermute, successfully controlling the 20 million tokens. At present, the Optimism hacker has returned 17 million OP tokens and transferred 1 million OP to the Vitalik address, and Vitalik has returned the funds.
Amount of loss: 2,000,000 OP Attack method: Multi-signature address transfer vulnerability
Description of the event: Osmosis, the decentralized exchange (DEX) built on the Cosmos network, was shut down just before 3 a.m. ET on Wednesday after attackers exploited a liquidity provider (LP) vulnerability to steal around 5 million Dollar. About an hour after Osmosis tweeted about the attack, 4 hackers accounted for 95% of the total, according to a tweet from Osmosis, Cosmos ecosystem validator FireStake admitted on Twitter, A "momentary error of judgement" led to two members of their team who exploited the vulnerability for roughly $2 million, and they decided to voluntarily return the funds and "fix the problem."
Amount of loss: $ 3,000,000 Attack method: LP vulnerability
Description of the event: GYM NETWORK Hacked, Lost $2.1M, Stolen Funds Moved to Tornado Cash. According to the official Twitter account, the attack was caused by an attack on the Claim & Pool function, which resulted in a significant price drop.
Amount of loss: $ 2,100,000 Attack method: Contract Vulnerability
Description of the event: Cosmos ecosystem developer @TheJunonaut tweeted that a critical bug was discovered on Osmosis that could drain all liquidity pools. Anyone can add liquidity to any pool and get an additional 50% when removing it. Responding to community discussions about the attack, Osmosis tweeted that the liquidity pool was not "completely drained" and that developers were fixing bugs, determining the size of the loss (likely around $5 million), and working on recovery.
Amount of loss: $ 5,000,000 Attack method: Funds Pool Vulnerability
Description of the event: The ApolloX project was attacked due to a flaw in the ApolloX signature system. The attacker used the signature system flaw to generate 255 signatures, with a total of 53,946,802 $APX extracted from the contract, worth about $1.6 million.
Amount of loss: $ 1,600,000 Attack method: Signature system flaws