1508 hack event(s)
Description of the event: The U.S. Securities and Exchange Commission (SEC) stated on Monday in a release that its Twitter account was compromised on January 9th due to an unauthorized party gaining control of the associated phone number through a "SIM card swap" attack. After gaining control of the phone number, the unauthorized party reset the password for the SEC's Twitter account. Access to the phone number was obtained through the telecommunications provider, not through the SEC's systems.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: SlowMist Security Team issues a security alert, as there have been recent cases of individuals impersonating journalists for phishing. Scammers typically communicate with victims using broken Chinese and send what appears to be a normal Calendly link. However, upon clicking the link, the name changes to "Calendly." This link is designed to deceive you into authorizing control of your Twitter account, allowing scammers to post phishing links through your tweets. Please remain vigilant against unfamiliar links.
Amount of loss: - Attack method: Social Engineering
Description of the event: The MangoFarm project is suspected of a rug pull. The official Twitter account of the MangoFarm is no longer accessible.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: According to a report by Cointelegraph, the cryptocurrency venture capital firm Polychain Capital has confirmed that its founder and CEO, Olaf Carlson-Wee, has had his Twitter account compromised. Hackers have posted phishing links containing false airdrops. Polychain has urged Twitter users to avoid interacting with Carlson-Wee's account until further notice.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Cryptocurrency payment service provider Coinspaid experienced multiple unauthorized transactions, with hackers stealing cryptocurrency assets worth $7.5 million.
Amount of loss: $ 7,500,000 Attack method: Unknown
Description of the event: The SocialFi and GameFi platform XKingdom Tech, built on Arbitrum, has exit-scammed, resulting in approximately $1.2 million in losses. The stolen funds were bridged to Ethereum and transferred to Tornado Cash.
Amount of loss: $ 1,200,000 Attack method: Rug Pull
Description of the event: The Twitter account of the security firm CertiK was compromised. The attackers posted false information claiming that the Uniswap router contract is vulnerable to a reentrancy attack, along with phishing links. Subsequently, CertiK tweeted that "A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee. "
Amount of loss: - Attack method: Twitter was hacked
Description of the event: The NRW token of the liquidity mining project Narwhal suffered losses of approximately $1.5 million in a security incident, with the majority of the stolen funds being sent to Tornado Cash.
Amount of loss: $ 1,500,000 Attack method: Unknown
Description of the event: The liquidity management protocol Gamma has been attacked, and its post-mortem indicates that there was a flaw in the deposit agent configuration. This flaw allowed the attacker to manipulate the price up to the price change threshold and mint a disproportionately high number of LP tokens.
Amount of loss: $ 6,180,000 Attack method: Price Manipulation
Description of the event: Liquidity layer & AMM Chronos tweeted that its concentrated liquidity pools managed by @dyson_money have been exploited in a manner similar to the gamma exploit. Users are advised to revoke contracts associated with these pools. This vulnerability is specific to concentrated liquidity pools, and all other V2 pools remain safe and unaffected. The rest of the funds are secure.
Amount of loss: $ 148,000 Attack method: Flash Loan Attack
Description of the event: The multi-chain lending protocol Radiant Capital is suspected to have been targeted in a hacker attack, with total losses on Arbitrum ~4.5 million USD.
Amount of loss: $ 4,500,000 Attack method: Flash Loan Attack
Description of the event: Wizz Wallet, the wallet of the Atomicals protocol, posted on Twitter that builders within the Atomicals ecosystem, including the Wizz team, have experienced DDoS attacks.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Atomicals Market (Marketplace and Explorer for Atomicals and ARC-20) tweeted that they're currently under ddos attacks.
Amount of loss: - Attack method: DDoS Attack
Description of the event: NFPrompt announced on its social media platform that the team detected issues with Web2 wallet service. They assured users about the security of their funds and recommended using self-custodied Web3 wallets. For users facing issues, they were advised to open a ticket in the project's Discord channel to mitigate the problem.
Amount of loss: - Attack method: Unknown
Description of the event: A global IP of FREE Digital Collectibles, Art and community Wabalaba Land's Discord has been compromised. Do not click any links until the team regain control of the server.
Amount of loss: - Attack method: Discord was hacked
Description of the event: Cross-chain bridge protocol Orbit Chain has suffered an attack, resulting in a loss of $81.6 million. Orbit Chain has tweeted that the team has requested major cryptocurrency exchanges worldwide to freeze the stolen assets.
Amount of loss: $ 81,600,000 Attack method: Unknown
Description of the event: DeFi lending protocol Compound Labs tweeted that their account was compromised yesterday for ~4 hours until they regained control of the account and removed the spam messages.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: ChannelsFinance on BSC was attacked, resulting in losses of over $320K. The contract uses an old Compound v2 protocol which has a known vulnerability.
Amount of loss: $ 320,000 Attack method: Price Manipulation
Description of the event: OKX Wallet BRC20 marketplace has experienced a vulnerability where a large number of fake sats are displayed in the order book. Users are advised to immediately cease trading sats to avoid purchasing false assets and potential asset loss. On December 30th, OKX announced on Twitter that the Ordinals market has been restored, and trading for the affected currencies has resumed as usual. For genuine users who mistakenly purchased tokens due to this issue, the platform will compensate them after completing the assessment.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: There is a vulnerability in the INSC NFT contract, and multiple hackers have exploited it to steal NFTs and transfer them to Blur and OpenSea for sale. According to Blur market data, the floor price of INSC (ins-20) has dropped to 0.0048 ETH, with a decrease of 96.76% in the last 24 hours.
Amount of loss: - Attack method: Contract Vulnerability