1627 hack event(s)
Description of the event: ZenGo co-founder Ouriel Ohayon reported on Twitter that the wallet extension SAFU Wallet apparently steals large amounts of money by injecting malicious code into users. A white hat hacker said that by inspecting the SAFU code, he found that they dynamically injected this script https://safuwallet.tk/inside.js in every page being loaded. At the same time, they use obfuscation tools to make it hard to see. Nonetheless, the white hat hackers explained that they targeted MEW, Index and Binance, using background scripts to send information to 4 different endpoints on the same domain. Therefore, the created wallet is automatically shared with them. Currently, the SAFU Wallet Google Chrome website is not available after a community request to remove the extension.
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: WOTOKEN, involved in a cryptocurrency pyramid selling case involving more than 7.7 billion yuan, has opened court and completed the trail in public and at Binhai County People's Court in Yancheng City, in which six major defendants were tried separately for organizing and leading pyramid selling activity; covering up and concealing income; harboring.
Amount of loss: $ 1,109,800,000 Attack method: Ponzi
Description of the event: Fusion released According to an official announcement, the Fusion transaction wallet (0x8e6bDa71f3f0F49dDD29969De79aFCFac4457379) was attacked on September 28, resulting in the theft of 10 million native FSN and 3.5 million ERC20 FSN tokens, worth about 5.57 million U.S. dollars. It is reported that the wallet was attacked because the private key was stolen. In response to the theft, Fusion Foundation officials have also transferred all remaining funds to the cold wallet. At the same time, Fusion officials are also tracking abnormal transactions, and uncertain evidence indicates that the theft may be caused by Fusion Foundation personnel.
Amount of loss: 10,000,000 FSN + 3,500,000 ERC20 FSN Attack method: Private Key Leakage
Description of the event: Coinhouse Suffers Phishing Attack, User Names and Emails Accessed.
Amount of loss: - Attack method: Phishing attack
Description of the event: "skreosladder" has been attacked again by hackers, who have earned thousands of EOS. The hacker has attacked the game several times and has been blacklisted by the project side, but the hacker still used the trumpet to circumvent the restrictions.
Amount of loss: - Attack method: Unknown
Description of the event: The cold wallet of the CoinTiger exchange was stolen, and the 400 million PTT of the Proton chain disappeared. According to the exchange announcement, they discovered that the cold wallet storing PTT was hacked during their regular cold wallet verification work recently, resulting in the theft of 401,981,748 PTT from the wallet.
Amount of loss: 401,981,748 PTT Attack method: Wallet Stolen
Description of the event: SKR EOS games have again been attacked by hackers, who have now earned about 4,000 EOS. After analysis, hackers still use the transaction congestion attack, operating multiple trumpet attacks on the game in turn.
Amount of loss: 4,000 EOS Attack method: Transaction congestion attack
Description of the event: There is a vulnerability in Bitstamp, which can be used by attackers to view a large number of sensitive information such as user IDs and bank CARDS, seriously threatening the information security of users.
Amount of loss: - Attack method: Information Leakage
Description of the event: The skreosladder game has been attacked by hackers again, and hackers have now profited thousands of EOS. After preliminary analysis, hackers still use transaction crowding attacks, but the difference is that hackers control a large number of accounts to place bets at the same time, and then multiple accounts are used to push blocks due to the large number of accounts participating in the attack. The connection between accounts is not obvious, and the attack is highly concealed.
Amount of loss: - Attack method: Transaction congestion attack
Description of the event: EOS Royale has been attacked by hackers, who have gained around 18,000 EOS.
Amount of loss: 18,000 EOS Attack method: Unknown
Description of the event: Multiple hackers have launched a series of attacks on the EOS game LuckyClover, earning thousands of EOS.
Amount of loss: - Attack method: Hard_fail attack
Description of the event: Multiple hackers have launched a series of attacks on the EOS game UnicornBet, earning thousands of EOS.
Amount of loss: - Attack method: Fake EOS Vulnerability Attack
Description of the event: The attacker adopted a "card position" rollback betting method for the game mechanics: the first gameplay investment of the game is profitable early, and the "player" deploys the contract to invest at the beginning of each round, thereby making the investment The return is maximized, so far the attacker has made a total of 102,652 TRX.
Amount of loss: 102,652 TRX Attack method: Rule Exploitation
Description of the event: The attackers launched a roll back attack on the contracts, which so far has yielded a total of 67,695 TRX.
Amount of loss: 67,695 TRX Attack method: Roll back attack
Description of the event: The cryptocurrency lending company YouHodler was affected by a data leak that contained information about users on its platform. Some of the data that was released to the market includes bank accounts, passport numbers, card numbers and many other things.
Amount of loss: - Attack method: Information Leakage
Description of the event: The attackers launched a trade rollback attack on the contracts, which so far has yielded a total of 113,913 TRX.
Amount of loss: 113,913 TRX Attack method: Roll back attack
Description of the event: According to QuickBit, the breach resulted in data of users such as names, emails, physical addresses and even card information was exposed. The exchange has said it has estimated about 2% user data was left unprotected. The exchange has claimed that although data was bare and accessible to anyone who had the knowledge on how to access it, none of the data has been affected or copied.
Amount of loss: - Attack method: Information Leakage
Description of the event: There was an unusually large transaction in the game contract of the TronCity project. The total balance of 257,112 TRX in the game contract was emptied at one time.
Amount of loss: 257,112 TRX Attack method: Rug Pull
Description of the event: Hackers launched a series of attacks on TronChip, earning a total of 61,867 TRX.
Amount of loss: 61,867 TRX Attack method: Random number attack
Description of the event: On July 12, Japan's BitPoint Japan (BPJ) exchange was hacked, and 3.5 billion yen (32 million U.S. dollars) worth of cryptocurrency in the hot wallet was stolen. After that, BPJ shut down all services of the exchange. On the 14th, BPJ announced the recovery of some stolen cryptocurrencies from overseas trading systems, reducing the total loss to 3.02 billion yen (customer funds 2.06 billion, BPJ own funds 960 million).
Amount of loss: $ 27,610,000 Attack method: Wallet Stolen