1627 hack event(s)
Description of the event: Polish cryptocurrency exchange Coinroom suddenly shut down its service in April, suspected of defrauding customers and running away with funds. Although the exact amount involved in the fraud is unclear.
Amount of loss: - Attack method: Scam
Description of the event: On June 2, Bitcoin flash-crashed on a major Bitcoin trading platform Kraken. The near vertical drop from $11,200 CAD to $100 CAD within moments initially appeared to have resulted from a technical glitch or a fat-fingered trading error by a whale. In this case, the available evidence suggests a hacker compromised a whale’s account, stole 1200 BTC worth $10.45 million on that date, and then dumped this huge amount of BTC into a highly illiquid BTC/CAD marke.
Amount of loss: 1,200 BTC Attack method: Unknown
Description of the event: The attacker controls some of the GateHub database account API permissions, but the user's private key is secure. GateHub officials have identified 103 wallets that were compromised and a total of 18,473 accounts that may have been affected, including 5,045 with active balances.
Amount of loss: 23,200,000 XRP Attack method: Permission Stolen
Description of the event: Due to the failure to take effective measures against user complaints, XRP buyers have suffered a lot of losses. The cryptocurrency exchange Remitano has announced that it has suspended all XRP deposits and withdrawals to solve the problem of false XRP deposits.
Amount of loss: - Attack method: False XRP deposits
Description of the event: EOS game Poker EOS appears abnormal, which is confirmed to be caused by the disclosure of the private key of the game. The hackers made more than 20,000 EOS in total, and more than 10,000 of them have been transferred to the exchanges.
Amount of loss: 26,992.2297 EOS Attack method: Private Key Leakage
Description of the event: Hackers steal $100,000+ worth of BTC from engineering manager at Crypto Custodian BitGo. Sean Coonce, engineering manager at cryptocurrency custodian BitGo. According to the post, Coonce had over $100,000 siphoned out of his account on cryptocurrency exchange Coinbase in under 24 hours. Coone details SIM swapping, a practice that sees the attacker maliciously requesting a telecommunications carrier to redirect the traffic of a mobile phone number to a device over which they have control.
Amount of loss: $ 100,000 Attack method: SIM Card Attack
Description of the event: The DiceGame game suffered a roll back attack, and the hackers at the TYUcGmi address gained a total of 5,150 TRX.
Amount of loss: 5,150 TRX Attack method: Roll back attack
Description of the event: Binance has discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. And the hackers were able to withdraw 7000 BTC. Link: https://binance.zendesk.com/hc/en-us/articles/360028031711-Binance-Security-Breach-Update
Amount of loss: 7,074 BTC Attack method: Wallet Stolen
Description of the event: At 4:12 AM on May 3, Beijing time, a contract call transferred 26.73 million TRX (valued at RMB 4.27 million) from the TronBank contract, and the contract balance returned to zero. About two hours after the theft, wojak, the owner of THeRTT**, who transferred the 26.73 million TRX address, appeared. According to wojak, he wrote a script to analyze the bytecode of the TRON virtual machine, scan the contracts in batches and initiate transactions to see if there is any way to make money, but accidentally hit a bug in the Tronbank contract. At first he didn't even know that the money came from Tronbank. Some people in the community suggested that wojak return the money to the Tronbank developers, but wojak believes that this is not his problem. Developers should write test examples, do audits, and at least run some formal verifications (obviously they didn’t do anything). He is willing to return the money intact to every investor in Tronbank, not the developer of the project. Based on the available information, it is still too early to conclude that "the developer placed a backdoor in the contract". There are only two objective conclusions that can be drawn at present: 1. TRX Pro has a backdoor in the contract on the main network; 2. The code certified on TSC does not match the actual contract operation logic.
Amount of loss: 26,730,000 TRX Attack method: Contract Vulnerability
Description of the event: The TRON Wheel Of Fortune DApp is being attacked by a transaction rollback, with a total loss of 7,856 TRX, and the attack is still ongoing. Previously, security personnel found that the hacker continued to conduct transaction rollback attacks on multiple DAPP contract addresses through the same method.
Amount of loss: 7,856 TRX Attack method: Roll back attack
Description of the event: Taiwan exchange BitoPro's XRP suffered an attack that caused a price crash and is thought to have lost about 7m XRPS.
Amount of loss: 7,000,000 XRP Attack method: False top-up
Description of the event: The attacker constructed the malicious memo, which caused the eosblue.one server parsing exceptions, thus continuously winning prizes or leading to unusually large refunds.
Amount of loss: 12,883 EOS Attack method: Memo attack
Description of the event: Bitfinex is accused of sending 850 million U.S. dollars to Crypto Capital Corp, a payment processor believed to be located in Panama, without informing customers, and withdrawing at least 700 million U.S. dollars from Tether's reserves after the funds were lost.
Amount of loss: $ 851,000,000 Attack method: Scam
Description of the event: Tron Dapp TronBank was attacked by Fake token attack at 1 am, about 170 million BTT were stolen in 1 hour (worth about 850,000 yuan). Monitoring showed that the hacker created a fake token BTTx to initiate the "invest" function to the contract, and the contract did not determine whether the sender's token id was consistent with the BTT real token id1002000.
Amount of loss: 170,000,000 BTT Attack method: Oracle Attack
Description of the event: The hacker launched 1,203 attacks on the TronWow, made a total of 2,167,377 TRX profits.
Amount of loss: 2,167,377 TRX Attack method: Random number attack
Description of the event: Hacker has used contract vulnerabilities to send a huge amount of IseriCoin tokens to his account.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Attackers continue to make continuous profits by creating new accounts and calling the luckydraw method of the EOS quiz game DEOS Games contract. Currently, over 300 accounts have been created and thousands of EOS have been accumulated. Different from the known attack characteristics in the past, it is preliminarily judged that this attack is a new type of attack. The attacker creates new accounts in batches, and then places small bets in exchange for a larger return. The return rate of betting is abnormally high, resembling "wool wool".
Amount of loss: 2,090 EOS Attack method: Automatically attack lucky draw system
Description of the event: The attacker launched continuously attacks and profit from the EOSlots, and the game has been suspended operations.
Amount of loss: 2,468.92 EOS Attack method: Random number attack
Description of the event: The attacker once again launched an attack on the EOS quiz game eosnowbetext. After preliminary analysis, the attacker still manipulated multiple trumpets to attack the game through transaction squeeze, and has already made a profit.
Amount of loss: 200 EOS Attack method: Transaction congestion attack
Description of the event: According to a report from CoinDesk Korea, the exchange was hacked for a total of 3.1 million EOS, which was withdrawn from the exchange’s “hot” (internet connected) wallet through a series of transactions. Based on the data from CoinMarketCap, EOS is currently trading at $4.22, making the total value of the coins lost around $13 million. The company said in its statement that it suspects the hack was conducted by an insider, since no evidence of external exploit has been found.
Amount of loss: 3,132,672 EOS Attack method: Unknown