1834 hack event(s)
Description of the event: KuCoin, a cryptocurrency exchange, warned of fraudulent websites using its brand to try to steal cryptocurrencies. The website provides false rewards to induce users to deposit digital assets.
Amount of loss: - Attack method: Phishing attack
Description of the event: OKEx has confirmed that the latest 51% attack caused ETC losses of approximately $5.6 million. Out of concerns about the security of the ETC mainnet, it is considering removing ETC from the exchange. According to a report released by OKEx on Saturday, OKEx will repay all the ETC lost by users.
Amount of loss: $ 5,600,000 Attack method: 51% attack
Description of the event: The Hong Kong police arrested three men on suspicion of defrauding nearly 230,000 Hong Kong dollars (US$30,000) from Bitcoin ATMs. This is the first such case in Hong Kong. These exchanges suspect that criminals have used the “loopholes” of ATMs to withdraw cash without official authorization.
Amount of loss: $ 30,000 Attack method: Scam
Description of the event: The DeFi liquidity farming anonymous project BASED officially announced that it would redeploy the pledge pool. The official tweeted that a hacker tried to freeze "Pool1" permanently, but the attempt failed, and "Pool1" will continue as planned. The mortgage funds and BASED tokens are currently safe.
Amount of loss: - Attack method: Unknown
Description of the event: A cryptocurrency trader tweeted that a hacker hacked into his Ledger crypto wallet and stole more than 100,000 ERC-20 tokens. In addition, the trader said his account was safe because he had just reset his password last week.
Amount of loss: 100,000 ERC-20 Attack method: Unknown
Description of the event: On August 13, 2020, the well-known Ethereum DeFi project YAM officially issued a post on Twitter indicating that there were loopholes in the contract. The price plummeted by 99% within 24 hours, resulting in the “permanent destruction” of the governance contract, with a value of 750,000 USD Curve tokens. It is locked and cannot be used. Since the value of totalSupply was taken during rebase, the value of totalSupply calculated incorrectly will not be immediately applied to initSupply through mint, so before the next rebase, the community still has a chance to recover this error and reduce losses. But once the next rebase is executed, the entire mistake will become irreparable.
Amount of loss: $ 750,000 Attack method: Contract Vulnerability
Description of the event: Two small-scale token projects, NUGS and NEXE, appeared to have committed "travel fraud" shortly after being launched on Uniswap. The NUGS project blamed this move on a "smart contract vulnerability". On its official telegram channel, NUGS stated that its smart contract is now "unfixable." Another project, NEXE, is also suspected to have gone, and the social media account of this project has been deleted.
Amount of loss: - Attack method: Rug Pull
Description of the event: Tencent Security Threat Intelligence Center has detected a large number of attacks originating from overseas IP and some domestic IP against domestic cloud server tenants. The attacker blasted into the server through SSH (port 22), and then executed malicious commands to download the Muhstik botnet Trojan. The botnet will control the compromised server to perform SSH lateral movement, download the Monero mining Trojan, and accept remote commands to launch DDoS attacks.
Amount of loss: - Attack method: Remote Intrusion
Description of the event: Bitfly officially tweeted that ETC encountered another large-scale 51% attack today. The attack has resulted in the reorganization of more than 4000 blocks. Bitfly reminded that unless the official notified further, the current mining pool payment is invalid. At the same time, the government encourages all miners to switch ETH pools on the official website. Blockchain data analysis company Bitquery released an investigation report on the second 51% attack of ETC. The report shows that the initiator of this attack and the initiator of the first attack were the same miner. The attackers profited at least 1.68 million US dollars from this attack.
Amount of loss: $ 1,680,000 Attack method: 51% attack
Description of the event: According to a tweet published by Jon Prosser on August 5, its YouTube channel with 262,000 subscribers was hacked, the channel name was changed to "NASA [news]", and a live broadcast about SpaceX CEO Elon Ma Skr gave false news of Bitcoin. In about two hours, the illegal profit was $4,000.
Amount of loss: $ 4,000 Attack method: Youtube was hacked
Description of the event: Opyn, an on-chain options platform, disclosed that its Ethereum put options were maliciously exploited by external participants. Opyn pointed out that all other Opyn contracts except Ethereum put options are not affected by this vulnerability. The attacker doubled the use of oToken and stole the mortgage assets of the put option seller. According to Opyn statistics, a total of 371,260 USDC has been stolen so far. Because the exercise function exercise() in the Opyn ETH Put smart contract does not perform real-time verification of the trader's ETH. According to the business logic of the Opyn platform, the buyer of the put option transfers the corresponding value of ETH to the seller to obtain the digital asset mortgaged by the seller. The cunning attacker first initiates a disguised transaction to himself, and uses the reusable feature of this ETH to initiate a transfer to the seller user again, thereby defrauding the seller's mortgaged digital assets.
Amount of loss: 371,260 USDC Attack method: Contract Vulnerability
Description of the event: YFII's hard fork project YYFI has completely become an "exit scam" in the early morning of August 1. From the very beginning, this project seems to be determined to prepare for its own run.
Amount of loss: - Attack method: Scam
Description of the event: CWT, the fifth largest travel company in the United States, agreed to pay $4.5 million worth of bitcoin to hackers who hijacked its computer systems.
Amount of loss: $ 4,500,000 Attack method: Ransomware
Description of the event: Bitfly tweeted that today, the ETC blockchain has undergone a chain reorganization of 3693 blocks at a block height of 10904146. This causes all state construction nodes to stop synchronizing. The ETC blockchain did not produce blocks for nearly 6 hours, and then the block production returned to normal.
Amount of loss: - Attack method: The miner using the old software
Description of the event: Spanish cryptocurrency exchange 2gether has been maliciously hacked, affecting around 5,500 users who trade on the platform. According to a statement by Spanish police dated 22 February 2022, a team from the Ministry of Cybercrime has arrested five persons suspected of hacking. A 2gether employee was reportedly found guilty of stealing $7 million from the company. He downloaded a pirated movie that contained malware. The malware hacked into the exchange’s systems, allowing hackers to steal more than $7 million in BTC and ETH. Police found attackers using computer viruses such as Remote Access Trojans (RATs) to gain access to 2gether's internal network. Although the employee gave the hackers access to the company's network, the attackers spent about six months analyzing the exchange's activity before carrying out the theft.
Amount of loss: $ 7,000,000 Attack method: Trojan horse virus
Description of the event: On July 25, 2020, there was unauthorized access to Ledger's database, resulting in data leakage. The leaked data includes e-commerce and marketing data, but payment information and encrypted assets are safe. Ledger’s announcement claimed that the API Key was used to achieve unauthorized access to the database. Currently, the API Key has become invalid.
Amount of loss: - Attack method: Information Leakage
Description of the event: In the early hours of this morning, many celebrity politicians and some companies' Twitter accounts were attacked by hackers, and these Twitter accounts all published relevant digital currency phishing scam information. However, the phishing information was deleted a few minutes after it was posted. As of now, the scammers have received 12.86 bitcoins in total.
Amount of loss: 12.86 BTC Attack method: Hacked account
Description of the event: Cashaa, a UK-based cryptocurrency exchange, said hackers stole 336 Bitcoins from a wallet on the exchange. The company has now stopped all transactions related to cryptocurrency.
Amount of loss: 336 BTC Attack method: Malicious Software
Description of the event: From April 2014 to December 2019, the BitClub network was a fraudulent scheme that solicited funds from investors in exchange for stakes in so-called cryptocurrency mining pools and rewarded their investments, according to an announcement issued by the U.S. Attorney's Office in New Jersey. to recruit new investors into the program. Over the five-year period of the program, BitClub defrauded investors of at least $722 million in bitcoin.
Amount of loss: $ 722,000,000 Attack method: Ponzi
Description of the event: In the recent referendum on constitutional reform, 1.14 million Russians voted through the blockchain platform, but their data has been made public on the Internet and can be accessed directly from state-owned servers. Election officials Shared a ZIP file containing id card information, passport Numbers and other passport information of people who voted on the blockchain platform, sources said. The ZIP file is stored on a government website. The files are free and can be downloaded by anyone at any given time. In addition, the files are password-protected, though the passwords are not very strong. Meanwhile, there are other problems with the blockchain voting platform, such as a loophole for partial repeat votes.
Amount of loss: - Attack method: Information Leakage