1815 hack event(s)
Description of the event: DeFi lending protocol Lendf.Me was hacked.
Amount of loss: $24,696,616 Attack method: ERC777 Reentrancy Attack
Description of the event: The attacker used a reentrancy attack to steal funds (containing approximately 1,278 ETH) from Uniswap's ETH-imBTC Uniswap liquidity pool.
Amount of loss: 1,278 ETH Attack method: ERC777 Reentrancy Attack
Description of the event: Hacker Exploits Flaw in Decentralized Bitcoin Exchange Bisq to Steal $250K.
Amount of loss: $ 250,000 Attack method: Defects in the transaction agreement
Description of the event: Cocos-BCX has verified with the exchange, conducted internal investigations and concluded that asset loss and malicious selling that occurred are due to the malicious theft of the mapping wallet information. After verifying and confirming with the exchange, the total amount of stolen tokens this time was 1,087,522,819.2 COCOS, and the exchange confirmed that this total amount has been sold.
Amount of loss: 1,087,522,819.2 COCOS Attack method: Wallet Stolen
Description of the event: Attacker creates malicious Ledger Chrome extensions and tricks users into downloading malicious Ledger Chrome extensions through Google search ad serving and other methods to steal users' cryptocurrency. So far, it is known that at least 1.4 million XRP are stolen.
Amount of loss: 1,400,000 XRP Attack method: Phishing attack
Description of the event: Due to the congestion of Ethereum, the gas soared, and the liquidated ETH was sold at a price of 0 US dollars using the MakerDao auction loophole.
Amount of loss: $ 7,900,000 Attack method: Liquidation Mechanism Flaw
Description of the event: The crypto fund Trident Crypto Fund was hacked and the data of 266,000 users was leaked. The database containing email addresses, mobile numbers, encrypted passwords and IP addresses was uploaded to various file-sharing sites on February 20.
Amount of loss: - Attack method: Information Leakage
Description of the event: Josh Jones, founder of Bitcoin Builder and Mt.Gox's second largest creditor, has had $45 million worth of digital currency stolen.
Amount of loss: $45,000,000 Attack method: SIM card is hacked
Description of the event: bZx was attacked again with an estimated loss of $645,000 of ETH
Amount of loss: $645,000 Attack method: Oracle Attack
Description of the event: VBITEX platform was hacked, resulting in malicious manipulation of platform data and theft of virtual assets.
Amount of loss: - Attack method: Unknown
Description of the event: The FCoin exchange claimed that due to funding difficulties, the fund reserves could not be redeemed for user withdrawals, and the estimated amount of funds that could not be redeemed was between 7,000-13,000 BTC.
Amount of loss: - Attack method: Scam
Description of the event: DeFi lending protocol bZx exploited, may lose up to $350,000.
Amount of loss: $350,000 Attack method: Oracle Attack
Description of the event: IOTA has shut down its entire network this week after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds.Estimated loss of 850000 MIOTA (valued at us $2.3 million).
Amount of loss: 8,550,000 MIOTA Attack method: Application Vulnerability
Description of the event: The Italian cryptocurrency exchange Altsbit was hacked. As of now, the value of stolen Bitcoin and Ether is about 70,000 U.S. dollars. The website stated that it will be closed after partial refund of client funds.
Amount of loss: $ 70,000 Attack method: Wallet Stolen
Description of the event: The hacker at the beginning of the TKnzni address continued to launch a transaction rollback attack on the LuckLambo104 contract address beginning with TGsyJF by creating an attack contract, and profited 6,588 TRX. The contract was created at 23:00 on February 01 and was attacked the day after it went live. The current contract balance has returned to zero.
Amount of loss: 6,588 TRX Attack method: Roll back attack
Description of the event: Last week, BTG encountered two 51% computing power attacks, and both recharge transactions to exchanges were cancelled, involving about 1,900 BTG and 5267 BTG, which was close to 90,000 US dollars.
Amount of loss: $ 90,000 Attack method: 51% attack
Description of the event: Electrum suffers from "Update Phishing" theft. (The "Update Phishing" attack continues, and the older version (less than 3.3.4) is still under threat.)
Amount of loss: 2,000 BTC Attack method: Phishing attack
Description of the event: The well-known public chain NULS suffered a hacker attack and lost nearly $480,000 worth of NULS tokens. The SlowMist security team analyzed and found that the reason for the attack was that there was a loophole in the NULS transaction signature verification algorithm. The hacker bypassed the signature verification by using a carefully constructed transaction, transferred the tokens of the team account, and then some tokens were thrown into the market. , At present, major exchanges have suspended the deposit and withdrawal of NULS. After the attack, the official urgently checked the problem, carried out problem repair and code testing, and then released a new version of the program, and scheduled a hard fork at the height of 878000 (about noon on December 25th, Beijing time) to freeze other tokens that have not flowed into the market.
Amount of loss: $ 480,000 Attack method: Vulnerability in transaction signature verification algorithm
Description of the event: The VeChain Foundation, a non-profit organization supporting the VeChain public blockchain platform, announced that their repurchase address was leaked at 12:27 PM Eastern Time on Friday (ie 1:27 AM Beijing time) . The company stated in the announcement: “The security breach is most likely due to the improper behavior of a member of our finance team who created a repurchase account without fully complying with the standard procedures approved by the foundation, and due to human error. , Our audit team did not find such inappropriate behavior. We want to emphasize that the incident has nothing to do with the actual standard process or the effectiveness of VeChain’s hardware wallet solution."
Amount of loss: $ 6,500,000 Attack method: Human error
Description of the event: The hacker at the beginning of the TFNsSk address initiated a transaction rollback attack on the Tron Lounge DApp contract beginning with TRON TR3n2D through a self-created contract, and has made a profit of 54,653 TRX so far.
Amount of loss: 54,653 TRX Attack method: Roll back attack