1914 hack event(s)
Description of the event: Synthetix, a synthetic asset issuance platform built on Ethereum, experienced an oracle attack which netted the attacker over 37 million sETH, according to Etherscan. However, the true dollar value is difficult to calculate at this time given the relative illiquidity of sETH on secondary markets.
Amount of loss: 35,759,524 sETH Attack method: Database attack
Description of the event: EOS contract yizeslotsbet suffers transfer error prompt, the attacker has already obtained 1,0000 FB token.
Amount of loss: 10,000 FB Attack method: Transfer error prompt
Description of the event: Continuous attack by hackers to SKR EOS, earning thousands of EOS.
Amount of loss: - Attack method: Random number attack
Description of the event: The hacker has gained 27,000 TRX by launching a trade rollback attack on the DappRoulette contract with a self-created contract.
Amount of loss: 27,000 TRX Attack method: Roll back attack
Description of the event: MGC wallet is exposed to carry user assets disappear, users' digital assets are aggregated to 0x4f9cxx, 0x2b29xx beginning two addresses in a short time.
Amount of loss: - Attack method: Rug Pull
Description of the event: The 600 million BETX tokens held by BETX managers were stolen by hacker and sold on the Newdex exchange. Preliminary analysis shows that the cause of this attack is that the private key of BETX project is stolen, and the hacker gains the owner privilege and transfers all the existing tokens of the contract. The selloff caused the BETX token to fluctuate sharply and close to zero.
Amount of loss: 600,000,000 BETX Attack method: Private Key Leakage
Description of the event: The TokenStore wallet was exposed as a "runaway", which swept away billions of investors' money, involving BTC, XRP, ETH and other mainstream currencies.
Amount of loss: 1,000,000,000 CNY Attack method: Rug Pull
Description of the event: Polish cryptocurrency exchange Coinroom suddenly shut down its service in April, suspected of defrauding customers and running away with funds. Although the exact amount involved in the fraud is unclear.
Amount of loss: - Attack method: Scam
Description of the event: On June 2, Bitcoin flash-crashed on a major Bitcoin trading platform Kraken. The near vertical drop from $11,200 CAD to $100 CAD within moments initially appeared to have resulted from a technical glitch or a fat-fingered trading error by a whale. In this case, the available evidence suggests a hacker compromised a whale’s account, stole 1200 BTC worth $10.45 million on that date, and then dumped this huge amount of BTC into a highly illiquid BTC/CAD marke.
Amount of loss: 1,200 BTC Attack method: Unknown
Description of the event: The attacker controls some of the GateHub database account API permissions, but the user's private key is secure. GateHub officials have identified 103 wallets that were compromised and a total of 18,473 accounts that may have been affected, including 5,045 with active balances.
Amount of loss: 23,200,000 XRP Attack method: Permission Stolen
Description of the event: Due to the failure to take effective measures against user complaints, XRP buyers have suffered a lot of losses. The cryptocurrency exchange Remitano has announced that it has suspended all XRP deposits and withdrawals to solve the problem of false XRP deposits.
Amount of loss: - Attack method: False XRP deposits
Description of the event: EOS game Poker EOS appears abnormal, which is confirmed to be caused by the disclosure of the private key of the game. The hackers made more than 20,000 EOS in total, and more than 10,000 of them have been transferred to the exchanges.
Amount of loss: 26,992.2297 EOS Attack method: Private Key Leakage
Description of the event: Hackers steal $100,000+ worth of BTC from engineering manager at Crypto Custodian BitGo. Sean Coonce, engineering manager at cryptocurrency custodian BitGo. According to the post, Coonce had over $100,000 siphoned out of his account on cryptocurrency exchange Coinbase in under 24 hours. Coone details SIM swapping, a practice that sees the attacker maliciously requesting a telecommunications carrier to redirect the traffic of a mobile phone number to a device over which they have control.
Amount of loss: $ 100,000 Attack method: SIM Card Attack
Description of the event: The DiceGame game suffered a roll back attack, and the hackers at the TYUcGmi address gained a total of 5,150 TRX.
Amount of loss: 5,150 TRX Attack method: Roll back attack
Description of the event: Binance has discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. And the hackers were able to withdraw 7000 BTC. Link: https://binance.zendesk.com/hc/en-us/articles/360028031711-Binance-Security-Breach-Update
Amount of loss: 7,074 BTC Attack method: Wallet Stolen
Description of the event: At 4:12 AM on May 3, Beijing time, a contract call transferred 26.73 million TRX (valued at RMB 4.27 million) from the TronBank contract, and the contract balance returned to zero. About two hours after the theft, wojak, the owner of THeRTT**, who transferred the 26.73 million TRX address, appeared. According to wojak, he wrote a script to analyze the bytecode of the TRON virtual machine, scan the contracts in batches and initiate transactions to see if there is any way to make money, but accidentally hit a bug in the Tronbank contract. At first he didn't even know that the money came from Tronbank. Some people in the community suggested that wojak return the money to the Tronbank developers, but wojak believes that this is not his problem. Developers should write test examples, do audits, and at least run some formal verifications (obviously they didn’t do anything). He is willing to return the money intact to every investor in Tronbank, not the developer of the project. Based on the available information, it is still too early to conclude that "the developer placed a backdoor in the contract". There are only two objective conclusions that can be drawn at present: 1. TRX Pro has a backdoor in the contract on the main network; 2. The code certified on TSC does not match the actual contract operation logic.
Amount of loss: 26,730,000 TRX Attack method: Contract Vulnerability
Description of the event: The TRON Wheel Of Fortune DApp is being attacked by a transaction rollback, with a total loss of 7,856 TRX, and the attack is still ongoing. Previously, security personnel found that the hacker continued to conduct transaction rollback attacks on multiple DAPP contract addresses through the same method.
Amount of loss: 7,856 TRX Attack method: Roll back attack
Description of the event: Taiwan exchange BitoPro's XRP suffered an attack that caused a price crash and is thought to have lost about 7m XRPS.
Amount of loss: 7,000,000 XRP Attack method: False top-up
Description of the event: The attacker constructed the malicious memo, which caused the eosblue.one server parsing exceptions, thus continuously winning prizes or leading to unusually large refunds.
Amount of loss: 12,883 EOS Attack method: Memo attack
Description of the event: Bitfinex is accused of sending 850 million U.S. dollars to Crypto Capital Corp, a payment processor believed to be located in Panama, without informing customers, and withdrawing at least 700 million U.S. dollars from Tether's reserves after the funds were lost.
Amount of loss: $ 851,000,000 Attack method: Scam