1980 hack event(s)
Description of the event: Last week, BTG encountered two 51% computing power attacks, and both recharge transactions to exchanges were cancelled, involving about 1,900 BTG and 5267 BTG, which was close to 90,000 US dollars.
Amount of loss: $ 90,000 Attack method: 51% attack
Description of the event: Electrum suffers from "Update Phishing" theft. (The "Update Phishing" attack continues, and the older version (less than 3.3.4) is still under threat.)
Amount of loss: 2,000 BTC Attack method: Phishing attack
Description of the event: The well-known public chain NULS suffered a hacker attack and lost nearly $480,000 worth of NULS tokens. The SlowMist security team analyzed and found that the reason for the attack was that there was a loophole in the NULS transaction signature verification algorithm. The hacker bypassed the signature verification by using a carefully constructed transaction, transferred the tokens of the team account, and then some tokens were thrown into the market. , At present, major exchanges have suspended the deposit and withdrawal of NULS. After the attack, the official urgently checked the problem, carried out problem repair and code testing, and then released a new version of the program, and scheduled a hard fork at the height of 878000 (about noon on December 25th, Beijing time) to freeze other tokens that have not flowed into the market.
Amount of loss: $ 480,000 Attack method: Vulnerability in transaction signature verification algorithm
Description of the event: The VeChain Foundation, a non-profit organization supporting the VeChain public blockchain platform, announced that their repurchase address was leaked at 12:27 PM Eastern Time on Friday (ie 1:27 AM Beijing time) . The company stated in the announcement: “The security breach is most likely due to the improper behavior of a member of our finance team who created a repurchase account without fully complying with the standard procedures approved by the foundation, and due to human error. , Our audit team did not find such inappropriate behavior. We want to emphasize that the incident has nothing to do with the actual standard process or the effectiveness of VeChain’s hardware wallet solution."
Amount of loss: $ 6,500,000 Attack method: Human error
Description of the event: The hacker at the beginning of the TFNsSk address initiated a transaction rollback attack on the Tron Lounge DApp contract beginning with TRON TR3n2D through a self-created contract, and has made a profit of 54,653 TRX so far.
Amount of loss: 54,653 TRX Attack method: Roll back attack
Description of the event: The chief maintainer of Vertcoin James Lovejoy revealed in an attack report on December 2 that a malicious entity targeted the cryptocurrency exchange Bittrex to manipulate the Vertcoin blockchain. The hacker paid at least $440 to attack VTC, but fortunately Vertcoin was not affected.
Amount of loss: - Attack method: 51% attack
Description of the event: South Korean exchange Upbit 342,000 ETH worth about $50 million was stolen. The exchange’s alleged theft occurred while assets were being transferred between hot and cold storage wallets, leading some to speculate that the incident may have been an internal job rather than an external breach. On January 14, 2025, the United States, Japan, and South Korea mentioned in a joint statement that the Upbit theft was attributed to DPRK.
Amount of loss: 342,000 ETH Attack method: Wallet Stolen
Description of the event: The hackers launched a trade rollback attack on TRON's Dice contracts through self-created contracts, and have gained 18,808 TRX to date.
Amount of loss: 18,808 TRX Attack method: Roll back attack
Description of the event: Gatehub Crypto Wallet Data Breach Compromises Passwords of 1.4M Users.
Amount of loss: - Attack method: Information Leakage
Description of the event: Vietnamese cryptocurrency exchange VinDAX has been hacked, losing at least $500,000 in cryptocurrency.
Amount of loss: $ 500,000 Attack method: Wallet Stolen
Description of the event: BetHash's betting game mechanism allows players to guess the ratio of the number between 0-100 and the random number given by the system to win the bonus of the corresponding odds. The smaller the bet number, the greater the odds. Every time a player makes a bet, the dicereceipt() function of the BetHash smart contract will be called to notify the player's account. At this point, the hacker can control the malicious program to hijack the notification and embed the inline operation to implement the attack. Although the attacker also needs to pay a certain amount of bet for every attack, as long as it keeps 0.1 EOS and is conservative
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: BitMEX Compromises User Data in Email Gaffe.
Amount of loss: - Attack method: Information Leakage
Description of the event: Hackers launched a "fake EOS" attack on BitDice, a guessing game, earning more than 4,000 EOS and transferring it to EXMO, ChangeNOW and other exchanges.
Amount of loss: 4,000 EOS Attack method: Fake EOS Vulnerability Attack
Description of the event: ZenGo co-founder Ouriel Ohayon reported on Twitter that the wallet extension SAFU Wallet apparently steals large amounts of money by injecting malicious code into users. A white hat hacker said that by inspecting the SAFU code, he found that they dynamically injected this script https://safuwallet.tk/inside.js in every page being loaded. At the same time, they use obfuscation tools to make it hard to see. Nonetheless, the white hat hackers explained that they targeted MEW, Index and Binance, using background scripts to send information to 4 different endpoints on the same domain. Therefore, the created wallet is automatically shared with them. Currently, the SAFU Wallet Google Chrome website is not available after a community request to remove the extension.
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: WOTOKEN, involved in a cryptocurrency pyramid selling case involving more than 7.7 billion yuan, has opened court and completed the trail in public and at Binhai County People's Court in Yancheng City, in which six major defendants were tried separately for organizing and leading pyramid selling activity; covering up and concealing income; harboring.
Amount of loss: $ 1,109,800,000 Attack method: Ponzi
Description of the event: Fusion released According to an official announcement, the Fusion transaction wallet (0x8e6bDa71f3f0F49dDD29969De79aFCFac4457379) was attacked on September 28, resulting in the theft of 10 million native FSN and 3.5 million ERC20 FSN tokens, worth about 5.57 million U.S. dollars. It is reported that the wallet was attacked because the private key was stolen. In response to the theft, Fusion Foundation officials have also transferred all remaining funds to the cold wallet. At the same time, Fusion officials are also tracking abnormal transactions, and uncertain evidence indicates that the theft may be caused by Fusion Foundation personnel.
Amount of loss: 10,000,000 FSN + 3,500,000 ERC20 FSN Attack method: Private Key Leakage
Description of the event: Coinhouse Suffers Phishing Attack, User Names and Emails Accessed.
Amount of loss: - Attack method: Phishing attack
Description of the event: "skreosladder" has been attacked again by hackers, who have earned thousands of EOS. The hacker has attacked the game several times and has been blacklisted by the project side, but the hacker still used the trumpet to circumvent the restrictions.
Amount of loss: - Attack method: Unknown
Description of the event: The cold wallet of the CoinTiger exchange was stolen, and the 400 million PTT of the Proton chain disappeared. According to the exchange announcement, they discovered that the cold wallet storing PTT was hacked during their regular cold wallet verification work recently, resulting in the theft of 401,981,748 PTT from the wallet.
Amount of loss: 401,981,748 PTT Attack method: Wallet Stolen
Description of the event: SKR EOS games have again been attacked by hackers, who have now earned about 4,000 EOS. After analysis, hackers still use the transaction congestion attack, operating multiple trumpet attacks on the game in turn.
Amount of loss: 4,000 EOS Attack method: Transaction congestion attack