1815 hack event(s)
Description of the event: By deploying the attack contract and using the same algorithm as FFgame to calculate the random number in the contract, the attacker immediately uses the random number attack contract in inline_action after generating the random number, resulting in the winning result being "predicted", thus reaching the super high winning rate.
Amount of loss: 1,331 EOS Attack method: Random number attack
Description of the event: Attacked by the attacker, the specific content is unknown.
Amount of loss: 200 EOS Attack method: Unknown
Description of the event: Hackers successfully sandwiched crypto-stealing code into the middle of a popular web traffic-measuring plugin from StatCounter, which is now used on more than two million websites, including government sites. They have determined, however, that the rather wide swath of infections may have been designed to eventually infect cryptocurrency trading sites, and that the scheme did, in fact, infect popular crypto-trading site Gate.io. By situating the code in the middle of StatCounter’s downloadable javascript web traffic analysis tool, hackers made it harder to detect.
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: Random number was cracked by attacker.
Amount of loss: 2,545 EOS Attack method: Random number attack
Description of the event: EOSeven was transferred 600 million SVN from eosevendice2 to account tuningfinish, then back 450 million to eosevendice2. After that, tuningfinish sold the SVN token on Newdex and finally transferred the resulting EOS to Binance Exchange.
Amount of loss: - Attack method: Insider Manipulation
Description of the event: The hacker "refundwallet" tried to attack the EOSCast game contract "eoscastdmgb1". The hacker first used the "fake EOS" attack method to conduct 8 transfer attacks, but failed, and then successfully attacked 9 times by using the "fake EOS transfer variant". According to the rules of the game, hackers launched attacks with 100, 1,000, and 10,000 fake EOS. Each attack can get 198, 9,800, 19,600 EOS. When the last attack was carried out, the game party noticed an abnormal attack and transferred it in time. After leaving the remaining 8,000 EOS in the bonus pool, in the end, the hacker made a total of 72,912 EOS.
Amount of loss: 70,000 EOS Attack method: Fake EOS Vulnerability Attack
Description of the event: The official forgot to put the seed into the database when expanding the server, and no longer record the seed after the 868590 game.
Amount of loss: 1374.375 EOS Attack method: Operational Mistake
Description of the event: MapleChange, based in Canada, announced on Twitter the exchange "sustained a hack" and was investigating the issue. The post also said the exchange had turned off users' accounts temporarily. About refunding its customers, it opened a Discord server (a platform for users to chat) so customers could post there about their missing funds, based on which it would initiate refunds. The exchange's website was down.
Amount of loss: 913 BTC Attack method: Unknown
Description of the event: Vulnerability of the random number generator, the attacker can try to calculate the future number of random number generator algorithms by using the information of the previous block and stolen $60,000 from the EosRoyale wallet.
Amount of loss: 11,000 EOS Attack method: Random number attack
Description of the event: Trade.io confirmed via their Medium blog that someone or some entity gained access to the assets, resulting in over 50 million in Trade (TIO) tokens being stolen from the firm’s cold storage wallets. The 50 million tokens are valued at $7.5 million at the current $0.15 price per TIO. The ongoing investigation has revealed that some of the TIO tokens had made their way to cryptocurrency exchanges Bancor and Kucoin. Kucoin has suspended TIO transactions, while Bancor has permanently removed TIO.
Amount of loss: 50,000,000 TIO Attack method: Unknown
Description of the event: RatingToken, a third-party big data platform owned by Cheetah, has detected that DAPP World Conquest developed based on EOS was hacked. Subsequently, the official issued an announcement on its Discord to confirm the fact of the attack. The hacker used the tax payment rules of the game to reject subsequent buyers, which led to the abnormal end of the game. The hacker took all the EOS in the fund pool, and only 0.0155 EOS was left in the contract.
Amount of loss: 4,555 EOS Attack method: Rule Exploitation
Description of the event: The attacker exploited the vulnerabilities in the EOSBet contract to falsify the transfer prompt.
Amount of loss: 145,321 EOS Attack method: Transfer error prompt
Description of the event: The attacker created a malicious contract masquerading as an ERC20 token, and the "transfer" function re-invokes the payment channel contract repeatedly, each time exhausting some ETH.
Amount of loss: 165.38 ETH Attack method: Reentrancy attack
Description of the event: The owner permission of the contract account had been modified, after that, 18,000 EOS was transferred to the EOS account fuzl4ta23d1a.
Amount of loss: 18,000 EOS Attack method: Permission Stolen
Description of the event: After EOSBet broke the security vulnerability of hackers using counterfeit currency bets to win real coins, at 2 o'clock in the afternoon, EOS contract account oo1122334455 issued a token named "EOS", and allocated one billion fake EOS tokens to EOS accounts in full dapphub12345, and then transfer the fake tokens to the account iambillgates (the account that carried out the attack) from this account. After the attacking account used a small fake EOS to verify the attack, a large-scale attack was carried out from 14:31:34 to 14:45:41. There were 11,800 fake EOS listing orders to buy BLACK, IQ, and ADD, and all of them were traded.
Amount of loss: 11,803 EOS Attack method: Fake EOS Vulnerability Attack
Description of the event: The attacker exchanged true EOS token with fake token within the vulnerability in the code,winning without betting
Amount of loss: 4,000 EOS Attack method: Code Vulnerability
Description of the event: The game contract does not check the transfer action must initiated by eosio.token or token contract of the game itself.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Hackers with unauthorized access to the exchange’s hot wallets had stolen roughly $60 million in bitcoin, bitcoin cash, and MonaCoin. That being said, the exact amount of bitcoin cash stolen remains unknown.
Amount of loss: $ 59,000,000 Attack method: Wallet Stolen
Description of the event: the attacker exchanged true EOS token with fake token within the vulnerability in the code, winning without betting.
Amount of loss: 42,000 EOS Attack method: Code Vulnerability
Description of the event: Because of its random algorithm associated with the time, the same bet will yield different results at different times. Hackers use this feature to reject failed lottery results.
Amount of loss: 4,000 EOS Attack method: Replay attack