1914 hack event(s)
Description of the event: The attacker launched continuously attacks on the LuckyGo, profiting hundreds of EOS.
Amount of loss: 200 EOS Attack method: Transaction congestion attack
Description of the event: The attacker launched continuously attacks on the dBet Games, profiting hundreds of EUSD which stablecoins issued on EOS. And has sold through the decentralized exchange Newdex.
Amount of loss: 685 EUSD Attack method: Transaction congestion attack
Description of the event: The attacker launched continuous attacks on EOS DApp nkpaymentcap and successfully profited 50,000 EOS. After analysis, it was found that the attacker used a fake transfer notification attack to obtain a large number of contract tokens, and then exchanged the tokens into real EOS for cash out through the DApp contract.
Amount of loss: 50,000 EOS Attack method: Transfer error prompt
Description of the event: The attacker launched a continuous attack on the EOS quiz game Vegas Town, profited thousands of EOS, and has been transferred to the ZB exchange. Preliminary analysis found that hackers used the failed (hard_fail) transfer transaction to cheat the game server, resulting in continued awards.
Amount of loss: 2,219 EOS Attack method: Hard_fail attack
Description of the event: The attacker launched a continuous attack on the EOS quiz game Gamble EOS, successfully profited thousands of EOS, and has been transferred to the Huobi exchange. After analysis, it was found that the attack method used by the attacker was a false transfer notification.
Amount of loss: 2,043.6 EOS Attack method: Transfer error prompt
Description of the event: The attacker launched a series of attacks on the EOS quiz game Fishing Joy, profiting hundreds of EOS. According to analysis, the attacker used the transaction crowding attack to trigger the game's refund mechanism, resulting in 100% profit.
Amount of loss: 109.33 EOS Attack method: Transaction congestion attack
Description of the event: The attacker co****op launched continuous attacks on the EOS quiz game contract xlo*****io and has already profited hundreds of EOS. After preliminary analysis, the attacker used the logic defect of the game contract by directly invoking the transfer method, and multiple accounts coordinated to carry out the attack.
Amount of loss: 42 EOS Attack method: Logic Vulnerability
Description of the event: The attacker launched continuously attacks on the OnePlay, getting almost all EOS of the game contract. And use the same attack mean to bet the game token ONE, profit nearly one million game tokens, and then transfer to the newdex exchange for sale.
Amount of loss: 449 EOS Attack method: Random number attack
Description of the event: Hackers launched continuous attacks on the EOS quiz game EOS Happy Valley, and they have profited hundreds of EOS. The game party has transferred the account balance away. Attackers still use transaction crowding out attacks. To completely fix this vulnerability, DApp developers should remove controllable variables such as account balance or time factors to participate in random number generation.
Amount of loss: 419 EOS Attack method: Transaction congestion attack
Description of the event: Tracking the blacklist account gm3dcnqgenes found that its associated account newdexmobapp received 2.09 million EOS, and has now transferred 50,000 EOS to its associated account guagddoefdqu. And in batches of hundreds to thousands of EOS each time, transferred to the stock exchange account (huobideposit), and the remaining 2.04 million EOS, has been dispersed to ftsqfgjoscma, hpbcc4k42nxy, 3qyty1khhkhv, xzr2fbvxwtgt, myqdqdj4qbge, Shprzailrazt, qkwrmqowelyu, lmfsopxpr324, lhjuy3gdkpq4, lcxunh51a1gt, geydddsfkk5e, pnsdiia1pcuy, kwmvzswquqpb, etc., there is the possibility of further turning to the exchange.
Amount of loss: 2,090,000 EOS Attack method: Unknown
Description of the event: Coinbin, a south Korean cryptocurrency exchange, is filing for bankruptcy with losses equivalent to more than $26 million after its debts grew after employees embezzled money.
Amount of loss: $ 26,000,000 Attack method: Insider Manipulation
Description of the event: Gameboy, a EOS game was attacked. Attacker cont****inop deployed a contract and attacked by calling launch function. According to the analysis of SlowMist security team and confirmed with project side by communication.The project side wrongly add a controlled seed in random algorithm which lead the attack.
Amount of loss: - Attack method: Random number attack
Description of the event: The attacker launched an attack on the EOS game EOSPlaystation.
Amount of loss: ~20000 EOS Attack method: Unknown
Description of the event: The attacker deploys the attack contract rep******net to attack the project party contract windiceadmin.
Amount of loss: ~300 EOS Attack method: Roll back attack
Description of the event: The attacker deploys the attack contract con******nop and combines multiple accounts to attack the project contract eosreeladmin.
Amount of loss: 2046 EOS Attack method: Unknown
Description of the event: Canada's largest cryptocurrency exchange is seeking creditor protection after losing about $190 million worth of cryptocurrency after the sudden death of its founder and chief executive in December.
Amount of loss: 195,000,000 Attack method: Founder and CEO suddenly died
Description of the event: The attacker deployed multiple attack contracts to attack the EOS game FASTWIN.
Amount of loss: - Attack method: Roll back attack
Description of the event: The attacker launched continuous attacks on the EOS game EOSlots.
Amount of loss: - Attack method: Fake EOS Vulnerability Attack
Description of the event: The attacker is the same batch of accounts that previously attacked BETX.
Amount of loss: 2000 EOS Attack method: Unknown
Description of the event: This is the third attack on the contract, not a transaction congestion attack, but the real purpose of the attack is the transaction rollback attack.
Amount of loss: - Attack method: Roll back attack