2004 hack event(s)
Description of the event: The attacker controlled multiple accounts to launch continuously attacks on the TGON, made thousands of EOS in profit from the TGON, and transferred to the Binance Exchange.
Amount of loss: 1,606.8268 EOS Attack method: Roll back attack
Description of the event: BiKi.com announced that at 0:08:23 on March 26, the BiKi.com community received a user feedback that his password has been tampered with and need to bind the new Google verification code.At around 5 in the morning, 28 users had the same problem, and the risk control system received an alarm. After investigation, it is because some users are not bound to Google verification code and third-party verification code service provider SMS is hijacked and caused. At present, the number of of accounts that have been tampered with passwords is 37, and the account involved in asset transfer is 18, and the loss amount is 12.33 million USDT, the BiKi.com will bear the full amount of the loss.
Amount of loss: 123,300 USDT Attack method: unknown
Description of the event: Crypptocurrency expert Nick Schteringard said on Twitter yesterday, that the hacker appears to have stolen roughly $6 million in Coinbene Coin and $39 million in Maximine Coin, which it later dumped on the market.
Amount of loss: $ 45,000,000 Attack method: Unknown
Description of the event: DragonEx announced the news on its official Telegram channel on Monday, stating that, on Sunday, March 24, it had suffered a cyberattack that saw cryptocurrency funds owned by users and the exchange “transferred and stolen.” In updates on the hack today, DragonEx’s Telegram admin provided wallet addresses for 20 cryptocurrencies to which the stolen funds had apparently been transferred. The list included the top five cryptos by market capitalization: bitcoin (BTC), ether (ETH), XRP, litecoin (LTC) and EOS, as well as the tether stablecoin (USDT) for which six destination addresses were provided.
Amount of loss: $ 6,028,283 Attack method: Wallet Stolen
Description of the event: The Etbox platform wallet was hacked, causing the platform’s digital assets to be stolen.
Amount of loss: $ 132,000 Attack method: Unknown
Description of the event: The attacker launch continuously attacks and profit from the dBet Games.
Amount of loss: 24.8 EOS Attack method: Transaction congestion attack
Description of the event: The attacker justjiezhan1 launched an attack on the EOS game "cubecontract" and has already made a profit. Prior to this, the attacker justjiezhan1 started deploying the attack contract at around 12:00:41 on the same day. The analysts preliminary analyzed that the attacker was, still the same as the previous attack mean, transaction congestion attack.
Amount of loss: 49.6 EOS Attack method: Transaction congestion attack
Description of the event: The attacker launched continuously attacks and profit from the EOSVegas. The analysis found that the attack mean used by the attacker was transaction congestion attack. The account is extremely active. It just attacked the quiz game EOS Cube and its related account has been marked as high risk.
Amount of loss: 39 EOS Attack method: Transaction congestion attack
Description of the event: The attacker launched a hard_fail attack on the exchange and profited thousands of EOS.
Amount of loss: - Attack method: Hard_fail attack
Description of the event: The attacker justjiezhan1 launched an attack on the EOS game "YUM.games" and has already made a profit. After analysis, it is suspected that the attacker calls "gamestart" and draws the prize directly without betting the game.
Amount of loss: 113 EOS Attack method: Contract Vulnerability
Description of the event: The attacker launched continuously attacks on the LuckyGo, profiting hundreds of EOS.
Amount of loss: 200 EOS Attack method: Transaction congestion attack
Description of the event: The attacker launched continuously attacks on the dBet Games, profiting hundreds of EUSD which stablecoins issued on EOS. And has sold through the decentralized exchange Newdex.
Amount of loss: 685 EUSD Attack method: Transaction congestion attack
Description of the event: The attacker launched continuous attacks on EOS DApp nkpaymentcap and successfully profited 50,000 EOS. After analysis, it was found that the attacker used a fake transfer notification attack to obtain a large number of contract tokens, and then exchanged the tokens into real EOS for cash out through the DApp contract.
Amount of loss: 50,000 EOS Attack method: Transfer error prompt
Description of the event: The attacker launched a continuous attack on the EOS quiz game Vegas Town, profited thousands of EOS, and has been transferred to the ZB exchange. Preliminary analysis found that hackers used the failed (hard_fail) transfer transaction to cheat the game server, resulting in continued awards.
Amount of loss: 2,219 EOS Attack method: Hard_fail attack
Description of the event: The attacker launched a continuous attack on the EOS quiz game Gamble EOS, successfully profited thousands of EOS, and has been transferred to the Huobi exchange. After analysis, it was found that the attack method used by the attacker was a false transfer notification.
Amount of loss: 2,043.6 EOS Attack method: Transfer error prompt
Description of the event: The attacker launched a series of attacks on the EOS quiz game Fishing Joy, profiting hundreds of EOS. According to analysis, the attacker used the transaction crowding attack to trigger the game's refund mechanism, resulting in 100% profit.
Amount of loss: 109.33 EOS Attack method: Transaction congestion attack
Description of the event: The attacker co****op launched continuous attacks on the EOS quiz game contract xlo*****io and has already profited hundreds of EOS. After preliminary analysis, the attacker used the logic defect of the game contract by directly invoking the transfer method, and multiple accounts coordinated to carry out the attack.
Amount of loss: 42 EOS Attack method: Logic Vulnerability
Description of the event: The attacker launched continuously attacks on the OnePlay, getting almost all EOS of the game contract. And use the same attack mean to bet the game token ONE, profit nearly one million game tokens, and then transfer to the newdex exchange for sale.
Amount of loss: 449 EOS Attack method: Random number attack
Description of the event: Hackers launched continuous attacks on the EOS quiz game EOS Happy Valley, and they have profited hundreds of EOS. The game party has transferred the account balance away. Attackers still use transaction crowding out attacks. To completely fix this vulnerability, DApp developers should remove controllable variables such as account balance or time factors to participate in random number generation.
Amount of loss: 419 EOS Attack method: Transaction congestion attack
Description of the event: Tracking the blacklist account gm3dcnqgenes found that its associated account newdexmobapp received 2.09 million EOS, and has now transferred 50,000 EOS to its associated account guagddoefdqu. And in batches of hundreds to thousands of EOS each time, transferred to the stock exchange account (huobideposit), and the remaining 2.04 million EOS, has been dispersed to ftsqfgjoscma, hpbcc4k42nxy, 3qyty1khhkhv, xzr2fbvxwtgt, myqdqdj4qbge, Shprzailrazt, qkwrmqowelyu, lmfsopxpr324, lhjuy3gdkpq4, lcxunh51a1gt, geydddsfkk5e, pnsdiia1pcuy, kwmvzswquqpb, etc., there is the possibility of further turning to the exchange.
Amount of loss: 2,090,000 EOS Attack method: Unknown