29 hack event(s)
Description of the event: The CEO of SocialFi xPET tweeted that SocialFi was attacked due to vulnerabilities related to the newly launched PvP feature, resulting in hackers stealing 91.5 ETH (approximately $25,400).
Amount of loss: $ 254,000 Attack method: Contract Vulnerability
Description of the event: Portfolio management tool Citadel.one has been attacked, resulting in a loss of approximately $93K.
Amount of loss: $ 93,000 Attack method: Unknown
Description of the event: The DeFi protocol Concentric Finance, built on the Camelot v3 protocol, has suffered a severe security breach. In an official post on social media, Concentric.fi stated that the security breach due to a targeted social engineering attack on one of their team members holding the deployer wallet. The attacker exploited vulnerabilities to upgrade the vaults, mint new LP tokens, and subsequently drained the platform's assets.
Amount of loss: $ 1,700,000 Attack method: Social Engineering
Description of the event: The decentralized, non-custodial liquidity market protocol Rosa Finance on Arbitrum was exploited, resulting in a loss of approximately $45,000.
Amount of loss: $ 44,800 Attack method: Unknown
Description of the event: The SocialFi and GameFi platform XKingdom Tech, built on Arbitrum, has exit-scammed, resulting in approximately $1.2 million in losses. The stolen funds were bridged to Ethereum and transferred to Tornado Cash.
Amount of loss: $ 1,200,000 Attack method: Rug Pull
Description of the event: The liquidity management protocol Gamma has been attacked, and its post-mortem indicates that there was a flaw in the deposit agent configuration. This flaw allowed the attacker to manipulate the price up to the price change threshold and mint a disproportionately high number of LP tokens.
Amount of loss: $ 6,180,000 Attack method: Price Manipulation
Description of the event: Liquidity layer & AMM Chronos tweeted that its concentrated liquidity pools managed by @dyson_money have been exploited in a manner similar to the gamma exploit. Users are advised to revoke contracts associated with these pools. This vulnerability is specific to concentrated liquidity pools, and all other V2 pools remain safe and unaffected. The rest of the funds are secure.
Amount of loss: $ 148,000 Attack method: Flash Loan Attack
Description of the event: The multi-chain lending protocol Radiant Capital is suspected to have been targeted in a hacker attack, with total losses on Arbitrum ~4.5 million USD.
Amount of loss: $ 4,500,000 Attack method: Flash Loan Attack
Description of the event: The inscription project Libra Protocol on Arbitrum is suspected to have exit scammed. Currently, the project team has transferred the received mint fees to the address 0x0c12acc8e53c6ff7ab3fad5eaa97056ae950288f.
Amount of loss: $ 550,107 Attack method: Rug Pull
Description of the event: Xai, a Layer 3 solution for AAA gaming, has issued an alert for phishing impersonating Xai, where attackers have fraudulently obtained approximately $374 ETH, valued at approximately $845.8K.
Amount of loss: $ 845,800 Attack method: Phishing Attack
Description of the event: On November 7, TheStandard.io was exploited for ~$290k. The key vulnerability here was the low liquidity in the PAXG pool, which the attacker exploited to manipulate the market. On November 9, 243k $EUROs has been returned to the protocol from the attacker which will be burned in due process.
Amount of loss: $ 290,000 Attack method: Liquidity Exploit
Description of the event: The Beluga Protocol on Arbitrum fell victim to a flashloan attack. The attacker made a profit of approximately $175,000 by manipulating the USDT-USDC.e balance, allowing for the withdrawal of extra tokens.
Amount of loss: $ 175,000 Attack method: Flash Loan Attack
Description of the event: GMBL COMPUTER was attacked, and the attacker withdrew GMBL worth approximately US$815,000 from the contract. GMBL said: “We believe that the vulnerability is caused by a flaw in the platform’s recommendation system, which allows people to place bets without depositing any funds and use them to generate referral bonuses. We have identified the exploiter and are working to recover all funds lost due to this exploit. The GMBL team stated that they provided a "Bug Bounty" to the attackers to return 90% of the stolen funds in exchange for a promise not to take legal action. On September 6, the attackers returned 235 ETH (approximately $382, 000), which is 50% of the stolen funds.
Amount of loss: $ 815,000 Attack method: Contract Vulnerability
Description of the event: The official Twitter account of the DeFi platform Shell Protocol on Arbitrum is suspected of being stolen. It posted false news about the application of SHELL tokens and closed the comment area. Please do not interact with it. According to news, this attack seems to be due to the hacking of its founder’s SIM card, resulting in both personal Twitter and Shell Protocol’s Twitter being hacked, and the attacker is the PinkDrainer phishing gang.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: The Arbitrum ecological leverage income agreement Rodeo Finance caused hackers to steal about $1.7 million due to price oracle manipulation, and currently about $816,000 has been recovered in the form of unshETH.
Amount of loss: $ 1,700,000 Attack method: Price Manipulation
Description of the event: A suspected Rug Pull occurred on the Chibi Finance project on Arbitrum, and $1 million worth of cryptocurrency was drained. The stolen funds have been converted into approximately 555 ETH and transferred to Tornado Cash after bridging from Arbitrum to Ethereum.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: The Arbitrum ecological project Jimbos Protocol was attacked, and about 4,090 ETH were stolen (about $7.5 million). This attack was due to the lack of slippage control on the liquidity transfer operation, which resulted in the protocol owned liquidity being invested in a skewed/imbalanced price range, which was used in reverse swaps for profit.
Amount of loss: $ 7,500,000 Attack method: Contract Vulnerability
Description of the event: The Arbitrum ecological Swaprum project has a Rug Pull, the price of SAPR has dropped by 100%, Swaprum has deleted the social account, and the scammer bridged 1628 ETH (about 2.94 million US dollars) to Ethereum and transferred it to Tornado Cash.
Amount of loss: $ 3,000,000 Attack method: Rug Pull
Description of the event: The stablecoin DEI launched by the DeFi protocol DEUS has been hacked, and the loss has exceeded $6.3 million. Over $5 million was lost on Arbitrum and $1.3 million on the BSC chain. This appears to be a public destroy bug. On May 7, one of the DEI hacker addresses (starting with 0xdf610228) returned about 1.07 million DAIs. on May 8, DEUS tweeted to confirm that the DEI attackers had returned 2,023 ETH.
Amount of loss: $ 6,300,000 Attack method: Contract Vulnerability
Description of the event: XIRTAM, a project built on the Arbitrum ecology, is a reputation building platform that does not require KYC. It advocates building digital reputation step by step through the XIRTAM system in an anonymous and decentralized manner. At the same time, users can get rewards for participating in activities on XIRTAM. The project party is on the 3rd Rug Pull. However, unlike the usual practice of the Rug Pull project, the runaway XIRTAM project party did not transfer the raised 1909 ETH to the currency mixing service to hide the identity and the direction of the funds, but deposited all the funds in Binance. In this regard, Binance stated that the funds involved in the XIRTAM project have been frozen and will cooperate with law enforcement agencies to investigate.
Amount of loss: 1,909 ETH Attack method: Rug Pull