42 hack event(s)
Description of the event: The contract of Ramses Exchange on Arbitrum was attacked, resulting in a loss of approximately $93,000.
Amount of loss: $ 93,000 Attack method: Contract Vulnerability
Description of the event: Tapioca DAO experienced a significant security breach, with attackers obtaining relevant private keys through social engineering attacks and stealing approximately $4.7 million in cryptocurrency. On October 25, Tapioca DAO released an incident analysis report stating that the security breach occurred because attackers successfully compromised the private keys of a core contributor responsible for smart contract development. SEAL911 confirmed that the attackers were part of a North Korean hacking group that used a contagious interview attack method to inject malware onto the contributor's computer, thereby gaining access to the private keys of their address to carry out the theft.
Amount of loss: $ 4,700,000 Attack method: Social Engineering
Description of the event: DeFi project DeltaPrime has officially confirmed on platform X that a security incident occurred. DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key.
Amount of loss: $ 5,980,000 Attack method: Private Key Leakage
Description of the event: According to on-chain detective ZachXBT, Sorta Finance is likely to conduct an exit scam on Arbitrum in the future, so do not use the protocol. This scammer has previously stolen over $25 million through scams such as Magnate, Kokomo, Lendora, Solfire, Crolend, and HashDAO.
Amount of loss: - Attack method: Scam
Description of the event: The arbitrum.com website appears to have been hacked and is being redirected to the official website of the Meme project MOG. Please stay vigilant and ensure the safety of your assets.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: According to monitoring by the SlowMist security team, the MixedSwapRouter on Arbitrum was attacked, resulting in a loss of approximately 293,000 WINR, valued at around $16,000.
Amount of loss: $ 16,000 Attack method: Contract Vulnerability
Description of the event: The decentralized exchange Predy Finance on the Arbitrum chain was attacked, resulting in the loss of $464k worth of crypto assets from its lending pool.
Amount of loss: $ 464,000 Attack method: Contract Vulnerability
Description of the event: A hacker stole approximately $181,000 worth of crypto assets from Yield’s strategic contracts present on the Arbitrum blockchain. The hacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets and then withdrew extra pool tokens.
Amount of loss: $ 181,000 Attack method: Contract Vulnerability
Description of the event: Hedgey Finance suffered two exploits, one on the Ethereum and another on the Arbitrum network. The ETH attack resulted in a loss of $1.9 million, while the Arbitrum exploit led to a theft of $42.8 million in ARB tokens.
Amount of loss: $ 44,700,000 Attack method: Flash Loan Attack
Description of the event: Lava suffered a flash loan attack, resulting in approximately $340,000 in losses. All lending markets are reportedly paused as the investigation is ongoing.
Amount of loss: $ 340,000 Attack method: Flash Loan Attack
Description of the event: On March 20th, Dolomite, a decentralized trading protocol in the Arbitrum ecosystem, was attacked due to a vulnerability in its old contracts on the Ethereum mainnet. Approximately 187 victims suffered asset losses totaling $1.8 million, including 1,245,271 USDC, 94,423 DAI, and 165.9 WETH. As of March 24th, Dolomite has recovered 90% of the assets taken by the attacker.
Amount of loss: $ 1,800,000 Attack method: Contract Vulnerability
Description of the event: The DeFi project Mozaic was exploited, who stole approximately $2 million from the project. According to Mozaic, this individual was a Mozaic developer who had illegally obtained the private keys of a security module by compromising the data of a core team member. They also stated that about 90% of the stolen funds have now been frozen on MEXC.
Amount of loss: $ 2,000,000 Attack method: Insider Manipulation
Description of the event: The sPMM algorithm controlling the pricing of WOOFi trades on DEX WOOFi was exploited on Arbitrum. The exploit consisted of a sequence of flash loans that took advantage of low liquidity to manipulate the price of WOO in order to repay the flash loans at a cheaper price. The exploiter repeated this attack 3 times within a very short period of time, which netted about $8.75m in profits after returning the flash loans.
Amount of loss: $ 8,750,000 Attack method: Flash Loan Attack
Description of the event: The CEO of SocialFi xPET tweeted that SocialFi was attacked due to vulnerabilities related to the newly launched PvP feature, resulting in hackers stealing 91.5 ETH (approximately $25,400).
Amount of loss: $ 254,000 Attack method: Contract Vulnerability
Description of the event: Citadel Finance was exploited on the Arbitrum chain, which resulted in a loss of 43 ETH, worth approximately $93,000. The root cause of the exploit is price manipulation of the underlying assets.
Amount of loss: $ 93,000 Attack method: Price Manipulation
Description of the event: Portfolio management tool Citadel.one has been attacked, resulting in a loss of approximately $93K.
Amount of loss: $ 93,000 Attack method: Unknown
Description of the event: The DeFi protocol Concentric Finance, built on the Camelot v3 protocol, has suffered a severe security breach. In an official post on social media, Concentric.fi stated that the security breach due to a targeted social engineering attack on one of their team members holding the deployer wallet. The attacker exploited vulnerabilities to upgrade the vaults, mint new LP tokens, and subsequently drained the platform's assets.
Amount of loss: $ 1,700,000 Attack method: Social Engineering
Description of the event: The decentralized, non-custodial liquidity market protocol Rosa Finance on Arbitrum was exploited, resulting in a loss of approximately $45,000.
Amount of loss: $ 44,800 Attack method: Unknown
Description of the event: The SocialFi and GameFi platform XKingdom Tech, built on Arbitrum, has exit-scammed, resulting in approximately $1.2 million in losses. The stolen funds were bridged to Ethereum and transferred to Tornado Cash.
Amount of loss: $ 1,200,000 Attack method: Rug Pull
Description of the event: The liquidity management protocol Gamma has been attacked, and its post-mortem indicates that there was a flaw in the deposit agent configuration. This flaw allowed the attacker to manipulate the price up to the price change threshold and mint a disproportionately high number of LP tokens.
Amount of loss: $ 6,180,000 Attack method: Price Manipulation