29 hack event(s)
Description of the event: The Arbitrum ecological Arbtomb project is suspected of Rug Pull. The scammer has bridged 54 ETH (approximately $110,000) to Ethereum, then transferred 52 ETH to Tornado Cash, and transferred 2.4 ETH to Binance.
Amount of loss: $ 110,000 Attack method: Rug Pull
Description of the event: The DeFi lending agreement Sentiment stated that the team discovered abnormal lending activities. This malicious use led to the theft of about $966,000 from Sentiment on the Arbitrum network. The root cause is the read-only reentrancy of Balancer. On April 7, Sentiment announced that it had successfully recovered more than $900,000 of the stolen funds, leaving the remaining $95,000 as a reward for the attackers.
Amount of loss: $ 966,000 Attack method: Contract Vulnerability
Description of the event: Tender.fi is suspected of being attacked by white hat hackers and lost $1.59 million. Hackers used Tender.fi’s misconfigured oracles to borrow $1.59 million worth of crypto assets with just $70 worth of GMX tokens as collateral. On March 8, on-chain data showed that the hackers who attacked the Arbitrum ecological lending protocol Tender.fi had returned their funds, and the Tender.fi team agreed to pay the hackers 62 ETH ($96,500) as a bounty.
Amount of loss: $ 1,590,000 Attack method: Oracle Attack
Description of the event: Arbitrum ecological DEX ArbiSwap is suspected of Rug Pull. ArbiSwap deployers minted 1 trillion ARBI before Rug Pull, and then converted ARBI into USDC, which caused a sharp drop in ARBI in the USDC/ARBI transaction pair. In the next block, the robot passed USDC to ARBI then traded ETH for spatial arbitrage, making a profit of 68.47 ETH. ArbiSwap has transferred 84 ETH to the Ethereum mainnet and sent it to TornadoCash.
Amount of loss: 84 ETH Attack method: Rug Pull
Description of the event: The DeFi aggregation platform dForce was attacked in Arbitrum and Optimism, and the attackers made a profit of about 3.65 million US dollars. According to the analysis of SlowMist, the root cause of this attack is that the attacker used the process of first transferring Native tokens and then burning LP when removing liquidity in wstETH/ETH Pool, triggering the callback of receiving Native tokens to re-enter to manipulate the virtual price and Liquidate other users for profit. On February 13, dForce tweeted that the attackers had returned all stolen funds to the project multi-signature addresses on Arbitrum and Optimism, and all affected users would be compensated.
Amount of loss: $ 3,650,000 Attack method: Price Manipulation
Description of the event: Umami Finance, a DeFi protocol on Arbitrum, offers yield products to institutional clients. On January 31, they announced they were suspending yields, saying they were concerned about regulatory tactics. Soon after, the project CEO started dumping tokens on the market, cashing out 44,000 UMAMI tokens. These were ostensibly priced at $800,000, and although the sell-off sent UMAMI prices crashing by more than 60%, the CEO still netted around $380,000 in USDC.
Amount of loss: $ 380,000 Attack method: Rug Pull
Description of the event: SperaxUSD, the Arbitrum ecological stablecoin protocol, tweeted that an attacker increased the token balance of his address to 9.7 billion without providing the corresponding collateral, and before the Sperax team and Arbitrum ecosystem partners jointly stopped, Approximately $300,000 was liquidated.
Amount of loss: $ 300,000 Attack method: Contract Vulnerability
Description of the event: About a week ago, Arbitrum-based project DictumExchange announced an airdrop. It turned out to be a scam.
Amount of loss: - Attack method: Rug Pull
Description of the event: Arbitrum-based cryptocurrency lending platform Lodestar Finance was hacked and nearly $7 million in assets siphoned off, the attackers were able to manipulate the price of the plvGLP token, allowing them to use the inflated token to "borrow" the entirety of the Lodestar platform Liquidity available.
Amount of loss: $ 7,000,000 Attack method: Price Manipulation