109 hack event(s)
Description of the event: The New Free Dao project on the BSC chain suffered a flash loan attack. According to SlowMist analysis, the main reason for this attack is that the way of calculating rewards in the contract is too simple, and it only depends on the balance of the caller, which leads to arbitrage by flash loans.
Amount of loss: 4,481 WBNB Attack method: Flash loan attack
Description of the event: On September 5th, DaoSwap lost 580,000 USDT in an attack that allowed users to set the inviter’s address as themselves due to mining rewards that were larger than the fees charged during the swap process and lack of verification.
Amount of loss: $ 580,000 Attack method: Lack of validation
Description of the event: Privacy project ShadowFi suffered a hack, and its official TokenSDF fell 98.5%. The attacker exploited the vulnerability of SDF to allow anyone to burn the Token, making a profit of about 1078 BNB (about $300,000), and the stolen funds have been transferred to TornadoCash.
Amount of loss: 1,078 BNB Attack method: Contract vulnerabilities
Description of the event: The attacker made a profit of $78,622 through a flash loan on BNB Chain, causing the token CUPID to plummet by more than 90%, and the token VENUS to rise by more than 300% and then fall back.
Amount of loss: 78,623 USDT Attack method: Flash loan attack
Description of the event: DDC was exploited and lost $104,600. The cause of the event is the problem of arbitrarily deducting pool fees.
Amount of loss: $ 104,600 Attack method: Deduct pool fees arbitrarily
Description of the event: Kaoyaswap on BSC appears to have been attacked, with hackers making 37,294 BUSD and 271.2 WBNB, caused by faulty logic in the Swap function.
Amount of loss: $ 118,000 Attack method: Function logic error
Description of the event: BSC DEX protocol Kaoyaswap was attacked, losing 37,294 BUSD and 271.2 WBNB. The reason for this attack is the Swap value flaw.
Amount of loss: 37,294 BUSD + 271.2 WBNB Attack method: Swap value flaw
Description of the event: Yield aggregator Blur Finance withdrew more than $600,000 in assets from BNB Chain and Polygon before deleting websites and social media accounts. The project, which has only been active for about a month, has amassed about 750 users on its initial BNB Chain implementation, which was announced on Polygon on August 5.
Amount of loss: $ 600,000 Attack method: Scam
Description of the event: According to SlowMist, the EGD Finance project on BSC was attacked by hackers, resulting in the unexpected withdrawal of funds from its pool. The SlowMist security team analyzed this and said that this incident was because the price-feeding mechanism for calculating rewards when EGD Finance's contracts obtained rewards was too simple, resulting in the token price being manipulated by flash loans for profit.
Amount of loss: 36,000 BUSD Attack method: Price manipulation
Description of the event: Saxon James Musk has Rug Pull. Project developers suddenly sold their token share for around 1355 WBNB (~$442,000), causing the token price to plummet by over 68%.
Amount of loss: 1,355 WBNB Attack method: Scam
Description of the event: DeFi project DRAC Network appeared Rug Pull, with the price of the token $TEDDY dropping 99.4%. 10,000 $BNB and 2 million $BUSD have been slowly transferred to Binance. It is said that the deployer deployed the contract and transferred a large quantity of $TEDDY to 0xdbe8ef79a1a7b57fbb73048192edf6427e8a5552, then pump and dump the price of $TEDDY.
Amount of loss: $ 4,500,000 Attack method: Scam
Description of the event: Raccoon Network and Freedom Protocol are scam projects, scammers have transferred 20 million BUSD (IDO) to address 0xf800...469336.
Amount of loss: $ 20,000,000 Attack method: Scam
Description of the event: SpaceGodzilla was attacked by price manipulation and lost approximately 25,379 USDT.
Amount of loss: $ 25,379 Attack method: price manipulation
Description of the event: SpaceGodzilla, a project on the BSC chain, was attacked by hackers with a flash loan. Hackers used flash loans to borrow large amounts of money, manipulated the price of SpaceGodzilla in the trading pool on PancakeSwap, and exploited vulnerabilities in the project for arbitrage. At present, the hacker has exchanged the 25,378.78 BUSD profited from this attack to BNB and transferred it through Tornado.Cash.
Amount of loss: 25,378.78 BUSD Attack method: Flash loan attack
Description of the event: A fake Shade Inu Token project deployer removed approximately $101,000 (424 BNB) of liquidity from the liquidity pool. After investigation, this Shade Inu Token was identified as a scam, the project launched a fake Shade Inu Token, created a WBNB/SadeIT pool with the initial 200 BNB and provided liquidity to it, so the deployer made a total profit of about $53,000 ( 224 BNB).
Amount of loss: 224 BNB Attack method: Scam
Description of the event: The pandorachainDAO project suffered a flash loan attack, resulting in a loss of assets worth about $128,000.
Amount of loss: $ 128,000 Attack method: Flash loan attack
Description of the event: The LV PLUS (Token LVP) project has been identified as a Rug Pull project. So far, the project has resulted in losses of about $1.5 million. LV PLUS claims to be affiliated with the "LV Metaverse", and the main reason for the loss, which is defined as a Rug Pull, is that the LV PLUS contract deployer sent tokens to certain wallets - these wallet addresses subsequently sold the project's tokens, causing the project's market to crash .
Amount of loss: $ 1,500,000 Attack method: Scam
Description of the event: The whaleswap.finance project was attacked, and at least 5946 BUSD and 5964 USDT were lost. The reason may be that there is a problem with the K value verification of the whaleswap.finance Pair contract. Whenever the user exchanges, there is a problem with the parameter magnitude passed in the K value verification, which causes the K value verification to fail. The attacker first borrows a BSC-USD through a flash loan, and then returns the flash loan when the K value verification parameter is on the order of 10000^4. The parameter verification level used in the K value verification is 10000^2, which causes the K verification to fail.
Amount of loss: 5946 BUSD+5964 USDT Attack method: K value verification vulnerability
Description of the event: A Rug Pull occurred in the DHE project, causing the price of DHE tokens to drop by more than 91%. Total losses are currently around $142,000.
Amount of loss: $ 142,000 Attack method: Scam
Description of the event: Fswap was attacked by a hacker on June 13. Fswap stated that the attack was a vulnerability incident of a non-attacked project and a malicious loan attack. Hackers borrowed money from BISWAP to FSWAP for transaction attacks. The hacker made about 1,751 WBNB worth about $500,000.
Amount of loss: 1,751 WBNB Attack method: Flash loan attack