345 hack event(s)
Description of the event: BNO suffered a flash loan attack on BNBChain, resulting in a loss of about $500,000 due to business logic problems. The root cause of the attack is a problem with the reward calculation mechanism in the pool that supports NFT and ERC20 token rights. The pool has an "emergencyWithdraw" function that allows users to withdraw their ERC20 token stake immediately. Crucially, however, this feature does not process or interpret NFT stake records. Attackers exploited this flaw by depositing NFTs and ERC20 tokens into a pool and then executing the "emergencyWithdraw" function specifically for their ERC20 tokens. By doing so, an attacker can bypass the reward calculation check, effectively manipulating the system to his advantage. Through this manipulation, an attacker is able to clear a user's "reward debt," earn undeserved rewards, and cause significant financial damage to the mining pool and its users.
Amount of loss: $ 500,000 Attack method: Flash Loan Attack
Description of the event: GMETA on BSC has been Rug Pulled, with a price drop of 96%, taking about $3.6 million. The contract creator is 0x9f02c29ad35fd20a51cd48250512a7b7feeb8ed1.
Amount of loss: $ 3,600,000 Attack method: Rug Pull
Description of the event: APEDAO on the BNB chain was attacked and the loss was approximately $7,000. The attacker transferred APEDAO to the pair contract. The APEDAO contract mistook the attacker's behavior as a selling operation and gradually accumulated a value named "amountToDead". The attacker repeatedly transferred APEDAO and then used the skim function to withdraw excess tokens. Eventually, the attacker calls the godead function to destroy APEDAO held in the pairing contract, causing the token price to rise.
Amount of loss: $ 7,000 Attack method: Contract Vulnerability
Description of the event: On July 12th, WGPT Token suffered from a flash loan attack, resulting in losses of ~$82.5k. Address (BSC): 0x1f415255f7E2a8546559a553E962dE7BC60d7942.
Amount of loss: $ 82,500 Attack method: Flash Loan Attack
Description of the event: Encryption project Encryption AI (0XENCRYPT) crashed 99% as the developers behind it performed a retreat. Losing a total of $2 million, the developer released a message citing his online gambling addiction.
Amount of loss: $ 2,000,000 Attack method: Rug Pull
Description of the event: BiSwap, a BSC cross-chain trading platform, said: "The team detected and resolved the Migrator contract vulnerability. The assets on the Biswap V2 and V3 AMM protocols are safe. The team prevents access to the migration process through the website, because the Migrator contract has been exploited, do not try to access directly This contract, if you have not already done so, please withdraw your approval of these contracts. The results of this vulnerability are being reviewed in more detail and a report will be issued later. User funds are safe and the above vulnerability has nothing to do with AMM V2 and V3 funds.” This time The attack has caused approximately $710,000 in damage.
Amount of loss: $ 710,000 Attack method: Contract Vulnerability
Description of the event: Shido has been exploited for ~976 $BNB (~$238.5K). The exploiter transferred 1 $BNB to Tornado Cash and bridged the stolen funds to Ethereum, subsequently transferring 125 $ETH to Tornado Cash.
Amount of loss: $ 238,500 Attack method: Contract Vulnerability
Description of the event: The Ara project was attacked by a flash loan. The attackers are suspected to have made about $124,000 in BUSD. attacker address: 0xF84efA8a9F7E68855CF17EAaC9c2f97A9d131366.
Amount of loss: $ 124,000 Attack method: Flash Loan Attack
Description of the event: Seems like @VPandaCommunity rugged for ~265K $BSC-USD $VPC has dropped -97.4%, the stolen funds has already been transferred to 0x33d2a4...af65
Amount of loss: $ 265,000 Attack method: Rug Pull
Description of the event: Cross-chain money market solution Midas Capital has been hacked, causing losses of more than $600,000 after an integer rounding problem in its lending protocol (derived from a fork of the well-known Compound Finance v2 codebase) was exploited. The same situation was also exploited in the previous attack on Hundred Finance. The attacker deposited 400 BNB into Tornado Cash, and some other proceeds were bridged to Ethereum.
Amount of loss: $ 600,000 Attack method: Contract Vulnerability
Description of the event: A governance attack on the BSC eco-protocol Atlantis Loans, in which attackers gained control of the contract and replaced it with a contract containing backdoor functionality to transfer user assets, is currently costing approximately $1 million. The attackers created the malicious governance proposal in the GovernorBravo contract on June 7, 2023.
Amount of loss: $ 1,000,000 Attack method: Governance Attack
Description of the event: TrustTheTrident ($SELLC) suffered an attack that resulted in approximately $95,000 in losses.
Amount of loss: $ 95,000 Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred on the USEA token on BNB Chain with a loss of about $1.1 million, and the deployer minted a total of 700 million USEAs via the mint function, then transferred them to EOA addresses and sold 1114468 BUSD via PancakeSwap V3.
Amount of loss: $ 1,100,000 Attack method: Rug Pull
Description of the event: NFDAO (NFD) bulk liquidity has been removed. The deployer's associated wallet removed the liquidity and made a profit of about $88,300. bsc address: 0xe1AFC0A3c9aA2537DEea233EF7dc0952ceEDfDA3.
Amount of loss: $ 88,300 Attack method: Rug Pull
Description of the event: DD Coin was attacked and lost about 126,000 USDT. The attacker initially received 1 BNB of funds from Tornado Cash about 17 days ago. DD Coin has lost 21%.
Amount of loss: $ 126,000 Attack method: Flash Loan Attack
Description of the event: The Rug Pull of the BSC project BlockGPT occurred, involving assets of over 816 BNB (about 256,000 US dollars), and 800 BNB have been transferred to Tornado Cash so far.
Amount of loss: $ 256,000 Attack method: Rug Pull
Description of the event: CS Token was hacked and a total of 714,000 USDT was stolen. The hacker initially transferred 1 BNB from Tornado Cash, and then transferred 383 ETH to Tornado Cash.
Amount of loss: $ 714,000 Attack method: Contract Vulnerability
Description of the event: The Swap-LP contract on BNB Chain (0xe0c352c56af65772ac7c9ab45b858cb43d22f28f) has been attacked with a loss of approximately $1.1 million. The attacker (0xdead) transferred the stolen funds to Tornado Cash. specifically, the attacker manipulated a low-level call in the Swap-LP factory address to trigger the 0x33604058 function of the SwapLP pair. This causes all WDZD tokens in the pair to be transferred to the factory address. As a result, the attacker is able to use fewer WDZDs to obtain more SWAP LPs from the unverified address 0x3c4e06d17e243e2cb2e4568249b6f7213c43c743 and subsequently destroy the LPs for profit.
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol WDZD Swap on BSC was exploited and lost about $1.1 million. The attackers made nine malicious transactions that drained 609 Binance-Pegged ETH from contracts related to the WDZD project.
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol land was suspected of being attacked and lost about 150,000 US dollars. The reason for the attack was the lack of mint permission control.
Amount of loss: $ 150,000 Attack method: Contract Vulnerability