325 hack event(s)
Description of the event: The PI-DAO project was exploited in a flash loan attack, resulting in a loss of $6,445.
Amount of loss: $ 6,445 Attack method: Flash Loan Attack
Description of the event: The DeFi ecological protocol ZEED was attacked and lost about $1 million. At present, the attacker's gains are all in the attack contract.
Amount of loss: $ 1,000,000 Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred in MaxAPY Finance, an automatic pledge protocol on BNB Chain, and its official Twitter account and Telegram group have been deleted. MaxAPY contract owners have transferred 1,042 BNB.
Amount of loss: 1042 BNB Attack method: Rug Pull
Description of the event: Metaverse DeFi protocol Rikkei Finance was attacked because the attacker changed the oracle machine to a malicious contract. Rikkei Finance said users affected by the exploit will be fully compensated, and the team said the bug is being fixed and services have been fully restored. The total loss value is approximately $1.1 million (2671 BNB).
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: Elephant Money was attacked, resulting in the loss of 27,416.46 BNB. The attacker first used WBNB to buy a large amount of ELEPHANT, and then used BUSD to mint the TRUNK stablecoin. During the minting process, the Elephant contract will convert BUSD to WBNB and then back to ELEPHANT to drive up the ELEPHANT price. The attacker then sells ELEPHANT at a profit.
Amount of loss: 27,416.46 BNB Attack method: Flash loan attack
Description of the event: There is a fundamental vulnerability in the CF token contract that allows anyone to transfer someone else's CF balance. The losses so far are around $1.9 million, while the CF/USDT trading pair on pancakeswap has been affected.
Amount of loss: $ 1,900,000 Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred in BNB DEFI, and the DEFI token fell by 68% in a short time. At present, the project has closed the community, and DEFI tokens have been exchanged for about 255 BNB.
Amount of loss: 255 BNB Attack method: Rug Pull
Description of the event: The project BuccaneerFi on the BNB Chain has a Rug Pull. At present, the project social media account and community have been deleted, and about 841 BNB have been transferred to Tornado Cash.
Amount of loss: 841 BNB Attack method: Rug Pull
Description of the event: The metaverse financial project Paraluni on the BSC chain was hacked, and the hackers made more than $1.7 million in profits. The problem lies in the depositByAddLiquidity method of the MasterCheif contract of the project side. This method does not check whether the token array parameter address[2] memory _tokens matches the LP pointed to by the pid parameter, and does not add lock when the LP amount changes.
Amount of loss: $ 1,700,000 Attack method: Reentrancy Attack
Description of the event: Flurry Finance’s Vault contract was hit by a flash loan attack, resulting in the theft of approximately $293,000 worth of assets in the Vault contract.
Amount of loss: $293,000 Attack method: Flash Loan Attack
Description of the event: MOX was hacked because transferFrom Function did not check the authorization limit.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: On February 14, the Titano Finance project on the BSC chain was attacked. The attackers made a total of 4,828.7 BNB, or about $190w. According to the official Titano Finance investigation, “The problem arose when we trusted a contractor to deploy the PLAY contract. Although ownership was transferred back to us after deployment, it was the same deployer wallet that allowed two days ago from our PLAY Hacking that steals all Titano in the protocol.”
Amount of loss: 4,828.7 BNB Attack method: Insider Manipulation
Description of the event: BabyMuskCoin plummeted 99%, 1,571 BNB (~$660,000) was dumped, and funds were moved to Tornado. The project team claimed to have been scammed through Telegram, but Twitter and the website were down, suspected of Rugpull.
Amount of loss: 1,571 BNB Attack method: Rug Pull
Description of the event: Qubit, the lending product of QBridge, a BSC ecological decentralized lending project, is suspected to have been hacked. The hackers minted a large amount of xETH collateral and consumed about $80 million in assets in the capital pool. According to SlowMist's analysis, the main reason for this attack is that when the recharge of ordinary tokens and native tokens are implemented separately, when transferring the tokens in the whitelist, it is not checked again whether they are 0 addresses, resulting in The operation that should be recharged through the native recharge function can successfully go through the recharge logic of ordinary tokens.
Amount of loss: $ 80,000,000 Attack method: Contract Vulnerability
Description of the event: The project Wegrocoin (WEGRO) on BSC suffered a Rug Pull and lost more than 1000 BNB.
Amount of loss: 1,000 BNB Attack method: Rug Pull
Description of the event: Rug Pull occurred in the BSC ecological InfinityToken (INF), which lost more than 1390 WBNB.
Amount of loss: 1390 WBNB Attack method: Rug Pull
Description of the event: Kingfund Finance had a Rug Pull and lost over 300 WBNB. Upon inquiry, the official Twitter of the project has been cancelled.
Amount of loss: 300 WBNB Attack method: Rug Pull
Description of the event: Decentralized trading platform Crosswise was attacked in nearly an hour, losing about $879,000. The hacker exploited a publicly exposed privileged function, which was then used to set trustedForwarder and further hijack Crosswise's owner privileges. The stolen funds have now been transferred to Tornado Cash for mixing.
Amount of loss: 879,000 Attack method: Contract Vulnerability
Description of the event: 7 IDO projects on BSC are suspected to be running, namely $GOTEM (gotEM), $ONEP (HarmonyPad), $HBARP (HbarPad), $MPLAY (MetaPlay), $ELIT (Electrinity) and $PEE (MicroPee) $QDrop (QuizDrop), swept away more than 5,744 WBNB, and the funds were transferred out through Tornado.Cash.
Amount of loss: 5744 BNB Attack method: Rug Pull
Description of the event: Rug Pull occurred in the DaoMetaland project on BSC, and the current loss exceeds 640 BNB. DaoMetaland's official Twitter has been deleted.
Amount of loss: 640 BNB Attack method: Rug Pull