335 hack event(s)
Description of the event: The first algorithmic stablecoin project on Binance Smart Chain, bDollar, suffered a price manipulation attack, and the attacker made a profit of 2,381 WBNB (worth about $730,000). This attack mainly exploits the design loophole of the claimAndReinvestFromPancakePool function in the DAO fund proxy contract CommunityFund when adding liquidity. It does not fully consider that after the price is maliciously raised, the project party will passively use the funds in its own contract when adding liquidity. The situation of high-level connection.
Amount of loss: 2381 WBNB Attack method: Price Manipulation
Description of the event: The Feminist Metaverse project on BNB Chain was attacked. The attackers have transferred 1838 BNB to Tornado.cash, about $540,000.
Amount of loss: 1,838 BNB Attack method: Flash Loan Attack
Description of the event: The multi-chain DeFi protocol FEG was suspected of being attacked, and a total of 143 Ethereum and 32,747 BNB were lost, about $1.3 million.
Amount of loss: $ 1,300,000 Attack method: Flash Loan Attack
Description of the event: Venus Protocol issued a statement saying that Chainlink’s suspension of LUNA price updates after extreme volatility in LUNA prices caused the price of LUNA on the Venus lending market to remain at $0.107, while the market price of LUNA had dropped to $0.01 at that time. After the price update was suspended, two addresses lent about $13.5 million in assets by staking 230 million LUNA (worth about $2.3 million at the time), resulting in a loss of about $11.2 million to the protocol. At present, the LUNA lending market has been suspended, and this loss will be made up by the risk fund.
Amount of loss: $ 11,200,000 Attack method: Oracle Attack
Description of the event: Fortress Protocol, a lending protocol on BNB Chain, was suspected of being attacked. Token FTS fell by 42% in a short time. Currently, 1,048 Ethereum and 400,000 DAI have been transferred to Tornado.cash.
Amount of loss: $ 3,050,000 Attack method: Flash Loan Attack
Description of the event: Cashera is a project that claims to offer a "banking revolution" through its CSR crypto token. The project does a number of things to try to appear legitimate, including linking to government records showing a company named after it is registered in the UK and conducting a smart contract audit courtesy of AuditRateTech. Their website boasts "partners" including VISA, PayPal, Netflix and Spotify. Still, project deployers suddenly minted 23 million CSR tokens, which they exchanged for nearly $90,000 in other assets, plummeting the token value by about 70% in the process. The development team also took the project website offline.
Amount of loss: $ 90,000 Attack method: Scam
Description of the event: The DeFi project Hunter has been rug pull, and currently Telegram, Discord, and the website cannot be opened.
Amount of loss: $ 1,200,000 Attack method: Rug Pull
Description of the event: The Wiener DOGE project was exploited maliciously, causing $30,000 in damages. Attackers exploited the inconsistency between WDODGE's charging mechanism and swap pools to launch the attack. The root cause of the incident is that the sender's LP pair is not excluded from the transfer fee through the tightened token contract. As a result, the attacker is able to drain the deflationary tokens in the LP pair, which in turn causes the pair price to become unbalanced.
Amount of loss: $ 30,000 Attack method: Flash loan attack
Description of the event: The Last Kilometer project was exploited in a flash loan attack, resulting in a loss of $26,495.
Amount of loss: $ 26,495 Attack method: Flash loan attack
Description of the event: The Medamon project was exploited in a flash loan attack, resulting in a loss of $3,159.
Amount of loss: $ 3,159 Attack method: Flash Loan Attack
Description of the event: The PI-DAO project was exploited in a flash loan attack, resulting in a loss of $6,445.
Amount of loss: $ 6,445 Attack method: Flash Loan Attack
Description of the event: The DeFi ecological protocol ZEED was attacked and lost about $1 million. At present, the attacker's gains are all in the attack contract.
Amount of loss: $ 1,000,000 Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred in MaxAPY Finance, an automatic pledge protocol on BNB Chain, and its official Twitter account and Telegram group have been deleted. MaxAPY contract owners have transferred 1,042 BNB.
Amount of loss: 1042 BNB Attack method: Rug Pull
Description of the event: Metaverse DeFi protocol Rikkei Finance was attacked because the attacker changed the oracle machine to a malicious contract. Rikkei Finance said users affected by the exploit will be fully compensated, and the team said the bug is being fixed and services have been fully restored. The total loss value is approximately $1.1 million (2671 BNB).
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: Elephant Money was attacked, resulting in the loss of 27,416.46 BNB. The attacker first used WBNB to buy a large amount of ELEPHANT, and then used BUSD to mint the TRUNK stablecoin. During the minting process, the Elephant contract will convert BUSD to WBNB and then back to ELEPHANT to drive up the ELEPHANT price. The attacker then sells ELEPHANT at a profit.
Amount of loss: 27,416.46 BNB Attack method: Flash loan attack
Description of the event: There is a fundamental vulnerability in the CF token contract that allows anyone to transfer someone else's CF balance. The losses so far are around $1.9 million, while the CF/USDT trading pair on pancakeswap has been affected.
Amount of loss: $ 1,900,000 Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred in BNB DEFI, and the DEFI token fell by 68% in a short time. At present, the project has closed the community, and DEFI tokens have been exchanged for about 255 BNB.
Amount of loss: 255 BNB Attack method: Rug Pull
Description of the event: The project BuccaneerFi on the BNB Chain has a Rug Pull. At present, the project social media account and community have been deleted, and about 841 BNB have been transferred to Tornado Cash.
Amount of loss: 841 BNB Attack method: Rug Pull
Description of the event: The metaverse financial project Paraluni on the BSC chain was hacked, and the hackers made more than $1.7 million in profits. The problem lies in the depositByAddLiquidity method of the MasterCheif contract of the project side. This method does not check whether the token array parameter address[2] memory _tokens matches the LP pointed to by the pid parameter, and does not add lock when the LP amount changes.
Amount of loss: $ 1,700,000 Attack method: Reentrancy Attack
Description of the event: Flurry Finance’s Vault contract was hit by a flash loan attack, resulting in the theft of approximately $293,000 worth of assets in the Vault contract.
Amount of loss: $293,000 Attack method: Flash Loan Attack