335 hack event(s)
Description of the event: MOX was hacked because transferFrom Function did not check the authorization limit.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: On February 14, the Titano Finance project on the BSC chain was attacked. The attackers made a total of 4,828.7 BNB, or about $190w. According to the official Titano Finance investigation, “The problem arose when we trusted a contractor to deploy the PLAY contract. Although ownership was transferred back to us after deployment, it was the same deployer wallet that allowed two days ago from our PLAY Hacking that steals all Titano in the protocol.”
Amount of loss: 4,828.7 BNB Attack method: Insider Manipulation
Description of the event: BabyMuskCoin plummeted 99%, 1,571 BNB (~$660,000) was dumped, and funds were moved to Tornado. The project team claimed to have been scammed through Telegram, but Twitter and the website were down, suspected of Rugpull.
Amount of loss: 1,571 BNB Attack method: Rug Pull
Description of the event: Qubit, the lending product of QBridge, a BSC ecological decentralized lending project, is suspected to have been hacked. The hackers minted a large amount of xETH collateral and consumed about $80 million in assets in the capital pool. According to SlowMist's analysis, the main reason for this attack is that when the recharge of ordinary tokens and native tokens are implemented separately, when transferring the tokens in the whitelist, it is not checked again whether they are 0 addresses, resulting in The operation that should be recharged through the native recharge function can successfully go through the recharge logic of ordinary tokens.
Amount of loss: $ 80,000,000 Attack method: Contract Vulnerability
Description of the event: The project Wegrocoin (WEGRO) on BSC suffered a Rug Pull and lost more than 1000 BNB.
Amount of loss: 1,000 BNB Attack method: Rug Pull
Description of the event: Rug Pull occurred in the BSC ecological InfinityToken (INF), which lost more than 1390 WBNB.
Amount of loss: 1390 WBNB Attack method: Rug Pull
Description of the event: Kingfund Finance had a Rug Pull and lost over 300 WBNB. Upon inquiry, the official Twitter of the project has been cancelled.
Amount of loss: 300 WBNB Attack method: Rug Pull
Description of the event: Decentralized trading platform Crosswise was attacked in nearly an hour, losing about $879,000. The hacker exploited a publicly exposed privileged function, which was then used to set trustedForwarder and further hijack Crosswise's owner privileges. The stolen funds have now been transferred to Tornado Cash for mixing.
Amount of loss: 879,000 Attack method: Contract Vulnerability
Description of the event: 7 IDO projects on BSC are suspected to be running, namely $GOTEM (gotEM), $ONEP (HarmonyPad), $HBARP (HbarPad), $MPLAY (MetaPlay), $ELIT (Electrinity) and $PEE (MicroPee) $QDrop (QuizDrop), swept away more than 5,744 WBNB, and the funds were transferred out through Tornado.Cash.
Amount of loss: 5744 BNB Attack method: Rug Pull
Description of the event: Rug Pull occurred in the DaoMetaland project on BSC, and the current loss exceeds 640 BNB. DaoMetaland's official Twitter has been deleted.
Amount of loss: 640 BNB Attack method: Rug Pull
Description of the event: Arbix Finance ran away, taking away more than 10 million US dollars. Arbix Finance bills itself as an arbitrage project on BSC, where users can deposit funds in a single asset vault in order to "get the best return with low risk". Starting at around 3 am on January 4, the project siphoned users’ funds from the treasury and deleted their websites, Twitter and Telegram accounts.
Amount of loss: $ 10,000,000 Attack method: Rug Pull
Description of the event: The assets of MetaSwap, a project on the BSC chain, were transferred. The total amount of stolen funds of 1100 BNB was transferred to the Tornado.cash wallet (BSC version), and the price of MGAS tokens fell by 46.99%. All official accounts related to Metaswap - including Twitter , Instagram and Medium - all deleted.
Amount of loss: 1,100 BNB Attack method: Rug Pull
Description of the event: Lever, a decentralized margin trading protocol based on AMM, was attacked by lightning loans. According to the official statement, Lever attacked contract A to borrow 2,100 BNB from PancakeSwap and deposit 2,000 BNB into Lever’s BNB vault. Then borrowed 1500 BNB from Lever’s BNB vault and transferred it to Lever Attack Contract B. Lever Attack Contract B deposited 1500 BNB and used it to consume 32.78 ETH, 1,068.05 BAKE, 167.25 XVS, 1,042.89 DAI, 674,360 USDT. BTC , 1,930.01 CAKE, 463.0078 DOT and 332.9184 WBNB. (Calculated at the current market price, the total loss is equal to US$652,941.949.)
Amount of loss: $ 652941.949 Attack method: Flash Loan Attack
Description of the event: Ploutoz Finance, the BSC loan agreement, was attacked. Hackers made a profit of 365,000 US dollars, and the agreement suffered even greater losses. The hacker manipulated the oracle price of DOP tokens and used DOP as collateral to lend assets such as CAKE, ETH, BTCB, etc. After that, the hackers used ParaSwap and PancakeSwap to trade for BNB and then transferred to Tornado.Cash.
Amount of loss: $ 365,000 Attack method: Price Manipulation
Description of the event: The margin trading lending platform bZx tweeted that the private keys controlling Polygon and Binance Smart Chain (BSC) deployment appeared to have been leaked, resulting in a loss of funds. The bZx smart contract itself was not compromised, and the deployment, governance and DAO vault of Ethereum were not affected by this incident.
Amount of loss: $ 55,040,167 Attack method: Private Key Leakage
Description of the event: According to reports, the BSC project SQUID, which has the same name as the popular Korean drama "Squid Game", is suspected of running off or being attacked, with an estimated loss of 12 million USDT. According to the data, the official website of the project party cannot be opened at present; all the tokens in the current Pancake pledge pool have been transferred to the address: 0x71D934Aa2119CA3995F702f075d540f7A6b0f728 through two transactions. The hash value of one of the transactions on the BSC is: 0xf7c9d0e5a81999f9e06fe78df7ce41da112d8bd4f2da7b16cfdbbe46c92cb6af. The address for initiating the token withdrawal transaction is 0x614826D885FF973324a5C3f43369d7C413a88aea. In addition, traders from the address 0x1f5eabba9c56bca4a7828969b79bc87051125b31 sold SQUID tokens to transfer the BNB in the trading pair in Pancake to: 0x71D934Aa2119CA3995F702f075d540f7A6b0f728. The source of the initial gas required for the above transactions comes from the currency mixing application Tornado.Cash.
Amount of loss: $ 12,000,000 Attack method: Rug Pull
Description of the event: The decentralized transaction protocol BXH tweeted that the assets of the protocol on the Binance Smart Chain (BSC) chain were hacked.
Amount of loss: $ 139,195,315 Attack method: Private Key Leakage
Description of the event: The DeFi protocol AutoShark Finance on the Binance Smart Chain was attacked by hackers in a series of transactions, and the hackers made a profit of US$2 million (the protocol loss may be even greater). Previously, AutoShark was attacked by a flash loan in May, and the currency price crashed. AutoShark responded that it would issue a new token, JAWS, to compensate damaged users. Since then, AutoShark was attacked by lightning loan again in early October, and hackers made a profit of approximately US$580,000.
Amount of loss: $ 2,000,000 Attack method: Flash loan attack
Description of the event: Pancake Hunny, the DeFi protocol on BSC, was attacked by lightning loans, and HUNNY tokens fell by about 70% in a short time. The hacked transactions included 513 transfers, and Gas consumption reached 19 million, of which a large number of transfers were related to Alpaca tokens.
Amount of loss: - Attack method: Flash loan attack
Description of the event: My Farm Pet was suspected of being attacked by lightning loans, and today fell 79.86%.
Amount of loss: $ 31,424 Attack method: Flash loan attack