346 hack event(s)
Description of the event: Many DeFi protocol websites on BSC (Binance Smart Chain) were attacked by DNS, including Cream Finance and BSC header DEX PancakeSwap. The attacker requested users to submit personal private keys or mnemonics through the website. The relevant project team has passed Twitter Remind users not to visit the website and do not submit information such as private keys. Later PancakeSwap and Cream Finance both stated that they had regained access to DNS.
Amount of loss: - Attack method: DNS attack
Description of the event: According to the official community information of Meerkat Finance, its vault contract was hacked, and the hacker used the loophole to steal all the funds in the vault. According to reports, the BSC project Meerkat Finance is suspected of running away and swept away about 31 million US dollars, of which 14 million BUSD and the other 73,000 BNB. MKAT claims to have been hacked to steal all resources.
Amount of loss: $ 31,000,000 Attack method: Rug Pull
Description of the event: The attacker uses Lightning Loan to Alpha Finance for leveraged lending, and uses Alpha Finance’s own Cream IronBank quota to return the Lightning Loan. In this process, the attacker obtains a large amount of cySUSD by adding liquidity to Cream, allowing the attacker to use it. These cySUSD are further borrowed in Cream Finance. Due to problems with Alpha Finance, both agreements suffered losses at the same time.
Amount of loss: $ 37,500,000 Attack method: Flash loan attack
Description of the event: According to feedback from Binance Smartchain investors, on February 1st, the BSC listed project Multi Financial ran away, and it only took about 5000 BNB in one day. The compromised investor stated that it had reported that Binance had blocked the address of the project party and reported to the police. Recently, there have been many running incidents on BSC. The popcornswap project has approached 48,000 BNB. In a few days, three other projects (Zap Finance and Tin Finance, SharkYield) ran away. The current SharkYield ran away is suspected to have taken away 6000 BNB. Binance said that BSC is the same public chain as Ethereum and should not be responsible for the above projects. It hopes that users will manually intervene in investment and select high-quality projects to participate.
Amount of loss: 5,000 BNB Attack method: Rug Pull
Description of the event: Another DeFi project popcornswap on Binance Smart Chain has gone. It is reported that some users said in the community that the project used cake's LP, the contract was open source but there was no audit, and the LP was run in less than two hours. Currently, there are more than 40,000 BNB in the wallet and no action is taken.
Amount of loss: 48,000 BNB Attack method: Rug Pull
Description of the event: The Bantiample team, a project on the Binance Smart Chain, has cashed out 3000 BNB to run away. At present, the main developer of the team has deleted the Telegram account, and the project token BMAP has fallen by more than 90% in a single day. According to the project's description, BMAP is a kind of AMPL-like imitation. Every time a user participates in a transaction, the total amount is reduced by 1%. However, it is actually just a common token, and it does not have the functions described by the project party. It just uses the AMPL project hotspot to commit fraud.
Amount of loss: 3,000 BNB Attack method: Rug Pull