261 hack event(s)
Description of the event: BiSwap, a BSC cross-chain trading platform, said: "The team detected and resolved the Migrator contract vulnerability. The assets on the Biswap V2 and V3 AMM protocols are safe. The team prevents access to the migration process through the website, because the Migrator contract has been exploited, do not try to access directly This contract, if you have not already done so, please withdraw your approval of these contracts. The results of this vulnerability are being reviewed in more detail and a report will be issued later. User funds are safe and the above vulnerability has nothing to do with AMM V2 and V3 funds.” This time The attack has caused approximately $710,000 in damage.
Amount of loss: $ 710,000 Attack method: Contract Vulnerability
Description of the event: Shido has been exploited for ~976 $BNB (~$238.5K). The exploiter transferred 1 $BNB to Tornado Cash and bridged the stolen funds to Ethereum, subsequently transferring 125 $ETH to Tornado Cash.
Amount of loss: $ 238,500 Attack method: Contract Vulnerability
Description of the event: The Ara project was attacked by a flash loan. The attackers are suspected to have made about $124,000 in BUSD. attacker address: 0xF84efA8a9F7E68855CF17EAaC9c2f97A9d131366.
Amount of loss: $ 124,000 Attack method: Flash Loan Attack
Description of the event: Seems like @VPandaCommunity rugged for ~265K $BSC-USD $VPC has dropped -97.4%, the stolen funds has already been transferred to 0x33d2a4...af65
Amount of loss: $ 265,000 Attack method: Rug Pull
Description of the event: Cross-chain money market solution Midas Capital has been hacked, causing losses of more than $600,000 after an integer rounding problem in its lending protocol (derived from a fork of the well-known Compound Finance v2 codebase) was exploited. The same situation was also exploited in the previous attack on Hundred Finance. The attacker deposited 400 BNB into Tornado Cash, and some other proceeds were bridged to Ethereum.
Amount of loss: $ 600,000 Attack method: Contract Vulnerability
Description of the event: A governance attack on the BSC eco-protocol Atlantis Loans, in which attackers gained control of the contract and replaced it with a contract containing backdoor functionality to transfer user assets, is currently costing approximately $1 million. The attackers created the malicious governance proposal in the GovernorBravo contract on June 7, 2023.
Amount of loss: $ 1,000,000 Attack method: Governance Attack
Description of the event: TrustTheTrident ($SELLC) suffered an attack that resulted in approximately $95,000 in losses.
Amount of loss: $ 95,000 Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred on the USEA token on BNB Chain with a loss of about $1.1 million, and the deployer minted a total of 700 million USEAs via the mint function, then transferred them to EOA addresses and sold 1114468 BUSD via PancakeSwap V3.
Amount of loss: $ 1,100,000 Attack method: Rug Pull
Description of the event: NFDAO (NFD) bulk liquidity has been removed. The deployer's associated wallet removed the liquidity and made a profit of about $88,300. bsc address: 0xe1AFC0A3c9aA2537DEea233EF7dc0952ceEDfDA3.
Amount of loss: $ 88,300 Attack method: Rug Pull
Description of the event: DD Coin was attacked and lost about 126,000 USDT. The attacker initially received 1 BNB of funds from Tornado Cash about 17 days ago. DD Coin has lost 21%.
Amount of loss: $ 126,000 Attack method: Flash Loan Attack
Description of the event: The Rug Pull of the BSC project BlockGPT occurred, involving assets of over 816 BNB (about 256,000 US dollars), and 800 BNB have been transferred to Tornado Cash so far.
Amount of loss: $ 256,000 Attack method: Rug Pull
Description of the event: CS Token was hacked and a total of 714,000 USDT was stolen. The hacker initially transferred 1 BNB from Tornado Cash, and then transferred 383 ETH to Tornado Cash.
Amount of loss: $ 714,000 Attack method: Contract Vulnerability
Description of the event: The Swap-LP contract on BNB Chain (0xe0c352c56af65772ac7c9ab45b858cb43d22f28f) has been attacked with a loss of approximately $1.1 million. The attacker (0xdead) transferred the stolen funds to Tornado Cash. specifically, the attacker manipulated a low-level call in the Swap-LP factory address to trigger the 0x33604058 function of the SwapLP pair. This causes all WDZD tokens in the pair to be transferred to the factory address. As a result, the attacker is able to use fewer WDZDs to obtain more SWAP LPs from the unverified address 0x3c4e06d17e243e2cb2e4568249b6f7213c43c743 and subsequently destroy the LPs for profit.
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol WDZD Swap on BSC was exploited and lost about $1.1 million. The attackers made nine malicious transactions that drained 609 Binance-Pegged ETH from contracts related to the WDZD project.
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol land was suspected of being attacked and lost about 150,000 US dollars. The reason for the attack was the lack of mint permission control.
Amount of loss: $ 150,000 Attack method: Contract Vulnerability
Description of the event: The LW token on BSC was attacked, with a loss of 48,415 USDT, and the price of LW token plummeted by 69%. The attackers have transferred about 150 BNB to Tornado Cash.
Amount of loss: $ 48,415 Attack method: Contract Vulnerability
Description of the event: The SNK project was attacked. The hacker used SNK's invitation reward mechanism to make a profit of 190,000 US dollars.
Amount of loss: $ 190,000 Attack method: Reward Mechanism Flaw
Description of the event: Neverfall protocol Hacked, $75,000 Lost. The attackers have deposited funds into TornadoCash.
Amount of loss: $ 75,000 Attack method: Contract Vulnerability
Description of the event: LEVEL Finance, a project on BNB, was hacked and lost $1 million. The hackers created an unverified contract 7 days before the attack, used a delegate function to extract LVL tokens in 15,000 increments, converted 214,000 LVL tokens into 3,345 BNB and transferred them to Tornado Cash.
Amount of loss: $ 1,000,000 Attack method: Contract Vulnerability
Description of the event: MetaPoint ($POT) on BSC was hacked with a loss of $920K. The root cause is that users will create a new contract to hold their funds each time they deposit $POT, but the contract has a public approve function to transfer all users' assets.
Amount of loss: $ 920,000 Attack method: Contract Vulnerability