325 hack event(s)
Description of the event: There was a flash loan exploit on Kub/Kub-split. The attacker gained ~$78.4k via pool manipulation. Contract: 0xc98E183D2e975F0567115CB13AF893F0E3c0d0bD.
Amount of loss: $ 78,400 Attack method: Flash Loan Attack
Description of the event: There was a large liquidity removal on DUO. The Deployer removed $352.6K WBNB of LP in 3 transactions over a 4 day period. BSC: 0x1ED990bdcAEf4B13b01F4996dDe59EcD04F1343A .
Amount of loss: $ 352,698 Attack method: Rug Pull
Description of the event: There was a large liquidity removal on Unleashed Beast (BEAST). Deployer removed ~$55.3k from the LP. BSC:0x626b596dd10467ea969179235123f884e133074a.
Amount of loss: $ 55,300 Attack method: Rug Pull
Description of the event: On September 21st, the Linear stable coin $LUSD appears to be under an exploit attack. While the team investigates, do not buy LUSD, do not trade $LUSD. Liquidations are paused and users accounts are not at risk.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: There was a large liquidity removal on BNBpay. Deployer profited ~$114k from this liquidity removal. BSC: 0xaDD62696db2c2fb7DE8e0f07F422e03BF69646A2.
Amount of loss: $ 114,000 Attack method: Rug Pull
Description of the event: There is a slippage on Baka Casino (BAKAC) caused by EOA 0x9e5C8 who dumped tokens for ~$57k. The price has dropped 80%. BSC:0x0e9c0f8fcc8e60f8daeb569448a41514eb321471
Amount of loss: $ 57,000 Attack method: Rug Pull
Description of the event: A fake BitGo token on BSC rugged for ~$194.3k WBNB from the honeypot and has moved 909.2 BNB through TornadoCash. BSC: 0xddd00e04cd2e26221cc3c2c7f4781a87e4c79818. Deployer Address: 0xaf85ef92dc34593e2a1d6c65c2a857ad36f1a4d6。
Amount of loss: $ 194,300 Attack method: Rug Pull
Description of the event: There is a large liquidity removal on the fake Base token. BSC: 0x2025273c4B985a00bc60E871a9031a12FF216F9B. Deployer 0x6d3503d16Bb93a7d9b47F510C7568868F2BFcCEf has profited ~$71.6k.
Amount of loss: $ 71,600 Attack method: Rug Pull
Description of the event: BFCToken suffered from a flash loan attack, resulting in losses of ~$38k. BSC: 0x595eac4a0ce9b7175a99094680fbe55a774b5464. The attacker was able to burn BFCTokens from the pool at no expense by exploiting the "_transfer" function.
Amount of loss: $ 38,000 Attack method: Flash Loan Attack
Description of the event: We have seen a large liquidity removal on a fake Patex token. BSC: 0xbFDf31187Ea84651414545eDEA0a27104D514a70. Deployer gained ~$97.5k from removing liquidity on a honeypot token.
Amount of loss: $ 97,500 Attack method: Rug Pull
Description of the event: We have detected a malicious flash loan on HCT token. BSC: 0x0FDfcfc398Ccc90124a0a41d920d6e2d0bD8CcF5. Approximately 30.5 BNB was lost. 30 BNB has been deposited into Tornado Cash by EOA 0xC89.
Amount of loss: 30.5 BNB Attack method: Flash Loan Attack
Description of the event: There is a large liquidity removal on a fake Helio Protocol token. BSC:0x4C75a1f37a820376C74535f57e05C75052A3B077. Deployer profited ~$127k WBNB from this liquidity removal.
Amount of loss: $ 127,000 Attack method: Rug Pull
Description of the event: A fake "LayerZero" token on the BSC chain has had a lot of liquidity removed. The deployer removed 4,827.99 WBNB worth about $1 million. The contract address of the fake token is 0x2266362f414Bf2476C5465dc2eA953Fe2A99AE1c.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: Derivatives marketplace Thales issued an announcement that a core contributor’s PC/Metamask had been hacked and that some hot wallets acting as casual deployers ($25k) or admin bots ($10k) had been compromised. Do not interact with any Thalesmarket contracts on the BNB Chain and revoke any contracts that are pending approval. All funds are safe on Optimism, Arbitrum, Polygon and Base. Thales said that due to the attack, support for the BSC will be officially dropped.
Amount of loss: $ 35,000 Attack method: Information Leakage
Description of the event: A Rug Pull occurred on the Apache NFT SalesRoom (ASN) on the BNB Chain, and the deployer made a profit of about $680,000. The deployer transferred a large number of tokens to the address starting with 0xdc8, which has now dumped 1 million ASNs at a price of $680,000 in BSC-USD.
Amount of loss: $ 680,000 Attack method: Rug Pull
Description of the event: DefiLabs on the BNB chain has run away, taking about $1.6 million. The privileged address 0xee08 drains user funds by exploiting the backdoor function withdrawFunds() in the vPoolv6 contract. DeFiLabs claimed on Twitter that the platform had “experienced unexpected issues” while it was “going through maintenance and updates.”
Amount of loss: $ 1,600,000 Attack method: Rug Pull
Description of the event: The BSC ecology Carson was attacked and lost about $145,000. At present, the price of Carson tokens has dropped by 96%, and the attacker has exchanged the stolen assets for 600 BNB and transferred them to Tornado Cash. The attacker repeatedly called the swapExactTokensForTokensSupportingFeeOnTransferTokens function in the 0x2bdf...341a contract (not open-source) through flash loans, swapped for BUSD and burned Carson in the pair, then repeatedly inflated the price of Carson for profit.
Amount of loss: $ 145,000 Attack method: Flash Loan Attack
Description of the event: According to SlowMist, IEGT tokens were created on BSC on July 13. Its creators "secretly minted a large number of tokens in preparation for pulling the rug". Although the project’s token supply is only 5 million tokens, this enabled the team to sell 1 billion tokens, cashing out approximately $1.14 million in USDT stablecoins. According to SlowMist, the project party modified the balance of the specified address through inline assembly when the contract was initialized, and secretly issued a large number of tokens that were not known to other users, causing users to be Rug when participating in the project.
Amount of loss: $ 1,140,000 Attack method: Rug Pull
Description of the event: The Palmswap project on the BSC chain was attacked, and the attacker made a profit of more than 900,000 US dollars. According to the analysis of SlowMist, this attack was due to the fact that the authority control function of the core function was not enabled, and the price calculation model of the liquidity token was designed too simply, depending only on the number of USDT tokens in the treasury and the total supply, resulting in the attacker can use flash loans to maliciously manipulate prices to obtain unexpected profits. On July 28, Palmswap tweeted that 80% of the stolen funds had been returned, and the remaining 20% was used as a bug bounty for hackers.
Amount of loss: $ 900,000 Attack method: Flash Loan Attack
Description of the event: MetaLabz tweeted: "In order to ensure the supply we hold, we deployed an unaudited contract (token locker), but the contract has been exploited. The situation was then exacerbated by the liquidity attack, resulting in a total loss of slightly more than 400 BNB." According to analysis, the reason is that the authorization check was bypassed.
Amount of loss: 400 BNB Attack method: Contract Vulnerability