321 hack event(s)
Description of the event: There is a slippage on Baka Casino (BAKAC) caused by EOA 0x9e5C8 who dumped tokens for ~$57k. The price has dropped 80%. BSC:0x0e9c0f8fcc8e60f8daeb569448a41514eb321471
Amount of loss: $ 57,000 Attack method: Rug Pull
Description of the event: A fake BitGo token on BSC rugged for ~$194.3k WBNB from the honeypot and has moved 909.2 BNB through TornadoCash. BSC: 0xddd00e04cd2e26221cc3c2c7f4781a87e4c79818. Deployer Address: 0xaf85ef92dc34593e2a1d6c65c2a857ad36f1a4d6。
Amount of loss: $ 194,300 Attack method: Rug Pull
Description of the event: There is a large liquidity removal on the fake Base token. BSC: 0x2025273c4B985a00bc60E871a9031a12FF216F9B. Deployer 0x6d3503d16Bb93a7d9b47F510C7568868F2BFcCEf has profited ~$71.6k.
Amount of loss: $ 71,600 Attack method: Rug Pull
Description of the event: BFCToken suffered from a flash loan attack, resulting in losses of ~$38k. BSC: 0x595eac4a0ce9b7175a99094680fbe55a774b5464. The attacker was able to burn BFCTokens from the pool at no expense by exploiting the "_transfer" function.
Amount of loss: $ 38,000 Attack method: Flash Loan Attack
Description of the event: We have seen a large liquidity removal on a fake Patex token. BSC: 0xbFDf31187Ea84651414545eDEA0a27104D514a70. Deployer gained ~$97.5k from removing liquidity on a honeypot token.
Amount of loss: $ 97,500 Attack method: Rug Pull
Description of the event: We have detected a malicious flash loan on HCT token. BSC: 0x0FDfcfc398Ccc90124a0a41d920d6e2d0bD8CcF5. Approximately 30.5 BNB was lost. 30 BNB has been deposited into Tornado Cash by EOA 0xC89.
Amount of loss: 30.5 BNB Attack method: Flash Loan Attack
Description of the event: There is a large liquidity removal on a fake Helio Protocol token. BSC:0x4C75a1f37a820376C74535f57e05C75052A3B077. Deployer profited ~$127k WBNB from this liquidity removal.
Amount of loss: $ 127,000 Attack method: Rug Pull
Description of the event: A fake "LayerZero" token on the BSC chain has had a lot of liquidity removed. The deployer removed 4,827.99 WBNB worth about $1 million. The contract address of the fake token is 0x2266362f414Bf2476C5465dc2eA953Fe2A99AE1c.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: Derivatives marketplace Thales issued an announcement that a core contributor’s PC/Metamask had been hacked and that some hot wallets acting as casual deployers ($25k) or admin bots ($10k) had been compromised. Do not interact with any Thalesmarket contracts on the BNB Chain and revoke any contracts that are pending approval. All funds are safe on Optimism, Arbitrum, Polygon and Base. Thales said that due to the attack, support for the BSC will be officially dropped.
Amount of loss: $ 35,000 Attack method: Information Leakage
Description of the event: A Rug Pull occurred on the Apache NFT SalesRoom (ASN) on the BNB Chain, and the deployer made a profit of about $680,000. The deployer transferred a large number of tokens to the address starting with 0xdc8, which has now dumped 1 million ASNs at a price of $680,000 in BSC-USD.
Amount of loss: $ 680,000 Attack method: Rug Pull
Description of the event: DefiLabs on the BNB chain has run away, taking about $1.6 million. The privileged address 0xee08 drains user funds by exploiting the backdoor function withdrawFunds() in the vPoolv6 contract. DeFiLabs claimed on Twitter that the platform had “experienced unexpected issues” while it was “going through maintenance and updates.”
Amount of loss: $ 1,600,000 Attack method: Rug Pull
Description of the event: The BSC ecology Carson was attacked and lost about $145,000. At present, the price of Carson tokens has dropped by 96%, and the attacker has exchanged the stolen assets for 600 BNB and transferred them to Tornado Cash. The attacker repeatedly called the swapExactTokensForTokensSupportingFeeOnTransferTokens function in the 0x2bdf...341a contract (not open-source) through flash loans, swapped for BUSD and burned Carson in the pair, then repeatedly inflated the price of Carson for profit.
Amount of loss: $ 145,000 Attack method: Flash Loan Attack
Description of the event: According to SlowMist, IEGT tokens were created on BSC on July 13. Its creators "secretly minted a large number of tokens in preparation for pulling the rug". Although the project’s token supply is only 5 million tokens, this enabled the team to sell 1 billion tokens, cashing out approximately $1.14 million in USDT stablecoins. According to SlowMist, the project party modified the balance of the specified address through inline assembly when the contract was initialized, and secretly issued a large number of tokens that were not known to other users, causing users to be Rug when participating in the project.
Amount of loss: $ 1,140,000 Attack method: Rug Pull
Description of the event: The Palmswap project on the BSC chain was attacked, and the attacker made a profit of more than 900,000 US dollars. According to the analysis of SlowMist, this attack was due to the fact that the authority control function of the core function was not enabled, and the price calculation model of the liquidity token was designed too simply, depending only on the number of USDT tokens in the treasury and the total supply, resulting in the attacker can use flash loans to maliciously manipulate prices to obtain unexpected profits. On July 28, Palmswap tweeted that 80% of the stolen funds had been returned, and the remaining 20% was used as a bug bounty for hackers.
Amount of loss: $ 900,000 Attack method: Flash Loan Attack
Description of the event: MetaLabz tweeted: "In order to ensure the supply we hold, we deployed an unaudited contract (token locker), but the contract has been exploited. The situation was then exacerbated by the liquidity attack, resulting in a total loss of slightly more than 400 BNB." According to analysis, the reason is that the authorization check was bypassed.
Amount of loss: 400 BNB Attack method: Contract Vulnerability
Description of the event: BNO suffered a flash loan attack on BNBChain, resulting in a loss of about $500,000 due to business logic problems. The root cause of the attack is a problem with the reward calculation mechanism in the pool that supports NFT and ERC20 token rights. The pool has an "emergencyWithdraw" function that allows users to withdraw their ERC20 token stake immediately. Crucially, however, this feature does not process or interpret NFT stake records. Attackers exploited this flaw by depositing NFTs and ERC20 tokens into a pool and then executing the "emergencyWithdraw" function specifically for their ERC20 tokens. By doing so, an attacker can bypass the reward calculation check, effectively manipulating the system to his advantage. Through this manipulation, an attacker is able to clear a user's "reward debt," earn undeserved rewards, and cause significant financial damage to the mining pool and its users.
Amount of loss: $ 500,000 Attack method: Flash Loan Attack
Description of the event: GMETA on BSC has been Rug Pulled, with a price drop of 96%, taking about $3.6 million. The contract creator is 0x9f02c29ad35fd20a51cd48250512a7b7feeb8ed1.
Amount of loss: $ 3,600,000 Attack method: Rug Pull
Description of the event: APEDAO on the BNB chain was attacked and the loss was approximately $7,000. The attacker transferred APEDAO to the pair contract. The APEDAO contract mistook the attacker's behavior as a selling operation and gradually accumulated a value named "amountToDead". The attacker repeatedly transferred APEDAO and then used the skim function to withdraw excess tokens. Eventually, the attacker calls the godead function to destroy APEDAO held in the pairing contract, causing the token price to rise.
Amount of loss: $ 7,000 Attack method: Contract Vulnerability
Description of the event: On July 12th, WGPT Token suffered from a flash loan attack, resulting in losses of ~$82.5k. Address (BSC): 0x1f415255f7E2a8546559a553E962dE7BC60d7942.
Amount of loss: $ 82,500 Attack method: Flash Loan Attack
Description of the event: Encryption project Encryption AI (0XENCRYPT) crashed 99% as the developers behind it performed a retreat. Losing a total of $2 million, the developer released a message citing his online gambling addiction.
Amount of loss: $ 2,000,000 Attack method: Rug Pull