318 hack event(s)
Description of the event: Seems like @VPandaCommunity rugged for ~265K $BSC-USD $VPC has dropped -97.4%, the stolen funds has already been transferred to 0x33d2a4...af65
Amount of loss: $ 265,000 Attack method: Rug Pull
Description of the event: Cross-chain money market solution Midas Capital has been hacked, causing losses of more than $600,000 after an integer rounding problem in its lending protocol (derived from a fork of the well-known Compound Finance v2 codebase) was exploited. The same situation was also exploited in the previous attack on Hundred Finance. The attacker deposited 400 BNB into Tornado Cash, and some other proceeds were bridged to Ethereum.
Amount of loss: $ 600,000 Attack method: Contract Vulnerability
Description of the event: A governance attack on the BSC eco-protocol Atlantis Loans, in which attackers gained control of the contract and replaced it with a contract containing backdoor functionality to transfer user assets, is currently costing approximately $1 million. The attackers created the malicious governance proposal in the GovernorBravo contract on June 7, 2023.
Amount of loss: $ 1,000,000 Attack method: Governance Attack
Description of the event: TrustTheTrident ($SELLC) suffered an attack that resulted in approximately $95,000 in losses.
Amount of loss: $ 95,000 Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred on the USEA token on BNB Chain with a loss of about $1.1 million, and the deployer minted a total of 700 million USEAs via the mint function, then transferred them to EOA addresses and sold 1114468 BUSD via PancakeSwap V3.
Amount of loss: $ 1,100,000 Attack method: Rug Pull
Description of the event: NFDAO (NFD) bulk liquidity has been removed. The deployer's associated wallet removed the liquidity and made a profit of about $88,300. bsc address: 0xe1AFC0A3c9aA2537DEea233EF7dc0952ceEDfDA3.
Amount of loss: $ 88,300 Attack method: Rug Pull
Description of the event: DD Coin was attacked and lost about 126,000 USDT. The attacker initially received 1 BNB of funds from Tornado Cash about 17 days ago. DD Coin has lost 21%.
Amount of loss: $ 126,000 Attack method: Flash Loan Attack
Description of the event: The Rug Pull of the BSC project BlockGPT occurred, involving assets of over 816 BNB (about 256,000 US dollars), and 800 BNB have been transferred to Tornado Cash so far.
Amount of loss: $ 256,000 Attack method: Rug Pull
Description of the event: CS Token was hacked and a total of 714,000 USDT was stolen. The hacker initially transferred 1 BNB from Tornado Cash, and then transferred 383 ETH to Tornado Cash.
Amount of loss: $ 714,000 Attack method: Contract Vulnerability
Description of the event: The Swap-LP contract on BNB Chain (0xe0c352c56af65772ac7c9ab45b858cb43d22f28f) has been attacked with a loss of approximately $1.1 million. The attacker (0xdead) transferred the stolen funds to Tornado Cash. specifically, the attacker manipulated a low-level call in the Swap-LP factory address to trigger the 0x33604058 function of the SwapLP pair. This causes all WDZD tokens in the pair to be transferred to the factory address. As a result, the attacker is able to use fewer WDZDs to obtain more SWAP LPs from the unverified address 0x3c4e06d17e243e2cb2e4568249b6f7213c43c743 and subsequently destroy the LPs for profit.
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol WDZD Swap on BSC was exploited and lost about $1.1 million. The attackers made nine malicious transactions that drained 609 Binance-Pegged ETH from contracts related to the WDZD project.
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol land was suspected of being attacked and lost about 150,000 US dollars. The reason for the attack was the lack of mint permission control.
Amount of loss: $ 150,000 Attack method: Contract Vulnerability
Description of the event: The LW token on BSC was attacked, with a loss of 48,415 USDT, and the price of LW token plummeted by 69%. The attackers have transferred about 150 BNB to Tornado Cash.
Amount of loss: $ 48,415 Attack method: Contract Vulnerability
Description of the event: The SNK project was attacked. The hacker used SNK's invitation reward mechanism to make a profit of 190,000 US dollars.
Amount of loss: $ 190,000 Attack method: Reward Mechanism Flaw
Description of the event: Neverfall protocol Hacked, $75,000 Lost. The attackers have deposited funds into TornadoCash.
Amount of loss: $ 75,000 Attack method: Contract Vulnerability
Description of the event: LEVEL Finance, a project on BNB, was hacked and lost $1 million. The hackers created an unverified contract 7 days before the attack, used a delegate function to extract LVL tokens in 15,000 increments, converted 214,000 LVL tokens into 3,345 BNB and transferred them to Tornado Cash.
Amount of loss: $ 1,000,000 Attack method: Contract Vulnerability
Description of the event: MetaPoint ($POT) on BSC was hacked with a loss of $920K. The root cause is that users will create a new contract to hold their funds each time they deposit $POT, but the contract has a public approve function to transfer all users' assets.
Amount of loss: $ 920,000 Attack method: Contract Vulnerability
Description of the event: Safemoon, a DeFi protocol based on the BNB chain, was attacked, and its liquidity pool lost nearly $8.9 million. Safemoon CEO John Karony said on Twitter: "This security incident affected the SFM:BNB LP pool and other LP pools on DEX were not affected. We have located the suspected vulnerability and fixed it. " According to analysis, the recent update may have introduced a "public destruction vulnerability", which facilitated hacker attacks. The hacker was able to use code functionality to artificially inflate the price of SFM tokens, then sell enough tokens back to the liquidity pool in the same transaction, effectively draining WBNB from the contract. On April 20, the SafeMoon attacker returned 80% of the stolen funds, that is, transferred 21,804 BNB (approximately $7.2 million) to the SafeMoon vault wallet, leaving the remaining 20% as a bounty.
Amount of loss: $ 8,900,000 Attack method: Contract Vulnerability
Description of the event: The FASTSWAP (FAST) project on BNB Chain was attacked by a flash loan and lost 26.77 BNB
Amount of loss: 26.77 BNB Attack method: Flash Loan Attack
Description of the event: According to news, the Harvest_Keeper project maliciously transferred user funds, involving an amount of about 933,000 US dollars. Through the data on the chain, it was found that the attacker used the owner authority to transfer the USDT pledged by the user in the HarvestKeeper contract by calling the getAmount function, and then the attacker used the user's token authorization to the EOA account to transfer the user's funds through the EOA multiple times.
Amount of loss: $ 933,000 Attack method: Insider Manipulation