24 hack event(s)
Description of the event: Impermax was attacked on the Base network. In a tweet, Impermax stated that someone launched a flash loan attack and drained its V3 liquidity pools. The team is currently investigating and advises users not to interact with any V3 pools.
Amount of loss: $ 152,200 Attack method: Flash Loan Attack
Description of the event: Multiple attack transactions targeting the Alien Base BunniHub contract resulted in a loss of approximately $38,000.
Amount of loss: $ 38,000 Attack method: Contract Vulnerability
Description of the event: Virtuals Protocol announced on X that their official Discord server has been compromised. They advised users not to click on any posts or private messages from administrators until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: Standing on Bizness (BIZNESS) appears to have been subjected to a reentrancy attack on Base, resulting in an estimated loss of $15,700.
Amount of loss: $ 15,700 Attack method: Reentrancy Attack
Description of the event: According to community feedback, the official X account of the Meme token Brett on the Base chain has reportedly been compromised and used to post false information. Please stay vigilant against related risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: Base chain detected a price manipulation attack targeting unverified lending contracts, where the attacker gained around $1 million in tokens through excessive borrowing.
Amount of loss: $ 1,000,000 Attack method: Price Manipulation
Description of the event: The yield-optimizing DeFi protocol BaseBros Fi has vanished after executing a rug pull via an unaudited smart contract.
Amount of loss: $ 130,000 Attack method: Rug Pull
Description of the event: ETHTrustFund conducted a rugpull and stole approximately $2 million worth of cryptocurrencies on Base.
Amount of loss: $ 2,000,000 Attack method: Rug Pull
Description of the event: According to community feedback, the Base ecosystem's meme coin NORMIE has been attacked. The attacker exploited a design flaw in the NORMIE token's cross-chain bridge, manipulating the price on the Base Chain using flash loans. Since transactions with NORMIE on the Base Chain incur taxes, these taxes are automatically directed to a wallet controlled by the project team. The attacker injected a large amount of funds into this wallet via flash loans, significantly diluting the token's supply and causing a flash crash in the price.
Amount of loss: $ 882,000 Attack method: Flash Loan Attack
Description of the event: According to the SlowMist Security Alert system, potential suspicious activities related to Tsuru have resulted in a loss of 138.78 ETH.
Amount of loss: $ 410,000 Attack method: Contract Vulnerability
Description of the event: Grand Base, a real world assets platform built on the Base layer-2 blockchain, the team behind the project claimed that the deployer wallet had been compromised, allowing an attacker to drain the project's liquidity pool. Altogether, 615 ETH (~$2 million) was taken from the project. On April 20th, Grand Base tweeted that during the token reboot process, the team had managed to retrieve our veNFTs from the hacked address and transferred them to a multi-sig wallet. The veNFT position represents and amount of $225,000 and will be used to build robust liquidity when the time comes.
Amount of loss: $ 2,000,000 Attack method: Private Key Leakage
Description of the event: Sumer Money was exploited on the Base chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $310,000. The root cause of the exploit is a lack of reentrancy protection, which led to the manipulation of the underlying assets.
Amount of loss: $ 310,000 Attack method: Reentrancy Attack
Description of the event: Sumer Money was exploited on the Base chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $310,000.
Amount of loss: $ 310,000 Attack method: Contract Vulnerability
Description of the event: TICKER project developer steals $900,000. A developer brought on to run a presale for the TICKER token stole $900,000 from the project. 15% of the token supply was sent to the developer to distribute via an airdrop, but instead of doing so, the developer sold the majority of the tokens for around $900,000.
Amount of loss: $ 900,000 Attack method: Insider Manipulation
Description of the event: The project Detto Finance in the Base ecosystem is suspected of a rug pull, with its social media accounts currently inaccessible, resulting in approximately $95,000 in losses.
Amount of loss: $ 94,147 Attack method: Rug Pull
Description of the event: Pike Finance, a cross-chain lending protocol on Base, is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 52,600 Attack method: Rug Pull
Description of the event: Aerodrome tweeted that the frontend is currently compromised, please do not interact with Aerodrome for the time being, the team is investigating.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: On October 5th, blockchain detective ZachXBT posted on social media, stating that a hacker had made a profit of 234 ETH (~$385,000) in the past 24 hours by conducting SIM card swap attacks on four different friend.tech users.
Amount of loss: $ 385,000 Attack method: SIM Card Attack
Description of the event: According to official sources, Base had previously experienced a block failure. The Base team immediately investigated, and a fix was subsequently deployed, and block production began to resume. At present, the team confirmed that the network operation and RPC API have returned to normal, and will continue to monitor. Base later tweeted that the glitch had been fixed and no funds were at risk.
Amount of loss: - Attack method: Block Failure
Description of the event: Base on-chain exit scam Magnate Finance has seen its TVL drop by ~$6.4M as the deployer modifies the price oracle provider and removes all assets. On-chain sleuth ZachXBT says the Magnate Finance deployer address is linked to exit scams Solfire, Kokomo Finance. Magnate Finance's website and social platforms are currently down and its Telegram group has been deleted. According to MistTrack monitoring, funds have cross-chained from Base to ETH, Arbitrum, and Optimism.
Amount of loss: $ 6,400,000 Attack method: Rug Pull