47 hack event(s)
Description of the event: In a tweet, @0xCrumbs disclosed that Dogechain was hacked yesterday, and the attackers exploited the vulnerability to mint 9.7 million $Doge (about $600,000) and transfer $316,000 through a cross-chain bridge. Currently 3 million remain in the starting wallet, in addition to $100,000 worth of USDC/ETH. Therefore, @0xCrumbs believes that yesterday's Dogechain maintenance was caused by the attack. SlowMist also tweeted that the attackers used Anyswap to bridge funds to the BSC and ETH chains, which were then transferred to Binance. But Dogechain officials tweeted that no funds were lost during the maintenance period.
Amount of loss: $ 600,000 Attack method: Contract vulnerabilities
Description of the event: Public chain project Sui tweeted that its Discord server had been hacked, and asked users not to click on any links posted on the Discord server in the past 8 hours. According to some replies to the tweet, some users have already lost money by clicking on links posted by the hackers on Sui Discod.
Amount of loss: - Attack method: Discord server hacked
Description of the event: A large-scale incident of currency theft occurred on the Solana public chain, and a large number of users were transferred SOL and SPL tokens without their knowledge. According to SlowMist MistTrack statistics, more than 8,000 Solana wallets have been stolen so far. Assets are valued at approximately $4.5 million.
Amount of loss: $ 4,500,000 Attack method: Unknown
Description of the event: Polygon Chief Information Security Officer Mudit Gupta tweeted that two remote procedure call (RPC) interfaces of Polygon and Fantom were affected by a Domain Name System (DNS) hijacking attack on Friday. The reason was that a hacker hijacked Ankr's Domain Name System (DNS) to steal the user's seed stage, and Ankr quickly recovered the error and said no funds were lost.
Amount of loss: - Attack method: DNS Hijacking
Description of the event: Babel Finance suspends customer withdrawals due to crypto market turmoil. In July, documents revealed that Babel Finance lost more than $280 million in bitcoin (BTC) and ether (ETH) as its proprietary trading failure. Specifically, it lost around 8,000 BTC and 56,000 ETH in June after facing liquidation due to a severe market downturn.
Amount of loss: 8,000 BTC + 56,000 ETH Attack method: Proprietary trading failure
Description of the event: Optimism and Wintermute both released announcements, disclosing to the community a loss of 20 million OP tokens. At the time of the release of OP tokens, Optimism entrusted Wintermute to provide liquidity services for OP in the secondary market. As part of the agreement, Optimism will provide Wintermute with 20 million OP tokens. To receive the tokens, Wintermute gave Optimism a multi-signature address, to which Optimism transferred 20 million OPs after Optimism test sent two transactions and Wintermute confirmed it was correct. After Optimism transferred the coins, Wintermute found that they had no way to control these coins, because the multi-signature addresses they provided were only deployed on the Ethereum mainnet for the time being and have not yet been deployed to the Optimism network. To gain control of these tokens, Wintermute immediately initiated remediation operations. However, attackers have already noticed this vulnerability and deployed multi-signature to this address on the Optimism network before Wintermute, successfully controlling the 20 million tokens. At present, the Optimism hacker has returned 17 million OP tokens and transferred 1 million OP to the Vitalik address, and Vitalik has returned the funds.
Amount of loss: 2,000,000 OP Attack method: Multi-signature address transfer vulnerability
Description of the event: The blockchain network Elrond is suspected of having a security breach, and hackers "obtained" nearly 1.65 million $EGLD "out of thin air" and sold it through the decentralized exchange Maiar. On June 8, Elrond founder and CEO Beniamin Mincu tweeted that the previous bug has been resolved, all funds and users are safe, and almost all stolen funds have been recovered.
Amount of loss: 113,000,000 Attack method: Virtual Machine Vulnerability
Description of the event: Sentinel founder Serpent tweeted that the first search result of the NFT trading platform X2Y2 on the Google search page was a scam website. It used the loopholes in Google ads to make the real website and the scam URL look exactly the same, and about 100 ETH had been stolen. . At present, the fake website has been removed after being reported by community members and exposed by the media. Users can directly enter x2y2.io to enter the official website.
Amount of loss: 100 ETH Attack method: Scam
Description of the event: In April, attackers exploited a vulnerability to steal $80 million from Rari Capital, and the asset management project Babylon Finance, Rari's main lending pool, lost $3.4 million as a result. On Aug. 31, Babylon Finance founder Ramon Recuero published a blog post announcing that Babylon would be shutting down and pledging to distribute remaining project funds to holders.
Amount of loss: $ 3,400,000 Attack method: Reentry attack
Description of the event: According to the block explorer, the last block of the Arbitrum One network was generated at 18:29 Beijing time, and no new blocks and new transactions have been generated for more than 2 hours. At the same time, the Matemask wallet cannot connect to the Arbitrum One network.
Amount of loss: - Attack method: Downtime
Description of the event: Solana was down for 4 hours on January 4th, however, Solana.Status showed no problems with the network. The Solana blockchain suffered its third incident in just a few months, resulting in network congestion and failed transactions, with users debating whether it was caused by another DDos attack or just a network issue. Anatoly Yakovenko, co-founder of Solana Labs, denied there was a DDoS attack this time around.
Amount of loss: - Attack method: DDos attack
Description of the event: The Bitcoin sidechain Liquid Network launched by Blockstream encountered block signature-related issues after the recent upgrade, resulting in no block generation for more than 7 hours. According to Liquid Network's block explorer, the last block is 1517039, and it was generated 7 hours ago. Liquid Network said on Twitter, "It is investigating a block signature issue related to a recent feature upgrade, but user funds are safe and will not be affected."
Amount of loss: - Attack method: Block signature problem
Description of the event: The private public chain Secret Network stated on Twitter that the main network has undergone an unplanned upgrade, from secret-2 to secret-3, to prevent major network security issues from causing financial losses. The team stated that neither the native token SCRT nor the cross-chain bridge contract were affected. Only a single smart contract was affected. The contract came from SecretSwap. A vulnerability was exploited, allowing the attacker to take away the pledged SEFI contract. funds. At present, the cross-chain bridge is still closed, and the deposit function of the exchange is also closed.
Amount of loss: - Attack method: Contract vulnerabilities
Description of the event: The beta version of the mainnet of the public chain Solana has been unstable since 19:52 Beijing time last night, and it has been 12 hours since the Solana chain application has not been able to operate normally. According to information released by Solana Status, the Solana validator community chose to restart the network cooperatively, and the snapshot height is slot 96542804. Solana Status recommends that the verification node be updated to Mainnet-Beta 1.6.24 version. On September 21, Solana officially released a preliminary overview of the network outage on September 14. It is reported that on September 14, Solana’s network was offline for 17 hours. There was no financial loss, and the network resumed full functionality within 24 hours. The cause of network stagnation is denial of service attacks. At 12:00 UTC time, Grape Protocol launched IDO on Raydium, and transactions generated by robots congested the network. These transactions caused a memory overflow, causing many validating nodes to crash, forcing the network to slow down and eventually stop. When the verification node network cannot agree on the current state of the blockchain, the network will go offline, preventing the network from confirming new blocks.
Amount of loss: - Attack method: Denial of service attack
Description of the event: Ethereum Classic (ETC) tweeted that the ETC mainnet was forked due to previous vulnerabilities in the Ethereum client Geth. At present, most of the computing power is on the mainnet. Core-geth node operators should update to v1.12.1 or higher as soon as possible.
Amount of loss: - Attack method: Ethereum client Geth vulnerability
Description of the event: Starting at around 23:45 on August 3, Beijing time, BSV suffered a “large-scale” 51% attack, resulting in the simultaneous mining of three versions of the chain.
Amount of loss: - Attack method: 51% attack
Description of the event: Siastats tweeted that the Sia network, a decentralized storage project, has been under continuous DDoS attacks in the past two days. The targets of the attacks are network hosts and storage providers. The attacks have caused about 30% of host connections to be interrupted. Siastats stated that network functions were not affected. Only some of the host operators indicated that the Internet connection was interrupted. The affected operators can contact the Sia Foundation to mitigate the negative impact of the attack. The attack did not cause huge losses, and the network will continue to operate normally.
Amount of loss: - Attack method: DDoS attack
Description of the event: The privacy coin Verge (XVG) underwent a reorganization of 560,000 blockchains after a 51% attack on Monday. Lucas Nuzzi of CoinMetrics stated that the history of token transactions over 200 days has been deleted.
Amount of loss: - Attack method: 51% attack
Description of the event: The privacy coin project Firo stated on Twitter that it is currently under 51% attacks and it is recommended that users do not trade during this period until the network returns to normal.
Amount of loss: - Attack method: 51% attack
Description of the event: Aeternity (AE) was attacked by 51% yesterday. According to core members of the Aeternity community, the 51% attack caused a loss of more than 39 million AE tokens. The official team is solving the problem. The main damages are exchanges and mining pools. Exchanges are concentrated in OKEx, Gate, and Binance. In this regard, Aeternity Chaohua Community Moderator "February Honghong" said that 51% attacks will not create new tokens. He can understand it as copying a fake token from the attacker and sending it to Exchange withdrawals are often the unlucky ones, and mining pools are the same. Therefore, 51% attacks are not technical vulnerabilities. POW itself is such an operating mechanism, so the team will not settle claims.
Amount of loss: $ 5,201,240 Attack method: 51% attack