30 hack event(s)
Description of the event: Multichain's AnyswapV4Router contract suffered a rush attack, and the attacker made a profit of about 87 Ethereum, about $130,000. After analysis, the attacker used the MEV contract (0xd050) to pre-emptively call the anySwapOutUnderlyingWithPermit function of the AnyswapV4Router contract before the normal transaction was executed (the user authorized WETH but has not yet performed the transfer), although the function uses the permit signature of the token verification, but the stolen WETH this time does not have a relevant signature verification function, and only triggers a deposit function in a fallback. In subsequent function calls, the attacker can directly use the safeTransferFrom function to transfer the WETH authorized by the _underlying address to the attacked contract to the attack contract without signature verification.
Amount of loss: $ 130,000 Attack method: Rush Attack
Description of the event: The multi-chain exchange protocol Rubic was hacked and lost more than $1.4 million. The attacker has transferred 1,100 ETH to the Tornado Cash mixing protocol. According to the analysis of the SlowMist security team, the root cause of the attack is that the Rubic protocol wrongly added USDC tokens to the Router whitelist, resulting in the theft of USDC tokens of users authorized to the RubicProxy contract.
Amount of loss: $ 1,400,000 Attack method: Data incoming error
Description of the event: An address on the BNB Chain minted more than $1 billion of pGALA tokens out of thin air, and sold them through PancakeSwap to make a profit. The pGALA contract hacker has made a profit of $4.3 million. One Smart Money address arbitraged nearly $6.5 million in this attack, even more than the attacker's profit. Multi-link is tweeted by the protocol pNetwork, and the pGALA contract on the BNB Chain needs to be redeployed due to the misconfiguration of the cross-chain bridge. Huobi Global announced that it would re-list GALA after proposing that the GALA purchased after the abnormal event would be renamed pGALA, and the project party agreed to pay full compensation to the holders of the currency before the accident.
Amount of loss: $ 10,800,000 Attack method: Configuration Error
Description of the event: The multi-chain exchange protocol Rubic tweeted that an administrator’s wallet address, which manages the RBC/BRBC cross-chain bridge and staking rewards, was stolen, and the team suspected that malware stole the private key. The attacker sold about 34 million RBC/BRBC on Uniswap and PancakeSwap, the user's staking funds are safe and the smart contract is not exploited.
Amount of loss: $ 1,200,000 Attack method: Private Key Leaked
Description of the event: The THORChain network of the cross-chain DeFi protocol was interrupted. The official said that the consensus problem has been identified and a patch will be released. The code pushes cosmos.Uint (instead of uint64) into the string, which causes the string to get an arbitrarily large integer instead of the actual value, causing the memo string to be on a different node. On October 28th, THORChain was back online and produced blocks. The network is signing block transactions, so pending transactions should start going through. Once the queue is cleared, the transaction will be re-enabled. Expect 2-3 hours. During the network outage, investors did not lose any funds. However, the exchange deposits and withdrawals of Thorchain's native currency RUNE have been suspended on centralized exchanges such as Kucoin.
Amount of loss: - Attack method: Network interruption
Description of the event: Layer1 blockchain QANplatform (QANX), which is resistant to quantum computing attacks, tweeted that its smart contract cross-chain bridge was attacked, and the attacker managed to extract tokens, reminding users not to perform any transactions related to QANX tokens. According to the findings, the hackers obtained the private keys to the bridge wallet and withdrew more than 1.4 billion QANX tokens worth more than $1 million in two transactions.
Amount of loss: $ 2,000,000 Attack method: Profanity Vulnerability
Description of the event: Aurora Labs CEO Alex Shevchenko revealed that an attacker trying to steal funds from Rainbow Bridge was stopped in 31 seconds, losing 5 ETH in the process.
Amount of loss: - Attack method: Fake NEAR blocks
Description of the event: Celer said that cBridge's front-end interface suffered from DNS cache poisoning attacks. This attack targeted third-party DNS providers. Celer's own contract was not affected, and users who suffered losses in this incident, Celer, will be fully compensated.
Amount of loss: 128.4 ETH Attack method: BGP Hijacking
Description of the event: The Nomad Bridge, a cross-chain interoperability protocol, was attacked by hackers. This attack was due to the fact that the trusted root of the Nomad Bridge Replica contract was set to 0x0 during initialization, and the old root was not invalidated when the trusted root was modified. Constructing arbitrary messages to steal funds from the bridge, the attacker was able to extract over $190 million in value from the attack. So far, more than 40 addresses have returned over $36 million to Nomad.
Amount of loss: $ 154,000,000 Attack method: Contract Vulnerability
Description of the event: Harmony Horizon bridge was hacked. According to the analysis of SlowMist MistTrack, the attackers made more than 100 million US dollars, including 11 ERC20 tokens, 13,100 ETH, 5,000 BNB and 640,000 BUSD. On the 26th, Harmony founder Stephen Tse said on Twitter that Horizon was attacked not because of a smart contract vulnerability, but because of a private key leak. Although Harmony stored the private keys encrypted, the attacker decrypted some of them and signed some unauthorized transactions. At present, Harmony has migrated Horizon's verification authority on the Ethereum side to 4/5 multi-signature.
Amount of loss: $ 100,000,000 Attack method: Private Key Leaked
Description of the event: On May 18, QANX Bridge was attacked between 15:01:40 and 18:20:25 UTC. Developers can withdraw 100,450,000 QANX from QANX Bridge and sell it on Uniswap for 325 ETH, then transfer it to Tornado Cash. By May 26, the hackers had sold all the stolen QANX tokens.
Amount of loss: 100,450,000 QANX Attack method: Private Key Leaked
Description of the event: Rainbow Bridge was attacked by forged blocks. However, it was blocked by an automatic watchdog mechanism, depriving the attacker of 2.5 ETH.
Amount of loss: - Attack method: Fake NEAR blocks
Description of the event: According to official news, Marvin Inu’s cross-chain bridge was hacked, and tokens worth 110 ETH were stolen and sold, causing a sharp drop in price. The project party has closed the cross-chain bridge and fixed the loopholes. At the same time, it has adjusted the purchase tax to 0%, and promised to repurchase and destroy the tokens to make up for this loss after the price fluctuations stabilize.
Amount of loss: 110 ETH Attack method: Contract Vulnerability
Description of the event: Axie Infinity sidechain Ronin Network issued a community alert today. Ronin Network experienced a security breach. Ronin bridge 17.36w ETH and 25.5M USDC were stolen, with a loss of more than 610 million US dollars. As stated by the Ronin developers, the attacker used the hacked private key to forge fake withdrawals, pulling funds out of the Ronin bridge in just two transactions.
Amount of loss: $ 610,000,000 Attack method: Private Key Leaked
Description of the event: Meter.io's cross-chain bridge was hacked, resulting in a loss of around $4.3 million ( 1391.24945169 ETH and 2.74068396 BTC). The hacker was able to exploit a vulnerability in the deposit function, which allowed them to fake BNB or ETH transfers. Meter.io announced that Meter Passport (a cross-chain bridge extension) automatically wraps and unwraps Gas Tokens (such as ETH and BNB) for user convenience. However, the contract did not prohibit the wrapped ERC20 Token from interacting directly with the native Gas Token, nor did it properly transfer and verify the correct amount of WETH transferred from the caller address.
Amount of loss: $ 4,300,000 Attack method: Contract Vulnerability
Description of the event: Attackers exploited a signature verification vulnerability in the Wormhole network to mint 120k Ether on Solana, worth over $326 million. The hack was made possible by a series of signature verification authorizations, where the developers used a deprecated function to enable unverified forged signature passes.
Amount of loss: 120,000 ETH Attack method: Contract Vulnerability
Description of the event: The cross-chain bridge Multichain said that an important vulnerability affecting six tokens of WETH, PERI, OMT, WBNB, MATIC, and AVAX was officially discovered. Now the vulnerability has been successfully repaired, and all users' assets are safe and cross-chain. Transactions will not be affected. However, if the user has authorized these six assets, he needs to log in as soon as possible to revoke the authorization, otherwise the assets may be at risk. According to the official announcement on the 19th, because some users did not cancel the authorization in time, the stolen funds were about 445 WETH, worth about 1.43 million US dollars.
Amount of loss: 455 ETH Attack method: The validity of the parameter is not checked
Description of the event: Optics Bridge was attacked and ownership of the multi-signature wallet was transferred. cLabs engineer Tim Moreton said that the multi-signature permission of Optics, a cross-chain communication protocol on Celo, was replaced because someone activated the Optics recovery mode (recovery mode) on the Ethereum GovernanceRouter contract, which caused the recovery account to take over the Optics protocol and overwrite it. The original multi-signature permissions. Tim Moreton said that he believes that the funds on the current cross-chain bridge are not risky. Tim Moreton also said that the situation occurred within 15 minutes after cLabs expelled James Prestwich. The team is currently contacting James Prestwich to find a solution. The team is currently working to exit the recovery mode and restore the community's multi-signature governance. James Prestwich responded on Twitter that he had never had the right to activate the recovery mode and expressed regret for cLabs and Celo's damage to his reputation.
Amount of loss: - Attack method: Multi-signature permission vulnerability
Description of the event: The Nerve cross-chain bridge MetaPool was attacked. This attack was an exploit of the logical vulnerabilities of fUSDT and UST MetaPool on the Nerve cross-chain bridge BSC, causing the fUSDT and UST liquidity in the Nerve staking pool to be exhausted, and the attacker made a profit of about 900 BNB . The attacked contract code Fork is from Saddle.Finance.
Amount of loss: 900 BNB Attack method: Contract Vulnerability
Description of the event: The asset cross-chain bridge launched by the cross-chain protocol Synapse Protocol is suspected to have loopholes, and the attacker manipulated the virtual price of nUSD Metapool, reducing it by about 12.5%. Ultimately, although the funds were withdrawn from the metapool itself, the funds were not lost. When the validator is offline, the address that took the funds from the LP tries to move the funds through the bridge, so the transaction has not yet been processed. However, the validators unanimously decided not to process this transaction because it was malicious to the LP and the entire network: as a result, ~$8.2 million in nUSD was not minted to the attacker's address on the target chain. The nUSD will be returned to the affected Avalanche LPs instead.
Amount of loss: - Attack method: Price Manipulation