42 hack event(s)
Description of the event: Celer said that cBridge's front-end interface suffered from DNS cache poisoning attacks. This attack targeted third-party DNS providers. Celer's own contract was not affected, and users who suffered losses in this incident, Celer, will be fully compensated.
Amount of loss: 128.4 ETH Attack method: BGP Hijacking
Description of the event: The Nomad Bridge, a cross-chain interoperability protocol, was attacked by hackers. This attack was due to the fact that the trusted root of the Nomad Bridge Replica contract was set to 0x0 during initialization, and the old root was not invalidated when the trusted root was modified. Constructing arbitrary messages to steal funds from the bridge, the attacker was able to extract over $190 million in value from the attack. So far, more than 40 addresses have returned over $36 million to Nomad.
Amount of loss: $ 154,000,000 Attack method: Contract Vulnerability
Description of the event: Harmony Horizon bridge was hacked. According to the analysis of SlowMist MistTrack, the attackers made more than 100 million US dollars, including 11 ERC20 tokens, 13,100 ETH, 5,000 BNB and 640,000 BUSD. On the 26th, Harmony founder Stephen Tse said on Twitter that Horizon was attacked not because of a smart contract vulnerability, but because of a private key leak. Although Harmony stored the private keys encrypted, the attacker decrypted some of them and signed some unauthorized transactions. At present, Harmony has migrated Horizon's verification authority on the Ethereum side to 4/5 multi-signature.
Amount of loss: $ 100,000,000 Attack method: Private Key Leakage
Description of the event: On May 18, QANX Bridge was attacked between 15:01:40 and 18:20:25 UTC. Developers can withdraw 100,450,000 QANX from QANX Bridge and sell it on Uniswap for 325 ETH, then transfer it to Tornado Cash. By May 26, the hackers had sold all the stolen QANX tokens.
Amount of loss: 100,450,000 QANX Attack method: Private Key Leakage
Description of the event: Rainbow Bridge was attacked by forged blocks. However, it was blocked by an automatic watchdog mechanism, depriving the attacker of 2.5 ETH.
Amount of loss: - Attack method: Fake NEAR blocks
Description of the event: According to official news, Marvin Inu’s cross-chain bridge was hacked, and tokens worth 110 ETH were stolen and sold, causing a sharp drop in price. The project party has closed the cross-chain bridge and fixed the loopholes. At the same time, it has adjusted the purchase tax to 0%, and promised to repurchase and destroy the tokens to make up for this loss after the price fluctuations stabilize.
Amount of loss: 110 ETH Attack method: Contract Vulnerability
Description of the event: Axie Infinity sidechain Ronin Network issued a community alert today. Ronin Network experienced a security breach. Ronin bridge 17.36w ETH and 25.5M USDC were stolen, with a loss of more than 610 million US dollars. As stated by the Ronin developers, the attacker used the hacked private key to forge fake withdrawals, pulling funds out of the Ronin bridge in just two transactions.
Amount of loss: $ 610,000,000 Attack method: Private Key Leakage
Description of the event: Meter.io's cross-chain bridge was hacked, resulting in a loss of around $4.3 million ( 1391.24945169 ETH and 2.74068396 BTC). The hacker was able to exploit a vulnerability in the deposit function, which allowed them to fake BNB or ETH transfers. Meter.io announced that Meter Passport (a cross-chain bridge extension) automatically wraps and unwraps Gas Tokens (such as ETH and BNB) for user convenience. However, the contract did not prohibit the wrapped ERC20 Token from interacting directly with the native Gas Token, nor did it properly transfer and verify the correct amount of WETH transferred from the caller address.
Amount of loss: $ 4,300,000 Attack method: Contract Vulnerability
Description of the event: The cross-chain bridge Multichain said that an important vulnerability affecting six tokens of WETH, PERI, OMT, WBNB, MATIC, and AVAX was officially discovered. Now the vulnerability has been successfully repaired, and all users' assets are safe and cross-chain. Transactions will not be affected. However, if the user has authorized these six assets, he needs to log in as soon as possible to revoke the authorization, otherwise the assets may be at risk. According to the official announcement on the 19th, because some users did not cancel the authorization in time, the stolen funds were about 445 WETH, worth about 1.43 million US dollars.
Amount of loss: 455 ETH Attack method: The validity of the parameter is not checked
Description of the event: Optics Bridge was attacked and ownership of the multi-signature wallet was transferred. cLabs engineer Tim Moreton said that the multi-signature permission of Optics, a cross-chain communication protocol on Celo, was replaced because someone activated the Optics recovery mode (recovery mode) on the Ethereum GovernanceRouter contract, which caused the recovery account to take over the Optics protocol and overwrite it. The original multi-signature permissions. Tim Moreton said that he believes that the funds on the current cross-chain bridge are not risky. Tim Moreton also said that the situation occurred within 15 minutes after cLabs expelled James Prestwich. The team is currently contacting James Prestwich to find a solution. The team is currently working to exit the recovery mode and restore the community's multi-signature governance. James Prestwich responded on Twitter that he had never had the right to activate the recovery mode and expressed regret for cLabs and Celo's damage to his reputation.
Amount of loss: - Attack method: Multi-signature permission vulnerability
Description of the event: The Nerve cross-chain bridge MetaPool was attacked. This attack was an exploit of the logical vulnerabilities of fUSDT and UST MetaPool on the Nerve cross-chain bridge BSC, causing the fUSDT and UST liquidity in the Nerve staking pool to be exhausted, and the attacker made a profit of about 900 BNB . The attacked contract code Fork is from Saddle.Finance.
Amount of loss: 900 BNB Attack method: Logic Vulnerability
Description of the event: The asset cross-chain bridge launched by the cross-chain protocol Synapse Protocol is suspected to have loopholes, and the attacker manipulated the virtual price of nUSD Metapool, reducing it by about 12.5%. Ultimately, although the funds were withdrawn from the metapool itself, the funds were not lost. When the validator is offline, the address that took the funds from the LP tries to move the funds through the bridge, so the transaction has not yet been processed. However, the validators unanimously decided not to process this transaction because it was malicious to the LP and the entire network: as a result, ~$8.2 million in nUSD was not minted to the attacker's address on the target chain. The nUSD will be returned to the affected Avalanche LPs instead.
Amount of loss: - Attack method: Price Manipulation
Description of the event: These implicit assumptions on Uniswap V2 resulted in 20 addresses on Alpha Homora V2 being impacted and lost a total of 40.93 ETH to miners who extracted this value. We have plans to compensate these 20 addresses. However, what’s more important is to share this with our community, especially other builders in the space to be aware of these implicit assumptions that are not stated, how you can detect this as a builder, and how to prevent/mitigate this.
Amount of loss: 40.93 ETH Attack method: Sandwich attack
Description of the event: The cross-chain protocol pNetwork released an analysis report in response to the previous attack that resulted in the theft of 277 BTC, stating that at 17:20 UTC on September 19, 2021, the pNetwork system was attacked by hackers who attacked multiple pToken bridges. Including pBTC-on-BSC, TLOS-on-BSC, PNT-on-BSC, pBTC-on-ETH, TLOS-on-ETH and pSAFEMOON-on-ETH. However, hackers only cross-chain bridges in pBTC-on-BSC The attack was successful and 277 BTC were stolen from the pBTC-on-BSC collateral. Other pToken bridges were not affected and the funds were safe.
Amount of loss: 277 BTC Attack method: Contract Vulnerability
Description of the event: Poly Network, a cross-chain interoperability protocol, said it was attacked, and a total of more than 610 million US dollars were transferred to 3 addresses. Among them, the funds transferred to Binance smart chain addresses starting with 0x0D6e2 exceeded 250 million US dollars, and they were transferred to the ether starting with 0xC8a65. There are over 270 million U.S. dollars in workshop addresses, and over 85 million U.S. dollars in transfers to Polygon addresses. Affected by this, the large amount of assets in the O3 Swap cross-chain pool was transferred out, and the official is investigating.With the efforts of many parties, the hackers have now returned tokens worth 342 million U.S. dollars.
Amount of loss: $ 613,062,100.7 Attack method: Permission Stolen
Description of the event: THORChain (RUNE), a decentralized cross-chain transaction protocol, claims that hackers airdrop UniH tokens to Ethereum addresses as bait to steal RUNE tokens in users' wallets. Hackers have airdropped UniH tokens with malicious contracts to at least 76,000 Ethereum addresses. Once receiving users sell their newly received UniH tokens (or even just approve the sale) on decentralized trading platforms such as Uniswap, the hackers will They can steal any RUNE tokens they have in their wallets. This is because the RUNE token uses a non-standard token contract called "tx.origin". According to Thorchain’s RUNE token contract code “Beware of phishing contracts that may steal tokens by intercepting tx.origin”, it knows that this type of attack may occur. In just a few hours, hackers have stolen USD 76,000 worth of tokens. currency.
Amount of loss: $ 76,000 Attack method: Phishing attack
Description of the event: THORChain (RUNE), a decentralized cross-chain transaction protocol, said it was attacked again, and many ERC20 tokens including XRUNE were affected. This attack targeted ETH routing and lost 8 million U.S. dollars. The attacker "intentionally limited the impact of the attack, which seems to be done by a white hat."
Amount of loss: $ 8,000,000 Attack method: Logic Vulnerability
Description of the event: The decentralized cross-chain transaction protocol THORChain (RUNE) updated the attack situation, claiming that the amount of lost assets was about 4000 ETH. The initial assessment is that the attack was a logical vulnerability when Eth Bifrost used the routing contract to capture ERC-20 tokens. The attacker use. Not long ago, THORChain updated Eth Bifrost to allow the routing contract to be "encapsulated" by the contract. The attacker uses this to send a transaction with msg.value = 200 ETH and immediately uses the contract to transfer it back to itself, while Bifrost will report msg. value = 200 instead of depositAmount = 0, so as to realize the profit of calling the routing contract with the amount of 0 ETH.
Amount of loss: $ 7,600,000 Attack method: False top-up
Description of the event: The cross-chain bridge Chainswap announced the details of the stolen incident on its official blog. A total of 20 project assets were stolen, with a total value of approximately US$4 million. At present, the ChainSwap team has reached a consensus with the affected projects and initially formulated and implemented a compensation plan. According to the project investigation, due to the error in the token cross-chain quota code, the on-chain swap bridge quota is automatically increased by the signature node, the purpose of which is to be more decentralized without manual control. However, due to a logical flaw in the code, this led to a vulnerability that automatically increases the number of invalid addresses that are not whitelisted.
Amount of loss: $ 4,000,000 Attack method: Contract Vulnerability
Description of the event: The cross-chain bridge project Multichain issued an announcement stating that the newly launched V3 cross-chain liquidity pool was hacked in the early hours of yesterday, with a total loss of 2.39 million USDC and 5.5 million MIM. According to Etherscan, the hacker has sold all MIMs and obtained 548 Million DAI, which means that Multichain's total loss is more than 7.87 million U.S. dollars. According to the explanation of the reason for the theft in the Multichain announcement, two v3 router transactions were detected under the V3 router MPC account on the BSC. These two transactions have the same R value signature, and the hacker reversed the private key of this MPC account. At present, the team has fixed the code to avoid using the same R signature. Multi-chain router V3 will restart in about 48 hours. There is no security risk for v1 and v2. Multichain stated that it has taken remedial measures to provide full compensation. Multichain will refill the stolen liquidity within 48 hours, and the liquidity provider will be able to withdraw assets from the fund pool again without any loss.
Amount of loss: $ 7,870,000 Attack method: Contract Vulnerability