119 hack event(s)
Description of the event: At 8 pm on December 8, the hacker account itsspiderman used an overflow vulnerability to issue additional tripool market-making certificates in eCurve out of thin air, pledged and loaned most of the tokens in the agreement in PIZZA. Afterwards, hackers created more than 1.3 million accounts and dispersed the stolen assets. The loss of the PIZZA protocol in this attack is equivalent to about 5 million U.S. dollars. After negotiations, the hackers agreed to a ransom of $500,000.
Amount of loss: $ 500,000 Attack method: Overflow vulnerability
Description of the event: Defibox discovered an abnormal exchange situation of the EOS-EMOON trading pair at 22:00 on September 16th. After an emergency investigation, the swap contract was suspended at 0:00 on September 17th, and it was reopened on the morning of September 17th after auditing and multiple signings were completed. Swap contract. This exchange abnormality is caused by the incompatibility between the Defibox Swap contract and the EMOON contract. Before the event, the number of pots was 482636464535179.88 EMOON/4866.1494 EOS. When the contract was suspended, the EMOON pot was 5790970803030.11 EMOON/3.4553EOS, resulting in about 4863 EOS. loss. At present, the Defibox team has eliminated this type of risk caused by other burning tokens, and has upgraded the Swap contract to further improve the security of the contract. The Defibox Foundation will activate the risk reserve and pay 4863 EOS to the EMOON community.
Amount of loss: 4,863 EOS Attack method: The incompatibility of mutual calling between Swap contract and EMOON contract
Description of the event: According to previous news, starting from 11:28 UTC on May 14th, the flash.sx flash loan smart contract suffered a "re-entry" attack vulnerability, and approximately 1.2 million EOS and 462,000 USDT were stolen. According to official sources, after EOS Nation's Lightning Loan was hacked, the project party initiated a proposal to directly change the hacker's EOS account permissions and return the assets. It is reported that the proposal initiated by the project party changed the hacker address authority to BP, which will be executed after approval.
Amount of loss: $ 11,742,000 Attack method: "re-entry" attack vulnerability
Description of the event: On September 26, the SushiSwap imitation project named GemSwap was exposed and LP was taken away. The query found that the project posted a tweet at around 15:00 today and revealed that it was attacked by the developer of "whatitdobb". It is understood that the project completed the liquidity migration earlier today, but the developer who initiated the attack had The relevant permission was obtained and the tokens in the liquidity pool were able to be taken away. The specific losses caused by this attack are currently unclear.
Amount of loss: - Attack method: Scam
Description of the event: The wRAM of the EOS ecological DeFi liquidity mining project Coral was attacked by hackers and lost more than 120,000 EOS.
Amount of loss: 120,000 EOS Attack method: Reentrancy attack
Description of the event: According to SlowMist Zone intelligence, EOS project EMD is suspected to be on the run. To date, EmeraldMine1 has transferred 780,000 USDT, 490,000 EOS and 56,000 DFS to Account SJI111111111, and 121,000 EOS has been transferred to Changenow coin Laundering. Current lost MARKET value: US $2,468,838 =17,281,866 RMB.
Amount of loss: $ 2,468,838 Attack method: Scam
Description of the event: EOS gambling DApp suffered fake EOS attack
Amount of loss: 25,329.291 EOS Attack method: Fake EOS token attack
Description of the event: BetHash's betting game mechanism allows players to guess the ratio of the number between 0-100 and the random number given by the system to win the bonus of the corresponding odds. The smaller the bet number, the greater the odds. Every time a player makes a bet, the dicereceipt() function of the BetHash smart contract will be called to notify the player's account. At this point, the hacker can control the malicious program to hijack the notification and embed the inline operation to implement the attack. Although the attacker also needs to pay a certain amount of bet for every attack, as long as it keeps 0.1 EOS and is conservative
Amount of loss: - Attack method: Illegal operations embedded in transfer notifications
Description of the event: Hackers launched a "fake EOS" attack on BitDice, a guessing game, earning more than 4,000 EOS and transferring it to EXMO, ChangeNOW and other exchanges.
Amount of loss: 4,000 EOS Attack method: Fake EOS token attack
Description of the event: "skreosladder" has been attacked again by hackers, who have earned thousands of EOS. The hacker has attacked the game several times and has been blacklisted by the project side, but the hacker still used the trumpet to circumvent the restrictions.
Amount of loss: - Attack method: Unknown
Description of the event: SKR EOS games have again been attacked by hackers, who have now earned about 4,000 EOS. After analysis, hackers still use the transaction congestion attack, operating multiple trumpet attacks on the game in turn.
Amount of loss: 4,000 EOS Attack method: Transaction congestion attack
Description of the event: The skreosladder game has been attacked by hackers again, and hackers have now profited thousands of EOS. After preliminary analysis, hackers still use transaction crowding attacks, but the difference is that hackers control a large number of accounts to place bets at the same time, and then multiple accounts are used to push blocks due to the large number of accounts participating in the attack. The connection between accounts is not obvious, and the attack is highly concealed.
Amount of loss: - Attack method: Transaction congestion attack
Description of the event: EOS Royale has been attacked by hackers, who have gained around 18,000 EOS.
Amount of loss: 18,000 EOS Attack method: Unknown
Description of the event: Multiple hackers have launched a series of attacks on the EOS game LuckyClover, earning thousands of EOS.
Amount of loss: - Attack method: Hard_fail attack
Description of the event: Multiple hackers have launched a series of attacks on the EOS game UnicornBet, earning thousands of EOS.
Amount of loss: - Attack method: Fake EOS token attack
Description of the event: The hacker launched a continuous attack on the HiGold Game and realized the profit.
Amount of loss: - Attack method: Random number attack
Description of the event: EOS contract yizeslotsbet suffers transfer error prompt, the attacker has already obtained 1,0000 FB token.
Amount of loss: 10,000 FB Attack method: Transfer error prompt
Description of the event: Continuous attack by hackers to SKR EOS, earning thousands of EOS.
Amount of loss: - Attack method: Random number attack
Description of the event: The 600 million BETX tokens held by BETX managers were stolen by hacker and sold on the Newdex exchange. Preliminary analysis shows that the cause of this attack is that the private key of BETX project is stolen, and the hacker gains the owner privilege and transfers all the existing tokens of the contract. The selloff caused the BETX token to fluctuate sharply and close to zero.
Amount of loss: 600,000,000 BETX Attack method: The private key is stolen
Description of the event: EOS game Poker EOS appears abnormal, which is confirmed to be caused by the disclosure of the private key of the game. The hackers made more than 20,000 EOS in total, and more than 10,000 of them have been transferred to the exchanges.
Amount of loss: 26,992.2297 EOS Attack method: Private key leak