173 hack event(s)
Description of the event: @EvgenyGaevoy, founder and CEO of crypto market maker Wintermute tweeted that Wintermute lost $160 million in DeFi hacking attacks. Wintermute used Profanity to create a wallet in order to optimize fees. Funds from old address were transferred, but due to internal (human) error, wrong function was called and attacked.
Amount of loss: $ 160,000,000 Attack method: Call the wrong function
Description of the event: The security of the GERA token was compromised due to private key leakage. Hackers transferred the ownership of the smart contract deployer of GERA tokens to another address 0x510E4d61663bE6a24D600AaF90F892dd8c8C61dC.
Amount of loss: $ 1,480,000 Attack method: Private key leak
Description of the event: Decentralized liquidity protocol Kyber Network disclosed on Twitter that its users lost $265,000 in funds due to a front-end exploit. The vulnerability stems from malicious Google Tag Manager code in the KyberSwap website, where attackers target whale wallets and gain permission to transfer user funds by inserting fake approvals.
Amount of loss: $ 265,000 Attack method: Front-end malicious attack
Description of the event: Sudoswap imitation disk Sudorare is suspected to have a Rug Pull, and the Looks, WETH and XMON tokens in the contract address were transferred to the first 0xbb42 address (0xbb42f789b39af41b796f6C28D4c4aa5aCE389d8A), and then sold for ETH on Uniswap, with a total profit of about 519.5 ETH (about 800,000 US dollars) , the Sudorare website and Twitter account are now inaccessible. According to the analysis, the initial deployment funds came from the exchange Kraken.
Amount of loss: 519.5 ETH Attack method: Scam
Description of the event: The Bribe Protocol promised a DAO infrastructure tool where "token holders get paid to govern", and raised $5.5 million in funding in January to work on their extensive roadmap. However, the project leaders have effectively disappeared. There are no posts on the project's Twitter account since May, their Medium page has been untouched since March.
Amount of loss: $ 5,500,000 Attack method: Scam
Description of the event: The Curve Finance frontend was attacked, prompting users to grant token approvals to malicious smart contracts. The attackers moved the stolen funds to FixedFloat and Tornado Cash, with at least 362 ETH (~$620,000) stolen. FixedFloat tweeted that they had frozen 112 stolen ETH (~$192,000).
Amount of loss: $ 428,000 Attack method: Front-end malicious attack
Description of the event: The cross-chain interoperability protocol Nomad bridge was attacked by hackers. This attack was caused by the fact that the trusted root of the Nomad bridge Replica contract was set to 0x0 during initialization, and the old root was not invalidated when the trusted root was modified. As a result, the attack could be Construct an arbitrary message to steal funds from the bridge. White hat hackers have returned $25.4 million to date.
Amount of loss: $ 164,000,000 Attack method: Contract vulnerabilities
Description of the event: An official incident report from Impermax Finance stated that a hacker was able to steal approximately 9M IMX from several wallets controlled by the team. The IMX was not sold immediately after the hackers stole the funds. So the official team decided to get a head start by dumping a lot of tokens on the market before the hackers did anything. The Impermax lending protocol is completely immune to this, as the attack is caused by stolen private keys, not a bug in the smart contract.
Amount of loss: 9,000,000 IMX Attack method: Private key stolen
Description of the event: Staking platform Freeway tweeted, “The price of its token FWT fluctuated violently on July 13 and is currently under investigation. Freeway’s blockchain bridging service provider Coffe was attacked, and a large number of FWT tokens were bridged from Coffe’s It was removed from the wallet and subsequently sold. There was no damage to the Freeway platform, nor was the Supercharger affected. However, Freeway temporarily disabled FWT withdrawals, deposits and purchases on the platform.”
Amount of loss: - Attack method: Unknown
Description of the event: More than 70,000 addresses connected to Uniswap were airdropped tokens that tricked users into approving transactions that would allow attackers to control their wallets. The airdrop links users to a phishing site that resembles the real Uniswap site. Users are tricked into signing contracts, and cryptocurrencies and NFTs are stolen from wallets. One of the wallets lost more than $6.5 million worth of ether and bitcoin, and the other lost about $1.68 million worth of cryptocurrency.
Amount of loss: $ 12,900,000 Attack method: Phishing attack
Description of the event: BIFROST officially released a report saying that the BTC address registration server of the BiFi service was attacked. According to the analysis, the attack was limited to the BTC address registration server, and neither the smart contract nor the BiFi protocol detected the vulnerability. BiFi issues and uses an address for each user who deposits BTC. The deposit addresses are signed and delivered to the address issuing server and the addresses are reflected on BiFi only in the case when the signature is verified. In the attack, the server key of the address issuing server was exposed and the attacker was able to self-sign their own deposit address. Since the attacker could generate a valid signature on the deposit address, BiFi mistakenly recognized the attacker’s BTC transfer as a BTC deposit into BiFi. As a result, the attacker was able to borrow 1,852 ETH with fake deposit.
Amount of loss: 1,852 ETH Attack method: The server key was exposed
Description of the event: $MAD was hacked, and the hacker transferred all $MAD in the contract by directly calling the transfer function of the contract holding the token, and finally made a profit of $556 BNB (worth about $115,681), which was then transferred to Tornado.Cash. The reason is that the sensitive function was not checked in the contract that holding tokens, resulting in anyone can directly call the 0x9763a894 function to transfer out the tokens held in the contract.
Amount of loss: $ 115,681 Attack method: Function vulnerability
Description of the event: Harmony Horizon bridge was hacked. According to the analysis of SlowMist MistTrack, the attackers made more than 100 million US dollars, including 11 ERC20 tokens, 13,100 ETH, 5,000 BNB and 640,000 BUSD. On the 26th, Harmony founder Stephen Tse said on Twitter that Horizon was attacked not because of a smart contract vulnerability, but because of a private key leak. Although Harmony stored the private keys encrypted, the attacker decrypted some of them and signed some unauthorized transactions. At present, Harmony has migrated Horizon's verification authority on the Ethereum side to 4/5 multi-signature.
Amount of loss: $ 100,000,000 Attack method: Private key leak
Description of the event: Ribbon Finance said in a tweet that the homepage of the URL suffered a DNS attack, causing 2 users to approve a malicious contract for vault deposits. At present, the team has solved the problem, and the funds in all contracts are in a safe state. After analyzing the data on the chain, SlowMist believes that it is the same attacker as Convex. At the same time, it is found that a user of Ribbon Finance lost 16.5 WBTC in the attack.
Amount of loss: 16.5 BTC Attack method: DNS Attack
Description of the event: One-stop asset management solution DeFiSaver tweeted that it experienced an attempted DNS attack and, according to its analysis, no users were affected. DeFi Saver said that what the DNS attack has in common with Convex Finance and Ribbon Finance is the domain name registration service Name cheap, reminding other projects to use it with caution.
Amount of loss: - Attack method: DNS Attack
Description of the event: The SNOOD ERC-777 smart contract was attacked, causing the liquidity of the UniswapV2Pair token to be completely drained (104 ETH).
Amount of loss: 104 ETH Attack method: Reentry attack
Description of the event: Inverse Finance suffered a flash loan attack, resulting in a loss of approximately 1068.215 ETH (approximately $1.26 million). This is the second time that Inverse Finance has suffered a flash loan attack in the past two months. The main reason for this attack is the use of insecure oracles to calculate LP prices.
Amount of loss: $ 1,260,000 Attack method: Flash loan attack
Description of the event: The treasure swap project was attacked. The attacker only used 0.000000000000000001 WETH to exchange all the WETH tokens in the transaction pool. The reverse of the source code found that the swap function of the attacked contract lacked the K value check. At present, the attacker has completed the attack on the two contracts 0xe26e436084348edc0d5c7244903dd2cd2c560f88 and 0x96f6eb307dcb0225474adf7ed3af58d079a65ec9, and accumulated a profit of 3,945 BNB.
Amount of loss: 3,945 BNB Attack method: K value not verified
Description of the event: The ApolloX project was attacked due to a flaw in the ApolloX signature system. The attacker used the signature system flaw to generate 255 signatures, with a total of 53,946,802 $APX extracted from the contract, worth about $1.6 million.
Amount of loss: $ 1,600,000 Attack method: Signature system flaws
Description of the event: Equalizer Finance suffered flash loan attacks on four chains: Ethereum, BSC, Polygon and Optimism. The main reason for this attack is that the FlashLoanProvider contract of the Equalizer Finance protocol is not compatible with the Vault contract. According to officials, funds on Ethereum and BSC have been recovered, but funds on Optimism and Polygon remain unaccounted for.
Amount of loss: $ 831 Attack method: Contract is not compatible