384 hack event(s)
Description of the event: Arata tweeted that the Arata ecosystem and CEX wallet have been exploited. The hacker managed to sell a significant portion of the tokens.
Amount of loss: - Attack method: Unknown
Description of the event: Vestra DAO tweeted that a hacker exploited a vulnerability in the locked staking contract, manipulating the reward mechanism to claim rewards exceeding their entitlement. As a result, a total of 73,720,000 VSTR tokens were stolen. The stolen tokens were gradually sold on Uniswap, causing approximately $500,000 in ETH liquidity losses.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: DeBox officially announced that due to the leakage of the private key of an operational account's personal EOA wallet, 31.03 ETH and 4.879 million BOX tokens were stolen.
Amount of loss: $ 275,000 Attack method: Private Key Leakage
Description of the event: The Sweepr Token (SWEEPR) on ETH was suspected to have been attacked, resulting in a loss of approximately $14K.
Amount of loss: $ 14,000 Attack method: Contract Vulnerability
Description of the event: The vETH token suffered an attack, resulting in approximately $450K in losses.
Amount of loss: $ 450,000 Attack method: Price Manipulation
Description of the event: On November 8, a hacker breached the CoinPoker’s hot wallet, resulting in the unauthorized draining of approximately $2M USD. The attack spanned across multiple blockchain networks, including BNB Chain, Ethereum, and Polygon networks. Later, it funneled through Tornado Cash to obscure the trail and to launder the funds.
Amount of loss: $ 2,000,000 Attack method: Third-party Vulnerability
Description of the event: The official X account of Eigenlayer, the Ethereum re-staking protocol, is suspected to have been hacked. The hacker has posted a fake phishing link; please do not interact with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: ZK startup Lagrange's X account has been allegedly compromised, and a scam link related to the LGR token has been posted. Please stay vigilant and be cautious of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to meme coin KOL Murad (@MustStopMurad), the official X account of SPX6900 (SPX) has been hacked. Users are advised not to click any links.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the staking protocol Symbiotic has been suspected of being hacked. The hacker has already posted a fake phishing link. Please do not interact with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Fire ($FIRE) token on Ethereum was exploited just 24 seconds after its launch, resulting in the theft of 9 ETH (approximately $24,000). The root cause was related to the token burn mechanism within the transfer() function.
Amount of loss: $ 2,4000 Attack method: Contract Vulnerability
Description of the event: According to on-chain sleuth ZachXBT, the project Truflation was hacked a few hours ago for $5M+ on multiple chains from the treasury multisig and personal wallets.
Amount of loss: $ 5,000,000 Attack method: Malware Attack
Description of the event: Onyx protocol suffered a security breach, resulting in a loss of over $3.8 million. The attacker exploited a known precision issue in the Compound V2 code. Additionally, the NFTLiquidation contract failed to properly validate untrusted user input, allowing the attacker to inflate the self-liquidation reward amount, which further worsened the losses.
Amount of loss: $ 3,800,000 Attack method: Contract Vulnerability
Description of the event: On September 24, ether.fi experienced a security incident involving its domain registrar, Gandi.net, resulting in the compromise of the ether[.]fi domain.
Amount of loss: - Attack method: DNS Attack
Description of the event: A crypto yield platform called Shezmu suffered a loss of around $4.9 million in $ShezUSD after an attacker exploited a flaw that allowed anyone to mint collateral, which they could then use to borrow ShezUSD. These tokens were relatively illiquid, however, so the total amount the attacker could have obtained was likely considerably less. Shortly after the attack, Shezmu offered a 10% "bounty" for the return of the funds. The attacker responded that they would only consider a 20% bounty. Shezmu agreed to the terms, and announced to their followers that they had achieved a recovery from the "white hat" hacker.
Amount of loss: $ 4,900,000 Attack method: Contract Vulnerability
Description of the event: The Immutable Discord server was compromised. According to an official tweet from Immutable, a community support contractor’s Discord was compromised, leading to a phishing link being posted.
Amount of loss: - Attack method: Account Compromise
Description of the event: Compound community’s Discord server has been hacked. Please do not click on any links until the situation is resolved.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the metaverse project Decentraland has been hacked. The hacker has posted a fake phishing link. Please avoid interacting with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: Ethena Labs posted on X platform that their Ethena domain registrar account was recently compromised. They have taken measures to disable the website until further notice. The protocol is not affected, and funds are secure. Please do not interact with any sites or applications claiming to be the Ethena frontend.
Amount of loss: - Attack method: DNS Attack
Description of the event: Banana Gun stated on X platform that some users experienced unauthorized wallet transfers. The issue may have stemmed from a front-end vulnerability. Prioritizing security, the team kept the bot offline during the investigation of the root cause. On September 25, Banana Gun announced on X platform that a total of 11 users were affected, with losses amounting to $3 million. All affected users will be fully compensated from the Banana Gun treasury, without selling any tokens for reimbursement. Following a thorough investigation by the Banana Gun development team and external experts, it was discovered that a potential vulnerability in the Telegram message oracle used by Banana Gun might have led to the attack.
Amount of loss: $ 3,000,000 Attack method: Unknown