406 hack event(s)
Description of the event: The official ether.fi Discord was hacked, and fraudulent messages containing scam links were posted. ether.fi urges users not to interact with any links within the Discord.
Amount of loss: - Attack method: Account Compromise
Description of the event: Lending protocol Malda tweeted that one of its contracts has been compromised and all contracts have been paused. Users are advised not to interact with any contracts until further notice.
Amount of loss: $ 281,000 Attack method: Contract Vulnerability
Description of the event: On May 28, SlowMist detected potential suspicious activity related to Cork Protocol. According to the SlowMist security team’s analysis, the root cause of the attack was the lack of strict validation on user-supplied data, allowing the protocol’s liquidity to be manipulated and transferred to unintended markets, which attackers then exploited to perform unauthorized redemptions and profit illegally.
Amount of loss: $ 12,000,000 Attack method: Contract Vulnerability
Description of the event: Zunami Protocol has reported a hack in which the collateral for zunUSD and zunETH was stolen, resulting in a loss of approximately $500,000. The attacker has transferred the stolen funds to Tornado Cash.
Amount of loss: $ 500,000 Attack method: Unknown
Description of the event: Curve Finance’s official website and X account were compromised in quick succession. On May 5, attackers first took control of the project’s X account and used it to post a phishing message promoting a fake airdrop. Then on May 12, the project issued a warning that the Curve frontend had been “hijacked,” in what appeared to be a domain takeover incident.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to the SlowMist MistEye security monitoring system, Aventa, which specializes in creating intuitive Web3 utilities for the crypto community, appears to have been attacked, resulting in a loss of approximately 3.9 ETH.
Amount of loss: $ 7,000 Attack method: Flash Loan Attack
Description of the event: A member of the crypto community previously revealed that "a smart contract of a certain Web3 project was suspected to have been implanted with malicious code by an employee," leading to losses of several hundred thousand dollars. Thomson, a developer of the DeFi trading and asset management project QuantMaster, stated that he was the primary victim of this theft. According to Thomson, the suspect has been largely identified. The GitHub submission records clearly point to a specific employee, and the device used to submit the code is also unique. Cursor retains a complete local AI activity log, which has been reviewed, ruling out the possibility that the malicious code was generated or modified by AI.
Amount of loss: - Attack method: Insider Manipulation
Description of the event: R0AR has been exploited, with total losses amounting to approximately $780K. According to analysis by the SlowMist security team, the root cause of the exploit was the presence of a backdoor in the contract. During deployment, the R0ARStaking contract altered the balance (user.amount) of a specified address by directly modifying storage slots. Subsequently, the attacker extracted all funds from the contract through an emergency withdrawal function. R0AR stated in a tweet: “At this stage, we do not believe this to be an external exploit. One nefarious developer, external to the R0AR core team, is seemingly behind the drain. They have been removed from the project with all accesses revoked.”
Amount of loss: $ 780,000 Attack method: Insider Manipulation
Description of the event: According to the SlowMist MistEye security monitoring system, a MEV bot (address: 0x49e27d11379f5208cbb2a4963b903fd65c95de09) has lost approximately 116.7 ETH due to a lack of access control.
Amount of loss: $ 210,000 Attack method: Lack of Strict Access Control
Description of the event: According to the SlowMist MistEye security monitoring system, the leveraged trading project SIR.trading (@leveragesir) on the Ethereum chain has been attacked, resulting in a loss of over $300,000 in assets. The root cause of this hack is that the transiently stored value set using tstore in the function was not cleared after the function call ended. This allowed the attacker to exploit this characteristic by constructing specific malicious addresses to bypass permission checks and transfer tokens.
Amount of loss: $ 355,000 Attack method: Contract Vulnerability
Description of the event: An attacker using a flash loan attack stole $13 million in the Magic Internet Money token from the Abracadabra Money project. The attack was enabled by a bug in the platform's smart contracts, and the hacker ultimately made off with around 6,262 ETH.
Amount of loss: $ 13,000,000 Attack method: Contract Vulnerability
Description of the event: Moonray's Discord was Compromised, and the attackers posted fraudulent airdrop messages. Users are advised to stay cautious and aware of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: On January 13, 2025, the SlowMist MistEye security monitoring system detected an attack on UniLend, resulting in a loss of ~$197K.
Amount of loss: $ 197,600 Attack method: Contract Vulnerability
Description of the event: The SuperVerse X account was compromised and used to post a fraudulent airdrop claim containing a phishing link.
Amount of loss: - Attack method: Account Compromise
Description of the event: Sorra was suspected to have been attacked on ETH, resulting in an approximate loss of $43K.
Amount of loss: $ 43,000 Attack method: Contract Vulnerability
Description of the event: LAURA was suspected to have been attacked on ETH, resulting in an approximate loss of $48.2K.
Amount of loss: $ 48,200 Attack method: Contract Vulnerability
Description of the event: The FEG project suffered an attack resulting in a loss of approximately $1 million. Analysis suggests that the root cause of the incident appears to be a composability issue arising from the integration with the underlying Wormhole cross-chain bridge, which facilitates cross-chain message and token transfers.
Amount of loss: $ 1,000,000 Attack method: Security Vulnerability
Description of the event: A series of exploiting transactions on Ethereum targeting the liquidity pool of the HarryPotterObamaSonic10Inu 2.0 token. The attacker profited approximately $243K and deposited the funds into Tornado.
Amount of loss: $ 243,000 Attack method: Price Manipulation
Description of the event: Arata tweeted that the Arata ecosystem and CEX wallet have been exploited. The hacker managed to sell a significant portion of the tokens.
Amount of loss: - Attack method: Unknown
Description of the event: Vestra DAO tweeted that a hacker exploited a vulnerability in the locked staking contract, manipulating the reward mechanism to claim rewards exceeding their entitlement. As a result, a total of 73,720,000 VSTR tokens were stolen. The stolen tokens were gradually sold on Uniswap, causing approximately $500,000 in ETH liquidity losses.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability