190 hack event(s)
Description of the event: Kokomo Finance conducted an exit scam and stole ~$4 million in user funds.
Amount of loss: $4,000,000 Attack method: Rug Pull
Description of the event: EC token deployer address removed ~$43.8K from the Liquidity Pool!
Amount of loss: $43800 Attack method: Rug Pull
Description of the event: Defunct Swerve Finance still subject of $1.3 million live governance hack
Amount of loss: $1,300,000 Attack method: Governance Attack
Description of the event: Indexed Finance's ORCL5 Token contract was attacked by a flash loan and lost $9,925. Root cause preliminary analysis is that "calcSingleOutGivenPoolIn()" calculates wrong value of tokenAmountOut.
Amount of loss: $ 9,925 Attack method: Flash Loan Attack
Description of the event: Poolz Finance's LockedDeal contract was hacked and lost about $500,000. The attacker called the vulnerable function CreateMassPools in the LockedDeal contract, and triggered an integer overflow vulnerability in the parameter _StartAmount. In addition to obtaining a large number of poolz tokens, the attacker also obtained other tokens.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: Yearn Finance tweeted: “While there is no direct exposure to Euler, some vaults are indirectly exposed to the hack. Vaults using the Idle and Angle strategies have a combined exposure of $1.38 million on yvUSDT and yvUSDC. The developers are currently actively working on the affected protocol, any remaining bad debt will be borne by the Yearn Treasury, and all vaults will remain open and fully operational for users as usual."
Amount of loss: $ 1,380,000 Attack method: Affected by the Euler Finance attack
Description of the event: The DeFi protocol Idle Finance tweeted that after investigation, the estimated exposure of the Euler Finance vulnerability to the protocol Yield Tranches was $5.6628 million, and the estimated exposure of Best Yield vaults was about $5.3271 million, for a total of about $10.99 million.
Amount of loss: $ 10,990,000 Attack method: Affected by the Euler Finance attack
Description of the event: Yield Protocol, a fixed-rate lending agreement, posted an update on Twitter saying: "All collateral deposited by borrowers on Yield Protocol appears to be safe. Collateral is not deposited into Euler, but is kept in Yield Protocol. Euler hack Affected our mainnet liquidity pool. The Yield liquidity pool holds two assets: Euler eTokens and Yield fyTokens. We do not yet have exact figures for the value of eTokens held prior to the attack, but believe the total value is less than $1.5 million. "
Amount of loss: $ 1,500,000 Attack method: Affected by the Euler Finance attack
Description of the event: Harvest said that USDC, USDT, and WETH Vault were affected because of the use of Idle. Currently Harvest has not explained how to deal with it, and reminds users not to interact with these vaults until the problem is resolved.
Amount of loss: - Attack method: Affected by the Euler Finance attack
Description of the event: Sherlock is a DeFi security provider that provides smart contract auditing and insurance services. When Euler first launched, it entered into a $10 million partnership with Sherlock, who was responsible for auditing Euler's smart contracts and providing insurance for Euler. After Euler was attacked, Sherlock has passed a vote to pay Euler $4.5 million.
Amount of loss: $ 4,500,000 Attack method: Affected by the Euler Finance attack
Description of the event: Sense Finance is a fixed-rate lending protocol in which fixed-income assets such as Idle can be traded, which was indirectly affected by the Euler attack.
Amount of loss: - Attack method: Affected by the Euler Finance attack
Description of the event: The DeFi lending protocol Euler Finance was attacked, and the attackers made a profit of about 197 million US dollars. The attacker used flashloans to deposit funds and then leveraged them twice to trigger the liquidation logic, donating the funds to the reserve address and conducting a self-liquidation to collect any remaining assets. Two key factors contributed to the success of the attack: 1. Funds were donated to the reserved address without being subjected to a liquidity check. This created a mechanism that could directly trigger soft liquidation. 2. When the soft liquidation logic was triggered by high leverage, the yield value increased, enabling the liquidator to obtain most of the collateral funds from the liquidated user's account by transferring only a portion of the liabilities to themselves. Given that the value of the collateral funds exceeded the value of the liabilities (which were only partially transferred due to the soft liquidation), the liquidator was able to successfully pass their health factor check (checkLiquidity) and withdraw the obtained funds.
Amount of loss: $ 197,000,000 Attack method: Flash Loans & Logicl Vulnerability
Description of the event: The decentralized exchange Balancer disclosed on Twitter that in the Euler Finance attack, about $11.9 million was sent to Euler from the bbeUSD liquidity pool, accounting for 65% of the liquidity pool TVL, and bbeUSD was also deposited The other 4 liquidity pools: wstETH/bbeUSD, rETH/bbeUSD, TEMPLE/bbeUSD, DOLA/bbeUSD, all other Balancer liquidity pools are safe.
Amount of loss: $ 11,900,000 Attack method: Affected by the Euler Finance attack
Description of the event: Angle Protocol, a decentralized stablecoin protocol, tweeted: "Angle Protocol was affected by the Euler exploit, which deposited 17.6 million USDC into Euler. The protocol has been suspended, the debt ceiling has been set to 0, and the Euler AMO has been closed .are monitoring the situation and will update as soon as they are received.” Angle Protocol stated that before the Euler hack, the total value locked (TVL) of the Angle Core module was about 36 million US dollars, and 17.2 million agEUR had passed through the core. Module casting. In addition, in the agreement are: about 11.6 million US dollars in deposits from standard liquidity providers, about 353,000 US dollars in deposits from hedging agents, and a surplus of about 5.58 million yuan.
Amount of loss: $ 17,600,000 Attack method: Affected by the Euler Finance attack
Description of the event: Inverse Finance, a DeFi lending protocol, tweeted: “Euler attack impacted DOLA-bb-e-USD pool on Balancer. Despite quick action to mitigate 90% of the impact, DOLA Fed suffered up to 86% for this pool. million in losses, excluding rewards points. Will be working with Balancer to recover the remaining funds.”
Amount of loss: $ 860,000 Attack method: Affected by the Euler Finance attack
Description of the event: SwissBorg is a crypto asset management platform that is regulated and licensed in Switzerland, France and Estonia. It has its own SwissBorg app and can earn money through this mobile wallet. SwissBorg stated that the ETH and USDT in the Earn strategy suffered partial losses, including 1617.23 ETH and about 1.69 million USDT, accounting for 2.27% and 29.52% of the subscription funds respectively. SwissBorg will bear all losses.
Amount of loss: $ 4,500,000 Attack method: Affected by the Euler Finance attack
Description of the event: Opyn built the first decentralized option protocol, developed the perpetual option Opyn Squeeth, and built a variety of income strategies on Suqeeth. This time Opyn is affected by the Zen Bull strategy, which combines the Crab strategy and ETH leveraged long positions, and is suitable for low-volatility markets where ETH prices are on an upward trend. Since this strategy requires mortgage assets to buy ETH through leverage, it may be a mortgage loan in Euler, resulting in losses. Opyn has not announced the amount of the loss and how it will be dealt with.
Amount of loss: - Attack method: Affected by the Euler Finance attack
Description of the event: The AMM liquidity management protocol Revert Finance disclosed on Twitter that its v3utils contract was attacked, and 90% of the funds were stolen from a single account. The stolen assets included: 22983.235188 USDC, 4106.316699 USDT, 485.5786287699002 OP, 0.18217977664322793 WETH, 36.59093198260223 DAI, 211.21463945524238 WMATIC and 22 Premia. At current prices, that's about $29,000.
Amount of loss: $ 29,000 Attack method: Contract Vulnerability
Description of the event: The DEX tool Dexible was suspected of being attacked and lost about $2 million. According to the analysis, there is a logical loophole in the selfSwap function of the Dexible contract, which will call the fill function. This function has a call to the attacker's custom data, and the attacker constructs a transferfrom function in this data, and transfers other users (0x58f5f0684c381fcfc203d77b2bba468ebb29b098) address and its own attack address (0x684083f312ac50f538cc4b634d85a2feafaab77a), causing the tokens authorized by the user to the contract to be transferred by the attacker.
Amount of loss: $ 2,000,000 Attack method: Function Vulnerability
Description of the event: SushiSwap's BentoBoxv1 contract was attacked, and the hacker made a profit of about $26,000. According to analysis, the attack is due to the Kashi Medium Risk ChainLink price update later than the mortgage/loan. In the two attack transactions, the attacker flashloaned 574,275 and 785,560 xSUSHI respectively. After mortgage and loan, the price of kmxSUSHI/USDT in LINK Oracle dropped by 16.9%. By exploiting this price gap, the attacker can call the liquidate() function to liquidate and obtain 15,429 and 11,333 USDT.
Amount of loss: $ 26,000 Attack method: Price Manipulation