310 hack event(s)
Description of the event: The cross-chain lending protocol Pike Finance tweeted that the USDC pool on Pike Beta has been exploited by a hacker. The total amount of USDC exploited is 299,127. The root cause is led by forged CCTP message to drain USDC on Ethereum, Arbitrum and Optimism chain.
Amount of loss: $ 299,127 Attack method: CCTP Integration Contract Vulnerability
Description of the event: The decentralized liquidity aggregation protocol Magpie Protocol was attacked due to a contract vulnerability, resulting in $129,000 being stolen from 221 wallets. The root cause is due to unchecked call data. The attacker called the contract's swap() function and passed in data which included a list of users to transfer tokens from.
Amount of loss: $ 129,000 Attack method: Contract Vulnerability
Description of the event: Fake Masa on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 502,000 Attack method: Rug Pull
Description of the event: The price of Empower AI (EMPAI) on Ethereum has dropped by 100%. A whale 0xE4808...f3bA has dumped 1,000,000,000,000 EMPAI for about 66.44 WETH (valued at around $23,750).
Amount of loss: $ 237,500 Attack method: Rug Pull
Description of the event: Fake Monad on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 266,000 Attack method: Rug Pull
Description of the event: Fake Truflation on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 256,600 Attack method: Rug Pull
Description of the event: Fake Oasis AI on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 301,600 Attack method: Rug Pull
Description of the event: The founder of yield-trading protocol Pendle Finance tweeted that the team has confirmed being unable to access the official Pendle Twitter account and is currently investigating to resolve the issue. During this period, hackers used the Pendle official Twitter account to post phishing links. On the same day, the Pendle founder tweeted that the team had regained control of the official Pendle Twitter account.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Decentralized lending protocol Prisma Finance was hacked, with a loss of approximately 3,257.7 ETH (equivalent to around $11.6 million USD). The protocol has currently been suspended for investigation. Officials remind vault owners to disable authorization for related LST and LRT contract delegations.
Amount of loss: $ 11,600,000 Attack method: Contract Vulnerability
Description of the event: HumanizedAi (HMZ) is suspected to have exited scam, with the project team profiting 173 ETH (approximately $665,000). The project's Twitter account and website have been shut down.
Amount of loss: $ 665,000 Attack method: Rug Pull
Description of the event: The decentralized cross-chain protocol Shido Network on the Ethereum blockchain appears to be a rug pull. The owner of the SHIDO token staking contract first upgraded the staking contract, then withdrew a large amount of SHIDO tokens, and finally dumped a significant amount of SHIDO tokens at a price of 692 ETH (worth $2.1 million).
Amount of loss: $ 2,100,000 Attack method: Rug Pull
Description of the event: On February 28th, a vulnerability was discovered in the contract of Seneca, an omnichain CDP protocol on the Ethereum network. Hackers exploited constructed calldata parameters to call transferfrom, transferring tokens authorized to the project contract to their address, ultimately exchanging them for ETH. Seneca was exploited by hackers for over 1900 ETH, valued at approximately $6.5 million. On February 29th, the hacker address of SenecaUSD returned 1537 ETH (approximately $5.3 million) to the deployer address of Seneca.
Amount of loss: $ 6,500,000 Attack method: Contract Vulnerability
Description of the event: RiskOnBlast, a gambling and trading platform on the new ethereum layer-2 Blast blockchain, appears to be a rug pull. On February 25, the platform drained more than 420 ETH (~$1.3 million) from more than 750 user wallets on their platform.
Amount of loss: $ 1,300,000 Attack method: Rug Pull
Description of the event: ZoomerCoin on Ethereum suffered a flash loan attack, resulting in a loss of 14.06 ETH (~ $41k).
Amount of loss: $ 41,000 Attack method: Flash Loan Attack
Description of the event: DeFi leverage project Blueberry Protocol was exploited for approximately $1.35 million. However, the attack was intercepted by a white hat, c0ffeebabe.eth. 366 ETH has already been returned to Blueberry. The vulnerability stemmed from the incorrect handling of decimals by the lending contract. This attack occurred due to a faulty oracle deployment.
Amount of loss: $ 1,350,000 Attack method: Oracle Attack
Description of the event: The ERC-X protocol Miner (MINER) has been attacked, please do not interact. According to the Miner team's analysis, the _update function of the contract was exploited. The root cause of this exploit is a double-transfer vulnerability caused by a lack of input validation.
Amount of loss: $ 466,000 Attack method: Contract Vulnerability
Description of the event: The Not Found (404) project on ETH is suspected to have exited with losses of approximately $156,000, as the deployer withdrew a large amount of liquidity.
Amount of loss: $ 156,000 Attack method: Rug Pull
Description of the event: The DeFi protocol Abracadabra Money (MIM_Spell) has fallen victim to an attack, resulting in approximately $6.5 million in losses. Following the attack, Abracadabra.Money (MIM_Spell) provided an update on the situation via Twitter, stating that their technical team identified the vulnerability. Preliminary findings indicate the exploit targeted specific Cauldrons V3 & V4, allowing unauthorized MIM borrowing. They’ve mitigated the issue by setting borrowing limits to zero for these cauldrons.
Amount of loss: $ 6,500,000 Attack method: Security Vulnerability
Description of the event: Barley Finance tweeted that there has been a vulnerability attack on the wBARL pod. The team is working on resolving the issue. Details are as follows: 1. The exploiter took more than 10% of the total BARL supply in the pod, of which about 9% was the development team's collateral, used from Marketing and Dev allocations. Therefore, the damage to users is insignificant. 2. The solution is to change the wBARL pod contract to remove the functions that cause the exploit.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: The @Wise_Lending market was exploited today, resulting in ~177 ETH loss (~$464K). Our initial analysis shows the share accounting logic is flawed with a precision issue to drain the market funds. Here is the related hack tx: https://etherscan.io/tx/0x04e16a79ff928db2fa88619cdd045cdfc7979a61d836c9c9e585b3d6f6d8bc31
Amount of loss: $ 464,000 Attack method: Contract Vulnerability