312 hack event(s)
Description of the event: Barley Finance tweeted that there has been a vulnerability attack on the wBARL pod. The team is working on resolving the issue. Details are as follows: 1. The exploiter took more than 10% of the total BARL supply in the pod, of which about 9% was the development team's collateral, used from Marketing and Dev allocations. Therefore, the damage to users is insignificant. 2. The solution is to change the wBARL pod contract to remove the functions that cause the exploit.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: The @Wise_Lending market was exploited today, resulting in ~177 ETH loss (~$464K). Our initial analysis shows the share accounting logic is flawed with a precision issue to drain the market funds. Here is the related hack tx: https://etherscan.io/tx/0x04e16a79ff928db2fa88619cdd045cdfc7979a61d836c9c9e585b3d6f6d8bc31
Amount of loss: $ 464,000 Attack method: Contract Vulnerability
Description of the event: The community-driven ZK L2 network ZKFair's official Discord has been hacked.Do not click any links until the team regain control of the server.
Amount of loss: - Attack method: Discord was hacked
Description of the event: DeFi lending protocol Compound Labs tweeted that their account was compromised yesterday for ~4 hours until they regained control of the account and removed the spam messages.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Sleepless AI (AI) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 91,000 Attack method: Rug Pull
Description of the event: Ordinal Dex (ORDEX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 70,600 Attack method: Rug Pull
Description of the event: On December 13th, Peapods Finance was hacked by white hat hackers due to a reentrancy vulnerability. On December 14th, Peapods Finance tweeted that the hackers returned 90% of the funds. On December 15th, the hacker, @0xaxxe, tweeted that he returned the white hat fee to the team.
Amount of loss: $ 230,000 Attack method: Reentrancy Attack
Description of the event: There is a price slippage on project stoic_DAO. 10% of the total Zeta token supply was swapped for ~91 ETH.
Amount of loss: $ 198,033 Attack method: Rug Pull
Description of the event: Abattoir of Zir (DIABLO) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 235,705 Attack method: Rug Pull
Description of the event: On December 7, 2023, Time on the ETH were attacked due to a security vulnerability in the thirdweb pre-built smart contracts, which resulted in approximately $190,000 in profits for the attacker.
Amount of loss: $ 190,000 Attack method: Contract Vulnerability
Description of the event: Strong Finance (STRONG) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 60,919 Attack method: Rug Pull
Description of the event: MYX Finance (QMYX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 128,727 Attack method: Rug Pull
Description of the event: Symbiogenesis (SYSIS) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 54,086 Attack method: Rug Pull
Description of the event: AssetClub (ACC) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 84,423 Attack method: Rug Pull
Description of the event: Expanso (EXPSO) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 87,317 Attack method: Rug Pull
Description of the event: CJewels (JWL) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 65,784 Attack method: Rug Pull
Description of the event: Kyber Network tweeted that KyberSwap Elastic has experienced a security incident. According to the analysis of the SlowMist security team, the root cause of this attack is that in calculating the number of tokens needed for the exchange from the current price to the boundary scale price, the liquidity will be added to the portion of the fee compounding because of KyberSwap Elastic's reinvestment curve, thus causing its calculation result to be larger than expected, which can cover the user's need for exchange, but the actual price has already crossed the boundary scale, which makes the protocol think that the liquidity within the current scale has already met the need for exchange, and therefore does not carry out liquidity update. The protocol assumes that the liquidity within the current scale is sufficient to cover the redemption needs, and therefore does not update the liquidity. The result is that the liquidity is increased twice when the reverse exchange crosses the boundary scale, allowing the attacker to obtain more tokens than expected. On Nov. 27, the Kyber Network tweeted that the KyberSwap team had contacted the owner of the frontrun bots that had withdrawn approximately $5.7 million from the KyberSwap pool on Polygon and Avalanche. After negotiations, the owners of the frontrun bots have agreed to return 90% of their users' funds to a designated address. In return, they will receive a 10% bounty. On December 13th, the KyberSwap team recovered approximately $508,000 worth of funds from the owners of frontrun bots. To date, the total amount of funds returned by the owners of frontrun bots is approximately $5.17 million.
Amount of loss: $ 54,700,000 Attack method: Liquidity Exploit
Description of the event: CredixFinance (CREDIX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 82,906 Attack method: Rug Pull
Description of the event: Loopring's Twitter account has been hacked; please do not click on the phishing link.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: BABYFIDO (BABYFIDO) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 81,400 Attack method: Rug Pull