312 hack event(s)
Description of the event: Exzo Network tweeted that a recent security breach targeted Exzo ($XZO), resulting from a compromised owner/admin account. The malicious group utilized the compromised admin wallet to transfer the 'ownership' role of Exzo ($XZO) to their wallet, enabling them to mint a substantial amount of $XZO and drain 169 ETH from the XZO/ETH liquidity pool on Uniswap. The attackers also transferred a total of 69 ETH and the remaining XZO in the admin wallet to their own wallet(s).
Amount of loss: $ 470,498 Attack method: Wallet Stolen
Description of the event: The stablecoin protocol Raft protocol on Ethereum was attacked and lost about $3.3 million in ETH.
Amount of loss: $ 3,300,000 Attack method: Flash Loan Attack
Description of the event: Mirage Finance has been exploited for ~$12K, $MRG has dropped 54%.
Amount of loss: $ 12,000 Attack method: Unknown
Description of the event: The MEV robot (0x05f016765c6c601fd05a10dba1abe21a04f924a5) was exploited and lost about 1k ETH! The core reason is that the 0xf6ebebbb function used to trigger arbitrage in the contract lacks authentication. The attacker calls this function to exchange the tokens in the contract into the pool on curve, and then uses funds of the flash loan to reverse exchange and obtain profit.
Amount of loss: $ 2,152,392 Attack method: Flash Loan Attack
Description of the event: According to @fraxfinance, Frax Finance's DNS has been attacked. Please don’t use http://frax[.]finance and http://frax[.]com domains until further notice.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: Fake Celestia (TIA) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 99.5% price decline.
Amount of loss: $ 208,394 Attack method: Rug Pull
Description of the event: DeFi lending protocol Onyx Protocol has been exploited and has currently lost ~$2.1 million.
Amount of loss: $ 2,100,000 Attack method: Contract Vulnerability
Description of the event: According to SlowMist security alert, Unibot has been exploited, and due to the lack of necessary parameter checks, the exploiter can transfer tokens for which users have approved the Unibot contract. Please revoke approval of 0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865.
Amount of loss: $ 560,000 Attack method: Contract Vulnerability
Description of the event: Fake Memecoin (MEME) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 78,947 Attack method: Rug Pull
Description of the event: Fake MEMEPAD (MEMEPAD) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 80,134 Attack method: Rug Pull
Description of the event: Fake TITANX (TITANX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 82,385 Attack method: Rug Pull
Description of the event: The Ethereum liquidity restaking pool Astrid was attacked due to a vulnerability in the withdrawal function, resulting in a loss of approximately $228,000. The parameters of the `withdraw()` function, specifically the token address and token amount, were exploitable. On October 29, the hackers returned 80% of the stolen funds (102 ETH).
Amount of loss: $ 228,000 Attack method: Contract Vulnerability
Description of the event: STIMMY on Ethereum pulled liquidity to the tune of 43.8 ETH (~$78.8K) and deleted its social platforms.
Amount of loss: $ 78,800 Attack method: Rug Pull
Description of the event: A fake Linea token is suspected of a rug pull for ~$1.3m. ~$743k has been deposited into Tornado Cash. Contract Address: 0x00000000fEB6A772307C6aA88AB9D57b209aCb18.
Amount of loss: $ 1,300,000 Attack method: Rug Pull
Description of the event: Safereum has conducted an exit scam for ~$1.3m. Contract Address: 0xb504035a11E672e12a099F32B1672b9C4a78b22f.
Amount of loss: $ 1,300,000 Attack method: Rug Pull
Description of the event: Julia (JULIA) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 73,000 Attack method: Rug Pull
Description of the event: On October 18, 2023, , the HopeLend protocol fell victim to a hacker attack. The attack resulted in a loss of approximately 528 ETH, out of which 263.91 ETH were bribed by the frontrunner to a Validator (managed by Lido). The exploit frontrunner eventually profited by 264.08 ETH. On October 20, Hope.money tweeted that a frontrunner from Armor Team voluntarily returned the acquired assets.
Amount of loss: $ 818,747 Attack method: Contract Vulnerability
Description of the event: On Oct 8, zkFlex Finance on ETH was rugged for ~$56K when an address 0x84f90d576247D569D972DB84504b5170aB13bCe7 dumped over 281,164,943.53 zkFlex Finance Tokens for 34.26 WETH. Contract Address: 0x54855D3133669B7EF54A2c962F5f63fdb44bBaE9.
Amount of loss: $ 56,000 Attack method: Rug Pull
Description of the event: On Oct 8, the pSeudoEth token on ETH was exploited for ~$2.3K in a flash loan attack. Contract: 0x62aBdd605E710Cc80a52062a8cC7c5d659dDDbE7. Attacker: 0xea75AeC151f968b8De3789CA201a2a3a7FaeEFbA.
Amount of loss: $ 2,300 Attack method: Flash Loan Attack
Description of the event: There is a flashloan attack on the DePay platform that resulted in the theft of 827 USDC. The exploiter used a security issue with DePay router to steal the USDC.
Amount of loss: $ 827 Attack method: Flash Loan Attack