401 hack event(s)
Description of the event: The official Twitter account of ARPA, a permissionless threshold network based on the BLS signature scheme, has been compromised, and false token claiming links have been posted.
Amount of loss: - Attack method: Account Compromise
Description of the event: The ERC-X protocol Miner (MINER) has been attacked, please do not interact. According to the Miner team's analysis, the _update function of the contract was exploited. The root cause of this exploit is a double-transfer vulnerability caused by a lack of input validation.
Amount of loss: $ 466,000 Attack method: Contract Vulnerability
Description of the event: The blockchain gaming platform PlayDapp was hacked, with the attacker's address being added as a minter, minting 200 million PLA tokens (valued at $36.5 million). Shortly after the incident, PlayDapp sent a message to the attacker through on-chain transactions, requesting the return of the stolen funds and offering a $1 million bug bounty reward, but negotiations ultimately failed. On February 12, the hacker minted an additional 1.59 billion PLA tokens, valued at $253.9 million, and began transferring them through cryptocurrency trading platforms. On February 13, PlayDapp announced on Twitter that the PLA smart contract had been paused, while also advising users to cease trading for migration snapshots and stating that every effort is being made to protect holders' assets.
Amount of loss: $ 290,000,000 Attack method: Private Key Leakage
Description of the event: The Not Found (404) project on ETH is suspected to have exited with losses of approximately $156,000, as the deployer withdrew a large amount of liquidity.
Amount of loss: $ 156,000 Attack method: Rug Pull
Description of the event: The DeFi protocol Abracadabra Money (MIM_Spell) has fallen victim to an attack, resulting in approximately $6.5 million in losses. Following the attack, Abracadabra.Money (MIM_Spell) provided an update on the situation via Twitter, stating that their technical team identified the vulnerability. Preliminary findings indicate the exploit targeted specific Cauldrons V3 & V4, allowing unauthorized MIM borrowing. They’ve mitigated the issue by setting borrowing limits to zero for these cauldrons.
Amount of loss: $ 6,500,000 Attack method: Contract Vulnerability
Description of the event: Barley Finance tweeted that there has been a vulnerability attack on the wBARL pod. The team is working on resolving the issue. Details are as follows: 1. The exploiter took more than 10% of the total BARL supply in the pod, of which about 9% was the development team's collateral, used from Marketing and Dev allocations. Therefore, the damage to users is insignificant. 2. The solution is to change the wBARL pod contract to remove the functions that cause the exploit.
Amount of loss: $ 130,000 Attack method: Contract Vulnerability
Description of the event: Bullran Index was attacked due to a lack of permission control. An MEV bot was able to burn the BUI tokens that a user deposited into a custom safe contract and exploit the lack of permission control to extract 136 ETH.
Amount of loss: $ 310,000 Attack method: Contract Vulnerability
Description of the event: The crypto index project BasketDAO was exploited on the Ethereum Mainnet due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $107,000. The root cause of the exploit is an arbitrary low-level call in the approval process of their smart contracts.
Amount of loss: $ 107,000 Attack method: Contract Vulnerability
Description of the event: The interoperability protocol Socket tweeted that the protocol experienced a security incident. An attacker exploited a vulnerability on a newly added module under the Socket Aggregator system. The module was responsible for swapping tokens on behalf of users. The vulnerability in said module allowed the attacker to steal funds from users who had given infinite approval of tokens to the Socket Gateway contract. The attack was carried out through 2 malicious transactions on Ethereum. The total exploited value is estimated to be around $3.3m. On January 23rd, Socket announced the successful recovery of 1032 ETH from the funds involved in the incident. A recovery and distribution plan for users will be promptly released.
Amount of loss: $ 3,300,000 Attack method: Contract Vulnerability
Description of the event: The @Wise_Lending market was exploited today, resulting in ~177 ETH loss (~$464K). Our initial analysis shows the share accounting logic is flawed with a precision issue to drain the market funds.
Amount of loss: $ 464,000 Attack method: Contract Vulnerability
Description of the event: Aragon Network DAO recently found itself targeted in a cryptocurrency scam, resulting in a substantial loss of approximately 800,000 USDC. The attack employed a multi-faceted approach, combining counterfeit ERC-20 tokens that imitated legitimate assets, the creation of deceptive vanity addresses, and the strategic use of automated monitoring bots.
Amount of loss: $ 800,000 Attack method: Scam
Description of the event: DeFi lending protocol Compound Labs tweeted that their account was compromised yesterday for ~4 hours until they regained control of the account and removed the spam messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: Sleepless AI (AI) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 91,000 Attack method: Rug Pull
Description of the event: Ordinal Dex (ORDEX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 70,600 Attack method: Rug Pull
Description of the event: On December 13th, Peapods Finance was hacked by white hat hackers due to a reentrancy vulnerability. On December 14th, Peapods Finance tweeted that the hackers returned 90% of the funds. On December 15th, the hacker, @0xaxxe, tweeted that he returned the white hat fee to the team.
Amount of loss: $ 230,000 Attack method: Reentrancy Attack
Description of the event: There is a price slippage on project stoic_DAO. 10% of the total Zeta token supply was swapped for ~91 ETH.
Amount of loss: $ 198,033 Attack method: Rug Pull
Description of the event: Abattoir of Zir (DIABLO) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 235,705 Attack method: Rug Pull
Description of the event: On December 7, 2023, Time on the ETH were attacked due to a security vulnerability in the thirdweb pre-built smart contracts, which resulted in approximately $190,000 in profits for the attacker.
Amount of loss: $ 190,000 Attack method: Contract Vulnerability
Description of the event: Strong Finance (STRONG) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 60,919 Attack method: Rug Pull
Description of the event: MYX Finance (QMYX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 128,727 Attack method: Rug Pull