424 hack event(s)
Description of the event: On December 7, 2023, Time on the ETH were attacked due to a security vulnerability in the thirdweb pre-built smart contracts, which resulted in approximately $190,000 in profits for the attacker.
Amount of loss: $ 190,000 Attack method: Contract Vulnerability
Description of the event: Strong Finance (STRONG) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 60,919 Attack method: Rug Pull
Description of the event: MYX Finance (QMYX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 128,727 Attack method: Rug Pull
Description of the event: Symbiogenesis (SYSIS) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 54,086 Attack method: Rug Pull
Description of the event: AssetClub (ACC) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 84,423 Attack method: Rug Pull
Description of the event: Expanso (EXPSO) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 87,317 Attack method: Rug Pull
Description of the event: CJewels (JWL) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 65,784 Attack method: Rug Pull
Description of the event: Kyber Network tweeted that KyberSwap Elastic has experienced a security incident. According to the analysis of the SlowMist security team, the root cause of this attack is that in calculating the number of tokens needed for the exchange from the current price to the boundary scale price, the liquidity will be added to the portion of the fee compounding because of KyberSwap Elastic's reinvestment curve, thus causing its calculation result to be larger than expected, which can cover the user's need for exchange, but the actual price has already crossed the boundary scale, which makes the protocol think that the liquidity within the current scale has already met the need for exchange, and therefore does not carry out liquidity update. The protocol assumes that the liquidity within the current scale is sufficient to cover the redemption needs, and therefore does not update the liquidity. The result is that the liquidity is increased twice when the reverse exchange crosses the boundary scale, allowing the attacker to obtain more tokens than expected. On Nov. 27, the Kyber Network tweeted that the KyberSwap team had contacted the owner of the frontrun bots that had withdrawn approximately $5.7 million from the KyberSwap pool on Polygon and Avalanche. After negotiations, the owners of the frontrun bots have agreed to return 90% of their users' funds to a designated address. In return, they will receive a 10% bounty. On December 13th, the KyberSwap team recovered approximately $508,000 worth of funds from the owners of frontrun bots. To date, the total amount of funds returned by the owners of frontrun bots is approximately $5.17 million.
Amount of loss: $ 54,700,000 Attack method: Liquidity Exploit
Description of the event: CredixFinance (CREDIX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 82,906 Attack method: Rug Pull
Description of the event: Loopring's Twitter account has been hacked; please do not click on the phishing link.
Amount of loss: - Attack method: Account Compromise
Description of the event: BABYFIDO (BABYFIDO) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 81,400 Attack method: Rug Pull
Description of the event: Exzo Network tweeted that a recent security breach targeted Exzo ($XZO), resulting from a compromised owner/admin account. The malicious group utilized the compromised admin wallet to transfer the 'ownership' role of Exzo ($XZO) to their wallet, enabling them to mint a substantial amount of $XZO and drain 169 ETH from the XZO/ETH liquidity pool on Uniswap. The attackers also transferred a total of 69 ETH and the remaining XZO in the admin wallet to their own wallet(s).
Amount of loss: $ 470,498 Attack method: Wallet Stolen
Description of the event: The stablecoin protocol Raft protocol on Ethereum was attacked and lost about $3.3 million in ETH.
Amount of loss: $ 3,300,000 Attack method: Flash Loan Attack
Description of the event: Mirage Finance has been exploited for ~$12K, $MRG has dropped 54%.
Amount of loss: $ 12,000 Attack method: Unknown
Description of the event: The MEV Bot (0x05f016765c6c601fd05a10dba1abe21a04f924a5) was exploited and lost about 1k ETH! The core reason is that the 0xf6ebebbb function used to trigger arbitrage in the contract lacks authentication. The attacker calls this function to exchange the tokens in the contract into the pool on curve, and then uses funds of the flash loan to reverse exchange and obtain profit.
Amount of loss: $ 2,152,392 Attack method: Flash Loan Attack
Description of the event: According to @fraxfinance, Frax Finance's DNS has been attacked. Please don’t use http://frax[.]finance and http://frax[.]com domains until further notice.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: Fake Celestia (TIA) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 99.5% price decline.
Amount of loss: $ 208,394 Attack method: Rug Pull
Description of the event: DeFi lending protocol Onyx Protocol has been exploited and has currently lost ~$2.1 million.
Amount of loss: $ 2,100,000 Attack method: Contract Vulnerability
Description of the event: According to SlowMist security alert, Unibot has been exploited, and due to the lack of necessary parameter checks, the exploiter can transfer tokens for which users have approved the Unibot contract. Please revoke approval of 0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865.
Amount of loss: $ 560,000 Attack method: Contract Vulnerability
Description of the event: Fake Memecoin (MEME) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 78,947 Attack method: Rug Pull