136 hack event(s)
Description of the event: HTX (formerly Huobi) and its related Heco Bridge were hacked for a combined $113.3 million.
Amount of loss: $ 113,300,000 Attack method: Unknown
Description of the event: Trader Joe, the largest native DEX on Avalanche, tweeted that the team's preliminary analysis identified a potential exploit in a 3rd party analytics plugin hacked JavaScript code used by the frontend.
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: DEX SpookySwap on Fantom tweeted that the team is investigating a frontend vulnerability on their domain. Please do not execute any transactions on the DEX. On November 19, Spooky updated that a 3rd party JavaScript plugin enabled code injection from npm packages. This enabled replacing the spooky router contract on the Spooky Fi frontend with a malicious contract which sent funds that users attempted to swap to the exploiter.
Amount of loss: $ 5,000 Attack method: Malicious Code Injection Attack
Description of the event: About $9m from the dYdX v3 insurance fund were used to fill gaps on liquidations processed in the YFI market, and the CEO said this was pretty clearly a targeted attack against dYdX, including market manipulation of the entire $YFI market.
Amount of loss: $ 9,000,000 Attack method: Price Manipulation
Description of the event: On November 10, the Poloniex exchange was hacked. According to the analysis of the SlowMist, the Poloniex hack currently affects about $130M.
Amount of loss: $ 130,000,000 Attack method: Unknown
Description of the event: On November 8, 2023, CoinSpot was exploited across two of its hot wallets, resulting in a loss of over 1,283 ETH, worth approximately $2.472 million.
Amount of loss: $ 2,472,000 Attack method: Unknown
Description of the event: Philippine exchange Coins.ph lost 12 million $XRP ($6 million) in a hack.
Amount of loss: $ 6,000,000 Attack method: Private Key Leakage
Description of the event: On October 10th, the BRC20 exchange platform Ordswap issued a tweet, stating that they had lost control of their website domain, and the issue appeared to be related to the website development and hosting company Netlify. They advised users not to access their website until they regained control of the domain. Ordswap users reported that the compromised website was redirecting users to phishing links.
Amount of loss: - Attack method: Unknown
Description of the event: On September 24th, according to Definalist on Twitter, scammers had deposited fake APT tokens into South Korea's largest exchange, Upbit. After these fake tokens were deposited into numerous user accounts, many users proceeded to directly sell them. The only explanation for this situation is that Upbit's wallet system only checked the type and data and processed deposits and withdrawals.
Amount of loss: - Attack method: Wallet Vulnerability
Description of the event: On September 25th, Cyvers Alerts tweeted that a certain EOA address received 5000 ETH from HTX yesterday, and this morning, they noticed that HTX had conducted a hot wallet migration. It has been confirmed that one of HTX's hot wallets was compromised, resulting in a loss of 8 million USD, and the hacker's address has been disclosed. HTX has issued a public statement on the blockchain, addressing the hacker and offering a 5% white hat bonus if the stolen funds are returned by October 2nd; otherwise, they will transfer the information to law enforcement authorities for further action and to prosecute the hacker. Justin Sun also stated that HTX has fully covered the losses incurred from the attack and has successfully resolved all related issues. All user assets are safe and the platform is operating completely normally. On October 7, the HTX attackers returned 4,999 ETH (about $8.2 million) of the stolen funds.
Amount of loss: $ 8,000,000 Attack method: Unknown
Description of the event: On September 20th, the DeFi liquidity protocol Balancer fell victim to a DNS hijacking attack. Funds have been directed to an address starting with 0x6457, resulting in a total loss of approximately $350,000. The attacker’s fee came from the phishing group AngelDrainer. The attacker may be related to Russia.
Amount of loss: $ 350,000 Attack method: DNS Hijacking Attack
Description of the event: A massive suspicious withdrawal occurred on cryptocurrency exchange Remitano, with $2.7 million worth of cryptocurrency being withdrawn. Some blockchain analysts believe the exchange may have been hacked. Tether has frozen an address allegedly used by an attacker that held $1.4 million worth of cryptocurrency.
Amount of loss: $ 2,700,000 Attack method: Wallet Stolen
Description of the event: On September 13th, the Hong Kong Securities and Futures Commission issued a statement titled "Regarding Unregulated Virtual Asset Trading Platforms," stating that the virtual asset trading platform JPEX did not have a license from the Commission and had not applied for one. On September 14th, the JPEX community discovered that the withdrawal limit on the JPEX platform was only 1000 USDT, while the withdrawal fee was as high as 999 USDT, effectively preventing users from withdrawing their funds. As of October 3rd, the police have received reports from 2,467 victims, involving approximately HKD 1.522 billion in total.
Amount of loss: $ 194,337,178 Attack method: Scam
Description of the event: The cryptocurrency exchange CoinEx suffered a hacker attack. The cause of the incident was initially determined to be the leakage of hot wallet private keys. The damage caused is estimated to have reached US$70 million, and the impact has affected multiple blockchains. CoinEx tweeted that it had identified and quarantined suspicious wallet addresses related to the hack and that deposit and withdrawal services had been suspended. On September 13, SlowMist found during the analysis process that CoinEx hackers were related to Stake.com hackers and Alphapo hackers. CoinEx hackers may be the North Korean hacker group Lazarus Group.
Amount of loss: $ 70,000,000 Attack method: Private Key Leakage
Description of the event: Stablecoin issuer Paxos admitted in a statement that the account that paid out nearly 20 BTC in fees in a single transaction in the early hours of September 11 belonged to the company. Paxos claims that end users have not been affected and all user funds are safe. The announcement comes after users on twitter speculated that PayPal could be responsible for the transaction, as analytics platform OXT identified relevant wallet accounts belonging to PayPal. A Paxos spokesperson said: "PayPal takes no responsibility for this as this error was caused by Paxos itself. This transaction affected Paxos company operations, Paxos customers and end users were not affected, and all customer funds are safe. This was caused by a vulnerability in a single transfer, which has now been fixed. Paxos is contacting miners to recover the funds."
Amount of loss: $ 500,000 Attack method: Transfer Vulnerability
Description of the event: On September 7, crypto trust company Fortress said on twitter that its customers were affected by a "compromised third-party provider of cloud tools," but that there was no loss of funds. On September 13, Fortress Trust founder and CEO Scott Purcell said that the company lost $12 million to $15 million in cryptocurrencies in a recent hack, most of which was Bitcoin but two stablecoins. A small amount of USDC and USDT were also stolen, and the company immediately made up for the loss. "Of the 225,000 customers, only 4 customers were actually affected." Purcell repeatedly emphasized that the fault of the security breach lies with the third-party provider, not the Fortress Trust or the company's hosting partners Fireblocks or BitGo. The vendor has been identified as Retool, and Retool admitted that it was the victim of a phishing attack.
Amount of loss: $ 15,000,000 Attack method: Third-party Provider Vulnerability
Description of the event: Arbitrum ecological decentralized exchange GMBL COMPUTER was attacked, and the attacker withdrew GMBL worth approximately US$815,000 from the contract. GMBL said: “We believe that the vulnerability is caused by a flaw in the platform’s recommendation system, which allows people to place bets without depositing any funds and use them to generate referral bonuses. We have identified the exploiter and are working to recover all funds lost due to this exploit. The GMBL team stated that they provided a "Bug Bounty" to the attackers to return 90% of the stolen funds in exchange for a promise not to take legal action. On September 6, the attackers returned 235 ETH (approximately $382, 000), which is 50% of the stolen funds.
Amount of loss: $ 815,000 Attack method: Contract Vulnerability
Description of the event: Some community users reported that the encrypted exchange named ZT Global was suspected of running away. Since the announcement of system upgrade and maintenance on July 28, transactions on the platform have been disabled. The TG channel has been banned and the founder cannot be contacted. At 21:00 on July 31, the exchange announced that it had completed maintenance and resumed trading functions, but the trading page showed that only 0.0006 BTC ($17) of buying orders pushed up the price of BTC on the platform and maintained it at 60,000 The price of USD and ETH also fluctuated violently in the case of tens of dollars of trading volume.
Amount of loss: - Attack method: Rug Pull
Description of the event: The Twitter account of decentralized exchange Slingshot has been compromised by scammer Pink Drainer, who posted links to fake websites and claimed that users could claim airdrop tokens. Users are advised to be aware of the risks and not to click on the links.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Decentralized trading platform Hashflow is suspected to have suffered an authorization-related attack, though this may be a white-hat hacking operation. The loss from the theft was approximately $600,000, and all affected users were able to retrieve all of their assets.
Amount of loss: $ 600,000 Attack method: Authorized Attacks