110 hack event(s)
Description of the event: In its official Telegram channel, FTX said it had been compromised, instructing users not to install any new upgrades and to remove all FTX apps. Over $600 million stolen from FTX's crypto wallets.
Amount of loss: $ 600,000,000 Attack method: Telegram was hacked
Description of the event: Crypto derivatives exchange Deribit tweeted that $28 million in losses from Deribit’s hot wallet was stolen, but customer funds were safe and the losses were covered by company reserves. According to the analysis of SlowMist MistTrack, the loss included 6967.65 ETH, 691 BTC and about 3.41 million USDC, and then the attacker exchanged USDC for 2143.95 ETH.
Amount of loss: $ 28,000,000 Attack method: Hot Wallet Stolen
Description of the event: SlowMist founder Cosine tweeted that Gate.io’s official Twitter account may have been hacked. Hackers sent phishing messages to trick users into visiting gąte[.]com. Once you click "Claim", the eth_sign signature phishing will appear, which may lead to the theft of related assets such as Ethereum.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: According to the X-explore blog, the hacker address starting with 0x1d37 is stealing GAS by exploiting the FTX vulnerability, minting XEN tokens 17,000 times at zero cost. The reason for this attack is that FTX does not limit the gas limit of the withdrawal transaction while the withdrawal fee is free. Instead, the estimateGas method is used to evaluate the handling fee. This method causes the GAS LIMIT to be mostly 500,000, which exceeds the default value of 21,000 by 24%. times.
Amount of loss: 81 ETH Attack method: Gas Limit Unlimited
Description of the event: The TokenStakingPoolDelegate contract updated by BXH after the last attack suffered another flash loan attack. The contract lost 40,085 USDT, and the attacker made a profit of 31,794 USDT after paying off the flash loan fee. After analysis, this attack is caused by the use of getReserves() in the contract's getITokenBonusAmount function to obtain the instantaneous quotation, so that the attacker can make a profit by manipulating the quotation.
Amount of loss: 40,085 USDT Attack method: Flash loan attack
Description of the event: According to the SlowMist security team, according to the BXH Stupid Kids team’s announcement on September 23, a total of $2.5 million worth of assets and 38 million BXH tokens were stolen the night before yesterday (September 21). According to the analysis and evaluation of SlowMist MistTrack, the private key of the original owner of the BXH VaultPool contract is suspected to be stolen, and the inCaseTokensGetStuck function is called to transfer the funds in the contract to the hacker's address. The hacker's address is 0x158f...e345. Up to now, the hacker has exchanged the stolen funds to the ETH chain across the chain, and further transferred all the stolen funds to Tornado Cash, with a total transfer amount of 1865 ETH.
Amount of loss: $ 2,500,000 Attack method: Private Key Leaked
Description of the event: The ZB exchange was hacked with a total loss of around $4.3 million. ZB has notified the community on August 2 that deposits and withdrawals will be suspended due to a "sudden failure". The reason is "Sudden failure of the core application". It's worth noting that the attack actually happened on August 1, but it was overshadowed by the overwhelming news of the Nomad exploit.
Amount of loss: $ 4,300,000 Attack method: Hot Wallet Stolen
Description of the event: IRA Financial Trust, South Dakota’s self-directed retirement account provider, has filed a lawsuit against crypto trading platform Gemini Trust Company (Gemini), alleging huge losses to the IRA as a result of Gemini’s security glitch. In February 2022, $36 million in crypto assets held by Gemini and belonging to customer retirement accounts was stolen. The lawsuit also claims that Gemini did not have adequate safeguards to protect customers’ crypto assets, failed to freeze accounts immediately after the incident, and instead allowed criminals to continue to transfer funds from customer accounts on Gemini’s trading platform after the IRA notified Gemini Middle-to-outward transfer.
Amount of loss: $ 36,000,000 Attack method: Gemini security issues
Description of the event: On February 8, the LockBit ransomware group claimed to have stolen substantial customer data from cryptocurrency exchange PayBito. PayBito is a cryptocurrency exchange operated by HashCash, a global blockchain, and IT services company. Some of the stolen data is published on the group's Tor leak site. In this cyberattack, the ransomware group successfully stole a database containing personal data information from more than 100,000 customers worldwide. In addition, the group also stole some email data and password hashes, some of which can easily be decrypted. To make matters worse, the gang also managed to steal the administrator's personal data, claiming that the stolen data would be released on February 21, 2022, if the ransom is not paid.
Amount of loss: - Attack method: Blackmail
Description of the event: According to the Crypto.com investigation report, “On January 17, 2022, Crypto.com learned that a small number of users had made unauthorized withdrawals of cryptocurrencies on their accounts. Crypto.com immediately suspended all token withdrawals to initiate the investigation and remained open 24/7 Work to resolve the issue. No clients suffered loss of funds. In most cases we blocked unauthorized withdrawals and in all other cases clients were fully reimbursed. The incident affected 483 Crypto. com users. Unauthorized withdrawals totaled 4,836.26 ETH, 443.93 BTC and approximately $66,200 in other currencies.”
Amount of loss: $ 34,000,000 Attack method: 2FA Compromise
Description of the event: The LCX exchange tweeted that LCX's technical team detected an unauthorized access on the LCX platform, nearly $8 million in encrypted assets were stolen, and about 60% were frozen.
Amount of loss: $ 8,000,000 Attack method: Hot Wallet Stolen
Description of the event: According to the official announcement, some ERC-20, BSC and Polygon tokens of AscendEX were abnormally transferred out of the hot wallet of the exchange, and the cold wallet of AscendEX was not affected by this incident. It is estimated that Pinnacle AscendEX’s losses totaled US$77.7 million (of which US$60 million was on Ethereum, US$9.2 million was on BSC, and US$8.5 million was on Polygon).
Amount of loss: $ 77,700,000 Attack method: Hot Wallet Stolen
Description of the event: The payment system of ONUS, the largest cryptocurrency trading platform in Vietnam, running a vulnerable version of Log4j suffered a cyber attack. Cyclos notified ONUS to repair the system on December 13, but it was too late. Although ONUS has fixed the security loopholes in the Cyclos instance, the window of loopholes allowed attackers to successfully steal data from sensitive databases. The stolen database contained nearly 2 million user data, including KYC (Know Your Customer) data, hashed passwords, etc. Subsequently, the attacker asked ONUS to pay a ransom of 5 million, otherwise the stolen data would be made public. On December 25, because ONUS did not pay the full ransom, the attackers sold customer data on the dark web data exchange market.
Amount of loss: - Attack method: Blackmail
Description of the event: BitMart founder and CEO Sheldon Xia tweeted to admit that a large-scale security breach occurred on the platform, and hackers were able to extract assets worth about US$150 million. The affected ETH hot wallet and BSC hot wallet carry a small amount of assets on BitMart, and the other wallets are safe and undamaged.
Amount of loss: $ 150,000,000 Attack method: Hot Wallet Stolen
Description of the event: According to a notification letter submitted by Coinbase to the California Attorney General’s Office to affected customers, a vulnerability that allows hackers to bypass Coinbase’s multi-factor authentication SMS option has affected at least 6,000 Coinbase users between March and May 2021. During the 20th day, hackers took advantage of this omission to access the accounts of affected users and transfer user funds from Coinbase. After Coinbase learned of this issue, it immediately updated its SMS account recovery agreement to prevent hackers from further bypassing the authentication process. In addition, Coinbase will deposit funds of the same value into the accounts of affected users. Coinbase has also been working closely with law enforcement agencies and is conducting an internal investigation into the incident.
Amount of loss: - Attack method: Vulnerability that allows bypassing Coinbase's multi-factor authentication SMS option
Description of the event: The non-custodial exchange DeversiFi released a post-mortem analysis report for the previous gas transaction that included 7676.62 ETH, saying that the potential problems in the EthereumJS library are combined with the gas fee changes related to the EIP-1559 upgrade in some cases, and the Ledger hardware wallet may exist The display problem of, may lead to extremely high transaction fees. When this happens, only wallets with very large funds will be affected, and other users will display transaction failures during transactions. In addition, after Bitfinex negotiated with the miners, the miners had returned 7,626 ETH, and the remaining 50 ETH was provided to the miners as a refund fee. It was previously reported that a major wallet on the Bitfinex exchange made a $100,000 USDT transfer with a total of 7676.62 ETH (approximately US$23.54 million) in Gas fees. The final recipient was a non-custodial spin-off from Bitfinex in 2019. Exchange DeversiFi.
Amount of loss: 50.62 ETH Attack method: Handle inventory defects with fixed precision and extended value range
Description of the event: The Bilaxy exchange tweeted that the hot wallet was hacked and lost approximately 296 tokens (including ETH).
Amount of loss: $ 21,709,378 Attack method: Hot wallet was stolen
Description of the event: Liquid, a Japanese-based cryptocurrency exchange, said its hot wallet was attacked and it was transferring assets to cold wallets. It is currently investigating and has suspended its deposit and withdrawal services.
Amount of loss: $ 91,350,000 Attack method: Stolen hot wallet
Description of the event: According to Bloomberg News, the founder of the cryptocurrency investment platform Africrypt lost contact and 69,000 bitcoins (currently valued at approximately US$2.3 billion) on the platform were transferred. At 4 o'clock, Ameer Cajee, chief operating officer of Africrypt, told the client that the platform was hacked and asked them not to report the lost funds to the authorities. The investor has since hired a lawyer to conduct an investigation, but the lawyer has not been able to contact the founder of the company and has notified the South African Criminal Investigation Department. In addition, the lawyer found that funds on the Africrypt platform were transferred from their accounts and customer wallets, and made it untraceable through the Bitcoin mixer.
Amount of loss: $ 2,300,000,000 Attack method: Scam
Description of the event: Hotbit said that it suffered a serious cyber attack on April 29th, which caused a large number of basic services to be paralyzed. At the same time, the attacker tried to hack into Hotbit's wallet, but this behavior was identified and blocked by the risk control system. Since the attacker could not access any cryptocurrency assets, he deleted Hotbit's database. Hotbit is currently checking the authenticity and security of the backup data, and will restore servers and services later. At the same time, Hotbit claimed that the attackers obtained plaintext customer information stored in the database, including mobile phone numbers, email addresses, and encrypted currency asset data. Therefore, it is recommended that users pay attention to prevent phishing attacks.
Amount of loss: - Attack method: Network attacks