166 hack event(s)
Description of the event: Clober DEX liquidity vault on Base Network was exploited resulting in a loss of 133.7 ETH (~$501k). The root cause of the attack was a reentrancy vulnerability in the _burn() function of the Rebalancer contract.
Amount of loss: $ 501,000 Attack method: Contract Vulnerability
Description of the event: According to Clipper's post-mortem, on December 1, 2024, an attacker exploited a vulnerability in a smart contract used by Clipper, manipulating the single-asset deposit and withdrawal feature. This manipulation affected the liquidity pools on the Optimism and Base networks, causing an imbalance that allowed the attacker to withdraw more assets than they had deposited. The attack resulted in a loss of approximately $457,878.
Amount of loss: $ 457,878 Attack method: Contract Vulnerability
Description of the event: The cryptocurrency exchange XT has reportedly fallen victim to a hacking incident, resulting in the loss of approximately $1.7 million worth of crypto assets. The hacker has converted the funds into 461.58 ETH and deposited them into the address 0xB43f…8F83.
Amount of loss: $ 1,700,000 Attack method: Unknown
Description of the event: SUNRAY FINANCE experienced a private key compromise, allowing the exploiter to gain control of the SUN and ARC tokens and sell them off, draining the funds from DEX pairs. So far, the attacker has stolen approximately $2.855 million.
Amount of loss: $ 2,855,000 Attack method: Private Key Leakage
Description of the event: According to on-chain detective ZachXBT on his personal channel, cryptocurrency exchange M2 was hacked, resulting in the theft of approximately $13 million from several on-chain hot wallets.
Amount of loss: $ 13,700,000 Attack method: Unknown
Description of the event: During a routine GM token burn, Aark Digital encountered a callback error due to a third-party contract modification. To resolve this, Aark Digital initiated a contract upgrade and GM delisting to adjust affected user balances. Users holding GM were required to convert GM to USDC. Aark Digital ran a script to process these conversions, receiving inputs like target user, amount, token address, and decimals from event data. While executing, a single user’s USD Value shifted erroneously from 0.498942 to 498,942 * (10 ^ 12), due to an incorrect balance update (not from a deployed contract error). Exploiting this security vulnerability, the attacker caused Aark Digital a loss of 1,499,841 USDC and 159.09 ETH.
Amount of loss: $ 1,900,000 Attack method: Incorrect Balance Update
Description of the event: Scroll-based DEX protocol Ambient Finance announced on X platform that their domain has been hijacked. Until further notice, please do not interact with the Ambient Finance frontend.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: According to the announcement from BingX, at around 4 AM Singapore time on September 20, BingX's security systems detected an unauthorized intrusion targeting one of their hot wallets.
Amount of loss: $ 45,000,000 Attack method: Unknown
Description of the event: Indonesian crypto exchange Indodax suffered an attack a few hours ago, with the hacker stealing various tokens from hot wallets. The total loss is approximately $22 million. According to the analysis by the SlowMist security team, the possibility that the hot wallet has been compromised can be ruled out. It is possible that the withdrawal system has been hacked.
Amount of loss: $ 22,000,000 Attack method: Unknown
Description of the event: Blast ecosystem DEX MonoSwap disclosed on Twitter that the platform has been hacked. Users are advised not to add liquidity or stake. If you have any staking positions, please withdraw them immediately to avoid financial loss.
Amount of loss: $ 1,300,000 Attack method: Malicious Software
Description of the event: On July 23, the dydx.exchange domain was discovered to have been compromised. The attacker changed the DNS Nameservers from Cloudflare to DDoS-Guard. The attacker also successfully removed the DNSSEC settings on the domain. The attacker hosted a malicious site which requested that any connected wallets transfer ETH and other ERC20 tokens to the attacker’s Ethereum address. Two users were affected, resulting in a loss of approximately $31,000.
Amount of loss: $ 31,000 Attack method: DNS Hijacking Attack
Description of the event: The cryptocurrency exchange WazirX posted preliminary investigation results of the cyber attack on Twitter, stating that one of its multisig wallets was compromised, resulting in a loss of over $230 million.
Amount of loss: $ 230,000,000 Attack method: Wallet Stolen
Description of the event: The Turkish cryptocurrency exchange BtcTurk has acknowledged that they suffered a hack that impacted ten hot wallets containing multiple cryptocurrencies. The exchange halted deposits and withdrawals while investigating, and said they are working with law enforcement. Furthermore, the exploiter sold substantial amounts of some cryptocurrencies, including Luna Classic, causing major price movements in those tokens.
Amount of loss: $ 90,000,000 Attack method: Network Attack
Description of the event: On June 14, NFT perpetual contract trading platform nftperp announced on Twitter that a critical bug had been found in the clearingHouse contract. All vulnerable contracts have been suspended until further notice. On June 15, nftperp stated that all funds lost due to the vulnerability had been successfully recovered. The developers are currently prioritizing the resumption of the contracts so trading and withdrawal can go live.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Lykke, the zero-fee crypto exchange, was suspected to be exploited, which resulted in a loss of assets worth over $22.4 million. The root cause of the exploit is unknown at the moment, and the team has yet to acknowledge the occurrence of the exploit. The stolen assets include roughly 158 BTC from the Bitcoin network and over 2161 ETH from the Ethereum Mainnet, among other assets.
Amount of loss: $ 22,400,000 Attack method: Unknown
Description of the event: DEX Velocore experienced a security breach on June 2nd, 2024, resulting in financial losses approximating $6.8 million in ETH. The primary cause of the incident was faulty logic within the velocore__execute() function of the ConstantProductPool. When a user makes a swap on Velocore, the Vault contract makes an external call to this function to calculate the result of the swap.
Amount of loss: $ 6,800,000 Attack method: Contract Vulnerability
Description of the event: DMM Bitcoin, a Japanese cryptocurrency exchange, announced it lost 48 billion yen ($305 million) worth of bitcoin (BTC) due to a hack.
Amount of loss: $ 305,000,000 Attack method: Unknown
Description of the event: On May 14th, the decentralized trading protocol Equalizer Exchange within the Fantom ecosystem was suspected to have been attacked. The official team tweeted that they are investigating the incident and advised users not to interact with the Equalizer Exchange frontend. On May 15th, Equalizer Exchange announced that the domain has been restored.
Amount of loss: - Attack method: Unknown
Description of the event: Crypto detective ZachXBT stated on his Telegram channel that the Middle Eastern cryptocurrency exchange Rain appears to have been hacked, resulting in a loss of $14.8 million USD. The breach occurred on April 29, 2024, when Rain's BTC, ETH, SOL, and XRP wallets experienced suspicious outflows of funds, which were quickly transferred to instant exchanges and converted into BTC and ETH.
Amount of loss: $ 14,800,000 Attack method: Unknown
Description of the event: FixedFloat, a decentralized exchange, tweeted that they have encountered another attack, with hackers exploiting vulnerabilities in their third-party services. The company assured that both company and user funds remain unaffected.
Amount of loss: $ 3,000,000 Attack method: Third-party Vulnerability