170 hack event(s)
Description of the event: Philippine exchange Coins.ph lost 12 million $XRP ($6 million) in a hack.
Amount of loss: $ 6,000,000 Attack method: Private Key Leakage
Description of the event: On October 10th, the BRC20 exchange platform Ordswap issued a tweet, stating that they had lost control of their website domain, and the issue appeared to be related to the website development and hosting company Netlify. They advised users not to access their website until they regained control of the domain. Ordswap users reported that the compromised website was redirecting users to phishing links.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: On September 24th, according to Definalist on Twitter, scammers had deposited fake APT tokens into South Korea's largest exchange, Upbit. After these fake tokens were deposited into numerous user accounts, many users proceeded to directly sell them. The only explanation for this situation is that Upbit's wallet system only checked the type and data and processed deposits and withdrawals.
Amount of loss: - Attack method: False top-up
Description of the event: On September 25th, Cyvers Alerts tweeted that a certain EOA address received 5000 ETH from HTX yesterday, and this morning, they noticed that HTX had conducted a hot wallet migration. It has been confirmed that one of HTX's hot wallets was compromised, resulting in a loss of 8.2 million USD, and the hacker's address has been disclosed. HTX has issued a public statement on the blockchain, addressing the hacker and offering a 5% white hat bonus if the stolen funds are returned by October 2nd; otherwise, they will transfer the information to law enforcement authorities for further action and to prosecute the hacker. Justin Sun also stated that HTX has fully covered the losses incurred from the attack and has successfully resolved all related issues. All user assets are safe and the platform is operating completely normally. On October 7, the HTX attackers returned 4,999 ETH (about $8.2 million) of the stolen funds.
Amount of loss: $ 8,200,000 Attack method: Unknown
Description of the event: On September 20th, the DeFi liquidity protocol Balancer fell victim to a DNS hijacking attack. Funds have been directed to an address starting with 0x6457, resulting in a total loss of approximately $350,000. The attacker’s fee came from the phishing group AngelDrainer. The attacker may be related to Russia.
Amount of loss: $ 350,000 Attack method: DNS Hijacking Attack
Description of the event: A massive suspicious withdrawal occurred on cryptocurrency exchange Remitano, with $2.7 million worth of cryptocurrency being withdrawn. Some blockchain analysts believe the exchange may have been hacked. Tether has frozen an address allegedly used by an attacker that held $1.4 million worth of cryptocurrency.
Amount of loss: $ 2,700,000 Attack method: Wallet Stolen
Description of the event: On September 13th, the Hong Kong Securities and Futures Commission issued a statement titled "Regarding Unregulated Virtual Asset Trading Platforms," stating that the virtual asset trading platform JPEX did not have a license from the Commission and had not applied for one. On September 14th, the JPEX community discovered that the withdrawal limit on the JPEX platform was only 1000 USDT, while the withdrawal fee was as high as 999 USDT, effectively preventing users from withdrawing their funds. As of October 3rd, the police have received reports from 2,467 victims, involving approximately HKD 1.522 billion in total.
Amount of loss: $ 194,337,178 Attack method: Scam
Description of the event: The cryptocurrency exchange CoinEx suffered a hacker attack. The cause of the incident was initially determined to be the leakage of hot wallet private keys. The damage caused is estimated to have reached US$70 million, and the impact has affected multiple blockchains. CoinEx tweeted that it had identified and quarantined suspicious wallet addresses related to the hack and that deposit and withdrawal services had been suspended. On September 13, SlowMist found during the analysis process that CoinEx hackers were related to Stake.com hackers and Alphapo hackers. CoinEx hackers may be the North Korean hacker group Lazarus Group.
Amount of loss: $ 70,000,000 Attack method: Private Key Leakage
Description of the event: Stablecoin issuer Paxos admitted in a statement that the account that paid out nearly 20 BTC in fees in a single transaction in the early hours of September 11 belonged to the company. Paxos claims that end users have not been affected and all user funds are safe. The announcement comes after users on twitter speculated that PayPal could be responsible for the transaction, as analytics platform OXT identified relevant wallet accounts belonging to PayPal. A Paxos spokesperson said: "PayPal takes no responsibility for this as this error was caused by Paxos itself. This transaction affected Paxos company operations, Paxos customers and end users were not affected, and all customer funds are safe. This was caused by a vulnerability in a single transfer, which has now been fixed. Paxos is contacting miners to recover the funds."
Amount of loss: $ 500,000 Attack method: Transfer Vulnerability
Description of the event: On September 7, crypto trust company Fortress said on twitter that its customers were affected by a "compromised third-party provider of cloud tools," but that there was no loss of funds. On September 13, Fortress Trust founder and CEO Scott Purcell said that the company lost $12 million to $15 million in cryptocurrencies in a recent hack, most of which was Bitcoin but two stablecoins. A small amount of USDC and USDT were also stolen, and the company immediately made up for the loss. "Of the 225,000 customers, only 4 customers were actually affected." Purcell repeatedly emphasized that the fault of the security breach lies with the third-party provider, not the Fortress Trust or the company's hosting partners Fireblocks or BitGo. The vendor has been identified as Retool, and Retool admitted that it was the victim of a phishing attack.
Amount of loss: $ 15,000,000 Attack method: Third-party Vulnerability
Description of the event: On August 7, 2023, Cypher, a Solana-based decentralized exchange, tweeted that it had been attacked. The attacker exploited a bug related to the mechanism involving segregated margin sub-accounts to attack Cypher's main contract, causing it to eventually withdraw more funds than initially deposited, leading to a bad debt in the system. The attacker stole 15,452 SOL, 149,205 USDC, and other tokens for a loss of over $1 million. The attacker’s address is suspected to be HHm4wK91XvL3hhEC4hQHo544rtvkaKohQPc59TvZeC71. On August 18, Cypher stated that approximately $600,000 has been frozen on various centralized exchanges (CEXs), and the return of these funds will depend on the cooperation of these CEXs and seizure orders issued by law enforcement agencies.
Amount of loss: $ 1,000,000 Attack method: Contract Vulnerability
Description of the event: Some community users reported that the encrypted exchange named ZT Global was suspected of running away. Since the announcement of system upgrade and maintenance on July 28, transactions on the platform have been disabled. The TG channel has been banned and the founder cannot be contacted. At 21:00 on July 31, the exchange announced that it had completed maintenance and resumed trading functions, but the trading page showed that only 0.0006 BTC ($17) of buying orders pushed up the price of BTC on the platform and maintained it at 60,000 The price of USD and ETH also fluctuated violently in the case of tens of dollars of trading volume.
Amount of loss: - Attack method: Rug Pull
Description of the event: On July 23, the CoinList Twitter account was hacked. Previously, CoinList tweeted that it would launch native tokens, and then Neon EVM tweeted that the CoinList account was stolen and reminded users not to click on any links. On July 25, CoinList has shut down the malicious website for the scam token sale, and the security team is actively investigating and working with all relevant parties, including Twitter's support staff, to regain control of the CoinList Twitter account. CoinList will notify the community as soon as the fix process is complete, currently CoinList still controls all other official social media channels.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Decentralized trading platform Hashflow is suspected to have suffered an authorization-related attack, though this may be a white-hat hacking operation. The loss from the theft was approximately $600,000, and all affected users were able to retrieve all of their assets.
Amount of loss: $ 600,000 Attack method: Authorization Attack
Description of the event: A spokesperson for Floating Point Group (FPG), a trading platform for crypto institutions, said it was hit by a cyber attack on June 11 and has lost between $15 million and $20 million in cryptocurrency. fpg has taken security measures and successfully obtained SOC 2 certification after hiring external auditors to conduct a series of cybersecurity audits and penetration tests last December. After the security breach was discovered, FPG froze all third-party accounts and implemented protective measures for all wallets. The company's account isolation measures limited the overall impact of the attack.
Amount of loss: $ 20,000,000 Attack method: Security Vulnerability
Description of the event: Nigerian gift card and cryptocurrency trading platform Patricia revealed on May 26 that hackers compromised its retail trading app, resulting in an undisclosed amount of BTC and naira assets being compromised, News.bitcoin reported. Other cryptocurrency balances were not affected and assets belonging to their customers and merchants remained safe. Patricia said it had stopped processing withdrawals and was "undergoing internal restructuring".
Amount of loss: $ 2,000,000 Attack method: Retail transaction app is compromised
Description of the event: The crypto exchange Kucoin stated that its official Twitter account was stolen for about 45 minutes from 00:00 on April 24 (UTC+2) on the 24th, and the attacker posted false activities, causing multiple users to lose assets. As of 02:00 (UTC+2) on April 24, 22 transactions have been identified, including ETH/BTC related to fake activity, with a total value of 22,628 USDT. Kucoin will fully compensate all verified asset losses caused by social media leaks and fake activities.
Amount of loss: $ 22,628 Attack method: Twitter was hacked
Description of the event: Bitrue tweeted: We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023. We were able to address this matter quickly and prevented the further exploit of funds. The attackers were able to withdraw assets worth approximately 23M USD in ETH, QNT, GALA, SHIB, HOT and MATIC. The affected hot wallet only holds less than 5% of our overall funds. The rest of our wallets remain secure and have not been compromised.To conduct additional security checks, Bitrue will temporarily suspend all withdrawals and will reopen withdrawals on 18 April 2023. We seek your understanding and patience at this time. All identified users who are affected by this incident will be compensated in full.
Amount of loss: $ 23,000,000 Attack method: Wallet Stolen
Description of the event: South Korean cryptocurrency exchange GDAC said on its official website that it was hacked and lost nearly $13 million. On April 9, the hackers moved nearly $13 million, or 23 percent of their total custody assets, from the GDAC hot wallet to an unidentified wallet. Hackers stole nearly 61 bitcoins (BTC), 350.5 ethers (ETH), 10 million wemix tokens (WEMIX), and 220,000 USDT.
Amount of loss: $ 13,000,000 Attack method: Wallet Stolen
Description of the event: In its official Telegram channel, FTX said it had been compromised, instructing users not to install any new upgrades and to remove all FTX apps. Over $600 million stolen from FTX's crypto wallets.
Amount of loss: $ 600,000,000 Attack method: Telegram was hacked