125 hack event(s)
Description of the event: According to the SlowMist MistEye security monitoring system, the NFT project Next Earth has suffered a reentrancy attack on Polygon.
Amount of loss: $ 17,000 Attack method: Reentrancy Attack
Description of the event: The attacker exploited a vulnerability in The Idols project's smart contract to steal 97 stETH (approximately $324,000) from the project.
Amount of loss: $ 324,000 Attack method: Contract Vulnerability
Description of the event: The official X account of the decentralized intellectual property (IP) platform KOR Protocol appears to have been compromised. The hacker has posted a fake phishing link. Please avoid interacting with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Omnichain NFT protocol Holograph protocol was exploited, resulting in a loss of approximately $14.4 million. According to the team, a former contractor exploited an infinite mint vulnerability in their smart contract to release an additional 1 billion HLG tokens, which were further dumped. This malicious actor, who had funded the operator contract roughly 26 days before the attack, deployed an unverified contract on Mantle, which was used to mint the additional tokens caused by a function that exploited the protocol's verification method.
Amount of loss: $ 14,400,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist security team, potential suspicious activity has been detected in the GameFi protocol MetaDragon, and users are advised to remain vigilant. MetaDragon stated that users need to convert their META NFTs into tokens as soon as possible to minimize community losses. The META NFT contract has just been hacked. The hacker converted many NFTs in wallets to META tokens and sold them. The attack path originated from the META NFT.
Amount of loss: $ 181,000 Attack method: Contract Vulnerability
Description of the event: According to the monitoring of the SlowMist Security Alert system, the Web3 game project Galaxy Fox has been attacked, resulting in a loss of approximately $300,000.
Amount of loss: $ 300,000 Attack method: Contract Vulnerability
Description of the event: A vulnerability has been detected in the unverified Ember Sword NFT auction that allowed the extraction of 60 WETH, equivalent to approximately $195,000, from 159 victims who approved the contract.
Amount of loss: $ 195,000 Attack method: Contract Vulnerability
Description of the event: The treasury of Remilia, the parent company of Milady, has been drained, with assets from multiple official Remilia wallets being transferred and sold. The hot wallet and multi-signature treasury of Remilia's parent company, Remilia, were hacked, with assets from multiple official Remilia wallets being transferred and sold. Charlotte Fang, the founder of Milady, claimed he was hacked and drained of ETH and NFTs potentially worth several million dollars. Although the project's treasury used a multi-signature model, the private keys were stored in one password manager, which Fang says was compromised. The attacker stole around 490 ETH (~$1.8 million) and $58,000 USDC, along with more than 130 Milady NFTs, 320 Remilio NFTs, and hundreds of derivative tokens issued on the NFTX platform. Based on floor prices, the assets are valued at north of $6 million.
Amount of loss: $ 6,000,000 Attack method: Unknown
Description of the event: The deployer wallet of the NFT marketplace Wilder World was attacked, and ownership was transferred to the attacker. Following a malicious upgrade, the attacker withdrew WILD and MEOW tokens and converted them into approximately $1.8 million.
Amount of loss: $ 1,800,000 Attack method: Private Key Leakage
Description of the event: The ERC 404 project Rugged Art was attacked due to a reentrancy vulnerability, resulting in a loss of 11 ETH.
Amount of loss: $ 32,395 Attack method: Reentrancy Attack
Description of the event: A global IP of FREE Digital Collectibles, Art and community Wabalaba Land's Discord has been compromised. Do not click any links until the team regain control of the server.
Amount of loss: - Attack method: Account Compromise
Description of the event: There is a vulnerability in the INSC NFT contract, and multiple hackers have exploited it to steal NFTs and transfer them to Blur and OpenSea for sale. According to Blur market data, the floor price of INSC (ins-20) has dropped to 0.0048 ETH, with a decrease of 96.76% in the last 24 hours.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: PineProtocol seems to have been exploited. According to SlowMist's analysis, the exploiter's IP is 116.*.*.112. The exploiter has withdrawn ETH from FixedFloat and ChangeNOW, and has transferred 20 ETH to TornadoCash. The exploiter appears to have received part of the bounty.
Amount of loss: $ 90,000 Attack method: Flash Loan Attack
Description of the event: Metakey's Discord has been compromised. Do not click the link in announcements.
Amount of loss: - Attack method: Account Compromise
Description of the event: On December 17th, according to SlowMist Cos, Flooring Protocol may have been subjected to a hacker attack, and users are advised to promptly revoke contract authorizations. In a tweet on December 17th, Flooring Protocol announced that "We have determined the cause of exploit to be linked to FP's peripheral/multi-call contract. The team has deployed a fix 2 hours ago, patching the issue. While we continue to investigate and monitor, rest assured that the main contract is safe. Assets in vaults and safeboxes are not affected."
Amount of loss: $ 1,600,000 Attack method: Contract Vulnerability
Description of the event: On December 16, the SlowMist security team issued an alert that @NftTrader appeared to have been exploited due to a reentrancy issue. On December 17, the NFT Trader hacker claimed in on-chain messages that the original attack had been perpetrated by someone else, but that they were one of the many copycat attackers, describing themselves as someone who had "[come] here to pick up residual garbage". They requested victims send additional ETH to get their NFTs back. "If you want the monkey nft back, then you need to pay me a bouty, which is what I deserve", they wrote, asking for NFT holders to send them 10% of the Ape floor price. On December 17, Boring Security tweeted, "All 36 BAYC and 18 MAYC that the exploiter had are now in our possession. We sent her 10% of the floor price of the collections as bounty. We will be working with the affected victims getting them back to them free of charge."
Amount of loss: $ 3,000,000 Attack method: Reentrancy Attack
Description of the event: Builders NFT (BuiLDerS) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 89,296 Attack method: Rug Pull
Description of the event: There is a fake collab land verification in the Loozr Discord. The verification will take you to a phishing site that connects to a wallet drainer
Amount of loss: - Attack method: Account Compromise
Description of the event: Starksport announced that a community team member's Discord was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: Cryptopreneurs' Discord server was hacked and the attacker posted a phishing link.
Amount of loss: - Attack method: Account Compromise