72 hack event(s)
Description of the event: The Discord of Homeless Friends NFT was attacked, homelessfriends[.]net is a phishing website.
Amount of loss: - Attack method: Discord was hacked
Description of the event: The work of Animoon with 9999 NFTs is taken from Pokémon. They claim to have signed a non-disclosure agreement (NDA) with Pokémon partner TopDeck. But with no evidence of an actual P2E game being developed, the Animoon team disappeared, deleting their Twitter account and website.
Amount of loss: $ 6,300,000 Attack method: Rug Pull
Description of the event: A Rug Pull occurred in the NFT metaverse game project Pokemoney on BNBChian, its Token PMY has dropped by 99.98%%, and about 11,800 BNB (about 3.5 million US dollars) have been withdrawn and transferred.
Amount of loss: $ 3,500,000 Attack method: Rug Pull
Description of the event: The project behind the Llamaverse, the Llamascape NFT series, was hacked. Hackers targeted their Discord server and scammers took around 30-40 ETH.
Amount of loss: 30-40 ETH Attack method: Discord was hacked
Description of the event: Axie Infinity says the Mee6 bot on its main server was hacked. Hackers use Mee6 bot to add permissions to fake Jiho account to post fake announcements about mint. MEE6 is a Discord bot that allows admins to automatically assign and remove roles and send messages. The fake announcement has now been removed.
Amount of loss: - Attack method: Discord was hacked
Description of the event: Discord for NFT series Lazy Lions was hacked. Notably, this attack appears to infiltrate many other large NFT projects throughout the day, seemingly due to MEE6 staff being able to use MEE6 remotely to give themselves roles in any server.
Amount of loss: - Attack method: Discord was hacked
Description of the event: NFT project Alien Frens tweeted that Discord had been attacked. Users are asked not to click on any MINT links.
Amount of loss: - Attack method: Discord was hacked
Description of the event: There was an abnormality on the Tianqiong Digital Collection platform. The price of its collections on the secondary market skyrocketed thousands of times, and collections with a price of nearly 10 million yuan were sold in seconds. The Tianqiongshuzang announcement stated that the platform was maliciously attacked by hackers and used false balances to purchase and steal player collections.
Amount of loss: - Attack method: Fake balance
Description of the event: The ownlyio project's NFTStaking contract was attacked, with a total of 115 BNB stolen and a loss of about $36,418. The reason for this attack is that the unstake function of the pledge contract of the ownio project does not check the user's claim status, so the attacker can use the unstake function to receive the own tokens in the contract infinitely, thereby extracting all the own tokens in the pledge contract, and finally the attacker The acquired owned tokens are exchanged for 115 BNB through the pair transaction.
Amount of loss: 115 BNB Attack method: Contract Vulnerability
Description of the event: The Fury of the Fur NFT project was a collection of 3D models that sort of resembled bears. However, the NFT rollout has not been smooth - out of a total supply of 9,671 NFTs, less than 2,800 NFTs have been minted. The project attempted to relaunch but failed to generate more interest, so the creators decided to pull it out — while preserving funding, of course. The project founders have left a long message to the community that they will close the project.
Amount of loss: $ 300,000 Attack method: Rug Pull
Description of the event: Day of Defeat has rug pull, value has suddenly dropped by over 96%, and over $1.35 million in assets has been moved from BSC-based projects to external wallets. After the funds ran out, the project claimed they had been hacked by outside actors and had “reported to Binance and local authorities.”
Amount of loss: $ 1,350,000 Attack method: Rug Pull
Description of the event: Sentinel founder Serpent tweeted that OpenSea's official Discord was attacked. Hackers used bot accounts to post fake links in the channel, and said that "OpenSea has reached a cooperation with YouTube. Click the link to participate in the mint pass NFT limited to 100 pieces." Users should be aware of the risks and do not click on links provided by hackers.
Amount of loss: - Attack method: Discord was hacked
Description of the event: The official Instagram of the NFT project Bored Ape Yacht Club (BAYC) was hacked, and the attackers have stolen 91 NFTs including 4 BAYC, 7 MAYC, 3 BAKC, 1 CloneX, etc.
Amount of loss: - Attack method: Instagram was hacked
Description of the event: The Akutars (@AkuDreams) project auction contract was permanently unable to withdraw 11,539.5 ETH due to multiple code flaws. According to SlowMist analysis, even if the problem of users' inability to refund is solved, due to the inconsistency between the number of bidders and the number of auctions and the defects of the project party's withdrawal function, Akutars funds will eventually be permanently locked.
Amount of loss: 11,539.5 ETH Attack method: Contract Vulnerability
Description of the event: The Discord of NFT project Ugly People has been hacked, and attackers are spreading fake mint links.
Amount of loss: - Attack method: Discord was hacked
Description of the event: According to official sources, a large amount of FACE tokens were dumped on-chain, and the investigation turned out that one of the FACE tokens held by the team was transferred and sold by an unauthorized account.
Amount of loss: - Attack method: Phishing attack
Description of the event: The developer of Klaytn-based NFT project Metaconz tweeted that a malicious bot was installed on the administrator account of Metaconz’s Discord overseas team on Saturday, causing 79 users to lose 11.9 ETH (about $36,000), the team said. It promised to compensate all losses, and 53 users have so far been compensated. In addition, the developer reminded that if the user executes the setApprovalForAll function in Etherscan, please transfer the wallet unconditionally. Therefore, in this attack, the hacker used this function to deprive the victim of the wallet permission.
Amount of loss: 11.9 ETH Attack method: Discord was hacked
Description of the event: According to the official news of each project, the Discord of NFT projects whose servers are currently under attack include BAYC, Doodles, Nyoki, Shamanz, Zooverse, Dreadfuls, Freaky Labs, and Kaijukingz. In addition, the source code of the verification robot Captcha has been leaked, and the private message tool Ticket tool has been attacked.
Amount of loss: - Attack method: Discord was hacked
Description of the event: According to reports, someone pretended to be a Cryptovoxels official to conduct a phishing attack, induced users to authorize, stole multiple NFTs (including Cryptovoxels Parcel Token, Art Blocks: BLOCKS Token, Mutant Ape Yacht Club: MAYC Token, etc.), and then sold them on opensea. It is reported that anonymous attackers used a vulnerability in the Discord bot to manage to direct community users to phishing sites on the official Cryptovoxels Discord channel. The attacker's address is 0x794ca38bc1e15e528a7991ce25707a25ad71b675.
Amount of loss: 50 ETH Attack method: Phishing Attack
Description of the event: Maison Ghost’s Discord was hacked, the hacker posted a fake minting link, and within minutes about 300 NFTs were stolen, including the Sandbox and 3landers NFTs, which were then sold for 128 ETH and eventually sent to Tornado.
Amount of loss: 128 ETH Attack method: Discord was hacked