125 hack event(s)
Description of the event: A phishing link has been posted in the announcements channel of MetaMundo Discord server. Do not interact with hxxps://mint-metamundo.co/.
Amount of loss: - Attack method: Account Compromise
Description of the event: Metropolis World announced that their Discord server was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: The GEMIE Discord server was hacked and the attackers posted phishing links in the announcement channel. Please do not interact with hxxps://gemie.site/.
Amount of loss: - Attack method: Account Compromise
Description of the event: VendX Discord server was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: A phishing link has been posted in the factory-updates channel of LuckyFactoryNFT. Do not interact with the malicious link.
Amount of loss: - Attack method: Phishing Attack
Description of the event: On September 27th, Venom Bears‘ Discord server was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: Synthtopia Discord server was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: A phishing link has been posted in the announcements channel of timesoul Discord server.
Amount of loss: - Attack method: Account Compromise
Description of the event: On September 17th, the NFT solution -- One Mint's Discord account was compromised. The attacker posted malicious links and shut down channels like support.
Amount of loss: - Attack method: Account Compromise
Description of the event: Milady founder Charlotte Fang said that a developer of Milady misappropriated approximately $1 million from the Bonkler treasury of Milady's official project. The developer also seized the code base and asked the team to hand over more funds and NFT reserves. Currently, the Twitter accounts of miladymaker and remilionaire are controlled by this developer. Charlotte Fang said the relevant members have been identified and will be held accountable to the fullest extent of the law. Minting of Bonkler NFTs is temporarily suspended and Bonkler’s community vaults, contracts, and NFTs are safe. Other series of NFTs from Milady parent company Remilia are not affected for the time being.
Amount of loss: $ 1,000,000 Attack method: Insider Manipulation
Description of the event: A phishing link was posted in the announcements channel of ACG WORLDS discord server. Do not interact with hxxps://asusworlds.com/tcom/.
Amount of loss: - Attack method: Account Compromise
Description of the event: Big.B Discord Server was hacked. The attacker posted a phishing link in Big.B Discord Server. Do not click on any links until the team has confirmed they’ve regained control of the server.
Amount of loss: - Attack method: Account Compromise
Description of the event: NFT marketplace Paras tweeted that its discord was under attack. Please do not click on the link, mint, or approve any transactions.
Amount of loss: - Attack method: Account Compromise
Description of the event: On Sept 3, Paras Discord server was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: Balthazar tweeted that his Discord was under attack and please do not click on the link, mint, or approve any transactions.
Amount of loss: - Attack method: Account Compromise
Description of the event: Lamas Finance's Discord is under attack, phishing site is lamas[.]co/airdrop, please do not click on the link, mint or approve any transactions.
Amount of loss: - Attack method: Account Compromise
Description of the event: On-chain analyst ZachXBT tweeted that there was an issue with Made by Apes’ SaaSy Labs APl, an on-chain licensing application platform launched by BAYC, allowing access to personal details for MBA applications. This issue was reported to Yuga Labs before disclosure and has since been fixed. Yuga Labs responded that it is currently uncertain whether there is a case of data misuse, is contacting anyone who may have exposed information, and will provide fraud and identity protection to any users who may need it.
Amount of loss: - Attack method: Information Leakage
Description of the event: The NFT lending platform JPEG'd was hacked, and JPEG tokens fell by 40% in a short period of time, with a loss of at least about $10 million. The root cause is re-entry. When the attacker calls the remove_liquidity function to remove liquidity, he adds liquidity by re-entering the add liquidity function. Because the balance update is before re-entering the add_liquidity function, the price calculation is wrong. JPEG'd tweeted that the PETH-ETH curve pool was attacked. The vault contract that allows NFTs to be borrowed is safe and still functioning. NFT and treasury fund security. The JPEG'd contract has not been hacked and is safe. On August 5, JPEG'd tweeted that the DAO multi-signature address confirmed receipt of 5494.4 WETH, and the address owner who recovered funds from the pETH vulnerability received a 10% white hat bounty, which is 610.6 WETH.
Amount of loss: $ 11,363,266 Attack method: Reentrancy Attack
Description of the event: An attacker has successfully compromised the Twitter accounts of popular NFT project Gutter Cat Gang and its co-founders, and used them to post phishing website airdrops claiming to be new NFTs. Instead of receiving the promised tokens, those who authorized contracted their wallets to be emptied. One victim lost 36 NFTs, including a Bored Ape NFT they bought for about $130,000. In total, the attackers managed to steal between $750,000 and $900,000 worth of NFTs, depending on how the resale value was estimated. The next day, the Gutter Cat Gang announced that they had regained control of the Twitter account and deleted the malicious tweet. They said they were cooperating with law enforcement investigating the theft but, to the dismay of some victims, did not describe any plans to compensate those whose assets were lost.
Amount of loss: $ 800,000 Attack method: Account Compromise
Description of the event: After spending nearly $40 million on a new set of Azuki NFTs, the Azuki community was outraged that they were "diluting" a near-replica of the original Azuki collection. To counter what Azuki’s creators called a “blatant scam,” holders who claim to have collectively spent millions of dollars on the Azuki project formed AzukiDAO. The DAO created a governance token, $BEAN, which is distributed to Azuki NFT owners. The DAO then began voting to hire lawyers to sue the creators of Azuki and demand a return of the 20,000 ETH (approximately $38 million) that the Elementals NFTs had spent in total. However, governance tokens were exploited shortly after the DAO was created. Attackers were able to exploit a flaw in the smart contract, and two exploiters stole approximately 35 ETH (approximately $69,000), mainly because the variable signatureClaimed in the contract was not checked properly, resulting in a replay attack. The DAO suspended the contract to prevent further theft.
Amount of loss: $ 69,000 Attack method: Replay Attack