78 hack event(s)
Description of the event: There is a vulnerability in the Crypto Burger project, an NFT project on the BSC chain. "The attacker discovered a vulnerability related to the $BURG token contract, which managed to burn most of the tokens in the liquidity pool, while immediately liquidating the tokens it had previously acquired, from liquidity," the project said in a statement. $770,000 was stolen from the pool.”
Amount of loss: $ 770,000 Attack method: Contract Vulnerabilities
Description of the event: The creator of the NFT project Frosties absconded with the money, causing investors to lose more than $1 million. According to available information, there are 8,888 NFTs in the series with a floor price of 0.04 ETH, roughly over $120. Within an hour, all NFTs were sold, but instead of getting their assets, investors found out that the project developers closed all communication with community members. Etherscan data shows that developers have moved most of the funds from the OpenSea account to another wallet.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: NFT marketplace LooksRare suffered a DDoS attack hours after its launch, resulting in a brief offline. Some users reported that they could not connect their wallets and list their NFTs. The LooksRare team quickly restored the site.
Amount of loss: - Attack method: DDos Attack
Description of the event: Sports NFT platform Lympo suffered a hot wallet security breach, losing 165.2 million LMT tokens worth $18.7 million in the hack. Ten different project wallets were compromised in the attack. Quotes show that the LMT price plummeted 92% to $0.0093 after hackers moved and sold the loot in the project’s hot wallet.
Amount of loss: $ 18,700,000 Attack method: Hot Wallet Stolen
Description of the event: NFT project Bored Bunny is suspected of being a Rug Pull project. Some netizens said that 2,000 ETH raised have been transferred out, and some of them have been transferred to Binan. In addition, this address had similar behavior 1-2 months ago, associated with 2 NFT items that almost went to zero. Currently Bored Bunny's Discord has turned off all people all channels to speak.
Amount of loss: 2,000 ETH Attack method: Rug Pull
Description of the event: The NFT project Monkey Kindom stated that hackers stole $1.3 million in SOL from the community through a security breach in discord. The hacker first attacked Grape, the solution to authenticate users on Solana, and took advantage of the vulnerability to take over an administrative account that posted a phishing link in the announcement channel of Monkey Kindom discord.
Amount of loss: $ 1,300,000 Attack method: Discord was hacked
Description of the event: A Discord server run by Fractal in the recently launched game NFT market was hacked. The hacker defrauded 373 members of 800 Solana cryptocurrencies worth US$150,000. The startup said in its announcement that it will compensate the victims in full.
Amount of loss: $ 150,000 Attack method: Discord was hacked
Description of the event: The Discord server run by Fractal, a gaming NFT marketplace, was hacked, a fake Discord bot disguised as an official posted a fake minting link in Fractal's "#announcements" channel, and nearly 3,500 people fell victim to it, losing nearly 600,000 Dollar. In its announcement, the company said it would fully compensate victims of the hack.
Amount of loss: $ 600,000 Attack method: Discord was hacked
Description of the event: Chain game project Vulcan Forged officially tweeted that 148 wallets holding PYR were hacked, and more than 4.5 million PYR had been stolen. It then stated: Most of the PYR has been returned from the treasury to the affected wallets.
Amount of loss: $ 102,820,974 Attack method: Private key leak
Description of the event: According to blockchain game developer Animoca Brands, on November 19, hackers successfully accessed the Discord account of the science fiction NFT game Phantom Galaxies and took over its server. The hacker subsequently issued a fraudulent statement claiming that the game was launching an NFT minting activity. The hacker directs the user to a website, charges the user 0.1 ETH, and then sends the funds to the hacker's Ethereum address. A total of 265 sent ETH, about 1.1 million US dollars. Animoca Brands pointed out that there is no evidence that smart contracts have been breached, and no funds have been stolen from the game or its developers or publishers.
Amount of loss: 265 ETH Attack method: Discord was hacked
Description of the event: According to reports, a currency stolen event occurred in Farmers World, a farm-type game on the WAX chain, and the amount may exceed 100 million yuan. Some players have found that the game shows "Insufficient RAM" prompts, which cannot be solved even after adding WAXP. According to the official Discord discussion information: Neither the project smart contract nor the WAX wallet has vulnerabilities, but the address where the user pledged WAXP is not the official address of the game. It may be that the game "plug-in" script changed the user pledge address, causing the user to be unable to obtain RAM resources.
Amount of loss: $ 15,700,000 Attack method: The game "plug-in" script changed the user's pledge address
Description of the event: According to news, the security research company discovered that there is a serious security vulnerability in OpenSea in the NFT market, which may cause hackers to steal the user's entire encrypted wallet. Then OpenSea responded that a repair was implemented within one hour of discovering the problem, and other measures will be taken to strengthen community safety education.
Amount of loss: - Attack method: XSS
Description of the event: The official Twitter account and website of the NFT project Evolved Apes, the project developer "Evil Ape" disappeared last week, and took away 798 ETH worth US$2.7 million.
Amount of loss: 798 ETH Attack method: Rug Pull
Description of the event: POAP, the proof of attendance badge protocol, stated that its minting system was hacked on September 29, and several POAPs of XCOPY and Polygonal Mind were fraudulently issued and sold. At the request of the artist, POAP has burned down the relevant NFT.
Amount of loss: - Attack method: Minting system was attacked
Description of the event: Iconics, an NFT project on Solana, was accused of being a “Rug pull.” The 17-year-old artist behind Iconics made about $140,000 before disappearing. The project developers also deleted Iconics’ Twitter account and disabled Discord channel chat.
Amount of loss: $ 140,000 Attack method: Rug Pull
Description of the event: A vulnerability in NFT marketplace OpenSea resulted in at least 42 NFTs being sent to a burn address, worth at least $100,000. The issue was first raised by Nick Johnson, lead developer of the Ethereum Name Service (ENS), who noted that when he transferred an ENS domain name (in the form of an NFT), it was transferred to a burn address. This means it was accidentally sent to an uncontrolled address and can no longer be moved. Regarding the destroyed ENS domain name, Johnson said it was the first registered ENS domain name, called rilxxlir.eth, which was held by an ENS account when Johnson registered it with personal funds. In order to transfer the ENS domain name to his own account, he went to OpenSea to perform the transfer, only to find that it had been sent to a destruction address by mistake. Since Johnson is still the controller of the ENS domain name, he can still make changes, just cannot move the domain name. Johnson then received further reports from others who were similarly affected and compiled a list of 32 affected transactions involving 42 NFTs. Most NFTs use the ERC-721 standard, but a few use ERC-1155. He looked at the floor price of each NFT, which totaled about $100,000. Johnson claims that OpenSea has now fixed the vulnerability.
Amount of loss: $ 100,000 Attack method: Contract Vulnerability
Description of the event: A user claimed on Twitter that he had mistakenly entered an NFT auction scam and was taken away by an art website worth 336,000 US dollars of Ethereum. However, the development of the story is somewhat unexpected, because the other party returned 100 ETH in full. In this scam, the victim reported that he inquired about the NFT auction on Monday from a certain population on Discord, and then he thought he was lucky enough to win the bid for the first NFT on the website and paid 100 ETH (about 336,000 US dollars) for this. ). However, according to a BBC report on Tuesday, a hacker exploited a security hole in the artist Banksy's website and set up a web page (banksy.co.uk/NFT) to sell so-called non-fungible tokens (NFT). In the end, although the hacker returned the money, the user still lost $5,000 in transaction fees.
Amount of loss: $ 5,000 Attack method: Phishing attack
Description of the event: The NFT project Axie Infinity tweeted that its market platform was attacked by DDoS and that someone was sending spam to its server in an attempt to make it unusable. Officials say the funds are currently safe.
Amount of loss: - Attack method: DDos attack