70 hack event(s)
Description of the event: Chain game project Vulcan Forged officially tweeted that 148 wallets holding PYR were hacked, and more than 4.5 million PYR had been stolen. It then stated: Most of the PYR has been returned from the treasury to the affected wallets.
Amount of loss: $ 102,820,974 Attack method: Private key leak
Description of the event: According to blockchain game developer Animoca Brands, on November 19, hackers successfully accessed the Discord account of the science fiction NFT game Phantom Galaxies and took over its server. The hacker subsequently issued a fraudulent statement claiming that the game was launching an NFT minting activity. The hacker directs the user to a website, charges the user 0.1 ETH, and then sends the funds to the hacker's Ethereum address. A total of 265 sent ETH, about 1.1 million US dollars. Animoca Brands pointed out that there is no evidence that smart contracts have been breached, and no funds have been stolen from the game or its developers or publishers.
Amount of loss: 265 ETH Attack method: Discord server hacked
Description of the event: According to reports, a currency stolen event occurred in Farmers World, a farm-type game on the WAX chain, and the amount may exceed 100 million yuan. Some players have found that the game shows "Insufficient RAM" prompts, which cannot be solved even after adding WAXP. According to the official Discord discussion information: Neither the project smart contract nor the WAX wallet has vulnerabilities, but the address where the user pledged WAXP is not the official address of the game. It may be that the game "plug-in" script changed the user pledge address, causing the user to be unable to obtain RAM resources.
Amount of loss: $ 15,700,000 Attack method: The game "plug-in" script changed the user's pledge address
Description of the event: According to news, the security research company discovered that there is a serious security vulnerability in OpenSea in the NFT market, which may cause hackers to steal the user's entire encrypted wallet. Then OpenSea responded that a repair was implemented within one hour of discovering the problem, and other measures will be taken to strengthen community safety education.
Amount of loss: - Attack method: XSS
Description of the event: The official Twitter account and website of the NFT project Evolved Apes, the project developer "Evil Ape" disappeared last week, and took away 798 ETH worth US$2.7 million.
Amount of loss: 798 ETH Attack method: Scam
Description of the event: POAP, the proof of attendance badge protocol, stated that its minting system was hacked on September 29, and several POAPs of XCOPY and Polygonal Mind were fraudulently issued and sold. At the request of the artist, POAP has burned down the relevant NFT.
Amount of loss: - Attack method: Minting system was attacked
Description of the event: Iconics, an NFT project on Solana, was accused of being a “Rug pull.” The 17-year-old artist behind Iconics made about $140,000 before disappearing. The project developers also deleted Iconics’ Twitter account and disabled Discord channel chat.
Amount of loss: $ 140,000 Attack method: Scam
Description of the event: A vulnerability in NFT marketplace OpenSea resulted in at least 42 NFTs being sent to a burn address, worth at least $100,000. The issue was first raised by Nick Johnson, lead developer of the Ethereum Name Service (ENS), who noted that when he transferred an ENS domain name (in the form of an NFT), it was transferred to a burn address. This means it was accidentally sent to an uncontrolled address and can no longer be moved. Regarding the destroyed ENS domain name, Johnson said it was the first registered ENS domain name, called rilxxlir.eth, which was held by an ENS account when Johnson registered it with personal funds. In order to transfer the ENS domain name to his own account, he went to OpenSea to perform the transfer, only to find that it had been sent to a destruction address by mistake. Since Johnson is still the controller of the ENS domain name, he can still make changes, just cannot move the domain name. Johnson then received further reports from others who were similarly affected and compiled a list of 32 affected transactions involving 42 NFTs. Most NFTs use the ERC-721 standard, but a few use ERC-1155. He looked at the floor price of each NFT, which totaled about $100,000. Johnson claims that OpenSea has now fixed the vulnerability.
Amount of loss: $ 100,000 Attack method: System vulnerabilities
Description of the event: A user claimed on Twitter that he had mistakenly entered an NFT auction scam and was taken away by an art website worth 336,000 US dollars of Ethereum. However, the development of the story is somewhat unexpected, because the other party returned 100 ETH in full. In this scam, the victim reported that he inquired about the NFT auction on Monday from a certain population on Discord, and then he thought he was lucky enough to win the bid for the first NFT on the website and paid 100 ETH (about 336,000 US dollars) for this. ). However, according to a BBC report on Tuesday, a hacker exploited a security hole in the artist Banksy's website and set up a web page (banksy.co.uk/NFT) to sell so-called non-fungible tokens (NFT). In the end, although the hacker returned the money, the user still lost $5,000 in transaction fees.
Amount of loss: $ 5,000 Attack method: Scam
Description of the event: The NFT project Axie Infinity tweeted that its market platform was attacked by DDoS and that someone was sending spam to its server in an attempt to make it unusable. Officials say the funds are currently safe.
Amount of loss: - Attack method: DDos attack