124 hack event(s)
Description of the event: Hot wallets operated by TopGoal were attacked and compromised. In this hack, only the hot wallet operated by TopGoal, which manages the distribution of TopPrize rewards, was affected. All user assets including NFTs and TMTs are safe. The hackers transferred a total of 4,809,984 TMT from the TopGoal-operated hot wallet to the address 0x7F0D082D08874A57110c73a8853967e7C19D1a6e. The hackers then exchanged all those TMTs from PancakeSwap for over 2,600 BNB and used Tornado to transfer the BNB out of the address.
Amount of loss: 4,809,984 TMT Attack method: Wallet Stolen
Description of the event: Dego Finance, an NFT and DeFi aggregator, announced that it was hacked, and now the DEGO liquidity on UniSwap and PancakeSwap has been exhausted.
Amount of loss: $ 10,000,000 Attack method: Private Key Leakage
Description of the event: The official Discord server of the NFT project The Heart Project was hacked. Scammers deleted most of The Heart Project's Discord channels and posted scam links. According to The Heart Project, some users clicked on fraudulent links and said they lost assets. The Heart Project says it will reimburse users for lost ether.
Amount of loss: - Attack method: Account Compromise
Description of the event: The social media accounts of NFT project Mercenary have been deleted. Deployers spent over $760,000.
Amount of loss: $ 760,000 Attack method: Rug Pull
Description of the event: An OpenSea user exploited a vulnerability in the non-fungible token (NFT) market to steal hundreds of ether (ETH) from the owners of well-known collectibles such as the Bored Ape Yacht Club (BAYC) and Cyber Kongs of several items. The vulnerability appears to be related to the listing mechanism exploited by the platform and allows users to earn around 347 ETH by purchasing some NFTs at the previous listing price on different markets.
Amount of loss: 347 ETH Attack method: Listing mechanism loopholes
Description of the event: Blockverse is a Minecraft-based NFT game. Through OpenSea, investors can buy Blockverse characters and a cryptocurrency called $Diamond. Unfortunately, investors withdrew all real money invested in Blockverse, shutting down and deleting the project’s official website, Discord, and Twitter. After three days of silence, the Blockverse founders resurfaced on Twitter, apologizing and explaining their actions. More than three weeks later, the Blockverse team's promise to "get back on track" has not materialized. The Blockverse Twitter account has not been updated further, its website remains offline, and the Medium account hosting the Blockverse white paper has disappeared.
Amount of loss: 1,294 ETH Attack method: Rug Pull
Description of the event: There is a vulnerability in the Crypto Burger project, an NFT project on the BSC chain. "The attacker discovered a vulnerability related to the $BURG token contract, which managed to burn most of the tokens in the liquidity pool, while immediately liquidating the tokens it had previously acquired, from liquidity," the project said in a statement. $770,000 was stolen from the pool.”
Amount of loss: $ 770,000 Attack method: Contract Vulnerability
Description of the event: The creator of the NFT project Frosties absconded with the money, causing investors to lose more than $1 million. According to available information, there are 8,888 NFTs in the series with a floor price of 0.04 ETH, roughly over $120. Within an hour, all NFTs were sold, but instead of getting their assets, investors found out that the project developers closed all communication with community members. Etherscan data shows that developers have moved most of the funds from the OpenSea account to another wallet.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: NFT marketplace LooksRare suffered a DDoS attack hours after its launch, resulting in a brief offline. Some users reported that they could not connect their wallets and list their NFTs. The LooksRare team quickly restored the site.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Sports NFT platform Lympo suffered a hot wallet security breach, losing 165.2 million LMT tokens worth $18.7 million in the hack. Ten different project wallets were compromised in the attack. Quotes show that the LMT price plummeted 92% to $0.0093 after hackers moved and sold the loot in the project’s hot wallet.
Amount of loss: $ 18,700,000 Attack method: Wallet Stolen
Description of the event: NFT project Bored Bunny is suspected of being a Rug Pull project. Some netizens said that 2,000 ETH raised have been transferred out, and some of them have been transferred to Binan. In addition, this address had similar behavior 1-2 months ago, associated with 2 NFT items that almost went to zero. Currently Bored Bunny's Discord has turned off all people all channels to speak.
Amount of loss: 2,000 ETH Attack method: Rug Pull
Description of the event: The NFT project Monkey Kindom stated that hackers stole $1.3 million in SOL from the community through a security breach in discord. The hacker first attacked Grape, the solution to authenticate users on Solana, and took advantage of the vulnerability to take over an administrative account that posted a phishing link in the announcement channel of Monkey Kindom discord.
Amount of loss: $ 1,300,000 Attack method: Account Compromise
Description of the event: A Discord server run by Fractal in the recently launched game NFT market was hacked. The hacker defrauded 373 members of 800 Solana cryptocurrencies worth US$150,000. The startup said in its announcement that it will compensate the victims in full.
Amount of loss: $ 150,000 Attack method: Account Compromise
Description of the event: The Discord server run by Fractal, a gaming NFT marketplace, was hacked, a fake Discord bot disguised as an official posted a fake minting link in Fractal's "#announcements" channel, and nearly 3,500 people fell victim to it, losing nearly 600,000 Dollar. In its announcement, the company said it would fully compensate victims of the hack.
Amount of loss: $ 600,000 Attack method: Account Compromise
Description of the event: Chain game project Vulcan Forged officially tweeted that 148 wallets holding PYR were hacked, and more than 4.5 million PYR had been stolen. It then stated: Most of the PYR has been returned from the treasury to the affected wallets.
Amount of loss: $ 102,820,974 Attack method: Private Key Leakage
Description of the event: According to blockchain game developer Animoca Brands, on November 19, hackers successfully accessed the Discord account of the science fiction NFT game Phantom Galaxies and took over its server. The hacker subsequently issued a fraudulent statement claiming that the game was launching an NFT minting activity. The hacker directs the user to a website, charges the user 0.1 ETH, and then sends the funds to the hacker's Ethereum address. A total of 265 sent ETH, about 1.1 million US dollars. Animoca Brands pointed out that there is no evidence that smart contracts have been breached, and no funds have been stolen from the game or its developers or publishers.
Amount of loss: 265 ETH Attack method: Account Compromise
Description of the event: According to reports, a currency stolen event occurred in Farmers World, a farm-type game on the WAX chain, and the amount may exceed 100 million yuan. Some players have found that the game shows "Insufficient RAM" prompts, which cannot be solved even after adding WAXP. According to the official Discord discussion information: Neither the project smart contract nor the WAX wallet has vulnerabilities, but the address where the user pledged WAXP is not the official address of the game. It may be that the game "plug-in" script changed the user pledge address, causing the user to be unable to obtain RAM resources.
Amount of loss: $ 15,700,000 Attack method: Malicious Code Injection Attack
Description of the event: According to news, the security research company discovered that there is a serious security vulnerability in OpenSea in the NFT market, which may cause hackers to steal the user's entire encrypted wallet. Then OpenSea responded that a repair was implemented within one hour of discovering the problem, and other measures will be taken to strengthen community safety education.
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: The official Twitter account and website of the NFT project Evolved Apes, the project developer "Evil Ape" disappeared last week, and took away 798 ETH worth US$2.7 million.
Amount of loss: 798 ETH Attack method: Rug Pull
Description of the event: POAP, the proof of attendance badge protocol, stated that its minting system was hacked on September 29, and several POAPs of XCOPY and Polygonal Mind were fraudulently issued and sold. At the request of the artist, POAP has burned down the relevant NFT.
Amount of loss: - Attack method: Minting Attack