107 hack event(s)
Description of the event: According to news, the security research company discovered that there is a serious security vulnerability in OpenSea in the NFT market, which may cause hackers to steal the user's entire encrypted wallet. Then OpenSea responded that a repair was implemented within one hour of discovering the problem, and other measures will be taken to strengthen community safety education.
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: The official Twitter account and website of the NFT project Evolved Apes, the project developer "Evil Ape" disappeared last week, and took away 798 ETH worth US$2.7 million.
Amount of loss: 798 ETH Attack method: Rug Pull
Description of the event: POAP, the proof of attendance badge protocol, stated that its minting system was hacked on September 29, and several POAPs of XCOPY and Polygonal Mind were fraudulently issued and sold. At the request of the artist, POAP has burned down the relevant NFT.
Amount of loss: - Attack method: Minting Attack
Description of the event: Iconics, an NFT project on Solana, was accused of being a “Rug pull.” The 17-year-old artist behind Iconics made about $140,000 before disappearing. The project developers also deleted Iconics’ Twitter account and disabled Discord channel chat.
Amount of loss: $ 140,000 Attack method: Rug Pull
Description of the event: A vulnerability in NFT marketplace OpenSea resulted in at least 42 NFTs being sent to a burn address, worth at least $100,000. The issue was first raised by Nick Johnson, lead developer of the Ethereum Name Service (ENS), who noted that when he transferred an ENS domain name (in the form of an NFT), it was transferred to a burn address. This means it was accidentally sent to an uncontrolled address and can no longer be moved. Regarding the destroyed ENS domain name, Johnson said it was the first registered ENS domain name, called rilxxlir.eth, which was held by an ENS account when Johnson registered it with personal funds. In order to transfer the ENS domain name to his own account, he went to OpenSea to perform the transfer, only to find that it had been sent to a destruction address by mistake. Since Johnson is still the controller of the ENS domain name, he can still make changes, just cannot move the domain name. Johnson then received further reports from others who were similarly affected and compiled a list of 32 affected transactions involving 42 NFTs. Most NFTs use the ERC-721 standard, but a few use ERC-1155. He looked at the floor price of each NFT, which totaled about $100,000. Johnson claims that OpenSea has now fixed the vulnerability.
Amount of loss: $ 100,000 Attack method: Contract Vulnerability
Description of the event: A user claimed on Twitter that he had mistakenly entered an NFT auction scam and was taken away by an art website worth 336,000 US dollars of Ethereum. However, the development of the story is somewhat unexpected, because the other party returned 100 ETH in full. In this scam, the victim reported that he inquired about the NFT auction on Monday from a certain population on Discord, and then he thought he was lucky enough to win the bid for the first NFT on the website and paid 100 ETH (about 336,000 US dollars) for this. ). However, according to a BBC report on Tuesday, a hacker exploited a security hole in the artist Banksy's website and set up a web page (banksy.co.uk/NFT) to sell so-called non-fungible tokens (NFT). In the end, although the hacker returned the money, the user still lost $5,000 in transaction fees.
Amount of loss: $ 5,000 Attack method: Phishing attack
Description of the event: The NFT project Axie Infinity tweeted that its market platform was attacked by DDoS and that someone was sending spam to its server in an attempt to make it unusable. Officials say the funds are currently safe.
Amount of loss: - Attack method: DDoS Attack