5 hack event(s)
Description of the event: Optimism decentralized trading protocol Velodrome tweeted that the frontend is currently compromised, please do not interact with Velodrome for the time being, the team is investigating. On December 1, Velodrome posted an update stating, "We are happy to announce that earlier today we were able to regain control of our domain following a social engineering attack on our provider. We are still working to restore our primary domain and will share an update soon. More details on the attack + response will follow." On December 2, Velodrome tweeted that their provider was exploited again and please do not interact with our front end. On the same day, Velodrome stated that "the domain has been restored again and is locked at the TLD level pending transfer to a new provider. You can now resume using https://velodrome.finance. Our decentralized frontend can be accessed at http://velo.drome.eth.limo and has remained uncompromised."
Amount of loss: $ 250,000 Attack method: DNS Attack
Description of the event: The loss of today's HundredFinance hack is ~$7m.The root cause appears the attacker donates 200 WBTC to inflate hWBTC's exchange rate so that even a tiny amount (2 wei) of hWBTC can basically drain current lending pools.
Amount of loss: $ 7,000,000 Attack method: Contract Vulnerability
Description of the event: The project Layer2DAO on Optimism was attacked by hackers. The hackers stole 49.95 million L2DAO tokens and sold some tokens by obtaining the multi-signature permission of Layer2DAO. Layer2DAO said it has repurchased more than 30 million tokens remaining in the hands of hackers through treasury funds. The L2DAO price fell by about 90% at one point.
Amount of loss: 49,950,000 L2DAO Attack method: Permission Stolen
Description of the event: As reported by Cointelegraph, the BitBTC team has now fixed the bug after Twitter user @PlasmaPower0 disclosed a “fake minting” bug that existed in the cross-chain bridge between BitBTC and Optimism. It is reported that the vulnerability allows an attacker to fake tokens on one side of the bridge and exchange them for real tokens on the other side. Attackers have tried to extract 200 billion BitBTC tokens from Optimism through this vulnerability, but it is only a test.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: On August 4, Team at Velodrome, an AMM project built on Optimism, noticed that $350,000 had been taken from a team-operated wallet that was normally used for operational funds. They announced they were beginning an investigation into the theft, which they initially believed was due to a compromised wallet. Their team member Gabagool tweeted more details, underscoring that no user funds were lost. On August 13, Gabagool posted a long confession to his Twitter account, writing that he had stolen the $350,000, and had previously taken $56,000 over the course of two months, to try to "revenge trade" the money he had lost in the crypto crash. Explaining why he took the $350,000, he wrote, "I thought I could make the 56k back and return all of the funds, which was delusional". He also wrote that "the majority of the funds have been returned to the Velodrome team. The rest will be." Velodrome later confirmed they had recovered all of the stolen money.
Amount of loss: - Attack method: Internal evil