10 hack event(s)
Description of the event: Based on Compound's Optimism native lending protocol, Sonne Finance has fallen victim to a lightning loan attack by hackers, resulting in losses exceeding $20 million USD.
Amount of loss: $ 20,000,000 Attack method: Flash Loan Attack
Description of the event: The DeFi protocol MOBOX was attacked due to a vulnerability in the borrow function, resulting in a loss of approximately $750,000.
Amount of loss: $ 750,000 Attack method: Contract Vulnerability
Description of the event: AltLayer, a temporary extension layer built on Optimistic Rollups, tweeted that early this morning, its Twitter profile was not displaying past tweets on the timeline. After approximately 3 hours of handling, the account has now been restored to normal. The entire incident may have been an organized attack. AltLayer advises users to stay safe and cross-check any information and links across multiple channels.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: On January 25th, the staking contract of the space-themed open-world Web3 game Nebula Revelation suffered a reentrancy attack. On January 28th, Nebula Revelation announced a compensation plan of 159,831 USDT. The team promises comprehensive compensation and has decided to reimburse users at the price before the theft to ensure fairness.
Amount of loss: $ 180,000 Attack method: Reentrancy Attack
Description of the event: According to a tweet from Manta Network, the Manta Pacific chain encountered an RPC attack at approximately 9 AM UTC. Kenny Li, co-founder of Manta Network (@superanonymousk), provided updates on Twitter regarding the DDoS attack on Manta Network. He mentioned that Manta Network experienced a calculated DDoS attack at 9:30 AM UTC, coinciding with the start of their TGE activity. Since then, the RPC nodes have faced over 135 million requests, indicating that this was a very aggressive and timed attack.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Optimism decentralized trading protocol Velodrome tweeted that the frontend is currently compromised, please do not interact with Velodrome for the time being, the team is investigating. On December 1, Velodrome posted an update stating, "We are happy to announce that earlier today we were able to regain control of our domain following a social engineering attack on our provider. We are still working to restore our primary domain and will share an update soon. More details on the attack + response will follow." On December 2, Velodrome tweeted that their provider was exploited again and please do not interact with our front end. On the same day, Velodrome stated that "the domain has been restored again and is locked at the TLD level pending transfer to a new provider. You can now resume using https://velodrome.finance. Our decentralized frontend can be accessed at http://velo.drome.eth.limo and has remained uncompromised."
Amount of loss: $ 250,000 Attack method: DNS Hijacking Attack
Description of the event: The loss of today's HundredFinance hack is ~$7m.The root cause appears the attacker donates 200 WBTC to inflate hWBTC's exchange rate so that even a tiny amount (2 wei) of hWBTC can basically drain current lending pools.
Amount of loss: $ 7,000,000 Attack method: Contract Vulnerability
Description of the event: The project Layer2DAO on Optimism was attacked by hackers. The hackers stole 49.95 million L2DAO tokens and sold some tokens by obtaining the multi-signature permission of Layer2DAO. Layer2DAO said it has repurchased more than 30 million tokens remaining in the hands of hackers through treasury funds. The L2DAO price fell by about 90% at one point.
Amount of loss: 49,950,000 L2DAO Attack method: Permission Stolen
Description of the event: As reported by Cointelegraph, the BitBTC team has now fixed the bug after Twitter user @PlasmaPower0 disclosed a “fake minting” bug that existed in the cross-chain bridge between BitBTC and Optimism. It is reported that the vulnerability allows an attacker to fake tokens on one side of the bridge and exchange them for real tokens on the other side. Attackers have tried to extract 200 billion BitBTC tokens from Optimism through this vulnerability, but it is only a test.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: On August 4, Team at Velodrome, an AMM project built on Optimism, noticed that $350,000 had been taken from a team-operated wallet that was normally used for operational funds. They announced they were beginning an investigation into the theft, which they initially believed was due to a compromised wallet. Their team member Gabagool tweeted more details, underscoring that no user funds were lost. On August 13, Gabagool posted a long confession to his Twitter account, writing that he had stolen the $350,000, and had previously taken $56,000 over the course of two months, to try to "revenge trade" the money he had lost in the crypto crash. Explaining why he took the $350,000, he wrote, "I thought I could make the 56k back and return all of the funds, which was delusional". He also wrote that "the majority of the funds have been returned to the Velodrome team. The rest will be." Velodrome later confirmed they had recovered all of the stolen money.
Amount of loss: - Attack method: Internal evil