301 hack event(s)
Description of the event: According to Scam Sniffer's monitoring, the privacy-preserving data verification protocol zkPass's X account was compromised and used to post phishing tweets.
Amount of loss: - Attack method: Account Compromise
Description of the event: Regarding rumors about the collaboration between DOGE and USUAL, Azoria CEO James Fishback clarified that he had contacted DOGE's head of department, Vivek Ramaswamy, whose account was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of AI startup Anthropic, backed by Amazon, appears to have been compromised, posting an unknown token contract address related to AI Agents.
Amount of loss: - Attack method: Account Compromise
Description of the event: The algorithmic stablecoin protocol Haven Protocol has issued a warning about a hack exploiting a vulnerability in "range proof validation." This flaw allows attackers to mint illicit XHV undetected. According to reports from exchanges, the amount of XHV exceeds 500 million tokens, while audit data indicates a current supply of only 263 million tokens. The surplus is likely generated through this exploit. The team found a weakness in the "range proof validation", which was introduced after the Haven 3.2 rebase to Monero and has advised exchanges to halt trading on all pairs.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: The Cardano Community posted on X, stating that the Cardano Foundation's X account has been compromised. They are currently addressing the issue and advised users to temporarily ignore all posts from the account.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Omnichain meta-yield aggregator MAAT tweeted that a security breach in the MAAT alpha version, resulting in unauthorized withdrawals of $240,000 USDT.
Amount of loss: $ 240,000 Attack method: Security Vulnerability
Description of the event: On-chain investigator ZachXBT stated on his personal Telegram channel that the wallet associated with crypto KOL JRNY appears to have been compromised, with approximately $4 million worth of crypto assets transferred and sold. This suggests that the wallet's private key may have been leaked.
Amount of loss: $ 4,000,000 Attack method: Private Key Leakage
Description of the event: Binance co-founder CZ confirmed on X that the official X account of his educational project, Giggle Academy, has been hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: The funds of multiple users of the on-chain trading terminal DEXX have been stolen. According to statistics from the SlowMist Security Team, the total losses from this incident have reached $21 million.
Amount of loss: $ 21,000,000 Attack method: Private Key Leakage
Description of the event: The Aptos-based DeFi project Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m. Thala has since paused all related contracts and frozen Thala token assets ($9m MOD and $2.5m THL). With the assistance of other organizations, the team identified the exploiter and negotiated a $300k bounty for a full recovery of user assets.
Amount of loss: $ 25,500,000 Attack method: Contract Vulnerability
Description of the event: GMGN stated in the community, "The GMGN website has suffered a malicious attack, suspected to involve multiple methods, including common crawler attacks and flood attacks. The development team is currently working on emergency repairs, and the token details page, holdings collection feature, and transaction activity records have been restored."
Amount of loss: - Attack method: Unknown
Description of the event: According to on-chain detective ZachXBT, the cryptocurrency gambling platform MetaWin was reportedly attacked, resulting in the theft of over $4 million on the Ethereum and Solana blockchains.
Amount of loss: $ 4,400,000 Attack method: Unknown
Description of the event: According to on-chain investigator ZachXBT, American rapper Wiz Khalifa's X account was hacked, posting fake announcements about a WIZ token. The hacker responsible is reportedly the same person who compromised Andy Ayrey's (Truth Terminal founder) X account a few days earlier. Please exercise caution and stay aware of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by Scam Sniffer, Lottie Player suffered a supply chain attack, impacting projects such as 1inch and Movement.
Amount of loss: - Attack method: Supply Chain Attack
Description of the event: On Oct 31st, Collaterizable Leverage Lending Platform Shoebill Finance experienced a security incident affecting the BTC Market on the BOB chain. The incident stemmed from an unexpected interaction within the oracle configuration during the integration of solvBTC and solvBTC.BBN assets. This interaction inadvertently created an exploitable condition that was leveraged by the attacker through a multi-stage exploit.
Amount of loss: $ 1,520,000 Attack method: Oracle Misconfiguration
Description of the event: Andy Ayrey, founder of the AI bot project Truth Terminal, announced the launch of a new token IB on X. It is suspected that his account may have been hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: Scroll ecosystem stablecoin project Essence Finance is suspected of rugpulled, its stablecoin CHI has fallen by more than 92% to $0.077 in the past 24h, more than $20 million of collateral is suspected to have been removed.
Amount of loss: $ 20,000,000 Attack method: Rug Pull
Description of the event: According to a MistTrack tweet, a suspicious outflow was detected from a wallet controlled by the U.S. government (0xc9E...34c): nearly $20 million was transferred to 0x3486ee700ccaf3e2f9c5ec9730a2e916a4740a9f, including: 5.4M USDC, 1.12M USDT, 13.7M aUSDC and 178 ETH. Most tokens were swapped into ETH. Approximately 19.3M worth of tokens were later returned to the U.S. government address.
Amount of loss: $ 20,000,000 Attack method: Unknown
Description of the event: The X account of MuratiAI (@MuratiAI), an AI network and bot platform centered around anime, is suspected to have been hacked, with phishing links being posted. Until further notice, please refrain from clicking any links or responding to any messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to on-chain investigator ZachXBT, the crypto payment service provider Transak recently fell victim to a ransomware attack. Transak reported that the incident occurred when an attacker accessed an employee's laptop without authorization through a sophisticated phishing attack. The attacker used the stolen credentials to log into the system of a third-party KYC vendor used for document scanning and verification services. As a result, the attacker gained access to specific user information stored in the vendor’s dashboard.
Amount of loss: - Attack method: Phishing Attack