330 hack event(s)
Description of the event: Popular cryptocurrency websites including Etherscan, CoinGecko, and DeFi Pulse have reported incidents of malicious pop-ups prompting users to connect their MetaMask wallets. CoinGecko founder Bobby Ong said he believes the culprit is a malicious ad script from a crypto ad network called Coinzilla. The ad appears to be from a website parodying the popular Bored Apes Yacht Club NFT project, which was taken down after the scam was discovered.
Amount of loss: - Attack method: Phishing attack
Description of the event: The Justice Department released an indictment on May 5 showing that Mining Capital Coin CEO and founder Luiz Capuci Jr. was charged with orchestrating a $62 million investment fraud. Capuci allegedly misled investors about MCC’s plan, which he said would use investors’ funds to mine new cryptocurrencies with guaranteed returns. Instead, Capuci deposited funds into his own crypto wallet and used them to fund his own Lamborghini lifestyle, real estate and yachts. Capuci also allegedly ran a pyramid scheme of promoters, promising them lavish gifts including iPads and luxury cars.
Amount of loss: $ 62,000,000 Attack method: Scam
Description of the event: According to the official release, the MM.finance website was hit by a DNS attack, and the attacker managed to inject malicious contract addresses into the front-end code. The attacker exploited the DNS vulnerability to modify the router contract address in the escrow file, and digital assets worth more than $2,000,000 were stolen, bridged to the Ethereum network through multi-chain, and then laundered through Tornado Cash.
Amount of loss: $ 2,000,000 Attack method: DNS Attack
Description of the event: The SlowMist security team found that funds from about 52 addresses were maliciously transferred to terra1fz57nt6t3nnxel6q77wsmxxdesn7rgy0h27x30 from April 12 to April 21, with a total loss of about $4.31 million. The SlowMist security team stated that this attack was a phishing attack on batches of Google keyword advertisements. When a user searches for the well-known Terra project on Google, the first advertisement link (the domain name may be the same) on the Google search result page is actually a phishing website. When a user visits this phishing website and connects to the wallet, the phishing website will remind you to directly enter the mnemonic phrase. Once the user enters and clicks submit, the assets will be stolen by the attacker.
Amount of loss: $ 4,310,000 Attack method: Phishing Attack
Description of the event: The Education Grants Council (UGC) of India was hacked, the hackers used the Twitter account to post a fake Azuki NFT airdrop link and changed the profile to the Azuki NFT co-creator, replacing the avatar with an Azuki-related image. The agency recovered the account after it was held hostage for six hours.
Amount of loss: - Attack method: Account Compromise
Description of the event: Starstream Finance and Agora DeFi projects under attack. Attackers exploited a vulnerability in Starstream to siphon tokens from the protocol, then used the tokens as collateral to obtain large loans from Agora. The Starstream hack was achieved through an unprotected execute function in its DistributorTreasury contract, which is marked as an external function and can be used to call external functions. In total, the attackers borrowed about $8.2 million worth of tokens from Agora.
Amount of loss: $ 4,000,000 Attack method: Contract Vulnerability
Description of the event: Ola Finance on the Fuse chain published a blog post on the hacking incident, stating that the attack lost approximately $4.67 million, including 216,964.18 USDC, 507,216.68 BUSD, 200,000 fUSD, 550.45 WETH, 26.25 WBTC, and 1,240,000.00 FUSE. The attack uses a reentrancy vulnerability in the ERC677 token standard.
Amount of loss: $ 4,670,000 Attack method: Reentrancy Attack
Description of the event: Twitter user cr0ss.eth said Defiance Capital founder Arthur's hot wallet was suspected to have been stolen. OpenSea data shows that in Arthur's wallet address 0x4C53c32980ccE49aaA4bCc53Eef3f143Bc27E0aF, 60 NFTs including 17 azuki and 5 cloneX were transferred on the chain, totaling about 310 ETH.
Amount of loss: 310 ETH Attack method: Private Key Leakage
Description of the event: Crypto lender BlockFi has confirmed a data breach at Hubspot, one of its third-party vendors, Cointelegragh reported. Hubspot stores BlockFi's user data, including names, email addresses, and phone numbers. According to the announcement, hackers stole BlockFi’s customer data on March 18. Hubspot has confirmed that an unauthorized third party obtained certain BlockFi customer data deposited on its platform. BlockFi is currently cooperating with Hubspot's investigation to clarify the overall impact of the data breach. While the exact details of the stolen data have yet to be identified and disclosed, BlockFi emphasized that data such as passwords, government-issued IDs, and Social Security numbers were never stored on Hubspot.
Amount of loss: - Attack method: Information Leakage
Description of the event: Hundred Finance, the Compound fork project on the Gnosis chain, tweeted that it suffered a hacker attack and lost more than $6 million.
Amount of loss: $ 6,000,000 Attack method: Flash loan attack
Description of the event: The Agave contract on Gnosis Chain was attacked due to an untrusted external call. The attacker calls the liquidateCall function to liquidate himself without any debt. During the liquidation process, the liquidation contract called the attacker contract. During the process, the attack contract deposited 2728 WETH obtained through the flash loan and minted 2728 aWETH. And use this as collateral to lend out all available assets in the Agave project. After the external call ends, the liquidateCall function directly liquidates the 2728 aWETH previously deposited by the attacker and transfers it to the liquidator.
Amount of loss: $ 5,400,000 Attack method: Flash loan attack
Description of the event: ActiveCampaign (AC), an external email marketing provider used by Unchained, was hacked last week, according to Joe Kelly, CEO of Bitcoin financial services firm Unchained Capital. Information shared with AC, including customer email addresses, usernames, account status, whether customers have active multi-signature vaults or loans using Unchained Capital, and possibly IP addresses may have flowed out without authorization. Kelly said no systems on Unchained were affected, meaning customer profile information that was never shared with AC was not leaked. Kelly added that while customer Bitcoin custody is protected by multi-signature cold storage, customers should still be aware of what's going on and be wary of phishing attacks.
Amount of loss: - Attack method: Information Leakage
Description of the event: Decentralized derivatives trading platform FutureSwap tweeted that an account with around 300,000 FST reward reserves (0.3% of supply) was compromised yesterday. The credentials for this account were compromised by human error, and the attacker was able to gain access on Arbitrum and transfer the available reward FST to himself.
Amount of loss: 300,000 FST Attack method: Private Key Leakage
Description of the event: A South Korean DeFi project, KLAYswap stated it was hacked and lost over 2.2 billion won, or about $1.83 million, in the incident. The hacker modified the third-party JavaScript link on the front end of KLAYswap, causing the user to download malicious malware when accessing the KLAYswap page. This enabled funds to be transferred to the hacker's wallet address when conducting token-related transactions . During this time, 407 suspicious transactions were found in 325 wallets linked to this incident.
Amount of loss: $ 1,830,000 Attack method: Malicious Code Injection Attack
Description of the event: The digital asset service provider StoboxCompany was attacked by hackers, and its official statement that the private key had been leaked, affected by this, the token fell by 96.93%. StoboxCompany officially stated that the address of the deployer of Stobox tokens was hacked. Since the address of the deployer of ETH and BSC is the same, all reserve funds have been stolen or liquidated. Remind users to stop buying/selling, and the official will restore the STBU snapshot to the last transaction before the hacker attack.
Amount of loss: - Attack method: Private Key Leakage
Description of the event: An attack occurred at Tinyman Pools on January 1 /2, algorand-based automated market maker (AMM) Tinyman tweeted. The attack exploits a previously unknown hole in the contract and allows the attacker to extract assets from a pool to which he has no access. So far, attacks have been executed on multiple pools, but not all of them have been attacked.
Amount of loss: $ 2,000,000 Attack method: Contract Vulnerability
Description of the event: The data on CoinMarketCap's website flashed bugs, and the quotes of multiple cryptocurrencies were wrong.
Amount of loss: - Attack method: Data error
Description of the event: 8ight Finance on the Harmony chain was hacked, and $1.75 million was stolen due to the leak of the private key due to google doc. The platform tweeted about the loss yesterday, and in its discord server provided an explanation for the loss of funds: "Two developers on the team have the keys and they were sent via Facebook group chat and google drive. This is our first project, so we have to admit that our opsec is low.”
Amount of loss: $ 1,750,000 Attack method: Private Key Leakage
Description of the event: According to a report from BleepingComputer on November 10, the electronic retail giant MediaMarkt suffered a ransomware attack. This attack affected many MediaMarkt retail stores throughout Europe, especially those in the Netherlands. The attacker initially asked for a ransom of 240 million US dollars. It was dropped to 50 million U.S. dollars and demanded to be paid in Bitcoin. According to the company later, customer data is "completely secure." The company's stores are now also reopening for exchanges, returns, and repair orders.
Amount of loss: - Attack method: Ransomware
Description of the event: Robinhood, a stock and cryptocurrency trading platform, stated that on the evening of November 3, an intruder entered the company’s system and stole the personal information of millions of users. The full names of the users, the names of about 310 users, the date of birth and postal code were leaked, and the more detailed account information of about 10 users was leaked. The intruder demanded blackmail for payment. The company notified law enforcement and continued to investigate the incident with the help of the external security company Mandiant. Robinhood stated that the attack had been contained. Robinhood believed that it did not expose social security numbers, bank account numbers or debit card numbers, and did not cause any economic losses to customers due to the incident.
Amount of loss: - Attack method: Information Leakage