335 hack event(s)
Description of the event: On May 30, after the launch of the new Terra chain, the price of the oracle machine of LUNC (Luna Classic) reached $5, while the actual price was much lower than $5. An Anchor platform user noticed the vulnerability and deposited about 20 million tokens. Lido Bonded Luna Token, and successfully lent 40 million UST, eventually withdrawing and making a profit of about $800,000.
Amount of loss: $ 800,000 Attack method: Contract Vulnerability
Description of the event: Terra research forum member FatMan tweeted that the Mirror Protocol, a synthetic asset protocol developed by Terraform Labs, has a longstanding vulnerability. Since October 2021, attackers have exploited this vulnerability for multiple attacks within a period of 7 months, and the highest single profit exceeded $4 million ($4.3 million using $10,000), none of which was recovered by Terraform Labs Or the Mirror team found out. By the time the bug was fixed, the attacker's total profit from exploiting the bug could have exceeded $30 million. FatMan said the bug was discovered and questioned by Mirror forum members 11 days ago and has since been fixed, but the Mirror team has not made any statement on the matter.
Amount of loss: $ 90,000,000 Attack method: Contract Vulnerability
Description of the event: According to Pinpoint News, Klaytn-based DeFi project Kronos DAO misappropriated users’ DAI pledged in its vaults to invest in Kairos Cash and lost 6 million DAI. The 6 million DAI staked by users turned into 6 million Kairos Cash in the Kronos Dao Vault, which Kronos Dao explained was “used as a strategic investment.” Investors, however, questioned that the explanation was insufficient and that no advance notice was given. At present, Kronos Dao has closed Kakao Talk and Telegram communication channels, leaving only Discord as a communication channel.
Amount of loss: 6,000,000 DAI Attack method: Insider Manipulation
Description of the event: The American actor SethGreen suffered from a phishing attack resulting in the loss of 4 NFTs. This includes 1 BAYC, 2 MAYC and 1 Doodle. The scammer sold all 4 NFTs for nearly 160 ETH (about $330,000).
Amount of loss: 160 ETH Attack method: Phishing attack
Description of the event: Popular cryptocurrency websites including Etherscan, CoinGecko, and DeFi Pulse have reported incidents of malicious pop-ups prompting users to connect their MetaMask wallets. CoinGecko founder Bobby Ong said he believes the culprit is a malicious ad script from a crypto ad network called Coinzilla. The ad appears to be from a website parodying the popular Bored Apes Yacht Club NFT project, which was taken down after the scam was discovered.
Amount of loss: - Attack method: Phishing attack
Description of the event: The Justice Department released an indictment on May 5 showing that Mining Capital Coin CEO and founder Luiz Capuci Jr. was charged with orchestrating a $62 million investment fraud. Capuci allegedly misled investors about MCC’s plan, which he said would use investors’ funds to mine new cryptocurrencies with guaranteed returns. Instead, Capuci deposited funds into his own crypto wallet and used them to fund his own Lamborghini lifestyle, real estate and yachts. Capuci also allegedly ran a pyramid scheme of promoters, promising them lavish gifts including iPads and luxury cars.
Amount of loss: $ 62,000,000 Attack method: Scam
Description of the event: According to the official release, the MM.finance website was hit by a DNS attack, and the attacker managed to inject malicious contract addresses into the front-end code. The attacker exploited the DNS vulnerability to modify the router contract address in the escrow file, and digital assets worth more than $2,000,000 were stolen, bridged to the Ethereum network through multi-chain, and then laundered through Tornado Cash.
Amount of loss: $ 2,000,000 Attack method: DNS Attack
Description of the event: The SlowMist security team found that funds from about 52 addresses were maliciously transferred to terra1fz57nt6t3nnxel6q77wsmxxdesn7rgy0h27x30 from April 12 to April 21, with a total loss of about $4.31 million. The SlowMist security team stated that this attack was a phishing attack on batches of Google keyword advertisements. When a user searches for the well-known Terra project on Google, the first advertisement link (the domain name may be the same) on the Google search result page is actually a phishing website. When a user visits this phishing website and connects to the wallet, the phishing website will remind you to directly enter the mnemonic phrase. Once the user enters and clicks submit, the assets will be stolen by the attacker.
Amount of loss: $ 4,310,000 Attack method: Phishing Attack
Description of the event: The Education Grants Council (UGC) of India was hacked, the hackers used the Twitter account to post a fake Azuki NFT airdrop link and changed the profile to the Azuki NFT co-creator, replacing the avatar with an Azuki-related image. The agency recovered the account after it was held hostage for six hours.
Amount of loss: - Attack method: Account Compromise
Description of the event: Starstream Finance and Agora DeFi projects under attack. Attackers exploited a vulnerability in Starstream to siphon tokens from the protocol, then used the tokens as collateral to obtain large loans from Agora. The Starstream hack was achieved through an unprotected execute function in its DistributorTreasury contract, which is marked as an external function and can be used to call external functions. In total, the attackers borrowed about $8.2 million worth of tokens from Agora.
Amount of loss: $ 4,000,000 Attack method: Contract Vulnerability
Description of the event: In 2022, the DeFi protocol Vires Finance on the Waves blockchain suffered losses exceeding $530 million, with its founder Sasha Ivanov facing allegations of fraud. Research suggests that his wallet may have been linked to the outflow of funds, though Ivanov has denied all accusations, calling them “baseless rumors.” The incident had major market and legal repercussions—Waves' native token (WAVES) plunged by 95%, and the stablecoin USDN also sharply depegged. Investors including Alameda Research and Avraham Eisenberg have filed lawsuits against Ivanov in efforts to recover their losses, with legal proceedings still ongoing.
Amount of loss: $ 530,000,000 Attack method: Unknown
Description of the event: Ola Finance on the Fuse chain published a blog post on the hacking incident, stating that the attack lost approximately $4.67 million, including 216,964.18 USDC, 507,216.68 BUSD, 200,000 fUSD, 550.45 WETH, 26.25 WBTC, and 1,240,000.00 FUSE. The attack uses a reentrancy vulnerability in the ERC677 token standard.
Amount of loss: $ 4,670,000 Attack method: Reentrancy Attack
Description of the event: Twitter user cr0ss.eth said Defiance Capital founder Arthur's hot wallet was suspected to have been stolen. OpenSea data shows that in Arthur's wallet address 0x4C53c32980ccE49aaA4bCc53Eef3f143Bc27E0aF, 60 NFTs including 17 azuki and 5 cloneX were transferred on the chain, totaling about 310 ETH.
Amount of loss: 310 ETH Attack method: Private Key Leakage
Description of the event: Crypto lender BlockFi has confirmed a data breach at Hubspot, one of its third-party vendors, Cointelegragh reported. Hubspot stores BlockFi's user data, including names, email addresses, and phone numbers. According to the announcement, hackers stole BlockFi’s customer data on March 18. Hubspot has confirmed that an unauthorized third party obtained certain BlockFi customer data deposited on its platform. BlockFi is currently cooperating with Hubspot's investigation to clarify the overall impact of the data breach. While the exact details of the stolen data have yet to be identified and disclosed, BlockFi emphasized that data such as passwords, government-issued IDs, and Social Security numbers were never stored on Hubspot.
Amount of loss: - Attack method: Information Leakage
Description of the event: Hundred Finance, the Compound fork project on the Gnosis chain, tweeted that it suffered a hacker attack and lost more than $6 million.
Amount of loss: $ 6,000,000 Attack method: Flash loan attack
Description of the event: The Agave contract on Gnosis Chain was attacked due to an untrusted external call. The attacker calls the liquidateCall function to liquidate himself without any debt. During the liquidation process, the liquidation contract called the attacker contract. During the process, the attack contract deposited 2728 WETH obtained through the flash loan and minted 2728 aWETH. And use this as collateral to lend out all available assets in the Agave project. After the external call ends, the liquidateCall function directly liquidates the 2728 aWETH previously deposited by the attacker and transfers it to the liquidator.
Amount of loss: $ 5,400,000 Attack method: Flash loan attack
Description of the event: ActiveCampaign (AC), an external email marketing provider used by Unchained, was hacked last week, according to Joe Kelly, CEO of Bitcoin financial services firm Unchained Capital. Information shared with AC, including customer email addresses, usernames, account status, whether customers have active multi-signature vaults or loans using Unchained Capital, and possibly IP addresses may have flowed out without authorization. Kelly said no systems on Unchained were affected, meaning customer profile information that was never shared with AC was not leaked. Kelly added that while customer Bitcoin custody is protected by multi-signature cold storage, customers should still be aware of what's going on and be wary of phishing attacks.
Amount of loss: - Attack method: Information Leakage
Description of the event: Decentralized derivatives trading platform FutureSwap tweeted that an account with around 300,000 FST reward reserves (0.3% of supply) was compromised yesterday. The credentials for this account were compromised by human error, and the attacker was able to gain access on Arbitrum and transfer the available reward FST to himself.
Amount of loss: 300,000 FST Attack method: Private Key Leakage
Description of the event: A South Korean DeFi project, KLAYswap stated it was hacked and lost over 2.2 billion won, or about $1.83 million, in the incident. The hacker modified the third-party JavaScript link on the front end of KLAYswap, causing the user to download malicious malware when accessing the KLAYswap page. This enabled funds to be transferred to the hacker's wallet address when conducting token-related transactions . During this time, 407 suspicious transactions were found in 325 wallets linked to this incident.
Amount of loss: $ 1,830,000 Attack method: Malicious Code Injection Attack
Description of the event: The digital asset service provider StoboxCompany was attacked by hackers, and its official statement that the private key had been leaked, affected by this, the token fell by 96.93%. StoboxCompany officially stated that the address of the deployer of Stobox tokens was hacked. Since the address of the deployer of ETH and BSC is the same, all reserve funds have been stolen or liquidated. Remind users to stop buying/selling, and the official will restore the STBU snapshot to the last transaction before the hacker attack.
Amount of loss: - Attack method: Private Key Leakage