293 hack event(s)
Description of the event: Binance co-founder CZ confirmed on X that the official X account of his educational project, Giggle Academy, has been hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: The funds of multiple users of the on-chain trading terminal DEXX have been stolen. According to statistics from the SlowMist Security Team, the total losses from this incident have reached $21 million.
Amount of loss: $ 21,000,000 Attack method: Unknown
Description of the event: The Aptos-based DeFi project Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m. Thala has since paused all related contracts and frozen Thala token assets ($9m MOD and $2.5m THL). With the assistance of other organizations, the team identified the exploiter and negotiated a $300k bounty for a full recovery of user assets.
Amount of loss: $ 25,500,000 Attack method: Security Vulnerability
Description of the event: GMGN stated in the community, "The GMGN website has suffered a malicious attack, suspected to involve multiple methods, including common crawler attacks and flood attacks. The development team is currently working on emergency repairs, and the token details page, holdings collection feature, and transaction activity records have been restored."
Amount of loss: - Attack method: Unknown
Description of the event: According to on-chain detective ZachXBT, the cryptocurrency gambling platform Metawin was reportedly attacked, resulting in the theft of over $4 million on the Ethereum and Solana blockchains.
Amount of loss: $ 4,000,000 Attack method: Unknown
Description of the event: According to on-chain investigator ZachXBT, American rapper Wiz Khalifa's X account was hacked, posting fake announcements about a WIZ token. The hacker responsible is reportedly the same person who compromised Andy Ayrey's (Truth Terminal founder) X account a few days earlier. Please exercise caution and stay aware of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by Scam Sniffer, Lottie Player suffered a supply chain attack, impacting projects such as 1inch and Movement.
Amount of loss: - Attack method: Supply Chain Attack
Description of the event: Andy Ayrey, founder of the AI bot project Truth Terminal, announced the launch of a new token IB on X. It is suspected that his account may have been hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: Scroll ecosystem stablecoin project Essence Finance is suspected of rugpulled, its stablecoin CHI has fallen by more than 92% to $0.077 in the past 24h, more than $20 million of collateral is suspected to have been removed.
Amount of loss: $ 20,000,000 Attack method: Rug Pull
Description of the event: According to a MistTrack tweet, a suspicious outflow was detected from a wallet controlled by the U.S. government (0xc9E...34c): nearly $20 million was transferred to 0x3486ee700ccaf3e2f9c5ec9730a2e916a4740a9f, including: 5.4M USDC, 1.12M USDT, 13.7M aUSDC and 178 ETH. Most tokens were swapped into ETH. Approximately 19.3M worth of tokens were later returned to the U.S. government address.
Amount of loss: $ 20,000,000 Attack method: Unknown
Description of the event: The X account of MuratiAI (@MuratiAI), an AI network and bot platform centered around anime, is suspected to have been hacked, with phishing links being posted. Until further notice, please refrain from clicking any links or responding to any messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to on-chain investigator ZachXBT, the crypto payment service provider Transak recently fell victim to a ransomware attack. Transak reported that the incident occurred when an attacker accessed an employee's laptop without authorization through a sophisticated phishing attack. The attacker used the stolen credentials to log into the system of a third-party KYC vendor used for document scanning and verification services. As a result, the attacker gained access to specific user information stored in the vendor’s dashboard.
Amount of loss: - Attack method: Phishing Attack
Description of the event: DeFi analyst Anon Vee posted on X that several users have reported that the Orderly Network ecosystem project IBXtrade is suspected of a rug pull. It is reported that IBXtrade launched a pre-sale three days ago with a target to raise 2,000 SOL (approximately $3.2 million) and refund any unselected participants. The pre-sale ended up raising over 160,000 SOL (about $24 million), with participants originally expecting the project to return $21.8 million. However, instead of issuing refunds, the IBXtrade team created a poll on a website entirely under their control, asking whether the pre-sale cap should be raised. The poll eventually passed, and IBXtrade claimed to have refunded 65,000 SOL ($9.7 million) to participants. In reality, the team simply transferred these SOL to multiple addresses they created, and users reported not receiving any refunds.
Amount of loss: $ 21,800,000 Attack method: Rug Pull
Description of the event: According to AggrNews, the Instagram account of Kabosumama, the owner of the Shiba Inu Kabosu, the inspiration behind the popular DOG project "Doge" meme, has been hacked. Kabosumama previously posted on her blog, stating that she was unable to log in. Additionally, BWEnews reported that the hacker is particularly cunning, having posted a fake update about a new family member. The hacker launched a memecoin ahead of time, luring victims into investing, only to pull out and run with the funds shortly after.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of Bitcoin L2 Zulu Network appears to have been compromised. The hacker has posted a fake phishing link. Please avoid interacting with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: The X account of the crypto data tracking service Spot On Chain has reportedly been compromised. It was said to have posted a fake EIGEN airdrop phishing link this morning, while also disabling the comment section for the tweet. Users are advised to be cautious and avoid interacting with the link.
Amount of loss: - Attack method: Account Compromise
Description of the event: EigenLayer disclosed on X that in an isolated incident this morning, an email thread involving one investor’s transfer of tokens into custody was compromised by a malicious attacker. As a result, 1,673,645 EIGEN tokens were erroneously transferred to the attacker’s address. The attacker sold these stolen EIGEN tokens via a decentralized swap platform and transferred stablecoins to centralized exchanges. EigenLayer stated that they are in contact with these platforms and law enforcement. A portion of the funds have already been frozen. The compromise has not impacted the broader ecosystem. There is no known vulnerability in the protocol or token contracts and this compromise was not related to any on-chain functionality.
Amount of loss: $ 5,700,000 Attack method: Email Thread Compromise
Description of the event: According to a report by Cointelegraph, the homepage of toy manufacturer LEGO Group was hacked on October 5th local time, briefly displaying a "LEGO Coin" token scam. The fraudulent token was present on the LEGO Group's website for approximately 75 minutes before being removed.
Amount of loss: - Attack method: Account Compromise
Description of the event: The multi-chain liquidity re-staking protocol Bedrock announced on social media that the team is aware of a security vulnerability involving uniBTC, with the total estimated loss from the theft around $2 million. According to the SlowMist security team’s analysis, the attack was caused by Bedrock mistakenly supporting the minting of uniBTC at a 1:1 exchange rate with the native token.
Amount of loss: $ 2,000,000 Attack method: Contract Vulnerability
Description of the event: ReHold CTO Michael Semin disclosed on the X platform that on July 15, 2024, ReHold's CEO and co-founder, Renat Gafarov, withdrew over $700,000 from the company's smart contract without his approval. ReHold has since moved to a new domain.
Amount of loss: $ 700,000 Attack method: Insider Manipulation