352 hack event(s)
Description of the event: EigenLayer disclosed on X that in an isolated incident this morning, an email thread involving one investor’s transfer of tokens into custody was compromised by a malicious attacker. As a result, 1,673,645 EIGEN tokens were erroneously transferred to the attacker’s address. The attacker sold these stolen EIGEN tokens via a decentralized swap platform and transferred stablecoins to centralized exchanges. EigenLayer stated that they are in contact with these platforms and law enforcement. A portion of the funds have already been frozen. The compromise has not impacted the broader ecosystem. There is no known vulnerability in the protocol or token contracts and this compromise was not related to any on-chain functionality.
Amount of loss: $ 5,700,000 Attack method: Social Engineering
Description of the event: According to a report by Cointelegraph, the homepage of toy manufacturer LEGO Group was hacked on October 5th local time, briefly displaying a "LEGO Coin" token scam. The fraudulent token was present on the LEGO Group's website for approximately 75 minutes before being removed.
Amount of loss: - Attack method: Account Compromise
Description of the event: The multi-chain liquidity re-staking protocol Bedrock announced on social media that the team is aware of a security vulnerability involving uniBTC, with the total estimated loss from the theft around $2 million. According to the SlowMist security team’s analysis, the attack was caused by Bedrock mistakenly supporting the minting of uniBTC at a 1:1 exchange rate with the native token.
Amount of loss: $ 2,000,000 Attack method: Contract Vulnerability
Description of the event: ReHold CTO Michael Semin disclosed on the X platform that on July 15, 2024, ReHold's CEO and co-founder, Renat Gafarov, withdrew over $700,000 from the company's smart contract without his approval. ReHold has since moved to a new domain.
Amount of loss: $ 700,000 Attack method: Insider Manipulation
Description of the event: The official X account of AI Modular Data Preprocessing Layer DIN was hacked, and a large number of phishing posts and links were sent.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Render Network posted on X, stating that the X account of its founder and CEO, Jules Urbach, was hacked and used to post fake airdrop information. Please do not click any links from the account, and carefully verify all information through official sources.
Amount of loss: - Attack method: Account Compromise
Description of the event: NBA star Jaylen Brown's X account was hacked, and a large amount of fake token information was posted. Users are advised to be cautious and avoid interacting with fraudulent contracts.
Amount of loss: - Attack method: Account Compromise
Description of the event: The decentralized algorithmic stablecoin protocol Pythia was attacked due to a vulnerability in its staking contract, resulting in a loss of 21 ETH (approximately $53,000).
Amount of loss: $ 53,000 Attack method: Contract Vulnerability
Description of the event: Sei's official Discord has been suspected of being hacked. The hacker has posted a fake phishing link. Please do not interact with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official Witness Chain Discord has been hacked. Please do not click on any links until the situation is resolved.
Amount of loss: - Attack method: Account Compromise
Description of the event: French football star Kylian Mbappe's X account was hacked, and a token called MBAPPE was posted. The tweet has since been deleted. The MBAPPE token's market value skyrocketed to tens of millions of dollars within minutes, only to quickly plummet to zero.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to an official tweet from Web3 liquidity provider Orderly Network, their Discord server has been compromised. The official team advises users not to click on any links until the situation is fully resolved to avoid potential losses.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the crypto venture capital firm Aquarius was hacked. The attacker has already changed the username, associated email, and phone number. Additionally, the previous username has been taken over by another spam account controlled by the attacker.
Amount of loss: - Attack method: Account Compromise
Description of the event: On-chain sleuth ZachXBT revealed that McDonald's Instagram account was allegedly hacked and used to promote the meme token GRIMACE.
Amount of loss: - Attack method: Account Compromise
Description of the event: The X account of AvaLabs COO Luigi D'Onorio DeMeo appears to have been compromised. Please do NOT interact with any addresses or links it has posted.
Amount of loss: - Attack method: Account Compromise
Description of the event: OMPx was attacked, resulting in a loss of approximately $107,000. The attacker obtained initial funds through Railgun, and the stolen funds have already been deposited into Railgun.
Amount of loss: $ 107,000 Attack method: Unknown
Description of the event: Anzen Finance, the issuer of RWA stablecoins, announced on the X platform that on July 30, due to an error in the Blast vault contract, a white hat hacker exploited the vault to steal 500,000 USDz. The white hat returned $450,000 in a timely manner and received a $50,000 bounty as a reward.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: On July 26th, the official Twitter account of SAT20 Labs was hacked, and the attacker posted tweets containing links to install malware.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to the SlowMist security team, the community TinTinLand's pinned tweet on July 20 contained a phishing link. With the assistance of the SlowMist security team, TinTinLand promptly resolved the account theft issue and conducted an authorization review and security reinforcement of their Twitter account.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to the monitoring by the SlowMist security team, the cross-chain bridge aggregation protocol LI.FI has experienced suspicious transactions, resulting in user losses of over $10 million. Please revoke approvals to the related contracts.
Amount of loss: $ 11,600,000 Attack method: Contract Vulnerability