352 hack event(s)
Description of the event: Web3 domain provider Unstoppable Domains stated on Twitter that Unstoppabledomains.com was attacked. Until further notice, please do not open any emails from @unstoppabledomains.com or use the website.
Amount of loss: - Attack method: Unknown
Description of the event: On July 8, rapper Doja Cat's Twitter account was hacked to promote a memecoin. Doja Cat quickly posted on her Instagram account, stating that her Twitter account had been compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: 23pds, the CISO at SlowMist, tweeted that the 2FA service Authy has been hacked, resulting in the theft of the phone numbers of 33 million users. If you are an Authy user, please be vigilant against phishing attacks. The official developer, Twilio, has confirmed the vulnerability. Many professionals in the crypto industry use this 2FA software, so please ensure the security of your assets.
Amount of loss: - Attack method: Information Leakage
Description of the event: On July 1, according to Protos, the crypto-friendly bank Evolve Bank & Trust recently admitted that despite discovering "unauthorized activity"—specifically, the theft of 33 TB of user data—a month ago, they only publicly disclosed the incident last week. Reportedly, the stolen data pertains to 155,586 accounts associated with companies like Bitfinex, Nomad, and Copper. The bank stated that the data breach was due to an employee clicking on a malicious link and that the attack was halted within a few days, with no further unauthorized activity detected.
Amount of loss: - Attack method: Information Leakage
Description of the event: According to Decrypt, the social media account of the renowned heavy metal band Metallica were recently hacked. The hackers used these accounts to promote scam cryptocurrency tokens. Several celebrities were also implicated, becoming tools for the scam's promotion. The hackers posted false information to entice fans and investors into purchasing worthless tokens.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by on-chain detective ZachXBT, the online gambling platform Sportsbet was also suspected to be attacked by the same hacker as BtcTurk, resulting in a loss of over $3.5 million.
Amount of loss: $ 3,500,000 Attack method: Unknown
Description of the event: Arthur (@Arthur_0x), the founder of DeFiance Capital, posted on X to warn that the official X account of DeFiance Capital has been compromised. Please avoid clicking on any links shared by the account.
Amount of loss: - Attack method: Account Compromise
Description of the event: Cryptocurrency portfolio management company CoinStats temporarily suspended user activities after 1,590 crypto wallets were affected by a security incident. CoinStats stated, "The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident. None of the connected wallets and CEXes were impacted. Thanks to the immediate incident reponse from the CoinStats team, only 1.3% of all CoinStats Wallets were affected, totaling 1,590 wallets. The list might change as the investigation is ongoing but we don’t expect significant changes." On June 26, Narek Gevorgyan released a security incident update, stating that the security vulnerability was due to the company's AWS infrastructure being hacked. Evidence indicates that it was done through one of employees who was socially engineered into downloading malicious software onto his work computer.
Amount of loss: $ 2,000,000 Attack method: Malware Attack
Description of the event: The rapper 50 Cent has claimed that his Twitter account and website were hacked to promote a memecoin called GUNIT.
Amount of loss: - Attack method: Account Compromise
Description of the event: $1.5 million was stolen from the liquidity pool on the Blast network’s gaming platform YOLO Games. The root cause was the lack of permission checks in the "exitPool" function, allowing anyone to impersonate liquidity providers and drain the pool. The attack was carried out by a white hat hacker, who returned 353 ETH (90% of the stolen funds), approximately $1.27 million.
Amount of loss: $ 1,500,000 Attack method: Contract Vulnerability
Description of the event: CoinGecko reported that its third-party email platform GetResponse experienced a data breach on June 5. The compromised data includes users' names (if provided during registration), email addresses, IP addresses, and metadata related to email open locations. However, user accounts and passwords were not affected.
Amount of loss: - Attack method: Information Leakage
Description of the event: Sebastiani, co-founder of The Sandbox, posted on X platform that one of The Sandbox team members was hacked and his Twitter account used to send SCAM tweets and DMs, disguised as if these were official.
Amount of loss: - Attack method: Account Compromise
Description of the event: The TON ecosystem Launchpad platform TonUP announced on social media that its recently launched staking contract was attacked, resulting in a loss of 307,264 UP tokens. Upon investigation, it was found that the incident was due to the smart contract engineer incorrectly configuring script parameters, leading to users mistakenly claiming staked UP assets.
Amount of loss: $ 107,600 Attack method: Contract Vulnerability
Description of the event: The official Twitter account of Scroll's liquidity layer, Rho Markets, was hacked and posted suspicious links.
Amount of loss: - Attack method: Account Compromise
Description of the event: BlockTower Capital’s main hedge fund has been compromised and partially drained by fraudsters. The company has $1.7 billion in assets under management. Despite hiring blockchain forensic analysts to investigate the specifics of the fund theft and informing its limited partners of the incident, the stolen funds have yet to be recovered, and the hackers have not been apprehended.
Amount of loss: - Attack method: Unknown
Description of the event: The Blast ecosystem project Bloom was attacked, resulting in a loss of approximately $540,000. On May 10th, Bloom announced that they had successfully recovered most of the stolen funds. The Bloom team stated that after paying a 10% bug bounty, they had retrieved $486,000 of the stolen funds, which accounts for 90% of the total amount ($540,000). All recovered funds will be redistributed to liquidity providers.
Amount of loss: $ 540,000 Attack method: Contract Vulnerability
Description of the event: The blockchain data analysis platform Dune tweeted that its account was compromised earlier today and a fake post about a Dune Airdrop was live for about 15 minutes. The Dune team now has control over the account again.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to on-chain analyst ZachXBT's monitoring, the group of scammers who stole 8 figs with Magnate, Kokomo, Lendora, Solfire, etc is back with a new project on Blast @Leaperfinance. Last week they funded an address on Blast with ~$1M of laundered funds from the previous rugs and have begun adding liquidity to bait people in. Over time, the fraudulent team increased their TVL to over a million dollars, then stole all user funds deposited into the protocol, and forged KYC documents using low-level auditing companies. Currently, this fraudulent group has initiated scams on platforms such as Base, Solana, Scroll, Optimism, Arbitrum, Ethereum, and Avalanche.
Amount of loss: - Attack method: Scam
Description of the event: The Bitcoin-native lending protocol, Zest Protocol twitted that it experienced an attack. The attacker lent out an amount exceeding the value of their collateral by artificially inflating its value. The attack has been mitigated, and all unauthorized access has been disabled. The attacker removed 324,000 STX from the protocol, and this loss will be compensated from the Zest Protocol's treasury, ensuring full reimbursement of user assets.
Amount of loss: $ 1,000,000 Attack method: Price Manipulation
Description of the event: The full-chain Web3 ecosystem xBlast, built inside Telegram, disclosed on Twitter that it had been hacked. The attacker transferred XBL tokens from its project's main wallet address and sold them for approximately 22 ETH. xBlast's proposed solution is to deploy a new XBL token and restore liquidity, promising fair compensation for all losses.
Amount of loss: $ 84,500 Attack method: Unknown