249 hack event(s)
Description of the event: NFT giant whale Franklin is suspected to have posted a warning on his Twitter handle @ElectionDayMad1 with text and video that his Twitter account @franklinisbored was stolen, please do not send any cryptocurrency or click on any links, and that none of the tweets from the early morning of June 9 were posted by him.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: According to a tweet from MistTrack, the Twitter account of Cole, co-founder of the NFT project Pudgy Penguins, appears to have been attacked, seemingly by the PinkDrainer hacker group. Please do not click on suspicious links.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Jump Crypto, the digital asset trading arm of Jump Trading, said on Twitter that its security team discovered a stack overflow vulnerability in CosmWasm, a smart contract platform designed by the Cosmos ecosystem. The bug would stop users uploading new smart contracts on Cosmos-based blockchains from functioning on those chains entirely.
Amount of loss: - Attack method: Overflow Vulnerability
Description of the event: The Sandbox tweeted that the Twitter account of its CEO and co-founder Arthur Madrid was hacked, and the hackers posted a scam/phishing link for a fake SAND token airdrop. The Sandbox reminds users not to click on the link, but to report the post so it can be blocked.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: The team behind Fintoch, a blockchain financial platform, is suspected of being a Ponzi scheme. It defrauded users of 31.6 million USDT on BNB Chain, and the funds were bridged to multiple addresses on Tron and Ethereum. Users reported that they could not withdraw funds. Fintoch advertises that it is a blockchain financial platform built by Morgan Stanley, and users can get 1% return on investment every day. The team page on the Fintoch website refers to "Bobby Lambert" as its CEO, when in fact he doesn't exist and is a paid actor. Earlier, the Singapore government and Morgan Stanley both issued warnings about the investment plan.
Amount of loss: $ 31,600,000 Attack method: Scam
Description of the event: At 15:25 on May 20, Tornado Cash encountered a governance attack. The attacker granted himself 1.2 million votes through a malicious proposal, exceeding the number of legal votes (about 700,000), and gained full governance control. An attacker could withdraw all locked votes and drain all tokens in the governance contract, disabling routers, though the attacker would still not be able to drain individual pools. Tornado Cash governance attackers obtained a total of 483,000 TORN from governance vaults.
Amount of loss: $ 2,173,500 Attack method: Governance Attack
Description of the event: A Nevada man has been charged in connection with his alleged involvement in CoinDeal, an investment fraud scheme that defrauded more than 10,000 victims of more than $45 million, the U.S. Department of Justice announced. According to court documents, Lee allegedly conspired with Neil Chandran and others to defraud investors of companies controlled by Chandran. Operating under the name "ViRSE," these companies include Free Vi Lab, Studio Vi Inc., ViDelivery Inc., ViMarket Inc., and Skalex USA Inc., among others. Presumably, these companies are developing virtual world technology, including their own cryptocurrency, for use in virtual worlds. Chandran allegedly misled investors by falsely promising extremely high returns on the premise that his company was about to be acquired by a syndicate of wealthy buyers. As further alleged, Lee was the nominal owner and director of ViMarket and was instructed by Chandran on how to transfer received investor funds into ViMarket's bank accounts.
Amount of loss: $ 45,000,000 Attack method: Scam
Description of the event: The Web3 content publishing platform Mirror application is currently experiencing an outage under load.
Amount of loss: - Attack method: Load
Description of the event: Yuga Labs tweeted that the Twitter account of the company's new CEO, Daniel Alegre, was hacked and is now under hacker control. Yuga Labs reminds users not to click on any minting links, nor to interact with any twitter accounts named Daniel Alegre until the official update notice is released, the Yuga Labs team is working with twitter to regain control of the account .
Amount of loss: - Attack method: Twitter was hacked
Description of the event: UniSat Wallet tweeted: “Due to a vulnerability in our code base, the UniSat Marketplace that just launched has suffered a lot of double-spend attacks. In the test last week, we simulated different double-spend attack methods and improved the code. and enhancements. Unfortunately, certain issues were still exposed in the initial public release. Currently, we have preliminary findings, and out of a total of 383 transactions, 70 transactions have been identified as affected. We will report on In the next few days, we will further investigate and compensate the losses of users related to this incident.” It is reported that UniSat Marketplace is an inscription market based on PSBT and supporting BRC-20 assets on the Bitcoin chain.
Amount of loss: - Attack method: Double Spend Attack
Description of the event: Sealaunch, an NFT data and research platform, has monitored that the MEV Bot named jaredfromsubway.eth recently carried out "sandwich attacks" on buyers and sellers of Meme coins such as WOJAK and PEPE, earning more than $1.4 million in profits. Additionally, Sealaunch stated that MEV Bots spent 7% of Ethereum’s gas fees during the 24-hour period between April 18 and 19. A sandwich attack occurs when the attacker "sandwiches" the victim's transaction between two of his own to profit from the user by manipulating prices.
Amount of loss: $ 1,400,000 Attack method: Sandwich Attack
Description of the event: Paribus, the first cross-chain lending platform on Cardano, was attacked and lost about $100,000. The reason for the attack is that it uses a fork of an old version of Compound V2, which has a known reentrancy vulnerability.
Amount of loss: $ 100,000 Attack method: Reentrancy Attack
Description of the event: Terraport, a decentralized finance project launched by TerraCVita, an independent development team of Terra Classic, was hacked and all its liquidity was exhausted. Data shows that nearly $4 million worth of LUNC, USTC and TERRA tokens have been emptied. The attacker withdrew 9,148,426 TERRA and 15.1 billion LUNC in the first transaction, and 576,736 TERRA and 5,487,381 USTC in the second transaction.
Amount of loss: $ 4,000,000 Attack method: Contract Vulnerability
Description of the event: On April 3, MEV bots suffered a malicious sandwich attack that cost them around $25 million. Data on the chain shows that the malicious verifier who attacked the MEV bots today has been punished by Slash and kicked out of the verifier queue. According to SlowMist analysis, the reason why the MEV bots was attacked was that even if the beacon block was incorrect, the relay still returned the payload to the proposer, which resulted in the proposer being able to access the content of the block before another block was finalized. The attacker takes advantage of this problem to maliciously construct an invalid block, so that the block cannot be verified, and the relay cannot broadcast (the status code is 202) to obtain the transaction content in advance. mev-boost-relay has urgently released a new version to alleviate this problem, and it is recommended that relay operators upgrade the relay in time.
Amount of loss: $ 25,000,000 Attack method: Sandwich Attack
Description of the event: The address of Patricio Worthalter, founder of POAP, was attacked by phishing. The attacker transferred 85,898 RPL (approximately $3.83 million) from Worthalter’s address to DEX, and sold all RPL at a price of 1,802 ETH (approximately $3.25 million). price drop.
Amount of loss: $ 3,830,000 Attack method: Phishing Attack
Description of the event: Circle tweeted that the Circle Chief Strategy Officer's Twitter account (@ddisparte) has been taken over by a scammer. Any link to an offer is a scam. We are investigating this situation and taking appropriate action. Earlier, Circle’s Chief Strategy Officer tweeted that a loyalty rewards distribution program would be launched for USDC holders. However, the tweet has now been deleted.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: According to the official Twitter, the General Bytes encrypted currency ATM service was attacked on March 17 and 18. The attacker used the upload interface in the system to upload and run a malicious Java program, and then the attacker obtained the permissions of the database in the server and Hot wallet withdrawal API Key. According to SlowMist MistTrack, the loss was about $1.8 million.
Amount of loss: $ 1,800,000 Attack method: Malicious software
Description of the event: According to the BBC, a scam called iEarn Bot has affected thousands of victims in several countries. In the scam, victims were persuaded to sign up for an "AI intelligent quantitative trading robot" called iEarn Bot, which appeared to successfully trade cryptocurrencies on their behalf. However, after some time, the victims realize that they are unable to withdraw their due earnings nor withdraw the funds they invested. iEarn Bot claims to be an American company, despite its website being riddled with misinformation. The man identified as the company's founder told the BBC he had nothing to do with the scheme, with companies and institutions listed as "strategic partners" saying they had no such partnerships. The BBC uncovered a cryptocurrency wallet that received payments from around 13,000 other people totaling close to $1.3 million.
Amount of loss: $ 1,300,000 Attack method: Scam
Description of the event: The SUCKR project on the Aptos chain is suspected of being a rug pull. The hacker called the mint_SUCKR (admin privilege function) function to mint a large number of SUCKR tokens and exchange them for USDT. The price of SUCKR tokens plummeted by 9% 249h.
Amount of loss: - Attack method: Rug Pull
Description of the event: @HideYoApes previously owned several expensive NFTs from Yuga Labs, including a Bored Ape, Mutant Ape, three Bored Ape Kennel Club NFTs, a SewerPass, and two Otherdeeds. The attacker sold all the NFTs for a profit of 127.3 wETH (~$208,000). HideYoApes explained on Twitter that he had downloaded and installed the MetaMask wallet extension from MetaMask’s official website.
Amount of loss: $ 208,000 Attack method: Phishing Attack