343 hack event(s)
Description of the event: Capital Killer, an anti-capitalist hacker group, revealed on twitter that they have attacked the Grayscale official website, claiming it as a gift to the AVAV community in support of fairness and anti-capitalism. Currently, the Grayscale official website is inaccessible, but the page for Grayscale's Bitcoin ETF GBTC remains accessible.
Amount of loss: - Attack method: Unknown
Description of the event: The Twitter account of MicroStrategy, the largest public holder of BTC, appears to have been compromised, with phishing airdrop links being posted. According to on-chain detective ZachXBT, the incident has resulted in the theft of assets worth $440,000.
Amount of loss: $ 440,000 Attack method: Account Compromise
Description of the event: Aleo, a blockchain project that advertises it's a place for "fully private applications" with "built-in privacy" has just emailed private identification documents — including selfies and photographs of government identification cards — to the wrong users. Aleo acknowledged their screw-up on social media, claiming that only ten individuals were impacted, and that it had happened thanks to a "copy/paste error in email metadata".
Amount of loss: - Attack method: Information Leakage
Description of the event: SlowMist founder Cos tweeted that there is a backdoor code in the Tornado Cash IPFS version frontend that hijacks deposit certificates. A governance attack led to malicious proposals being passed, and the malicious code has been present for about two months.
Amount of loss: - Attack method: Governance Attack
Description of the event: Axie Infinity co-founder Jihoz tweeted that his personal two addresses have been compromised. The attack is limited to his personal accounts and is unrelated to the validation or operation of the Ronin chain. Additionally, the leaked keys are unrelated to the operations of Sky Mavis. He reassured everyone that strict security measures have been taken for all related activities.
Amount of loss: $ 10,000,000 Attack method: Private Key Leakage
Description of the event: Keith Grossman, the president of MoonPay, currently has a compromised X account distributing wallet drainer links.
Amount of loss: - Attack method: Account Compromise
Description of the event: On January 31st, according to blockchain investigator ZachXBT, Ripple fell victim to a hacking attack resulting in the theft of 213 million XRP, valued at approximately $112.5 million. Ripple's co-founder, Chris Larsen, tweeted, "Yesterday, there was unauthorized access to a few of my personal XRP accounts (not @Ripple) – we were quickly able to catch the problem and notify exchanges to freeze the affected addresses. Law enforcement is already involved."
Amount of loss: $ 112,500,000 Attack method: Private Key Leakage
Description of the event: The official Twitter account of zk-data marketplace Masa is suspected to be compromised, and fake airdrop links have been posted.
Amount of loss: - Attack method: Account Compromise
Description of the event: DWF Labs tweeted that the Twitter account of their managing partner, Andrei Grachev, has been compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: GoledoFinance on Conflux was attacked, with a loss of 7.9m $CFX ($1.7M). The Goledo team has completed the initial investigation of the large borrowings in the lending pool. The team has determined that the issue is related to a flash loan.
Amount of loss: $ 1,700,000 Attack method: Flash Loan Attack
Description of the event: South Korean Web3 social music service Somesing announced that it fell victim to a security vulnerability attack last Saturday, resulting in a loss of 730 million native tokens (SSX), equivalent to approximately $11.58 million.
Amount of loss: $ 11,580,000 Attack method: Unknown
Description of the event: The Algorand Foundation tweeted that the Twitter account of Staci Warden (@StaciW_DC), the CEO of the Foundation, has been compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: Arkham official announced on Twitter that its CEO, Miguel Morel, fell victim to a SIM card swap attack. Miguel Morel's Twitter account was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: The community-driven ZK L2 network ZKFair's official Discord has been hacked.Do not click any links until the team regain control of the server.
Amount of loss: - Attack method: Account Compromise
Description of the event: Independent crypto data aggregator CoinGecko's Twitter accounts @CoinGecko and @GeckoTerminal was compromised. One of their team members clicked on a fraudulent Calendly link by accident, granting unauthorized app access to a hacker who then posted on their behalf.
Amount of loss: - Attack method: Account Compromise
Description of the event: The U.S. Securities and Exchange Commission (SEC) stated on Monday in a release that its Twitter account was compromised on January 9th due to an unauthorized party gaining control of the associated phone number through a "SIM card swap" attack. After gaining control of the phone number, the unauthorized party reset the password for the SEC's Twitter account. Access to the phone number was obtained through the telecommunications provider, not through the SEC's systems.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to a report by Cointelegraph, the cryptocurrency venture capital firm Polychain Capital has confirmed that its founder and CEO, Olaf Carlson-Wee, has had his Twitter account compromised. Hackers have posted phishing links containing false airdrops. Polychain has urged Twitter users to avoid interacting with Carlson-Wee's account until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: Cryptocurrency payment service provider Coinspaid experienced multiple unauthorized transactions, with hackers stealing cryptocurrency assets worth $7.5 million.
Amount of loss: $ 7,500,000 Attack method: Unknown
Description of the event: The Twitter account of the security firm CertiK was compromised. The attackers posted false information claiming that the Uniswap router contract is vulnerable to a reentrancy attack, along with phishing links. Subsequently, CertiK tweeted that "A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee. "
Amount of loss: - Attack method: Account Compromise
Description of the event: Atomicals Market (Marketplace and Explorer for Atomicals and ARC-20) tweeted that they're currently under ddos attacks.
Amount of loss: - Attack method: DDoS Attack