351 hack event(s)
Description of the event: Arkham official announced on Twitter that its CEO, Miguel Morel, fell victim to a SIM card swap attack. Miguel Morel's Twitter account was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: The community-driven ZK L2 network ZKFair's official Discord has been hacked.Do not click any links until the team regain control of the server.
Amount of loss: - Attack method: Account Compromise
Description of the event: Independent crypto data aggregator CoinGecko's Twitter accounts @CoinGecko and @GeckoTerminal was compromised. One of their team members clicked on a fraudulent Calendly link by accident, granting unauthorized app access to a hacker who then posted on their behalf.
Amount of loss: - Attack method: Account Compromise
Description of the event: The U.S. Securities and Exchange Commission (SEC) stated on Monday in a release that its Twitter account was compromised on January 9th due to an unauthorized party gaining control of the associated phone number through a "SIM card swap" attack. After gaining control of the phone number, the unauthorized party reset the password for the SEC's Twitter account. Access to the phone number was obtained through the telecommunications provider, not through the SEC's systems.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to a report by Cointelegraph, the cryptocurrency venture capital firm Polychain Capital has confirmed that its founder and CEO, Olaf Carlson-Wee, has had his Twitter account compromised. Hackers have posted phishing links containing false airdrops. Polychain has urged Twitter users to avoid interacting with Carlson-Wee's account until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: Cryptocurrency payment service provider Coinspaid experienced multiple unauthorized transactions, with hackers stealing cryptocurrency assets worth $7.5 million.
Amount of loss: $ 7,500,000 Attack method: Unknown
Description of the event: The Twitter account of the security firm CertiK was compromised. The attackers posted false information claiming that the Uniswap router contract is vulnerable to a reentrancy attack, along with phishing links. Subsequently, CertiK tweeted that "A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee. "
Amount of loss: - Attack method: Account Compromise
Description of the event: Atomicals Market (Marketplace and Explorer for Atomicals and ARC-20) tweeted that they're currently under ddos attacks.
Amount of loss: - Attack method: DDoS Attack
Description of the event: @0xKofi's Twitter account has been hacked; please do not click on the scam link.
Amount of loss: - Attack method: Account Compromise
Description of the event: the Ledger Connect Kit suffered a supply chain attack, with attackers stealing at least $600,000. The SlowMist security team immediately initiated an analysis of the relevant code and discovered that the attackers implanted malicious JavaScript code in versions @ledgerhq/connect-kit=1.1.5/1.1.6/1.1.7. They directly replaced the normal window logic with a Drainer class, triggering not only a fake DrainerPopup popup but also handling the transfer logic for various assets. Attackers launched phishing attacks against cryptocurrency users through CDN.
Amount of loss: $ 600,000 Attack method: Malicious Code Injection Attack
Description of the event: The perpetual contract on Osmosis, Levana, has been subjected to an attack resulting in a loss exceeding $1.14 million. A post-incident report provided by its team indicates that between December 13th and December 26th, attackers successfully drained 10% of Levana's liquidity pool. Levana states that efforts are underway to rectify the issue, assuring that existing trading positions and profits remain unaffected. Future plans involve compensating affected liquidity providers through airdrops and the distribution of protocol fees collected during the attack period.
Amount of loss: $ 1,140,000 Attack method: Oracle Attack
Description of the event: On December 5, 2023, thirdweb, the Web3 base development platform, indicated that a security vulnerability was discovered in pre-built smart contracts. The impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. Please see a full list of impacted smart contracts and mitigation steps at this link (https://blog.thirdweb.com/security-vulnerability/).
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Lido officials say that over the course of the last 24 hours, Lido DAO contributors were made aware of a platform vulnerability that affected an active Node Operator using the Lido on Ethereum protocol (InfStones) sometime over the course of the previous few months. The vulnerability was disclosed to InfStones in July 2023 by security researchers dWallet Labs. The Node Operator has announced that the vulnerability has been 184 addressed. The vulnerability is related to the possible exposure of root-level access to 25 validator servers that may not be related to the Lido protocol, including possibly key material, to external attackers. It is not clear to contributors at this time if servers and/or keys related to Lido validators were included in the scope of affected systems or not.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: Crypto quantization company Kronos Research tweeted that they experienced unauthorized access of some of their API keys.
Amount of loss: $ 26,000,000 Attack method: API Key Attack
Description of the event: Lendora Protocol on Scroll is suspected of an exit scam. The website is now offline and the contracts were paused.
Amount of loss: - Attack method: Rug Pull
Description of the event: The multisignature wallet addresses of the DAO project Samudai and the wallet of its founder appear to have been compromised, resulting in a loss of approximately $1.25 million.
Amount of loss: $ 1,250,000 Attack method: Wallet Stolen
Description of the event: A fake Ledger Live app on the official Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen.
Amount of loss: $ 588,000 Attack method: Fake Application
Description of the event: Tellor's Twitter account was compromised, and the hacker posted a phishing link related to the $TRB airdrop.
Amount of loss: - Attack method: Account Compromise
Description of the event: Monero discloses that its community crowdfunding wallet was drained of 2,675.73 XMR (the entire balance). The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR.
Amount of loss: $ 460,000 Attack method: Unknown
Description of the event: Maestro Router was compromised and approximately $ 510,000 was stolen.
Amount of loss: $ 510,000 Attack method: Contract Vulnerability