363 hack event(s)
Description of the event: @0xKofi's Twitter account has been hacked; please do not click on the scam link.
Amount of loss: - Attack method: Account Compromise
Description of the event: the Ledger Connect Kit suffered a supply chain attack, with attackers stealing at least $600,000. The SlowMist security team immediately initiated an analysis of the relevant code and discovered that the attackers implanted malicious JavaScript code in versions @ledgerhq/connect-kit=1.1.5/1.1.6/1.1.7. They directly replaced the normal window logic with a Drainer class, triggering not only a fake DrainerPopup popup but also handling the transfer logic for various assets. Attackers launched phishing attacks against cryptocurrency users through CDN.
Amount of loss: $ 600,000 Attack method: Malicious Code Injection Attack
Description of the event: The perpetual contract on Osmosis, Levana, has been subjected to an attack resulting in a loss exceeding $1.14 million. A post-incident report provided by its team indicates that between December 13th and December 26th, attackers successfully drained 10% of Levana's liquidity pool. Levana states that efforts are underway to rectify the issue, assuring that existing trading positions and profits remain unaffected. Future plans involve compensating affected liquidity providers through airdrops and the distribution of protocol fees collected during the attack period.
Amount of loss: $ 1,140,000 Attack method: Oracle Attack
Description of the event: On December 5, 2023, thirdweb, the Web3 base development platform, indicated that a security vulnerability was discovered in pre-built smart contracts. The impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. Please see a full list of impacted smart contracts and mitigation steps at this link (https://blog.thirdweb.com/security-vulnerability/).
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Lido officials say that over the course of the last 24 hours, Lido DAO contributors were made aware of a platform vulnerability that affected an active Node Operator using the Lido on Ethereum protocol (InfStones) sometime over the course of the previous few months. The vulnerability was disclosed to InfStones in July 2023 by security researchers dWallet Labs. The Node Operator has announced that the vulnerability has been 184 addressed. The vulnerability is related to the possible exposure of root-level access to 25 validator servers that may not be related to the Lido protocol, including possibly key material, to external attackers. It is not clear to contributors at this time if servers and/or keys related to Lido validators were included in the scope of affected systems or not.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: Crypto quantization company Kronos Research tweeted that they experienced unauthorized access of some of their API keys.
Amount of loss: $ 26,000,000 Attack method: API Key Attack
Description of the event: Lendora Protocol on Scroll is suspected of an exit scam. The website is now offline and the contracts were paused.
Amount of loss: - Attack method: Rug Pull
Description of the event: The multisignature wallet addresses of the DAO project Samudai and the wallet of its founder appear to have been compromised, resulting in a loss of approximately $1.25 million.
Amount of loss: $ 1,250,000 Attack method: Wallet Stolen
Description of the event: A fake Ledger Live app on the official Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen.
Amount of loss: $ 588,000 Attack method: Fake Application
Description of the event: Tellor's Twitter account was compromised, and the hacker posted a phishing link related to the $TRB airdrop.
Amount of loss: - Attack method: Account Compromise
Description of the event: Monero discloses that its community crowdfunding wallet was drained of 2,675.73 XMR (the entire balance). The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR.
Amount of loss: $ 460,000 Attack method: Unknown
Description of the event: Maestro Router was compromised and approximately $ 510,000 was stolen.
Amount of loss: $ 510,000 Attack method: Contract Vulnerability
Description of the event: On October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.
Amount of loss: $ 4,400,000 Attack method: Information Leakage
Description of the event: On October 17, Fantom Foundation Telegram Community Administrator Jane stated that some of Fantom Foundation's hot wallet assets were drained due to a zero-day vulnerability on Google Chrome. According to SlowMist's analysis of on-chain transmission methods and previous emergency response experience, this should be a case of private key theft, which may be the result of the Foundation or its employees being attacked by phishing, social engineering, and running malicious Trojan files, leading to the theft of some wallet private keys.
Amount of loss: $ 657,000 Attack method: Private Key Leakage
Description of the event: LastPass, a password management platform, is suspected to have suffered a data breach. On October 12, Twitter user flippen.eth tweeted that he had lost more than 20 ETH from his hot wallet overnight after storing his mnemonic on LastPass, an online password management platform, stating, "This problem seems to be widespread, so if you've ever used LastPass, it's time to update your password and abandon your wallet and the mnemonics stored there.”
Amount of loss: 20 ETH Attack method: Information Leakage
Description of the event: The @nowaiAI announced their Discord server has been compromised. Do not connect your wallet. It connects to phishing site: hxxps://nowaiguard.github.io/discord/.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Ethereum Foundation fell victim to a sandwich attack by an MEV Bot when selling 1700 ETH through Uniswap V3, resulting in a loss of $9,101. The MEV Bot profited $4,060 from the attack.
Amount of loss: $ 9,101 Attack method: Sandwich Attack
Description of the event: On October 6, an unknown individual contacted our domain service provider Dynadot, impersonating an authorized Galxe member and bypassing the security process with falsified documentation. The impersonator then gained unauthorized access to the domain account, which was manipulated to redirect website visitors to a fake site and sign transactions that misappropriated their funds. On October 7, Galxe released a statement on the October 6 DNS security incident stating that the site is now fully restored, with an estimated 1,120 users affected and approximately $270,000 stolen. On October 11, Galxe announced a compensation plan for the security incident that occurred on October 6, 2023. Any affected users will receive full compensation in USDT on Polygon, calculated based on its value at 18:00 Beijing time on October 9.
Amount of loss: $ 270,000 Attack method: DNS Hijacking Attack
Description of the event: SpaceChain Discord was hacked. A phishing link was posted in the announcements channel of SpaceChain Discord server.
Amount of loss: - Attack method: Account Compromise
Description of the event: On September 23, the Mixin Network cloud service provider database was attacked, the amount of funds involved was ~$200M.
Amount of loss: $ 200,000,000 Attack method: Unknown