357 hack event(s)
Description of the event: Lendora Protocol on Scroll is suspected of an exit scam. The website is now offline and the contracts were paused.
Amount of loss: - Attack method: Rug Pull
Description of the event: The multisignature wallet addresses of the DAO project Samudai and the wallet of its founder appear to have been compromised, resulting in a loss of approximately $1.25 million.
Amount of loss: $ 1,250,000 Attack method: Wallet Stolen
Description of the event: A fake Ledger Live app on the official Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen.
Amount of loss: $ 588,000 Attack method: Fake Application
Description of the event: Tellor's Twitter account was compromised, and the hacker posted a phishing link related to the $TRB airdrop.
Amount of loss: - Attack method: Account Compromise
Description of the event: Monero discloses that its community crowdfunding wallet was drained of 2,675.73 XMR (the entire balance). The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR.
Amount of loss: $ 460,000 Attack method: Unknown
Description of the event: Maestro Router was compromised and approximately $ 510,000 was stolen.
Amount of loss: $ 510,000 Attack method: Contract Vulnerability
Description of the event: On October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.
Amount of loss: $ 4,400,000 Attack method: Information Leakage
Description of the event: On October 17, Fantom Foundation Telegram Community Administrator Jane stated that some of Fantom Foundation's hot wallet assets were drained due to a zero-day vulnerability on Google Chrome. According to SlowMist's analysis of on-chain transmission methods and previous emergency response experience, this should be a case of private key theft, which may be the result of the Foundation or its employees being attacked by phishing, social engineering, and running malicious Trojan files, leading to the theft of some wallet private keys.
Amount of loss: $ 657,000 Attack method: Private Key Leakage
Description of the event: LastPass, a password management platform, is suspected to have suffered a data breach. On October 12, Twitter user flippen.eth tweeted that he had lost more than 20 ETH from his hot wallet overnight after storing his mnemonic on LastPass, an online password management platform, stating, "This problem seems to be widespread, so if you've ever used LastPass, it's time to update your password and abandon your wallet and the mnemonics stored there.”
Amount of loss: 20 ETH Attack method: Information Leakage
Description of the event: The @nowaiAI announced their Discord server has been compromised. Do not connect your wallet. It connects to phishing site: hxxps://nowaiguard.github.io/discord/.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Ethereum Foundation fell victim to a sandwich attack by an MEV Bot when selling 1700 ETH through Uniswap V3, resulting in a loss of $9,101. The MEV Bot profited $4,060 from the attack.
Amount of loss: $ 9,101 Attack method: Sandwich Attack
Description of the event: On October 6, an unknown individual contacted our domain service provider Dynadot, impersonating an authorized Galxe member and bypassing the security process with falsified documentation. The impersonator then gained unauthorized access to the domain account, which was manipulated to redirect website visitors to a fake site and sign transactions that misappropriated their funds. On October 7, Galxe released a statement on the October 6 DNS security incident stating that the site is now fully restored, with an estimated 1,120 users affected and approximately $270,000 stolen. On October 11, Galxe announced a compensation plan for the security incident that occurred on October 6, 2023. Any affected users will receive full compensation in USDT on Polygon, calculated based on its value at 18:00 Beijing time on October 9.
Amount of loss: $ 270,000 Attack method: DNS Hijacking Attack
Description of the event: SpaceChain Discord was hacked. A phishing link was posted in the announcements channel of SpaceChain Discord server.
Amount of loss: - Attack method: Account Compromise
Description of the event: On September 23, the Mixin Network cloud service provider database was attacked, the amount of funds involved was ~$200M.
Amount of loss: $ 200,000,000 Attack method: Unknown
Description of the event: BEDU announced that a team member in their Discord server has been compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: On September 17th, ThalaLabs' Twitter account was compromised, and a phishing website was posted, which is linked to a known wallet drainer.
Amount of loss: - Attack method: Account Compromise
Description of the event: Mark Cuban, a billionaire entrepreneur and owner of the Dallas Mavericks, fell victim to a hack on September 16th. Altogether, he was set back by around $870,000 across 10 cryptocurrencies. He said he moved his remaining funds to Coinbase custody.
Amount of loss: $ 870,000 Attack method: Wallet Stolen
Description of the event: On September 11, Witnet - the multichain decentralized oracle, tweeted that the Witnet Discord server has been compromised and deleted temporarily.
Amount of loss: - Attack method: Account Compromise
Description of the event: Ether co-founder Vitalik Buterin's Twitter account is suspected to have been hacked and posted a link (actually a phishing link) to a free Proto Danksharding Memorial NFT pickup related to ConsenSys. ZachXBT says the hackers have now stolen $700,000. Upon review, the tweet containing the phishing link has been removed.
Amount of loss: $ 700,000 Attack method: Account Compromise
Description of the event: A phishing link has been posted in the major announcements channel of Victory Point Discord server. Do not interact with hxxps://victorypoints.xyz/airdrop/
Amount of loss: - Attack method: Account Compromise