36 hack event(s)
Description of the event: An attacker exploited a vulnerability in the Solana-based lending protocol Texture, stealing approximately $2.2 million in user funds from one of the project’s vaults. Shortly after the incident, Texture offered the attacker a 10% bounty. The attacker returned $1.98 million and kept $220,000.
Amount of loss: $ 2,200,000 Attack method: Contract Vulnerability
Description of the event: A modular DeFi lending market built on Solana, Loopscale, has suffered an attack. The root cause of the exploit has been identified as an isolated issue with Loopscale’s pricing of RateX-based collateral. The incident led to the theft of approximately 5.7 million USDC and 1,200 SOL, accounting for about 12% of the platform's total funds. According to an official update posted by Loopscale on April 29, following successful negotiations, all stolen assets — 5,726,725 USDC and 1,211 SOL — were fully returned on April 26. No user deposits were affected.
Amount of loss: $ 5,800,000 Attack method: Oracle Attack
Description of the event: According to Scam Sniffer's monitoring, the X account of the decentralized autonomous wireless network project DAWN was compromised and used to post phishing tweets.
Amount of loss: - Attack method: Account Compromise
Description of the event: tong, the founder of Holoworld AI, posted on X stating that the Holoworld AI X account has been hacked. Please do not click on any links.
Amount of loss: - Attack method: Account Compromise
Description of the event: The DeSci project Pump Science tweeted that the wallet T5j2UB...jjb8sc was exploited due to an oversight in their GitHub repository. The exploiter gained access to the keypair, which had been embedded in the source code of their website.
Amount of loss: - Attack method: Private Key Leakage
Description of the event: The X account of the meme project dogwifcoin (WIF) is suspected to have been hacked, posting multiple token contract messages. Users are advised to stay vigilant.
Amount of loss: - Attack method: Account Compromise
Description of the event: A dog-themed memecoin project called SHARPEI abruptly cashed out $3.4 million, tanking the token price by more than 96% in seconds. The project had been promoted by crypto influencers, but hit a snag when a pitch deck for the project leaked. The deck contained multiple lies, including claims to have hired multiple "KOLs" who later denied involvement, and false claims of partnerships with various platforms and projects. As the token price stuttered along with these revelations, insiders apparently decided to quit while they were ahead, and cashed out in a quick and coordinated sale.
Amount of loss: $ 3,400,000 Attack method: Rug Pull
Description of the event: Ahmad Shadid, former CEO of the decentralized GPU network io.net, posted on X that the official io.net Discord has been hacked. He has informed the IO team and advised not to click on any shared links.
Amount of loss: - Attack method: Account Compromise
Description of the event: The website frontend of Solana ecosystem real estate trading protocol Parcl has been hacked, extracting tokens from users' Solana wallets and displaying fake transaction results in Phantom. Parcl’s official X account also appears to have been compromised, posting information related to PARCL rewards.
Amount of loss: - Attack method: Frontend Attack
Description of the event: The cross-chain DeFi protocol Entangle announced on X that the official X account of the meme token project BorpaToken, developed by their team, has been compromised. Do not click on any links. The BorpaToken team is in contact with X to resolve the issue.
Amount of loss: - Attack method: Account Compromise
Description of the event: pump.fun is a Solana-based memecoin generator. On May 16th, the project suffered a $1.9 million exploit by an attacker who then began airdropping the money to somewhat random wallets. pump.fun stated on Twitter that the attack was due to a former employee exploiting their privileges within the company to illegally obtain withdrawal permissions and using a lending protocol to carry out flash loan attacks.
Amount of loss: $ 1,900,000 Attack method: Flash Loan Attack
Description of the event: io.net founder and CEO Ahmad Shadid announced on social media that io.net's metadata APIs recently experienced a security incident. A malicious party exploited accessible mappings of User IDs to Device IDs, leading to unauthorized metadata updates. This breach did not compromise GPU access but did affect the metadata displayed to users on the frontend.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: Jupiter, a trading aggregator in the Solana ecosystem, tweeted that they noticed a large number of spam bots hitting our RPCs and limited them. Users are advised to try their operations again. The team is working super hard on helping users in this new congested environment and dealing with extraordinary volume.
Amount of loss: - Attack method: DDoS Attack
Description of the event: CondomSOL on Solana has exited, and its Twitter account is no longer accessible. The wallet associated with CondomSOL raised 4,965 SOL, equivalent to approximately $922,000.
Amount of loss: $ 922,000 Attack method: Rug Pull
Description of the event: The Solana ecosystem is grappling with a spate of drained wallets. A cause has yet to be definitively determined, but some of the thefts were linked to the use of trading bots like Solareum. According to security researcher Plum, the Solareum Telegram trading bot vulnerability resulted in a loss of assets worth approximately $1 million.
Amount of loss: $ 1,000,000 Attack method: Unknown
Description of the event: Saga DAO, a community-run fan club for Solana's sellout mobile phone fell victim to a hacker attack, resulting in a theft of 750 SOL, equivalent to approximately $60,000. On February 2nd, SagaDAO tweeted that all funds stolen last week had been recovered. 65,761.03 USDC has been sent back to the Align multisig wallet protected by Phase Labs. The funds were returned from the original attacker's address.
Amount of loss: $ 65,761 Attack method: Unknown
Description of the event: The MangoFarm project is suspected of a rug pull. The official Twitter account of the MangoFarm is no longer accessible.
Amount of loss: $ 2,000,000 Attack method: Rug Pull
Description of the event: MegabotETH is suspected of a rug pull. Approximately 742k has been stolen.
Amount of loss: $ 742,000 Attack method: Rug Pull
Description of the event: On October 19, Synthetify Protocol experienced a security incident. The smart contract and the entire platform are currently frozen.
Amount of loss: $ 230,000 Attack method: Governance Attack
Description of the event: SaberDAO tweeted that their Discord was hacked.
Amount of loss: - Attack method: Account Compromise