21 hack event(s)
Description of the event: Solana validator operator Laine tweeted, "Solana Mainnet-Beta is experiencing a performance degradatation, block progression is currently halted, core engineers & validators are actively investigating." According to SolanaFM data, the last block appears to have been processed at UTC time 09:52. Solana Status tweeted, "Block production on Solana mainnet beta resumed at 14:57 UTC, following a successful upgrade to v1.17.20 and a restart of the cluster by validator operators. Engineers will continue to monitor performance as network operations are restored.The outage began at approximately 09:53 UTC, lasting 5 hours. Core contributors are working on a root cause report, which will be made available once complete."
Amount of loss: - Attack method: Downtime
Description of the event: The MangoFarm project is suspected of a rug pull. The official Twitter account of the MangoFarm is no longer accessible.
Amount of loss: $ 1,000,000 Attack method: Rug Pull
Description of the event: MegabotETH is suspected of a rug pull. Approximately 742k has been stolen.
Amount of loss: $ 742,000 Attack method: Rug Pull
Description of the event: On October 19, Synthetify Protocol experienced a security incident. The smart contract and the entire platform are currently frozen.
Amount of loss: $ 230,000 Attack method: Governance Attack
Description of the event: SaberDAO tweeted that their Discord was hacked.
Amount of loss: - Attack method: Discord was hacked
Description of the event: SVT tokens were attacked by flash loans, and the economic model loopholes of SVT transaction contracts were exploited. The attackers made approximately $400,000 in profit from repeated buying and selling operations. According to MistTrack analysis, the attacker’s initial funds came from SwftSwap, and 1070 BNB has been transferred to Tornado Cash.
Amount of loss: $ 400,000 Attack method: Flash Loan Attack
Description of the event: In response to an attack, Raydium tweeted that a patch has been put in place so far to prevent further attacks. This attack has nothing to do with the escalated privileges of the program itself. The vulnerability seems to stem from a Trojan horse attack and the leakage of the private key of the liquidity pool owner account. The attacker gained access to the pool owner account and was then able to call the withdraw pnl function, which is used to collect transaction/protocol fees earned on swaps in the pool. The affected pools include SOL-USDC, SOL-USDT, RAY-USDC, RAY-USDT, RAY-SOL, stSOL-USDC, ZBC-USDC, UXP-USDC, and whETH-USDC, with a total loss of approximately $4.395 million.
Amount of loss: $ 4,395,000 Attack method: Private Key Leakage
Description of the event: Solend, a lending protocol on Solana, tweeted that an oracle attack against USDH affecting Stable, Coin98, and Kamino’s isolated pools was detected, resulting in $1.26 million in bad debt. Additionally, Solend claims that all other pools, including the Main pool, are safe.
Amount of loss: $ 1,260,000 Attack method: Oracle attack
Description of the event: Mango, the Solana ecological decentralized financial platform, tweeted: “A hacker is currently investigating an incident in which a hacker extracted funds from Mango through price manipulation through oracle machines.” According to a detailed report, the protocol was encountered at approximately 6:00 on October 12, Beijing time. Attack, 2 accounts funded by USDC held excessive positions in MNGO-ERP, the underlying price of MNGO/USD on various exchanges (FTX, Ascendex) saw a 5-10 times price increase within a few minutes, Caused Switchboard and Pyth oracles to update their MNGO benchmark prices above $0.15, further causing unrealized profits to increase account value to market long MNGO-ERP, allowing accounts to borrow and withdraw BTC from the Mango protocol (sollet) , USDT, SOL, mSOL, USDC, which made the loan amount of the equivalent deposit of USD 190 million on the platform reached the maximum value, and the net value withdrawn from the account at that time was about USD 100 million.
Amount of loss: $ 100,000,000 Attack method: Flash Loan Attack
Description of the event: Tulip Protocol, a Solana ecological income aggregator and leveraged income farming platform, stated that its exposure to the Mango attack was limited to a portion of the USDC/RAY strategic treasury, namely 2,465,841.497167 USDC and 66,721.925355 RAY, and the funds affected by the Mango attack were about $2.5 million.
Amount of loss: $ 2,500,000 Attack method: Affected by the Mango attack
Description of the event: The total amount of funds affected by the Solana ecological algorithm stablecoin protocol UXD Protocol in the Mango attack is $19,986,134.9037. UXD Protocol stated: “Our insurance fund is sufficient to cover losses. UXD is fully secured and will be redeemable by users once Mango Markets recovers from the exploit. The total insurance fund is $53,527,304.7757. UXD Protocol has suspended UXD minting for Risk minimization. Minting will be re-enabled once we confirm the issue with Mango Markets has been resolved.”
Amount of loss: $ 20,000,000 Attack method: Affected by the Mango attack
Description of the event: Solana’s ecological derivative OptiFi tweeted that at around 6:00 UTC on August 29th, team members tried to update and upgrade on Solana, but the OptiFi mainnet program was shut down due to an operation error and could not be recovered, of which 661,000 USDC Locked (95% of funds are owned by team members), all user funds will be compensated.
Amount of loss: 661,000 USDC Attack method: Operation error
Description of the event: A large-scale coin theft event occurred on the Solana public chain, and a large number of users were transferred SOL and SPL tokens without their knowledge. The SlowMist security team analyzed the Slope wallet application at the invitation of the Slope team. The analysis showed that the version of the Slope wallet released on or after June 24, 2022 has the phenomenon of sending private keys or mnemonic words to third-party application monitoring services. However, from the investigation of the Slope wallet application, there is no temporary way to clearly prove that the root cause of the incident is the problem of the Slope wallet.
Amount of loss: $ 4,000,000 Attack method: Unknown
Description of the event: According to SlowMist Intelligence, Nirvana, a stablecoin project on the Solana chain, was attacked by a flash loan. The attacker used a flash loan to borrow 10,250,000 USDC from Solend by deploying a malicious contract, and then called the Nirvana contract buy3 method to buy a large amount of ANA tokens. Nirvana contract swap method to sell part of ANA, get USDT and USDC, after repaying the flash loan, a total profit of 3,490,563.69 USDT, 21,902.48 USDC and 393,230.32 ANA tokens, then the hacker sold ANA tokens and passed all the dirty money through the cross-chain bridge transfer.
Amount of loss: $ 3,500,000 Attack method: Flash Loan Attack
Description of the event: The centralized liquidity DeFi application Crema Finance on the Solana chain announced its shutdown due to a hacker attack. The official Twitter of the protocol quoted information from the on-chain browser SolanaFM, saying that the value of the lost encrypted assets was $8.782 million. Early this morning, Crema Finance disclosed the attacked thread, saying that hackers bypassed contract checks by creating a fake price change data account (Tickaccount), and then used fake price data and flash loans to steal huge fees from the fund pool. On July 7, Crema Finance said on Twitter that after a long negotiation, Crema Finance attackers agreed to collect 45,455 SOL (about $1.682 million) as a white hat bounty, and had returned 6,064 Ethereum and 23,967.9 SOL (approximately $8.1 million).
Amount of loss: $ 1,682,000 Attack method: Flash Loan Attack
Description of the event: Castle Finance developer Charlie You discovered a critical vulnerability in Solana's ecological lending protocol, Jet Protocol, that could allow attackers to withdraw tokens from arbitrary accounts. It is reported that Charlie You was discovered in January this year, but it has existed since the code update on December 15, 2021. Charlie You said that the vulnerability may cause up to 20 million US dollars in financial losses. For now, the Jet Protocol team has fixed it.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: The stablecoin project Cashio on Solana has been hacked. According to the preliminary analysis of the SlowMist security team, hackers illegally issued 2 billion CASH tokens by bypassing an unverified account, and converted CASH tokens into 8,646,022.04 UST, 17,041,006.5 USDC and 26,340,965.68 USDT-USDC through multiple applications. LP, total profit value: 52027994.22 USD (more than 50 million USD). At present, the official announcement has been issued to allow users to suspend the use of the contract, and a temporary patch has been released to fix the vulnerability.
Amount of loss: $ 52,027,994.22 Attack method: Contract Vulnerability
Description of the event: Attackers exploited a signature verification vulnerability in the Wormhole network to mint 120k Ether on Solana, worth over $326 million. The hack was made possible by a series of signature verification authorizations, where the developers used a deprecated function to enable unverified forged signature passes.
Amount of loss: 120,000 ETH Attack method: Contract Vulnerability
Description of the event: The SolFire Finance project owner stole all investor funds and moved them to the ETH chain via a cross-chain bridge. The project's GitHub account and Twitter account have been deleted and the site is no longer accessible.
Amount of loss: $ 10,000,000 Attack method: Rug Pull
Description of the event: The Solana chain has experienced its first carpet pull. Luna Yield ($LUNY) is a revenue aggregator launched through the Solana launchpad "SolPad", which has disappeared and is a variety of digital currencies worth about 6.7 million U.S. dollars. Luna Yield advertises itself as a legal project that can aggregate and optimize yield agriculture for its users; it is even supported by the famous Solana-based project launchpad "SolPad", which enables projects that submit "qualified documents" Raise funds through its initial DEX product (IDO) on the Solana-based decentralized platform. Although Luna Yield submitted "qualified documents", its attitude towards investors was indifferent. Before the August 16 fundraising, Luna Yield appeared to be legitimate. Three days after its IDO, Luna Yield sent the funds it raised to the hybrid service Tornado Cash to make it untraceable, and then it closed its website and all social media accounts-no one was able to contact the Luna Yield team.
Amount of loss: $ 6,700,000 Attack method: Rug Pull