34 hack event(s)
Description of the event: According to Scam Sniffer's monitoring, the X account of the decentralized autonomous wireless network project DAWN was compromised and used to post phishing tweets.
Amount of loss: - Attack method: Account Compromise
Description of the event: tong, the founder of Holoworld AI, posted on X stating that the Holoworld AI X account has been hacked. Please do not click on any links.
Amount of loss: - Attack method: Account Compromise
Description of the event: The DeSci project Pump Science tweeted that the wallet T5j2UB...jjb8sc was exploited due to an oversight in their GitHub repository. The exploiter gained access to the keypair, which had been embedded in the source code of their website.
Amount of loss: - Attack method: Private Key Leakage
Description of the event: The X account of the meme project dogwifcoin (WIF) is suspected to have been hacked, posting multiple token contract messages. Users are advised to stay vigilant.
Amount of loss: - Attack method: Account Compromise
Description of the event: A dog-themed memecoin project called SHARPEI abruptly cashed out $3.4 million, tanking the token price by more than 96% in seconds. The project had been promoted by crypto influencers, but hit a snag when a pitch deck for the project leaked. The deck contained multiple lies, including claims to have hired multiple "KOLs" who later denied involvement, and false claims of partnerships with various platforms and projects. As the token price stuttered along with these revelations, insiders apparently decided to quit while they were ahead, and cashed out in a quick and coordinated sale.
Amount of loss: $ 3,400,000 Attack method: Rug Pull
Description of the event: Ahmad Shadid, former CEO of the decentralized GPU network io.net, posted on X that the official io.net Discord has been hacked. He has informed the IO team and advised not to click on any shared links.
Amount of loss: - Attack method: Account Compromise
Description of the event: The website frontend of Solana ecosystem real estate trading protocol Parcl has been hacked, extracting tokens from users' Solana wallets and displaying fake transaction results in Phantom. Parcl’s official X account also appears to have been compromised, posting information related to PARCL rewards.
Amount of loss: - Attack method: Frontend Attack
Description of the event: The cross-chain DeFi protocol Entangle announced on X that the official X account of the meme token project BorpaToken, developed by their team, has been compromised. Do not click on any links. The BorpaToken team is in contact with X to resolve the issue.
Amount of loss: - Attack method: Account Compromise
Description of the event: pump.fun is a Solana-based memecoin generator. On May 16th, the project suffered a $1.9 million exploit by an attacker who then began airdropping the money to somewhat random wallets. pump.fun stated on Twitter that the attack was due to a former employee exploiting their privileges within the company to illegally obtain withdrawal permissions and using a lending protocol to carry out flash loan attacks.
Amount of loss: $ 1,900,000 Attack method: Flash Loan Attack
Description of the event: io.net founder and CEO Ahmad Shadid announced on social media that io.net's metadata APIs recently experienced a security incident. A malicious party exploited accessible mappings of User IDs to Device IDs, leading to unauthorized metadata updates. This breach did not compromise GPU access but did affect the metadata displayed to users on the frontend.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: Jupiter, a trading aggregator in the Solana ecosystem, tweeted that they noticed a large number of spam bots hitting our RPCs and limited them. Users are advised to try their operations again. The team is working super hard on helping users in this new congested environment and dealing with extraordinary volume.
Amount of loss: - Attack method: DDoS Attack
Description of the event: CondomSOL on Solana has exited, and its Twitter account is no longer accessible. The wallet associated with CondomSOL raised 4,965 SOL, equivalent to approximately $922,000.
Amount of loss: $ 922,000 Attack method: Rug Pull
Description of the event: The Solana ecosystem is grappling with a spate of drained wallets. A cause has yet to be definitively determined, but some of the thefts were linked to the use of trading bots like Solareum. According to security researcher Plum, the Solareum Telegram trading bot vulnerability resulted in a loss of assets worth approximately $1 million.
Amount of loss: $ 1,000,000 Attack method: Unknown
Description of the event: Saga DAO, a community-run fan club for Solana's sellout mobile phone fell victim to a hacker attack, resulting in a theft of 750 SOL, equivalent to approximately $60,000. On February 2nd, SagaDAO tweeted that all funds stolen last week had been recovered. 65,761.03 USDC has been sent back to the Align multisig wallet protected by Phase Labs. The funds were returned from the original attacker's address.
Amount of loss: $ 65,761 Attack method: Unknown
Description of the event: The MangoFarm project is suspected of a rug pull. The official Twitter account of the MangoFarm is no longer accessible.
Amount of loss: $ 2,000,000 Attack method: Rug Pull
Description of the event: MegabotETH is suspected of a rug pull. Approximately 742k has been stolen.
Amount of loss: $ 742,000 Attack method: Rug Pull
Description of the event: On October 19, Synthetify Protocol experienced a security incident. The smart contract and the entire platform are currently frozen.
Amount of loss: $ 230,000 Attack method: Governance Attack
Description of the event: SaberDAO tweeted that their Discord was hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: SVT tokens were attacked by flash loans, and the economic model loopholes of SVT transaction contracts were exploited. The attackers made approximately $400,000 in profit from repeated buying and selling operations. According to MistTrack analysis, the attacker’s initial funds came from SwftSwap, and 1070 BNB has been transferred to Tornado Cash.
Amount of loss: $ 400,000 Attack method: Flash Loan Attack
Description of the event: In response to an attack, Raydium tweeted that a patch has been put in place so far to prevent further attacks. This attack has nothing to do with the escalated privileges of the program itself. The vulnerability seems to stem from a Trojan horse attack and the leakage of the private key of the liquidity pool owner account. The attacker gained access to the pool owner account and was then able to call the withdraw pnl function, which is used to collect transaction/protocol fees earned on swaps in the pool. The affected pools include SOL-USDC, SOL-USDT, RAY-USDC, RAY-USDT, RAY-SOL, stSOL-USDC, ZBC-USDC, UXP-USDC, and whETH-USDC, with a total loss of approximately $4.395 million.
Amount of loss: $ 4,395,000 Attack method: Private Key Leakage