25 hack event(s)
Description of the event: The stablecoin project Cashio on Solana has been hacked. According to the preliminary analysis of the SlowMist security team, hackers illegally issued 2 billion CASH tokens by bypassing an unverified account, and converted CASH tokens into 8,646,022.04 UST, 17,041,006.5 USDC and 26,340,965.68 USDT-USDC through multiple applications. LP, total profit value: 52027994.22 USD (more than 50 million USD). At present, the official announcement has been issued to allow users to suspend the use of the contract, and a temporary patch has been released to fix the vulnerability.
Amount of loss: $ 52,027,994.22 Attack method: Contract Vulnerability
Description of the event: Attackers exploited a signature verification vulnerability in the Wormhole network to mint 120k Ether on Solana, worth over $326 million. The hack was made possible by a series of signature verification authorizations, where the developers used a deprecated function to enable unverified forged signature passes.
Amount of loss: 120,000 ETH Attack method: Contract Vulnerability
Description of the event: The SolFire Finance project owner stole all investor funds and moved them to the ETH chain via a cross-chain bridge. The project's GitHub account and Twitter account have been deleted and the site is no longer accessible.
Amount of loss: $ 10,000,000 Attack method: Rug Pull
Description of the event: The Solana chain has experienced its first carpet pull. Luna Yield ($LUNY) is a revenue aggregator launched through the Solana launchpad "SolPad", which has disappeared and is a variety of digital currencies worth about 6.7 million U.S. dollars. Luna Yield advertises itself as a legal project that can aggregate and optimize yield agriculture for its users; it is even supported by the famous Solana-based project launchpad "SolPad", which enables projects that submit "qualified documents" Raise funds through its initial DEX product (IDO) on the Solana-based decentralized platform. Although Luna Yield submitted "qualified documents", its attitude towards investors was indifferent. Before the August 16 fundraising, Luna Yield appeared to be legitimate. Three days after its IDO, Luna Yield sent the funds it raised to the hybrid service Tornado Cash to make it untraceable, and then it closed its website and all social media accounts-no one was able to contact the Luna Yield team.
Amount of loss: $ 6,700,000 Attack method: Rug Pull
Description of the event: Solana Ecological Lending Agreement Solend tweeted that the agreement was hacked at 20:40 on August 19th, Beijing time. The attacker cracked the insecure identity check in the UpdateReserveConfig function, allowing it to liquidate all accounts. In addition, the hacker also set the APY of borrowed funds to 250%. During this period, the funds of 5 users were mistakenly liquidated, and the liquidator is currently refunding the losses of these 5 users totaling USD 16,000. Solend said that this attack did not result in the theft of funds, and that the scale of the bug bounty will be increased and a better monitoring and alarm system will be established.
Amount of loss: $ 16,000 Attack method: Contract Vulnerability