41 hack event(s)
Description of the event: On September 20th, SlowMist tweeted that Coinbase Wallet recently integrated the Web3 messaging network protocol (http://xmtp.org). As long as the user's wallet address opens the messaging network, it may receive any information sent by the messaging protocol. Many attackers used this feature to send messages with phishing links to wallet users. Relevant wallet users need to be vigilant and not click on unknown links.
Amount of loss: - Attack method: Phishing Attack
Description of the event: Ordinals Wallet suffered a SIM Swap attack. The Twitter account was hacked and phishing links were posted. The attacker is PinkDrainer.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Crypto infrastructure company Fireblocks has disclosed a series of vulnerabilities (collectively referred to as "BitForge") affecting various popular crypto wallets that use multi-party computation (MPC) technology, CoinDesk reported. The company classified BitForge as a "zero-day" vulnerability, and Coinbase, ZenGo, and Binance — the three companies most affected by BitForge — have already worked with Fireblocks to fix the underlying vulnerability. "If not remediated, the vulnerabilities would allow attackers and malicious insiders to siphon funds from the wallets of millions of retail and institutional customers in seconds, without the knowledge of users or providers", Fireblocks said.
Amount of loss: - Attack method: BitForge Vulnerability
Description of the event: Klever published a report on an external security incident on July 12. All wallets affected by the suspicious activity on July 12 were reported to be affected by a known vulnerability caused by low-entropy mnemonics. It's important to underscore that this issue is not exclusive to Klever. Reports indicate that users of multiple wallet providers are affected. All the wallets involved were imported into Klever Wallet K5. These wallets had not been originally created using Klever Wallet K5, instead all the wallets were created using an old and weak pseudorandom number generator (PRNG) algorithm as their entropy source. This algorithm was commonly used in early versions of various cryptocurrency wallet providers, which relied on the Javascript platform. The use of such a weak PRNG algorithm can significantly compromise the security and unpredictability of the generated keys, potentially making them more vulnerable to attacks or unauthorized access. Klever strongly recommends immediately migrating old wallets to new wallets created on Klever Wallet K5 or Klever Safe.
Amount of loss: - Attack method: Low Entropy Mnemonic Vulnerability
Description of the event: Ordinals eco-wallet Xverse tweeted: Xverse has fixed a bug that caused wallet helpers to be stored unencrypted on local devices, and all users should update the Chrome extension to the latest version. The risk of this bug is minimal if it is confirmed that no helper words leave the user's local device. However, if users are concerned about the threat, they can migrate their assets to a newly generated wallet. This error does not affect Xverse iOS and Android apps.
Amount of loss: - Attack method: Mnemonic leaked
Description of the event: On June 3, multiple Atomic Wallet users posted on social media that their wallet assets had been stolen. Atomic says less than 1% of monthly active users are currently affected/reported. According to SlowMist, Atomic Wallet officially offlined cloudflare’s download site and sha256sum verification site in an emergency. From this, it is speculated that there may be a security problem in the link of downloading the historical version.
Amount of loss: $ 100,000,000 Attack method: Unknown
Description of the event: According to The Block, cybersecurity firm Unciphered claims it was able to hack into hardware-encrypted wallets powered by Trezor T models. In a YouTube demo, Unciphered showed exploiting the wallet vulnerability to extract the mnemonic private key from the wallet, saying the attack is only feasible if the attacker has physical access to the hardware wallet. Trezor CTO Tomáš Sušánka responded: "This appears to be a vulnerability called an RDP downgrade attack, which requires extremely sophisticated technical knowledge and advanced equipment. Even with the above conditions, Trezor can pass a powerful passphrase, making RDP downgrade attacks ineffective.” Trezor added that they have taken the important step of developing a new secure element for hardware wallets with their sister company Tropic Square to solve future problems.
Amount of loss: - Attack method: RDP downgrade attack
Description of the event: Algorand ecological wallet MyAlgo issued a reminder on Twitter that the hack occurred more than a week ago, and no other actions have taken place since then. The attacked users all had large amounts of funds on their accounts and used mnemonic wallets with keys stored in the browser. ZachXBT, an on-chain data analyst, tweeted: “Due to the attack on MyAlgo, Algorand’s ecological wallet, from February 19th to 21st, more than $9.2 million in assets (19.5 million ALGOs, 3.5 million USDCs, etc.) may have been stolen on Algorand. ChangeNow shared that they were able to freeze $1.5 million.”
Amount of loss: $ 9,200,000 Attack method: Mnemonic Vulnerability
Description of the event: Cybersecurity startup Unciphered has carried out an attack on encrypted hardware wallets made by OneKey. In a video on YouTube, Unciphered demonstrates a so-called "man-in-the-middle" wallet attack method that exploits a vulnerability to extract a mnemonic seed phrase, or private key, from a OneKey Mini hardware wallet. OneKey acknowledged the vulnerability in a statement and said that no one was affected as it had updated the security patch. OneKey said it has paid a bounty to Unciphered.
Amount of loss: - Attack method: "Man-in-the-middle" attack
Description of the event: Several users claimed that their funds were stolen in the official Telegarm group of BitKeep, a Web3 multi-chain wallet. BitKeep issued an announcement saying that after preliminary investigation by the team, it is suspected that some APK package downloads were hijacked by hackers, and the packages implanted by hackers were installed. At present, funds on multiple chains have been damaged, and only BNB Chain has lost more than 3 million US dollars.
Amount of loss: $ 9,000,000 Attack method: Unknown
Description of the event: Trust Wallet released an analysis report saying: "In November 2022, a vulnerability was discovered in the back-end module WebAssembly (WASM) at the core of the open source repository wallet. The vulnerability affected new wallets generated by browser extension versions 0.0.172 and 0.0.182, and only the private keys of a limited number of new wallets created in these versions were affected. Despite our best efforts, two breaches occurred, resulting in a combined loss of approximately $170,000 at the time of the attack. "
Amount of loss: $ 170,000 Attack method: Wallet Vulnerability
Description of the event: Aptos ecological wallet Petra tweeted that the Aptos Labs team discovered a vulnerability on Petra on October 20. The mnemonic is related to account creation in existing wallets, and the mnemonic displayed on the page may be inaccurate. To access the exact 12 mnemonic phrases, set up, manage your account, enter your password, and click Show Key Recovery Phrase. Currently, Petra has fixed the vulnerability.
Amount of loss: - Attack method: Mnemonic Vulnerability
Description of the event: According to the official news of the wallet BitKeep, BitKeep Swap was attacked by hackers, and the development team has carried out urgent processing. The hacker's attack has been stopped. The attack was concentrated on the BNB Chain, resulting in a loss of about 1 million US dollars. According to SlowMist MistTrack monitoring, Bitkeep Swap attackers have transferred 4,300 BNB (about $1.18 million) stolen funds to Tornado Cash in the form of 100 BNB each.
Amount of loss: $ 1,180,000 Attack method: Contract Vulnerability
Description of the event: According to the official announcement of TokenPocket, the official website tokenpocket.pro is currently attacked by abnormal traffic, and the technical team is carrying out emergency maintenance. During the technical maintenance period, the TokenPocket website will not be accessible normally, and the security of user assets will not be affected.
Amount of loss: - Attack method: Abnormal traffic attack
Description of the event: DeBank plug-in wallet Rabby tweeted that its Rabby Swap smart contract has a vulnerability, and users who have used it should revoke Rabby Swap approvals on all chains as soon as possible. According to the analysis of the SlowMist security team, the Rabby Swap contract was attacked, and the token exchange function in the contract was directly called externally through the functionCallWithValue function in the OpenZeppelin Address library. The parameters passed in by the user are not checked, resulting in any external call problems. Attackers exploit this issue to steal funds from users authorized by this contract.
Amount of loss: $ 190,000 Attack method: Contract Vulnerability
Description of the event: @alxlpsc disclosed on medium that MetaMask has serious privacy leaks. The vulnerability mainly uses MetaMask to automatically load NFT image URLs. Basic attack idea: the attacker can set the URI of the NFT to a server URL that he can control, and transfer the NFT to the target account; when the user logs in to MetaMask, MetaMask will automatically scan the NFT owned by the account, and initiate a pointer to The HTTP request to the attacker's server; the attacker can obtain the victim's IP information from the access log.
Amount of loss: - Attack method: Information Leakage
Description of the event: Dharma Wallet officially tweeted that there was a downtime. After Dharma updated Twitter, it said that it has returned to normal and all funds are safe.
Amount of loss: - Attack method: Downtime
Description of the event: Chivo Wallet is a national digital wallet issued by the government of El Salvador on September 7 for the implementation of the Bitcoin Act. To this end, El Salvador promised that users who download and authenticate the Chivo Wallet will receive a $30 bitcoin reward. This move allowed the official wallet of El Salvador to exceed 2 million users in one month. Between October 9th and October 14th, Cristosal, a human rights organization in El Salvador, received 755 notices about Salvadorans reporting that their Chivo wallet identity was stolen.
Amount of loss: $ 22,650 Attack method: Wallet Stolen
Description of the event: DeFi insurance agreement Nexus Mutual stated on Twitter that the personal address of its founder Hugh Karp was attacked by a platform user, stolen 370,000 NXM and lost more than 8 million US dollars. The official said that this is a targeted attack, only the official name, Karp used a hardware wallet, the attacker obtained remote access to his computer, and modified the wallet plug-in MetaMask, deceived him to sign the transaction, the attacker Completed KYC 11 days ago, and then changed to a new address on December 3. , To transfer funds to the attacker’s own address.
Amount of loss: 370,000 NXM Attack method: Permission Stolen
Description of the event: On November 9th, a user named "aaron67" posted about his BSV theft experience, saying that please stop using the multisig accumulator multi-signature solution implemented by ElectrumSV immediately. The locking script of this scheme had serious bugs, so that 600 BSV was stolen on November 6th. After the incident, the user had contacted Roger Taylor, the author of ElectrumSV, for the first time, and the serious bug was subsequently confirmed. At the same time, the Note.SV developers stated that they had done an analysis for the first time to find the source of the bug, and notified the wallet author and community users.
Amount of loss: 600 BSV Attack method: Security Vulnerability