51 hack event(s)
Description of the event: According to monitoring by Scam Sniffer, the X account of Ordinals Wallet was hacked, and a phishing link was posted. Upon review, the related post has already been deleted.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to a message posted by Wasabi Wallet on Twitter, users have reported that a coordinator named WasabiCoordinator is gradually stealing user funds through a complex attack. Wasabi Wallet advises all users connected to this coordinator to immediately stop CoinJoin operations and announces that a new version will be released soon to prevent such attacks. Subsequently, Wasabi Wallet tweeted that there were three types of attacks in this incident: attacks on free coordinators, supply chain (GitHub) compromise, user-targeted attacks.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: On July 2, 2024, the decentralized AI project Bittensor was attacked, resulting in some Bittensor wallet users being compromised. The hackers stole approximately 32,000 TAO tokens, valued at around $8 million. On-chain investigator ZachXBT suggested that the attack may have been due to a private key leak. However, Bittensor later clarified that the affected users were actually compromised because a malicious Bittensor package had been uploaded to the Python PyPi package manager.
Amount of loss: $ 8,000,000 Attack method: Security Vulnerability
Description of the event: The user-friendly crypto wallet designed for DeFi and NFTs, Phantom, reported a DDoS attack on its platform. Someone attempted to overload its systems, causing potential temporary interruptions in some services. User assets are secure.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Trezor, the manufacturer of encrypted hardware wallets, has announced that it is currently investigating a security incident that occurred on January 17, 2024. Unauthorized access was detected to the third-party support portal used by Trezor. No damage has been inflicted on customers' digital assets. Internal audits indicate that the exposure might be limited to information of customers who have interacted with Trezor Support since December 2021, encompassing only email and names/nicknames.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: Wizz Wallet, the wallet of the Atomicals protocol, posted on Twitter that builders within the Atomicals ecosystem, including the Wizz team, have experienced DDoS attacks.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Recently, Telcoin Wallet was subjected to a targeted attack, and Telcoin tweeted that it is aware of the situation with the Telcoin app. Use of the app has been temporarily frozen while the issue is investigated and an update will be provided as soon as possible.
Amount of loss: $ 1,240,000 Attack method: Unknown
Description of the event: UniSat Wallet's official tweet is suspected to have been hacked.It posted a promotional tweet for a program with closed comments and a suspected malicious link.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: On October 6th, MCT issued an announcement stating that in the past two days, some users had reported cases of their MCT wallets being compromised. After investigation today, it was discovered that due to the DNS domain hijacking, under certain specific conditions, private keys could potentially be uploaded to a fraudulent domain. MCT advises users who have entered their private keys into MCT since September 15, 2023, to transfer their wallet balances as a precautionary measure as soon as possible.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: On September 20th, SlowMist tweeted that Coinbase Wallet recently integrated the Web3 messaging network protocol (http://xmtp.org). As long as the user's wallet address opens the messaging network, it may receive any information sent by the messaging protocol. Many attackers used this feature to send messages with phishing links to wallet users. Relevant wallet users need to be vigilant and not click on unknown links.
Amount of loss: - Attack method: Phishing Attack
Description of the event: Ordinals Wallet suffered a SIM Swap attack. The Twitter account was hacked and phishing links were posted. The attacker is PinkDrainer.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Crypto infrastructure company Fireblocks has disclosed a series of vulnerabilities (collectively referred to as "BitForge") affecting various popular crypto wallets that use multi-party computation (MPC) technology, CoinDesk reported. The company classified BitForge as a "zero-day" vulnerability, and Coinbase, ZenGo, and Binance — the three companies most affected by BitForge — have already worked with Fireblocks to fix the underlying vulnerability. "If not remediated, the vulnerabilities would allow attackers and malicious insiders to siphon funds from the wallets of millions of retail and institutional customers in seconds, without the knowledge of users or providers", Fireblocks said.
Amount of loss: - Attack method: BitForge Vulnerability
Description of the event: Klever published a report on an external security incident on July 12. All wallets affected by the suspicious activity on July 12 were reported to be affected by a known vulnerability caused by low-entropy mnemonics. It's important to underscore that this issue is not exclusive to Klever. Reports indicate that users of multiple wallet providers are affected. All the wallets involved were imported into Klever Wallet K5. These wallets had not been originally created using Klever Wallet K5, instead all the wallets were created using an old and weak pseudorandom number generator (PRNG) algorithm as their entropy source. This algorithm was commonly used in early versions of various cryptocurrency wallet providers, which relied on the Javascript platform. The use of such a weak PRNG algorithm can significantly compromise the security and unpredictability of the generated keys, potentially making them more vulnerable to attacks or unauthorized access. Klever strongly recommends immediately migrating old wallets to new wallets created on Klever Wallet K5 or Klever Safe.
Amount of loss: - Attack method: Low Entropy Mnemonic Vulnerability
Description of the event: Ordinals eco-wallet Xverse tweeted: Xverse has fixed a bug that caused wallet helpers to be stored unencrypted on local devices, and all users should update the Chrome extension to the latest version. The risk of this bug is minimal if it is confirmed that no helper words leave the user's local device. However, if users are concerned about the threat, they can migrate their assets to a newly generated wallet. This error does not affect Xverse iOS and Android apps.
Amount of loss: - Attack method: Mnemonic leaked
Description of the event: On June 3, multiple Atomic Wallet users posted on social media that their wallet assets had been stolen. Atomic says less than 1% of monthly active users are currently affected/reported. According to SlowMist, Atomic Wallet officially offlined cloudflare’s download site and sha256sum verification site in an emergency. From this, it is speculated that there may be a security problem in the link of downloading the historical version.
Amount of loss: $ 100,000,000 Attack method: Unknown
Description of the event: According to The Block, cybersecurity firm Unciphered claims it was able to hack into hardware-encrypted wallets powered by Trezor T models. In a YouTube demo, Unciphered showed exploiting the wallet vulnerability to extract the mnemonic private key from the wallet, saying the attack is only feasible if the attacker has physical access to the hardware wallet. Trezor CTO Tomáš Sušánka responded: "This appears to be a vulnerability called an RDP downgrade attack, which requires extremely sophisticated technical knowledge and advanced equipment. Even with the above conditions, Trezor can pass a powerful passphrase, making RDP downgrade attacks ineffective.” Trezor added that they have taken the important step of developing a new secure element for hardware wallets with their sister company Tropic Square to solve future problems.
Amount of loss: - Attack method: RDP downgrade attack
Description of the event: According to the official WeChat account of Ping An Xuhui, employees Zhang, Dong, and Liu from Company A decided in early March 2023 to insert a backdoor program into a certain cryptocurrency wallet software to obtain users' private keys. The three individuals illegally obtained over 27,000 mnemonic phrases and more than 10,000 private keys, successfully converting over 19,000 digital wallet addresses. In April 2024, the Xuhui District People's Court sentenced Liu, Zhang, and Dong to three years in prison for the crime of illegally obtaining data from a computer information system and fined each of them 30,000 RMB. It is worth noting that Company A is suspected to be the former Huobi company. In an exclusive report by WuShuo in 2023, it was revealed that due to the installation of trojans by former employees, some users' mnemonic phrases or private keys of iToken (formerly Huobi Wallet) were leaked. HTX responded that the trojan installation was the personal act of former Huobi employees before the acquisition, leading to the theft of others' mnemonic phrases and private keys.
Amount of loss: - Attack method: Insider Manipulation
Description of the event: Algorand ecological wallet MyAlgo issued a reminder on Twitter that the hack occurred more than a week ago, and no other actions have taken place since then. The attacked users all had large amounts of funds on their accounts and used mnemonic wallets with keys stored in the browser. ZachXBT, an on-chain data analyst, tweeted: “Due to the attack on MyAlgo, Algorand’s ecological wallet, from February 19th to 21st, more than $9.2 million in assets (19.5 million ALGOs, 3.5 million USDCs, etc.) may have been stolen on Algorand. ChangeNow shared that they were able to freeze $1.5 million.”
Amount of loss: $ 9,200,000 Attack method: Mnemonic Vulnerability
Description of the event: Cybersecurity startup Unciphered has carried out an attack on encrypted hardware wallets made by OneKey. In a video on YouTube, Unciphered demonstrates a so-called "man-in-the-middle" wallet attack method that exploits a vulnerability to extract a mnemonic seed phrase, or private key, from a OneKey Mini hardware wallet. OneKey acknowledged the vulnerability in a statement and said that no one was affected as it had updated the security patch. OneKey said it has paid a bounty to Unciphered.
Amount of loss: - Attack method: "Man-in-the-middle" attack
Description of the event: Several users claimed that their funds were stolen in the official Telegarm group of BitKeep, a Web3 multi-chain wallet. BitKeep issued an announcement saying that after preliminary investigation by the team, it is suspected that some APK package downloads were hijacked by hackers, and the packages implanted by hackers were installed. At present, funds on multiple chains have been damaged, and only BNB Chain has lost more than 3 million US dollars.
Amount of loss: $ 9,000,000 Attack method: Unknown