11 hack event(s)
Description of the event: ZkSync's official Discord has been compromised, and hackers have posted a malicious link promoting a fake "second round airdrop" plan, falsely promising users free ZK tokens.
Amount of loss: - Attack method: Account Compromise
Description of the event: Gemholic, a crypto project, is accused of a rug pull after moving $3.5M in recently recovered funds and vanishing from social media.
Amount of loss: $ 3,400,000 Attack method: Rug Pull
Description of the event: According to feedback from multiple community members, the zkSync ecosystem lending platform @xBankFinance is suspected of a rug pull. Currently, the official account displays that it has been frozen, and the platform's liquidity is reduced to single-digit assets.
Amount of loss: $ 550,000 Attack method: Rug Pull
Description of the event: The decentralized betting platform ZKasino is suspected to have exited. Recently, users on Twitter reported that ZKasino removed the message "Ethereum will be returned and can be bridged back" from the Bridge Funds interface, causing users to be unable to withdraw. Subsequently, the project team transferred the ETH assets deposited by users to the 0x791 multi-signature address, and then deposited them into the staking protocol Lido for yield farming.
Amount of loss: $ 33,000,000 Attack method: Rug Pull
Description of the event: The lending market ZeroLend has experienced a DDoS attack.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Kannagi Finance has rug pulled, making away with up to $2.13 million in investor funds. The platform runs o the zkSync Era, which is in the race for the best Ethereum Layer 2 network. The network has deleted its official website, including social media and communication accounts.
Amount of loss: $ 2,130,000 Attack method: Rug Pull
Description of the event: On July 25th, according to reports from several users, Eralend, the lending protocol on Zksync, was attacked by lightning loans, and it is currently unable to borrow, but it can be proposed temporarily. On July 26, EraLend released the progress of the attack. EraLend stated that the attacker manipulated the price of the oracle machine, resulting in the USDC mining pool being used for about 2.76 million US dollars. All other pools remain safe and unaffected. The attackers used multiple bridges to spread the exploited funds across multiple wallets on various chains.
Amount of loss: $ 2,760,000 Attack method: Flash Loan Attack
Description of the event: ZK Rollup Order Book DEX Protocol ZigZag tweeted, "Our Discord has been hacked, please note that there is no airdrop activity at ZigZag at this time, please do not click on phishing links. We are working to resolve this issue and will provide an update when control is regained."
Amount of loss: - Attack method: Discord was hacked
Description of the event: Bobie, the founder of 0xScope, the Web3 knowledge graph protocol, tweeted that the liquidity of the zkSync ecological DEX Merlin was exhausted, and hackers stole $1.82 million in funds and bridged to Ethereum. According to analysis, this is an internal Rug Pull, and Merlin internal members maliciously used the privileges of the owner's wallet.
Amount of loss: $ 1,820,000 Attack method: Rug Pull
Description of the event: On April 9th, a rug pull occurred on the ZkSync ecological project CoreHunter, and the scammers made a profit of about 510,000 US dollars.
Amount of loss: $ 510,000 Attack method: Rug Pull
Description of the event: The ZKSwap token ZKS, a decentralized exchange based on ZK Rollup, has problems due to Uniswap adding liquidity. ZKSwap officially stated that the reason for this phenomenon was that someone used scripts to brush transactions, resulting in a higher price for first adding liquidity. The project party can only sell a part of ZKS to return the price to normal levels. All the USDT obtained from selling ZKS has been injected into the liquidity pool and will not be withdrawn in the next 3 months
Amount of loss: - Attack method: Malicious Code Injection Attack