1946 hack event(s)
Description of the event: Vestra DAO tweeted that a hacker exploited a vulnerability in the locked staking contract, manipulating the reward mechanism to claim rewards exceeding their entitlement. As a result, a total of 73,720,000 VSTR tokens were stolen. The stolen tokens were gradually sold on Uniswap, causing approximately $500,000 in ETH liquidity losses.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist security team’s monitoring, RunWay (BYC) appears to have been attacked on BSC, resulting in a loss of approximately $100K.
Amount of loss: $ 100,000 Attack method: Contract Vulnerability
Description of the event: DeBox officially announced that due to the leakage of the private key of an operational account's personal EOA wallet, 31.03 ETH and 4.879 million BOX tokens were stolen.
Amount of loss: $ 275,000 Attack method: Private Key Leakage
Description of the event: The GAGAW (GAGAW) on BSC is suspected to have been attacked, resulting in a loss of approximately $70K.
Amount of loss: $ 70,000 Attack method: Contract Vulnerability
Description of the event: According to community feedback, the official X account of the Meme token Brett on the Base chain has reportedly been compromised and used to post false information. Please stay vigilant against related risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to Clipper's post-mortem, on December 1, 2024, an attacker exploited a vulnerability in a smart contract used by Clipper, manipulating the single-asset deposit and withdrawal feature. This manipulation affected the liquidity pools on the Optimism and Base networks, causing an imbalance that allowed the attacker to withdraw more assets than they had deposited. The attack resulted in a loss of approximately $457,878.
Amount of loss: $ 457,878 Attack method: Contract Vulnerability
Description of the event: Spectral tweeted that they received an alert about a vulnerability affecting certain tokens on the bonding curve contracts on Syntax, which was used to remove approximately $200K in liquidity.
Amount of loss: $ 250,000 Attack method: Contract Vulnerability
Description of the event: The cryptocurrency exchange XT has reportedly fallen victim to a hacking incident, resulting in the loss of approximately $1.7 million worth of crypto assets. The hacker has converted the funds into 461.58 ETH and deposited them into the address 0xB43f…8F83.
Amount of loss: $ 1,700,000 Attack method: Unknown
Description of the event: The DeSci project Pump Science tweeted that the wallet T5j2UB...jjb8sc was exploited due to an oversight in their GitHub repository. The exploiter gained access to the keypair, which had been embedded in the source code of their website.
Amount of loss: - Attack method: Private Key Leakage
Description of the event: On November 25, DCF on the BNB Chain was attacked, resulting in a loss of approximately $440,000. The root cause of the vulnerability was an error in the logic implemented by the project team in the transfer function of DCF.
Amount of loss: $ 440,000 Attack method: Flash Loan Attack
Description of the event: The Akashalife (AK1111) on BSC was suspected to have been attacked, resulting in a loss of approximately $31.5K.
Amount of loss: $ 31,500 Attack method: Contract Vulnerability
Description of the event: On-chain investigator ZachXBT stated on his personal Telegram channel that the wallet associated with crypto KOL JRNY appears to have been compromised, with approximately $4 million worth of crypto assets transferred and sold. This suggests that the wallet's private key may have been leaked.
Amount of loss: $ 4,000,000 Attack method: Private Key Leakage
Description of the event: The Sweepr Token (SWEEPR) on ETH was suspected to have been attacked, resulting in a loss of approximately $14K.
Amount of loss: $ 14,000 Attack method: Contract Vulnerability
Description of the event: The Matez (MATEZ) on BSC is suspected to have been attacked, resulting in a loss of at least $80K.
Amount of loss: $ 80,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist Security Team, the BSCGem (BSCGem) on BSC is suspected to have been attacked, resulting in a loss of approximately $17.3K.
Amount of loss: $ 17,300 Attack method: Contract Vulnerability
Description of the event: The lending project Polter Finance on Fantom lost ~$12 million due to an oracle price-related flash loan attack on its newly launched SpookySwap (BOO) market.
Amount of loss: $ 12,000,000 Attack method: Flash Loan Attack
Description of the event: The MFT (MFT) on BSC is suspected to have been attacked, resulting in a loss of approximately $33.7K.
Amount of loss: $ 33,700 Attack method: Contract Vulnerability
Description of the event: Binance co-founder CZ confirmed on X that the official X account of his educational project, Giggle Academy, has been hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: The funds of multiple users of the on-chain trading terminal DEXX have been stolen. According to statistics from the SlowMist Security Team, the total losses from this incident have reached $21 million.
Amount of loss: $ 21,000,000 Attack method: Private Key Leakage
Description of the event: The X account of the meme project dogwifcoin (WIF) is suspected to have been hacked, posting multiple token contract messages. Users are advised to stay vigilant.
Amount of loss: - Attack method: Account Compromise