1857 hack event(s)
Description of the event: According to the SlowMist security team, potential suspicious activity has been detected in the GameFi protocol MetaDragon, and users are advised to remain vigilant. MetaDragon stated that users need to convert their META NFTs into tokens as soon as possible to minimize community losses. The META NFT contract has just been hacked. The hacker converted many NFTs in wallets to META tokens and sold them. The attack path originated from the META NFT.
Amount of loss: $ 181,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, EXcommunity on BNBChain is suspected of being attacked, resulting in a loss of approximately $37,000.
Amount of loss: $ 37,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist security team, the liquidity aggregator protocol Orion's contract was attacked, resulting in a loss of approximately $616,000.
Amount of loss: $ 616,000 Attack method: Contract Vulnerability
Description of the event: Sebastiani, co-founder of The Sandbox, posted on X platform that one of The Sandbox team members was hacked and his Twitter account used to send SCAM tweets and DMs, disguised as if these were official.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to the SlowMist security team, RedKeysGame on BNBChain was attacked, resulting in a loss of approximately $10,000.
Amount of loss: $ 10,584 Attack method: Contract Vulnerability
Description of the event: According to community feedback, the Base ecosystem's meme coin NORMIE has been attacked. The attacker exploited a design flaw in the NORMIE token's cross-chain bridge, manipulating the price on the Base Chain using flash loans. Since transactions with NORMIE on the Base Chain incur taxes, these taxes are automatically directed to a wallet controlled by the project team. The attacker injected a large amount of funds into this wallet via flash loans, significantly diluting the token's supply and causing a flash crash in the price.
Amount of loss: $ 882,000 Attack method: Flash Loan Attack
Description of the event: The TON ecosystem Launchpad platform TonUP announced on social media that its recently launched staking contract was attacked, resulting in a loss of 307,264 UP tokens. Upon investigation, it was found that the incident was due to the smart contract engineer incorrectly configuring script parameters, leading to users mistakenly claiming staked UP assets.
Amount of loss: $ 107,600 Attack method: Contract Vulnerability
Description of the event: YON on BNBChain was exploited and lost 190 BNB (~$118K) as a result. The vulnerability in the transferFrom function of the target contract (YON) allowed the attacking contract to directly transfer YON to the LP contract.
Amount of loss: $ 118,000 Attack method: Contract Vulnerability
Description of the event: The official Twitter account of Scroll's liquidity layer, Rho Markets, was hacked and posted suspicious links.
Amount of loss: - Attack method: Account Compromise
Description of the event: On May 20, 2024, the Web3 gaming platform Gala Games was attacked, resulting in a loss of approximately $21.8 million. The attacker minted 5 billion GALA tokens, worth over $200 million, and quickly sold 592 million GALA, receiving 5,952 ETH. On May 22, according to on-chain records and a statement from Gala Games on Discord, the digital wallet associated with the Gala Games hacker transferred 5,913.2 ETH, which was the hacker returning the stolen funds.
Amount of loss: $ 21,800,000 Attack method: Private Key Leakage
Description of the event: According to the SlowMist security team's monitoring, the TCH token on the BNBChain has been continuously attacked due to a malleability issue, resulting in a loss of approximately $19,000.
Amount of loss: $ 19,000 Attack method: Contract Vulnerability
Description of the event: pump.fun is a Solana-based memecoin generator. On May 16th, the project suffered a $1.9 million exploit by an attacker who then began airdropping the money to somewhat random wallets. pump.fun stated on Twitter that the attack was due to a former employee exploiting their privileges within the company to illegally obtain withdrawal permissions and using a lending protocol to carry out flash loan attacks.
Amount of loss: $ 1,900,000 Attack method: Flash Loan Attack
Description of the event: Fake Notcoin on ETH is suspected of a rug pull, and the current token price has dropped by 100%.
Amount of loss: $ 281,300 Attack method: Rug Pull
Description of the event: BlockTower Capital’s main hedge fund has been compromised and partially drained by fraudsters. The company has $1.7 billion in assets under management. Despite hiring blockchain forensic analysts to investigate the specifics of the fund theft and informing its limited partners of the incident, the stolen funds have yet to be recovered, and the hackers have not been apprehended.
Amount of loss: - Attack method: Unknown
Description of the event: Bitcoin DeFi application ALEX Lab was drained of over $4.3 million in various tokens after a suspected private key compromise attacked its bridging service. Hackers transferred over $300,000 USD worth of BTC, $3.3 million USD worth of stablecoins, and $75,000 USD worth of Sugar Kingdom (SKO) tokens.
Amount of loss: $ 4,300,000 Attack method: Private Key Leakage
Description of the event: Based on Compound's Optimism native lending protocol, Sonne Finance has fallen victim to a lightning loan attack by hackers, resulting in losses exceeding $20 million USD.
Amount of loss: $ 20,000,000 Attack method: Flash Loan Attack
Description of the event: The decentralized exchange Predy Finance on the Arbitrum chain was attacked, resulting in the loss of $464k worth of crypto assets from its lending pool.
Amount of loss: $ 464,000 Attack method: Contract Vulnerability
Description of the event: On May 14th, the decentralized trading protocol Equalizer Exchange within the Fantom ecosystem was suspected to have been attacked. The official team tweeted that they are investigating the incident and advised users not to interact with the Equalizer Exchange frontend. On May 15th, Equalizer Exchange announced that the domain has been restored.
Amount of loss: - Attack method: Unknown
Description of the event: The PI (PI) on Polygon is suspected of a rug pull, and the current token price has dropped by 100%, causing losses exceeding $490,000.
Amount of loss: $ 490,000 Attack method: Rug Pull
Description of the event: Patton on the ETH appears to have exit scammed, resulting in a 100% price drop and causing losses exceeding $260,000.
Amount of loss: $ 266,000 Attack method: Rug Pull