1699 hack event(s)
Description of the event: The blockchain gaming platform GMEE has announced via Twitter that the GMEE token contract on Polygon experienced unauthorized GitLab access a few hours ago, resulting in the theft of 600 million GMEE tokens. Subsequently, the attacker exchanged the tokens for ETH and MATIC.
Amount of loss: $ 7,000,000 Attack method: Authorization Attack
Description of the event: The DeFi protocol Concentric Finance, built on the Camelot v3 protocol, has suffered a severe security breach. In an official post on social media, Concentric.fi stated that the security breach due to a targeted social engineering attack on one of their team members holding the deployer wallet. The attacker exploited vulnerabilities to upgrade the vaults, mint new LP tokens, and subsequently drained the platform's assets.
Amount of loss: $ 1,700,000 Attack method: Social Engineering
Description of the event: Bullran Index was attacked due to a lack of permission control. An MEV bot was able to burn the BUI tokens that a user deposited into a custom safe contract and exploit the lack of permission control to extract 136 ETH.
Amount of loss: $ 310,000 Attack method: Contract Vulnerability
Description of the event: Tron founder Justin Sun tweeted that Htx.com and HTX_DAO have been attacked by DDoS attack. The official HTX Twitter account also mentioned that the HTX application is currently experiencing interruptions, and the technical team is actively working to resolve the issues.
Amount of loss: - Attack method: DDoS Attack
Description of the event: LongNoseDog (LONG) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 309,749 Attack method: Rug Pull
Description of the event: BSC 上的 Poldo (POLDO) 疑跑路,部署者撤走了大量流动性,导致价格下跌 100%。
Amount of loss: $ 311,607 Attack method: Rug Pull
Description of the event: CRONUS (CRONUS) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 316,355 Attack method: Rug Pull
Description of the event: The decentralized, non-custodial liquidity market protocol Rosa Finance on Arbitrum was exploited, resulting in a loss of approximately $45,000.
Amount of loss: $ 44,800 Attack method: Unknown
Description of the event: According to a tweet from Manta Network, the Manta Pacific chain encountered an RPC attack at approximately 9 AM UTC. Kenny Li, co-founder of Manta Network (@superanonymousk), provided updates on Twitter regarding the DDoS attack on Manta Network. He mentioned that Manta Network experienced a calculated DDoS attack at 9:30 AM UTC, coinciding with the start of their TGE activity. Since then, the RPC nodes have faced over 135 million requests, indicating that this was a very aggressive and timed attack.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Arkham official announced on Twitter that its CEO, Miguel Morel, fell victim to a SIM card swap attack. Miguel Morel's Twitter account was compromised.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Trezor, the manufacturer of encrypted hardware wallets, has announced that it is currently investigating a security incident that occurred on January 17, 2024. Unauthorized access was detected to the third-party support portal used by Trezor. No damage has been inflicted on customers' digital assets. Internal audits indicate that the exposure might be limited to information of customers who have interacted with Trezor Support since December 2021, encompassing only email and names/nicknames.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: The crypto index project BasketDAO was exploited on the Ethereum Mainnet due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $107,000. The root cause of the exploit is an arbitrary low-level call in the approval process of their smart contracts.
Amount of loss: $ 107,000 Attack method: Contract Vulnerability
Description of the event: The interoperability protocol Socket tweeted that the protocol experienced a security incident. An attacker exploited a vulnerability on a newly added module under the Socket Aggregator system. The module was responsible for swapping tokens on behalf of users. The vulnerability in said module allowed the attacker to steal funds from users who had given infinite approval of tokens to the Socket Gateway contract. The attack was carried out through 2 malicious transactions on Ethereum. The total exploited value is estimated to be around $3.3m. On January 23rd, Socket announced the successful recovery of 1032 ETH from the funds involved in the incident. A recovery and distribution plan for users will be promptly released.
Amount of loss: $ 3,300,000 Attack method: Contract Vulnerability
Description of the event: BorzoiCoin (BORZOI) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 300,000 Attack method: Rug Pull
Description of the event: PulseXIncentiveToken (INC) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 272,207 Attack method: Rug Pull
Description of the event: FoxFunnies (FXN) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 303,972 Attack method: Rug Pull
Description of the event: MOE (MOE) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 318,021 Attack method: Rug Pull
Description of the event: Another $2.7 million is gone after an apparent thief was able to exploit a smart contract that was intended to distribute payouts to Hector's token holders. They then swapped the tokens from the USDC stablecoin to ETH. Investors in the project are furious, especially because various parties had warned Hector Network about apparently insecure practices. Hector Network's team, meanwhile, have not acknowledged the theft, although a law firm involved in the project liquidation promised a statement would be forthcoming.
Amount of loss: $ 2,700,000 Attack method: Unknown
Description of the event: SolDragon (DRAGON) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 304,600 Attack method: Rug Pull
Description of the event: Speero (SPEERO) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 300,000 Attack method: Rug Pull