1936 hack event(s)
Description of the event: The official Discord server of RARI Foundation has been hacked. Please refrain from using the server until the team has regained control.
Amount of loss: - Attack method: Account Compromise
Description of the event: An external attacker gained access to credentials for managing Nexera Fundrs platform's smart contracts. Using these credentials, the attacker transferred NXRA tokens from Fundrs' staking contracts on Ethereum. Out of the 47.24 million NXRA tokens stolen, the attacker was only able to sell 14.75 million tokens (approximately $449,000). Nexera successfully removed the remaining 32.5 million NXRA balance from the attacker's wallet, preventing further loss.
Amount of loss: $ 1,830,000 Attack method: Malware Attack
Description of the event: The Ronin Bridge project experienced unusual cross-chain asset withdrawals, suggesting a potential attack. According to the SlowMist security team, the vulnerability was caused by the modification of weight to an unexpected value, allowing funds to be withdrawn without passing any multi-signature threshold checks. The attacker extracted approximately 4,000 ETH and 2 million USDC from the bridge, amounting to a value of around $12 million. As of August 7th, white hats have returned $12 million worth of assets and received a $500,000 bug bounty.
Amount of loss: $ 12,000,000 Attack method: Contract Vulnerability
Description of the event: OMPx was attacked, resulting in a loss of approximately $107,000. The attacker obtained initial funds through Railgun, and the stolen funds have already been deposited into Railgun.
Amount of loss: $ 107,000 Attack method: Unknown
Description of the event: According to monitoring by the SlowMist security team, SATOSHI (SATS) was attacked on Ethereum on August 3rd.
Amount of loss: $ 5,000 Attack method: Contract Vulnerability
Description of the event: According to an official tweet from Ethereum Layer 2 network Starknet, their Discord server has been compromised. The official team advises users not to click on any links until the situation is fully resolved.
Amount of loss: - Attack method: Account Compromise
Description of the event: Convergence Finance was attacked. 58M CVG have been minted and sold by the hacker for approximately $210,000 ( the whole portion of tokens dedicated to staking emissions); Approximately $2,000 of unclaimed rewards from Convex have also been stolen. A lack of validation in the input given by the user in the function claimMultipleStaking of the reward distribution contract is the root cause of the exploit.
Amount of loss: $ 210,000 Attack method: Contract Vulnerability
Description of the event: Terra blockchain experienced a security breach that led to the theft of tokens. The attackers exploited a known vulnerability related to the third-party module IBC hooks, stealing the value of cross-chain assets, including USDC stablecoins and Astroport tokens. The Terra team has taken emergency measures to prevent further losses and coordinated with validators to apply a patch to fix the vulnerability. According to Zaki Manian, co-founder of Sommelier Finance, although the vulnerability was patched in the Cosmos ecosystem back in April, Terra did not include this patch in their June upgrade, resulting in the vulnerability being re-exposed and exploited.
Amount of loss: $ 5,280,000 Attack method: Third-party Vulnerability
Description of the event: The Ethereum Layer 2 network Metis issued a warning on Twitter stating that their Discord has been compromised. They advised users not to click on any "airdrop links" or any other links.
Amount of loss: - Attack method: Account Compromise
Description of the event: Anzen Finance, the issuer of RWA stablecoins, announced on the X platform that on July 30, due to an error in the Blast vault contract, a white hat hacker exploited the vault to steal 500,000 USDz. The white hat returned $450,000 in a timely manner and received a $50,000 bounty as a reward.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: On July 26th, the official Twitter account of SAT20 Labs was hacked, and the attacker posted tweets containing links to install malware.
Amount of loss: - Attack method: Account Compromise
Description of the event: On July 26, 2024, Casper Network was attacked. Following the attack, Casper Network tweeted that they had worked with validators to pause the network in order to minimize the impact of the security vulnerability until it could be patched. According to the preliminary report released by Casper Network on July 31, 13 wallets were affected in this incident. The total amount of illicit transactions is estimated to be around $6.7 million. Casper Network discovered that malicious actors exploited a vulnerability that allowed a contract installer to bypass access rights checks on urefs, enabling them to grant the contract access to uref-based resources. This privilege escalation facilitated unauthorized access, including the ability to transfer tokens.
Amount of loss: $ 6,700,000 Attack method: Security Vulnerability
Description of the event: Blast ecosystem DEX MonoSwap disclosed on Twitter that the platform has been hacked. Users are advised not to add liquidity or stake. If you have any staking positions, please withdraw them immediately to avoid financial loss.
Amount of loss: $ 1,300,000 Attack method: Malware Attack
Description of the event: According to on-chain detective ZachXBT, Sorta Finance is likely to conduct an exit scam on Arbitrum in the future, so do not use the protocol. This scammer has previously stolen over $25 million through scams such as Magnate, Kokomo, Lendora, Solfire, Crolend, and HashDAO.
Amount of loss: - Attack method: Scam
Description of the event: According to the SlowMist security team, the community TinTinLand's pinned tweet on July 20 contained a phishing link. With the assistance of the SlowMist security team, TinTinLand promptly resolved the account theft issue and conducted an authorization review and security reinforcement of their Twitter account.
Amount of loss: - Attack method: Account Compromise
Description of the event: On July 23, the dydx.exchange domain was discovered to have been compromised. The attacker changed the DNS Nameservers from Cloudflare to DDoS-Guard. The attacker also successfully removed the DNSSEC settings on the domain. The attacker hosted a malicious site which requested that any connected wallets transfer ETH and other ERC20 tokens to the attacker’s Ethereum address. Two users were affected, resulting in a loss of approximately $31,000.
Amount of loss: $ 31,000 Attack method: DNS Attack
Description of the event: DeFi protocol Spectra suffered an attack, resulting in a loss of approximately $550,000. Spectra has disabled the application and terminated the router contract to contain the situation, while the core protocol contract remains unaffected. Security personnel Chaofan Shou indicated that the attack stemmed from an arbitrary call in the router contract, allowing the attacker to drain all tokens approved by the contract. On July 24th, Spectra released a security incident analysis report, stating that the attacker hijacked user transactions on Spectra, affecting a total of 4 wallets and causing a loss of approximately 168 ETH. The core protocol contract of Spectra remains unaffected, with the funds within the contract secure. The application was restored on the morning of July 24th.
Amount of loss: $ 550,000 Attack method: Contract Vulnerability
Description of the event: The Fake Base Dawgz on Ethereum is suspected of a rug pull, resulting in a loss of over $113,000.
Amount of loss: $ 113,000 Attack method: Rug Pull
Description of the event: On July 23, an attacker exploited a misconfiguration to gain access to $1 million from 13 different Prime accounts. This misconfiguration allowed the attacker to illegitimately transfer ownership of the Prime accounts to their own address, enabling them to repay loans and withdraw collateral. On July 24, the attacker returned $900,000.
Amount of loss: $ 1,000,000 Attack method: Contract Vulnerability
Description of the event: The liquidity restaking protocol Renzo tweeted that the Renzo Discord server has been compromised by malicious attackers. Please do not click on any links posted in the server.
Amount of loss: - Attack method: Account Compromise