1988 hack event(s)
Description of the event: NOVAMIND_ (NMD) on ETH is suspected of a rug pull. ~41 ETH (~$123k) was transferred to a multisig and the token price has dropped ~97%.
Amount of loss: $ 123,000 Attack method: Rug Pull
Description of the event: On April 30th, the cross-chain lending protocol Pike Finance tweeted that its Pike Beta protocol had been attacked, resulting in losses of 99,970.48 ARB, 64,126 OP, and 479.39 ETH. The exploit was caused by weak security measures in Pike's contract functions when handling CCTP transfers. On April 26th, Pike Finance's USDC pool was hacked, resulting in losses of approximately $300,000.
Amount of loss: $ 1,680,000 Attack method: Contract Vulnerability
Description of the event: The blockchain data analysis platform Dune tweeted that its account was compromised earlier today and a fake post about a Dune Airdrop was live for about 15 minutes. The Dune team now has control over the account again.
Amount of loss: - Attack method: Account Compromise
Description of the event: A hacker stole approximately $181,000 worth of crypto assets from Yield’s strategic contracts present on the Arbitrum blockchain. The hacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets and then withdrew extra pool tokens.
Amount of loss: $ 181,000 Attack method: Contract Vulnerability
Description of the event: Crypto detective ZachXBT stated on his Telegram channel that the Middle Eastern cryptocurrency exchange Rain appears to have been hacked, resulting in a loss of $14.8 million USD. The breach occurred on April 29, 2024, when Rain's BTC, ETH, SOL, and XRP wallets experienced suspicious outflows of funds, which were quickly transferred to instant exchanges and converted into BTC and ETH.
Amount of loss: $ 14,800,000 Attack method: Unknown
Description of the event: A vulnerability has been detected in the unverified Ember Sword NFT auction that allowed the extraction of 60 WETH, equivalent to approximately $195,000, from 159 victims who approved the contract.
Amount of loss: $ 195,000 Attack method: Contract Vulnerability
Description of the event: According to feedback from multiple community members, the zkSync ecosystem lending platform @xBankFinance is suspected of a rug pull. Currently, the official account displays that it has been frozen, and the platform's liquidity is reduced to single-digit assets.
Amount of loss: $ 550,000 Attack method: Rug Pull
Description of the event: The cross-chain lending protocol Pike Finance tweeted that the USDC pool on Pike Beta has been exploited by a hacker. The total amount of USDC exploited is 299,127. The root cause is led by forged CCTP message to drain USDC on Ethereum, Arbitrum and Optimism chain.
Amount of loss: $ 299,127 Attack method: Contract Vulnerability
Description of the event: Fake IO on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 289,097 Attack method: Rug Pull
Description of the event: io.net founder and CEO Ahmad Shadid announced on social media that io.net's metadata APIs recently experienced a security incident. A malicious party exploited accessible mappings of User IDs to Device IDs, leading to unauthorized metadata updates. This breach did not compromise GPU access but did affect the metadata displayed to users on the frontend.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: According to intelligence from the SlowMist Security Team, the YIEDL project on the BSC chain was attacked, with the attacker stealing approximately $300,000. In this incident, the reason lies in the contract’s failure to adequately validate the external parameter(dataList) provided by the user during the processing of the redeem function call. This parameter is critical data for controlling asset exchanges, typically containing specific transaction instructions or routing information. The attacker maliciously constructed this external parameter, enabling unauthorized asset transfers.
Amount of loss: $ 300,000 Attack method: Contract Vulnerability
Description of the event: Shortly after the deployment of the FENGSHOU (NGFS) token, it was attacked, resulting in a loss of approximately $191,000. The vulnerability lies in a public `delegateCallReserves` function which allows the attacker to set an arbitrary address to a UniSwapV2 proxy.
Amount of loss: $ 191,000 Attack method: Contract Vulnerability
Description of the event: According to community feedback, the official Discord server of Merlin Chain appears to have been targeted in a hacker attack, where a management account posted a notification containing a phishing link.
Amount of loss: - Attack method: Account Compromise
Description of the event: The cross-chain bridge X Bridge has experienced multiple suspicious transactions, which are still ongoing. A suspicious address was recently funded by Tornado Cash on BNBChain, then bridged to ETH, and subsequently deposited 0.15 ETH into 'OwnedUpgradeabilityProxy.' Shortly after, a withdrawal of 482M STC totaling $824K was made from your 'OwnedUpgradeabilityProxy' contract.
Amount of loss: $ 824,000 Attack method: Unknown
Description of the event: The cross-chain bridge project XBridge was exploited due to a smart contract vulnerability on the Ethereum Mainnet and the BNB chain, resulting in a loss of approximately $1.44 million.
Amount of loss: $ 1,440,000 Attack method: Contract Vulnerability
Description of the event: The decentralized liquidity aggregation protocol Magpie Protocol was attacked due to a contract vulnerability, resulting in $129,000 being stolen from 221 wallets. The root cause is due to unchecked call data. The attacker called the contract's swap() function and passed in data which included a list of users to transfer tokens from.
Amount of loss: $ 129,000 Attack method: Contract Vulnerability
Description of the event: Users reported abnormal activity on the trading platform of the DeFi asset management protocol Velvet Capital on April 23rd. When attempting to connect to the frontend, users were prompted to approve their wallet's access permissions for the protocol.
Amount of loss: - Attack method: Unknown
Description of the event: The Fake Safe Token (SAFE) on BNBChain is suspected of a rug pull, and the current token price has dropped by 100%.
Amount of loss: $ 752,683 Attack method: Rug Pull
Description of the event: Z123 on BSC was attacked by a hacker due to a contract vulnerability, resulting in a loss of approximately $136k. The .update() function of Z123 was repeatedly called which burned extra tokens and inflated the price.
Amount of loss: $ 136,000 Attack method: Contract Vulnerability
Description of the event: The Fake Cruiz (CRUIZ) on BNBChain is suspected of a rug pull, and the current token price has dropped by 100%.
Amount of loss: $ 38,556 Attack method: Rug Pull