2172 hack event(s)
Description of the event: According to an official tweet from Web3 liquidity provider Orderly Network, their Discord server has been compromised. The official team advises users not to click on any links until the situation is fully resolved to avoid potential losses.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by the SlowMist security team, the official 1inch Discord appears to have been hacked, and phishing links have been posted. Please be cautious with your funds.
Amount of loss: - Attack method: Account Compromise
Description of the event: The DeFi lending platform Aave was attacked due to a contract vulnerability. The attack occurred in a smart contract outside of Aave's core protocol, which is used to allow users to repay loans using existing collateral. The attacker exploited an arbitrary call error, successfully stealing around $56,000 from these various contracts. Aave representatives emphasized that the attack posed no risk to user funds and did not affect the security of the core Aave protocol.
Amount of loss: $ 56,000 Attack method: Contract Vulnerability
Description of the event: According to an official tweet from Avalanche, their Discord server has been compromised. The official team advises users not to click on any links until the situation is fully resolved.
Amount of loss: - Attack method: Account Compromise
Description of the event: ZkSync's official Discord has been compromised, and hackers have posted a malicious link promoting a fake "second round airdrop" plan, falsely promising users free ZK tokens.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the crypto venture capital firm Aquarius was hacked. The attacker has already changed the username, associated email, and phone number. Additionally, the previous username has been taken over by another spam account controlled by the attacker.
Amount of loss: - Attack method: Account Compromise
Description of the event: Mudit Gupta, the Chief Information Security Officer of Polygon, stated on the X platform that the Polygon Community Discord has been compromised. He advised users not to click on any links within the server as the team is working to regain control.
Amount of loss: - Attack method: Account Compromise
Description of the event: The parallel-execution EVM public chain Artela announced on the X platform that their official Discord was hacked today. The attacker took control of the Discord channel and spread fake airdrop messages. The team took immediate action, removed the fraudulent posts, and the Discord has now been restored.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by the SlowMist security team, the staking and lending protocol HFLH on BNB Chain has been attacked. Users are advised to stay vigilant.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: HFLH (HFLH) was suspected to have been attacked on BNB, resulting in a loss of approximately $5,300.
Amount of loss: $ 5,300 Attack method: Price Manipulation
Description of the event: On-chain sleuth ZachXBT revealed that McDonald's Instagram account was allegedly hacked and used to promote the meme token GRIMACE.
Amount of loss: - Attack method: Account Compromise
Description of the event: The website frontend of Solana ecosystem real estate trading protocol Parcl has been hacked, extracting tokens from users' Solana wallets and displaying fake transaction results in Phantom. Parcl’s official X account also appears to have been compromised, posting information related to PARCL rewards.
Amount of loss: - Attack method: Frontend Attack
Description of the event: The X account of AvaLabs COO Luigi D'Onorio DeMeo appears to have been compromised. Please do NOT interact with any addresses or links it has posted.
Amount of loss: - Attack method: Account Compromise
Description of the event: The decentralized AI blockchain platform Sahara AI announced on the X platform that their official Discord has been compromised. Users are advised not to click on any links or respond to any messages until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: Vow suffers an attack due to a contract vulnerability, resulting in a loss of approximately $1.2 million.
Amount of loss: $ 1,200,000 Attack method: Contract Vulnerability
Description of the event: iVest DAO was attacked due to a smart contract vulnerability, resulting in a loss of approximately $172,000.
Amount of loss: $ 172,000 Attack method: Contract Vulnerability
Description of the event: The official Discord server of RARI Foundation has been hacked. Please refrain from using the server until the team has regained control.
Amount of loss: - Attack method: Account Compromise
Description of the event: An external attacker gained access to credentials for managing Nexera Fundrs platform's smart contracts. Using these credentials, the attacker transferred NXRA tokens from Fundrs' staking contracts on Ethereum. Out of the 47.24 million NXRA tokens stolen, the attacker was only able to sell 14.75 million tokens (approximately $449,000). Nexera successfully removed the remaining 32.5 million NXRA balance from the attacker's wallet, preventing further loss.
Amount of loss: $ 1,830,000 Attack method: Malware Attack
Description of the event: The Ronin Bridge project experienced unusual cross-chain asset withdrawals, suggesting a potential attack. According to the SlowMist security team, the vulnerability was caused by the modification of weight to an unexpected value, allowing funds to be withdrawn without passing any multi-signature threshold checks. The attacker extracted approximately 4,000 ETH and 2 million USDC from the bridge, amounting to a value of around $12 million. As of August 7th, white hats have returned $12 million worth of assets and received a $500,000 bug bounty.
Amount of loss: $ 12,000,000 Attack method: Contract Vulnerability
Description of the event: OMPx was attacked, resulting in a loss of approximately $107,000. The attacker obtained initial funds through Railgun, and the stolen funds have already been deposited into Railgun.
Amount of loss: $ 107,000 Attack method: Unknown