1950 hack event(s)
Description of the event: GoledoFinance on Conflux was attacked, with a loss of 7.9m $CFX ($1.7M). The Goledo team has completed the initial investigation of the large borrowings in the lending pool. The team has determined that the issue is related to a flash loan.
Amount of loss: $ 1,700,000 Attack method: Flash Loan Attack
Description of the event: The Wall Street Memes token was subject to a coordinated attack. The hackers exploited a vulnerability with their staking provider and accessed the $WSM staking contract.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: Portfolio management tool Citadel.one has been attacked, resulting in a loss of approximately $93K.
Amount of loss: $ 93,000 Attack method: Unknown
Description of the event: South Korean Web3 social music service Somesing announced that it fell victim to a security vulnerability attack last Saturday, resulting in a loss of 730 million native tokens (SSX), equivalent to approximately $11.58 million.
Amount of loss: $ 11,580,000 Attack method: Unknown
Description of the event: Citadel Finance was exploited on the Arbitrum chain, which resulted in a loss of 43 ETH, worth approximately $93,000. The root cause of the exploit is price manipulation of the underlying assets.
Amount of loss: $ 93,000 Attack method: Price Manipulation
Description of the event: The Algorand Foundation tweeted that the Twitter account of Staci Warden (@StaciW_DC), the CEO of the Foundation, has been compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: AltLayer, a temporary extension layer built on Optimistic Rollups, tweeted that early this morning, its Twitter profile was not displaying past tweets on the timeline. After approximately 3 hours of handling, the account has now been restored to normal. The entire incident may have been an organized attack. AltLayer advises users to stay safe and cross-check any information and links across multiple channels.
Amount of loss: - Attack method: Account Compromise
Description of the event: On January 25th, the staking contract of the space-themed open-world Web3 game Nebula Revelation suffered a reentrancy attack. On January 28th, Nebula Revelation announced a compensation plan of 159,831 USDT. The team promises comprehensive compensation and has decided to reimburse users at the price before the theft to ensure fairness.
Amount of loss: $ 180,000 Attack method: Reentrancy Attack
Description of the event: Saga DAO, a community-run fan club for Solana's sellout mobile phone fell victim to a hacker attack, resulting in a theft of 750 SOL, equivalent to approximately $60,000. On February 2nd, SagaDAO tweeted that all funds stolen last week had been recovered. 65,761.03 USDC has been sent back to the Align multisig wallet protected by Phase Labs. The funds were returned from the original attacker's address.
Amount of loss: $ 65,761 Attack method: Unknown
Description of the event: JohnLennonC0IN (BEATLES) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 54,900 Attack method: Rug Pull
Description of the event: The blockchain gaming platform GMEE has announced via Twitter that the GMEE token contract on Polygon experienced unauthorized GitLab access a few hours ago, resulting in the theft of 600 million GMEE tokens. Subsequently, the attacker exchanged the tokens for ETH and MATIC.
Amount of loss: $ 7,000,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol Concentric Finance, built on the Camelot v3 protocol, has suffered a severe security breach. In an official post on social media, Concentric.fi stated that the security breach due to a targeted social engineering attack on one of their team members holding the deployer wallet. The attacker exploited vulnerabilities to upgrade the vaults, mint new LP tokens, and subsequently drained the platform's assets.
Amount of loss: $ 1,700,000 Attack method: Social Engineering
Description of the event: Bullran Index was attacked due to a lack of permission control. An MEV bot was able to burn the BUI tokens that a user deposited into a custom safe contract and exploit the lack of permission control to extract 136 ETH.
Amount of loss: $ 310,000 Attack method: Contract Vulnerability
Description of the event: Tron founder Justin Sun tweeted that Htx.com and HTX_DAO have been attacked by DDoS attack. The official HTX Twitter account also mentioned that the HTX application is currently experiencing interruptions, and the technical team is actively working to resolve the issues.
Amount of loss: - Attack method: DDoS Attack
Description of the event: LongNoseDog (LONG) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 309,749 Attack method: Rug Pull
Description of the event: BSC 上的 Poldo (POLDO) 疑跑路,部署者撤走了大量流动性,导致价格下跌 100%。
Amount of loss: $ 311,607 Attack method: Rug Pull
Description of the event: CRONUS (CRONUS) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 316,355 Attack method: Rug Pull
Description of the event: The decentralized, non-custodial liquidity market protocol Rosa Finance on Arbitrum was exploited, resulting in a loss of approximately $45,000.
Amount of loss: $ 44,800 Attack method: Unknown
Description of the event: According to a tweet from Manta Network, the Manta Pacific chain encountered an RPC attack at approximately 9 AM UTC. Kenny Li, co-founder of Manta Network (@superanonymousk), provided updates on Twitter regarding the DDoS attack on Manta Network. He mentioned that Manta Network experienced a calculated DDoS attack at 9:30 AM UTC, coinciding with the start of their TGE activity. Since then, the RPC nodes have faced over 135 million requests, indicating that this was a very aggressive and timed attack.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Arkham official announced on Twitter that its CEO, Miguel Morel, fell victim to a SIM card swap attack. Miguel Morel's Twitter account was compromised.
Amount of loss: - Attack method: Account Compromise