1959 hack event(s)
Description of the event: Safereum has conducted an exit scam for ~$1.3m. Contract Address: 0xb504035a11E672e12a099F32B1672b9C4a78b22f.
Amount of loss: $ 1,300,000 Attack method: Rug Pull
Description of the event: Julia (JULIA) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 73,000 Attack method: Rug Pull
Description of the event: Fake Celestia (TIA) on BNB Chain is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 162,837 Attack method: Rug Pull
Description of the event: Token SOMESING (SSX) on BNB Chain is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 169,000 Attack method: Rug Pull
Description of the event: Philippine exchange Coins.ph lost 12 million $XRP ($6 million) in a hack.
Amount of loss: $ 6,000,000 Attack method: Private Key Leakage
Description of the event: MicDao suffered from a flash loan attack. The attacker gained $12,263. Contract address: 0xf6876f6AB2637774804b85aECC17b434a2B57168.
Amount of loss: $ 12,263 Attack method: Flash Loan Attack
Description of the event: A project named The Honest Venture is a confirmed investment scam with losses of approximately ~$58k.
Amount of loss: $ 58,000 Attack method: Rug Pull
Description of the event: On October 19, Synthetify Protocol experienced a security incident. The smart contract and the entire platform are currently frozen.
Amount of loss: $ 230,000 Attack method: Governance Attack
Description of the event: On October 18, 2023, , the HopeLend protocol fell victim to a hacker attack. The attack resulted in a loss of approximately 528 ETH, out of which 263.91 ETH were bribed by the frontrunner to a Validator (managed by Lido). The exploit frontrunner eventually profited by 264.08 ETH. On October 20, Hope.money tweeted that a frontrunner from Armor Team voluntarily returned the acquired assets.
Amount of loss: $ 818,747 Attack method: Contract Vulnerability
Description of the event: Blockchain network Everscale said that a large number of EVER tokens have been stolen and they are working closely with exchanges where EVER is listed in order to stop any further outflow of tokens. To halt the actions of those responsible, they have temporarily disconnected Octus Bridge.
Amount of loss: - Attack method: Unknown
Description of the event: On October 17, Fantom Foundation Telegram Community Administrator Jane stated that some of Fantom Foundation's hot wallet assets were drained due to a zero-day vulnerability on Google Chrome. According to SlowMist's analysis of on-chain transmission methods and previous emergency response experience, this should be a case of private key theft, which may be the result of the Foundation or its employees being attacked by phishing, social engineering, and running malicious Trojan files, leading to the theft of some wallet private keys.
Amount of loss: $ 657,000 Attack method: Private Key Leakage
Description of the event: Project Ivy on BSC Suspected of Exit Scam. Contract Address: 0xf99f2Aec50adFde23cc67aB6240168B0a59f1D30 which dropped >94%. EOA 0x5c30 removed $1.58m liquidity which caused the drop.
Amount of loss: $ 1,580,000 Attack method: Rug Pull
Description of the event: The Beluga Protocol on Arbitrum fell victim to a flashloan attack. The attacker made a profit of approximately $175,000 by manipulating the USDT-USDC.e balance, allowing for the withdrawal of extra tokens.
Amount of loss: $ 175,000 Attack method: Flash Loan Attack
Description of the event: On October 12th, the stablecoin trading project Platypus Finance appeared to have been hit by a suspected hacker attack, with total losses of around $2.2 million. Platypus Finance tweeted, "Due to suspicious activities in our protocol, we have taken the proactive measure of temporarily suspending all pools. Further updates will be communicated to the community in a timely manner." On October 13, Platypus Finance tweeted that it had recovered around 50k sAVAX and 7k AVAX from one of the exploiters successfully. On October 17, Platypus Finance announced that 90% of the stolen funds have been returned and that the net loss has been reduced to approximately 18,000 AVAX.
Amount of loss: $ 2,200,000 Attack method: Unknown
Description of the event: BH Token (BlackHole token) suffered an attack. The exploiter (0xFDb) gained 1.2 M USDT. Funds are being swapped for BNB and deposited into Tornado Cash. Contract Address: 0xCC61CC9F2632314c9d452acA79104DDf680952b5. Exploiter Address: 0xFDbfcEEa1de360364084a6F37C9cdb7AaeA63464.
Amount of loss: $ 1,200,000 Attack method: Price Manipulation
Description of the event: Attacker posted a phishing link in the announcements channel of Wall Street Meme's Discord server.
Amount of loss: - Attack method: Account Compromise
Description of the event: The CST deployer sold tokens, resulting in a roughly 99% drop in the token price. Contract address: 0x0a92285241b0ea93Eff4195Db4530AF1a4bcfE0c. Deployer address: 0xabE6BC5Ca4Ae76251F0cB647F9817E3566EC3D0b.
Amount of loss: - Attack method: Rug Pull
Description of the event: There is a fake collab land verification in the Loozr Discord. The verification will take you to a phishing site that connects to a wallet drainer
Amount of loss: - Attack method: Account Compromise
Description of the event: LastPass, a password management platform, is suspected to have suffered a data breach. On October 12, Twitter user flippen.eth tweeted that he had lost more than 20 ETH from his hot wallet overnight after storing his mnemonic on LastPass, an online password management platform, stating, "This problem seems to be widespread, so if you've ever used LastPass, it's time to update your password and abandon your wallet and the mnemonics stored there.”
Amount of loss: 20 ETH Attack method: Information Leakage
Description of the event: The @nowaiAI announced their Discord server has been compromised. Do not connect your wallet. It connects to phishing site: hxxps://nowaiguard.github.io/discord/.
Amount of loss: - Attack method: Account Compromise