1939 hack event(s)
Description of the event: FSL project is suspected of being a Rug Pull, with a loss of approximately $1.68 million. FSL token plummeted 99.8%.
Amount of loss: $ 1,680,000 Attack method: Rug Pull
Description of the event: Starksport announced that a community team member's Discord was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: On October 10th, the BRC20 exchange platform Ordswap issued a tweet, stating that they had lost control of their website domain, and the issue appeared to be related to the website development and hosting company Netlify. They advised users not to access their website until they regained control of the domain. Ordswap users reported that the compromised website was redirecting users to phishing links.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: On Oct 10, a fake Bitcoin BSC Token (BTCBSC) on BSC was rugged for ~$48.7K. The deployer removed 235.871 WBNB and 4,271,589.56 BTCBSC token from the LP. Contract Address: 0x48747d325d139b1F9cD29d9381Fb73228B9AFfec. Deployer Address: 0xA51EA8e037e0a1A391A39Bc8b5CE1EC6533780Df.
Amount of loss: $ 48,700 Attack method: Rug Pull
Description of the event: Cryptopreneurs' Discord server was hacked and the attacker posted a phishing link.
Amount of loss: - Attack method: Account Compromise
Description of the event: Lucky star Currency Token on Binance Smart Chain has rugged for ~$1.11 million, down 98%.
Amount of loss: $ 1,110,000 Attack method: Rug Pull
Description of the event: The Ethereum Foundation fell victim to a sandwich attack by an MEV Bot when selling 1700 ETH through Uniswap V3, resulting in a loss of $9,101. The MEV Bot profited $4,060 from the attack.
Amount of loss: $ 9,101 Attack method: Sandwich Attack
Description of the event: A phishing link has been posted in the announcements channel of MetaMundo Discord server. Do not interact with hxxps://mint-metamundo.co/.
Amount of loss: - Attack method: Account Compromise
Description of the event: On Oct 8, zkFlex Finance on ETH was rugged for ~$56K when an address 0x84f90d576247D569D972DB84504b5170aB13bCe7 dumped over 281,164,943.53 zkFlex Finance Tokens for 34.26 WETH. Contract Address: 0x54855D3133669B7EF54A2c962F5f63fdb44bBaE9.
Amount of loss: $ 56,000 Attack method: Rug Pull
Description of the event: OmniBTC's Discord was hacked and the attackers posted a phishing link in the announcement channel.
Amount of loss: - Attack method: Account Compromise
Description of the event: On Oct 8, the pSeudoEth token on ETH was exploited for ~$2.3K in a flash loan attack. Contract: 0x62aBdd605E710Cc80a52062a8cC7c5d659dDDbE7. Attacker: 0xea75AeC151f968b8De3789CA201a2a3a7FaeEFbA.
Amount of loss: $ 2,300 Attack method: Flash Loan Attack
Description of the event: On October 6, an unknown individual contacted our domain service provider Dynadot, impersonating an authorized Galxe member and bypassing the security process with falsified documentation. The impersonator then gained unauthorized access to the domain account, which was manipulated to redirect website visitors to a fake site and sign transactions that misappropriated their funds. On October 7, Galxe released a statement on the October 6 DNS security incident stating that the site is now fully restored, with an estimated 1,120 users affected and approximately $270,000 stolen. On October 11, Galxe announced a compensation plan for the security incident that occurred on October 6, 2023. Any affected users will receive full compensation in USDT on Polygon, calculated based on its value at 18:00 Beijing time on October 9.
Amount of loss: $ 270,000 Attack method: DNS Hijacking Attack
Description of the event: On October 6th, MCT issued an announcement stating that in the past two days, some users had reported cases of their MCT wallets being compromised. After investigation today, it was discovered that due to the DNS domain hijacking, under certain specific conditions, private keys could potentially be uploaded to a fraudulent domain. MCT advises users who have entered their private keys into MCT since September 15, 2023, to transfer their wallet balances as a precautionary measure as soon as possible.
Amount of loss: - Attack method: Domain Hijacking
Description of the event: There is a large liquidity removal on a fake CommEx token. Deployer removed ~$154k from the LP. BSC: 0xD1C3ee0f845bCc38a8cB9Dc5337dFd5a372Bb8Ed.
Amount of loss: $ 154,000 Attack method: Rug Pull
Description of the event: On October 5th, blockchain detective ZachXBT posted on social media, stating that a hacker had made a profit of 234 ETH (~$385,000) in the past 24 hours by conducting SIM card swap attacks on four different friend.tech users.
Amount of loss: $ 385,000 Attack method: SIM Card Attack
Description of the event: According to SlowMist, Stars Arena appeared to have been stolen due to a major security breach in its smart contract. Currently, the hacker has transferred 266,103 AVAX to the address (0xa2Eb...ad7A). The address (0xa2Eb...ad7A) transferred 50.32 AVAX to FixedFloat on October 6. On October 12, Stars Arena tweeted that they have recovered approximately 90% of the lost funds. An agreement has been reached with the hacker to return the funds, with a 10 percent bounty and 1,000 AVAX lost in the cross-chain bridge. 266,104 AVAX were lost, and the hacker returned 239,493 AVAX in two transactions. 27,610 AVAX were paid as a bounty.
Amount of loss: $ 2,900,000 Attack method: Reentrancy Attack
Description of the event: There is a flashloan attack on the DePay platform that resulted in the theft of 827 USDC. The exploiter used a security issue with DePay router to steal the USDC.
Amount of loss: $ 827 Attack method: Flash Loan Attack
Description of the event: Metropolis World announced that their Discord server was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: The GEMIE Discord server was hacked and the attackers posted phishing links in the announcement channel. Please do not interact with hxxps://gemie.site/.
Amount of loss: - Attack method: Account Compromise
Description of the event: VendX Discord server was compromised.
Amount of loss: - Attack method: Account Compromise