1776 hack event(s)
Description of the event: According to Scam Sniffer's monitoring, the privacy-preserving data verification protocol zkPass's X account was compromised and used to post phishing tweets.
Amount of loss: - Attack method: Account Compromise
Description of the event: Regarding rumors about the collaboration between DOGE and USUAL, Azoria CEO James Fishback clarified that he had contacted DOGE's head of department, Vivek Ramaswamy, whose account was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: Slurpycoin on BSC suffered a flash loan attack. The attacker exploited the buyback mechanism to manipulate the token price and profited ~$3K from sandwich arbitrage.
Amount of loss: $ 3,000 Attack method: Flash Loan Attack
Description of the event: A series of exploiting transactions on Ethereum targeting the liquidity pool of the HarryPotterObamaSonic10Inu 2.0 token. The attacker profited approximately $243K and deposited the funds into Tornado.
Amount of loss: $ 243,000 Attack method: Price Manipulation
Description of the event: The official X account of AI startup Anthropic, backed by Amazon, appears to have been compromised, posting an unknown token contract address related to AI Agents.
Amount of loss: - Attack method: Account Compromise
Description of the event: BTC24H (BTC24H) is suspected to have been attacked on Polygon, with an estimated loss of $85,700.
Amount of loss: $ 85,700 Attack method: Contract Vulnerability
Description of the event: Decentralized Finance (DCF) was attacked on the BSC chain, resulting in a loss of approximately $8,800.
Amount of loss: $ 8,800 Attack method: Flash Loan Attack
Description of the event: A suspicious attack involving JHY (JHY) occurred on the BSC chain, resulting in a loss of approximately $11,200.
Amount of loss: $ 11,200 Attack method: Contract Vulnerability
Description of the event: A suspicious reentrancy attack involving bnbs (bnbs) occurred on the BSC chain, resulting in a loss of approximately $20,300.
Amount of loss: $ 20,300 Attack method: Reentrancy Attack
Description of the event: Clober DEX liquidity vault on Base Network was exploited resulting in a loss of 133.7 ETH (~$501k). The root cause of the attack was a reentrancy vulnerability in the _burn() function of the Rebalancer contract.
Amount of loss: $ 501,000 Attack method: Contract Vulnerability
Description of the event: The algorithmic stablecoin protocol Haven Protocol has issued a warning about a hack exploiting a vulnerability in "range proof validation." This flaw allows attackers to mint illicit XHV undetected. According to reports from exchanges, the amount of XHV exceeds 500 million tokens, while audit data indicates a current supply of only 263 million tokens. The surplus is likely generated through this exploit. The team found a weakness in the "range proof validation", which was introduced after the Haven 3.2 rebase to Monero and has advised exchanges to halt trading on all pairs.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: A suspicious attack involving LABUBU (LABUBU) occurred on the BSC chain, resulting in a loss of approximately $11,900.
Amount of loss: $ 11,900 Attack method: Contract Vulnerability
Description of the event: The Cardano Community posted on X, stating that the Cardano Foundation's X account has been compromised. They are currently addressing the issue and advised users to temporarily ignore all posts from the account.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Omnichain meta-yield aggregator MAAT tweeted that a security breach in the MAAT alpha version, resulting in unauthorized withdrawals of $240,000 USDT.
Amount of loss: $ 240,000 Attack method: Security Vulnerability
Description of the event: Arata tweeted that the Arata ecosystem and CEX wallet have been exploited. The hacker managed to sell a significant portion of the tokens.
Amount of loss: - Attack method: Unknown
Description of the event: Vestra DAO tweeted that a hacker exploited a vulnerability in the locked staking contract, manipulating the reward mechanism to claim rewards exceeding their entitlement. As a result, a total of 73,720,000 VSTR tokens were stolen. The stolen tokens were gradually sold on Uniswap, causing approximately $500,000 in ETH liquidity losses.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist security team’s monitoring, RunWay (BYC) appears to have been attacked on BSC, resulting in a loss of approximately $100K.
Amount of loss: $ 100,000 Attack method: Contract Vulnerability
Description of the event: DeBox officially announced that due to the leakage of the private key of an operational account's personal EOA wallet, 31.03 ETH and 4.879 million BOX tokens were stolen.
Amount of loss: $ 275,000 Attack method: Private Key Leakage
Description of the event: The GAGAW (GAGAW) on BSC is suspected to have been attacked, resulting in a loss of approximately $70K.
Amount of loss: $ 70,000 Attack method: Contract Vulnerability
Description of the event: According to Clipper's post-mortem, on December 1, 2024, an attacker exploited a vulnerability in a smart contract used by Clipper, manipulating the single-asset deposit and withdrawal feature. This manipulation affected the liquidity pools on the Optimism and Base networks, causing an imbalance that allowed the attacker to withdraw more assets than they had deposited. The attack resulted in a loss of approximately $457,878.
Amount of loss: $ 457,878 Attack method: Contract Vulnerability