1937 hack event(s)
Description of the event: The Base ecological project RocketSwap was attacked. The attacker cross-chained the stolen assets to Ethereum, resulting in a loss of 471 ETH (approximately $868,000). RocketSwap said: "The team needs to use offline signatures and put the private key on the server when deploying Launchpad. It is currently detected that the server has been brute-forced, and because the farm contract uses a proxy contract, there are multiple high-risk permissions that lead to the transfer of farm assets."
Amount of loss: 471 ETH Attack method: Private Key Leakage
Description of the event: The official Sei Network Discord server has been compromised, please do not click on any links until the team confirms that they have regained control of the server.
Amount of loss: - Attack method: Discord was hacked
Description of the event: The official Twitter account of Ethereum expansion solution Metis was stolen. According to officials, team members fell victim to a Sim Swap attack, resulting in malicious actors being able to take over the account for approximately 30 hours.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Zunami Protocol on Ethereum suffered a price manipulation attack and lost 1,179 ETH (approximately $2.2 million). The reason for the incident is that the calculation of LP price in the vulnerable contract depends on the CRV balance of the contract itself and the conversion ratio of CRV in the wETH/CRV pool. The attacker manipulated the LP price by transferring CRV to the contract and manipulating the conversion ratio of the wETH/CRV pool. According to MistTrack analysis, ETH has been transferred to Tornado Cash at present.
Amount of loss: $ 2,200,000 Attack method: Price Manipulation
Description of the event: An admin on the Fetch discord server showing the username "Atari_buzz1kLL" has had their @discord account compromised. Please do not interact with any posts on our Discord until the issue has been resolved. There is no Fetch airdrop happening right now.
Amount of loss: - Attack method: Account Compromise
Description of the event: Crypto infrastructure company Fireblocks has disclosed a series of vulnerabilities (collectively referred to as "BitForge") affecting various popular crypto wallets that use multi-party computation (MPC) technology, CoinDesk reported. The company classified BitForge as a "zero-day" vulnerability, and Coinbase, ZenGo, and Binance — the three companies most affected by BitForge — have already worked with Fireblocks to fix the underlying vulnerability. "If not remediated, the vulnerabilities would allow attackers and malicious insiders to siphon funds from the wallets of millions of retail and institutional customers in seconds, without the knowledge of users or providers", Fireblocks said.
Amount of loss: - Attack method: BitForge Vulnerability
Description of the event: The Twitter account of Blockchain Capital, an encryption venture capital organization, was stolen this morning, and multiple tweets were posted to promote token claim scams. At present, the relevant fraudulent tweets have been deleted, and the Twitter account has now been restored.
Amount of loss: - Attack method: Account Compromise
Description of the event: The DeFi project Earning.Farm suffered a reentrancy attack and lost 286 ETH (approximately $530,000). According to the analysis of SlowMist, the attacker re-enters the transfer function of LP to transfer LP tokens when withdrawing money, making the balance of the account smaller than the previously calculated shares value, triggering the logic of updating the shares value, resulting in the number of manipulated LPs being updated to the desired value. In terms of the value of the burned shares, this resulted in the final amount of LP burned being much smaller than expected, and the user can withdraw the funds in the pool by withdrawing the transferred LP again.
Amount of loss: $ 530,000 Attack method: Reentrancy Attack
Description of the event: Steadefi, an automated yield leveraged strategy platform, tweeted: “Our protocol deployer wallet (which is also the owner of all vaults in the protocol) has been compromised. Attackers have transferred ownership of all vaults (borrows and strategies) to them in a wallet controlled by the user and continue to take various owner-only operations, such as allowing any wallet to be able to borrow any available funds from the lending vault. Currently, all available lending capacity on Arbitrum and Avalanche has been exhausted by the attackers, and the assets have been swapped for ETH and bridged to Ethereum. On-chain messages have been sent to the attacker wallet address for negotiation. Steadefi wants to discuss the bounty with parties involved in the exploit, offering a 10% reward on the stolen funds. " Steadefi has lost approximately $1.158 million in the incident. On August 8, the Steadefi team managed to recover approximately $540,000 in user funds from remaining vaults.
Amount of loss: $ 1,158,000 Attack method: Private Key Leakage
Description of the event: Legal authorities in the Indian state of Odisha have successfully busted a $120 million (Rs 1,000 crore) cryptocurrency Ponzi scheme. Two central figures in the fraudulent operation have been arrested. The project in question is called The Solar Techno Alliance (STA), using terms like green energy and solar technology. The investigation found that STA, with the assistance of online members, used various persuasive tactics and promises of profits in a short period of time to attract people to participate in the scheme, with more than 10,000 participants in Odisha alone. The investigation revealed that STA was not authorized by RBI, RBI or other regulators to accumulate deposits.
Amount of loss: $ 120,000,000 Attack method: Scam
Description of the event: On August 7, 2023, Cypher, a Solana-based decentralized exchange, tweeted that it had been attacked. The attacker exploited a bug related to the mechanism involving segregated margin sub-accounts to attack Cypher's main contract, causing it to eventually withdraw more funds than initially deposited, leading to a bad debt in the system. The attacker stole 15,452 SOL, 149,205 USDC, and other tokens for a loss of over $1 million. The attacker’s address is suspected to be HHm4wK91XvL3hhEC4hQHo544rtvkaKohQPc59TvZeC71. On August 18, Cypher stated that approximately $600,000 has been frozen on various centralized exchanges (CEXs), and the return of these funds will depend on the cooperation of these CEXs and seizure orders issued by law enforcement agencies.
Amount of loss: $ 1,000,000 Attack method: Contract Vulnerability
Description of the event: Bitlord (BITLORD) A lot of liquidity has been removed. The deployer removed about 309 WETH from LP, worth about $567,000. The token project is suspected to be a honeypot scam.
Amount of loss: $ 567,000 Attack method: Rug Pull
Description of the event: The Twitter account of Tim Beiko, the core developer of Ethereum, was suspected of being stolen. He posted two tweets about "ETH airdrop" within half an hour with a phishing link(ether.fo). Users are asked not to click on suspicious links to prevent funds from being stolen. According to the analysis of SlowMist, the mastermind behind the scenes is PinkDrainer.
Amount of loss: - Attack method: Account Compromise
Description of the event: A Rug Pull occurred on the Apache NFT SalesRoom (ASN) on the BNB Chain, and the deployer made a profit of about $680,000. The deployer transferred a large number of tokens to the address starting with 0xdc8, which has now dumped 1 million ASNs at a price of $680,000 in BSC-USD.
Amount of loss: $ 680,000 Attack method: Rug Pull
Description of the event: he Uwerx network was attacked and lost about 174.78 ETH. According to the analysis of SlowMist, the root cause is that when the receiving address is uniswapPoolAddress (0x01), it will burn off 1% more tokens of the transfer amount of the from address, so the attacker uses the skim function of the uniswapv2 pool to consume a large number of WERX tokens, and then calls the sync function to maliciously inflate the price of the token, and then reverses the swap to extract the ETH to gain profit.
Amount of loss: $ 324,000 Attack method: Price Manipulation
Description of the event: InsurAce, a DeFi insurance protocol, tweeted: "Our Discord server experienced a security breach. Our team discovered an unauthorized access to the server earlier today. We take this incident very seriously and are working hard to correct the situation. During this time, please do not interact with the server." According to the analysis of SlowMist, the phishing website is insurance.gift, and PinkDrainer is behind it.
Amount of loss: - Attack method: Account Compromise
Description of the event: The axlUSD/WETH pool in LeetSwap, the largest DEX on the Base chain, suffered a price manipulation attack and has suspended trading for investigation. It appears that 342.5 ETH (~$624,000) was exploited. On August 3, LeetSwap stated that it had withdrawn about 400 ETH from the risky liquidity pool. According to the analysis of SlowMist, the main cause of this attack was that the _transferFeesSupportingTaxTokens function in the Pair contract was externally callable. This function allowed the transfer of any specified tokens in the contract to the address that collects fees. The attacker initiated a normal small-swap operation first to acquire the necessary tokens for the next swap. Then, the attacker called the _transferFeesSupportingTaxTokens function to transfer almost all of the tokens of one of the Pair to the address collecting fees, causing an imbalance in the Pair's liquidity. Finally, the attacker called the sync function to balance the pool and performed a reverse swap to take more ETH than expected.
Amount of loss: $ 624,000 Attack method: Price Manipulation
Description of the event: Some community users reported that the encrypted exchange named ZT Global was suspected of running away. Since the announcement of system upgrade and maintenance on July 28, transactions on the platform have been disabled. The TG channel has been banned and the founder cannot be contacted. At 21:00 on July 31, the exchange announced that it had completed maintenance and resumed trading functions, but the trading page showed that only 0.0006 BTC ($17) of buying orders pushed up the price of BTC on the platform and maintained it at 60,000 The price of USD and ETH also fluctuated violently in the case of tens of dollars of trading volume.
Amount of loss: - Attack method: Rug Pull
Description of the event: A MEME coin called BALD, built on the Coinbase Base test network, appears to have pulled in at least $25.6 million. Although the Base network was intended to be used for developer testing, an anonymous cryptocurrency user named "Bald" announced that they would be selling BALD tokens on the Base network, and the token's price skyrocketed. However, token deployers emptied liquidity pools of around $25.6 million worth of tokens just two days after launch, clearly pulling the market. The token price quickly plummeted by around 90%.
Amount of loss: $ 25,600,000 Attack method: Rug Pull
Description of the event: The NFT lending platform JPEG'd was hacked, and JPEG tokens fell by 40% in a short period of time, with a loss of at least about $10 million. The root cause is re-entry. When the attacker calls the remove_liquidity function to remove liquidity, he adds liquidity by re-entering the add liquidity function. Because the balance update is before re-entering the add_liquidity function, the price calculation is wrong. JPEG'd tweeted that the PETH-ETH curve pool was attacked. The vault contract that allows NFTs to be borrowed is safe and still functioning. NFT and treasury fund security. The JPEG'd contract has not been hacked and is safe. On August 5, JPEG'd tweeted that the DAO multi-signature address confirmed receipt of 5494.4 WETH, and the address owner who recovered funds from the pETH vulnerability received a 10% white hat bounty, which is 610.6 WETH.
Amount of loss: $ 11,363,266 Attack method: Reentrancy Attack