1939 hack event(s)
Description of the event: DEP/USDT and LEV/USDC pools were stolen with 105,800 stablecoins worth (36,000 USDC and 69,960,000 USDT), and the attackers initially received 1 ETH of initial funding from Tornado Cash.
Amount of loss: $ 105,800 Attack method: Unknown
Description of the event: The DeFi lending protocol Sturdy is suspected to have been hacked, and information on the chain suggests that the attack may have been carried out through price manipulation. The attackers have transferred 442.6 ETH to Tornado Cash.
Amount of loss: $ 770,000 Attack method: Price Manipulation
Description of the event: A governance attack on the BSC eco-protocol Atlantis Loans, in which attackers gained control of the contract and replaced it with a contract containing backdoor functionality to transfer user assets, is currently costing approximately $1 million. The attackers created the malicious governance proposal in the GovernorBravo contract on June 7, 2023.
Amount of loss: $ 1,000,000 Attack method: Governance Attack
Description of the event: ZenGo CEO Ouriel Ohayon tweeted that BitBoy Crypto founder Ben Armstrong's Twitter account was hacked and used to promote a crypto scam to steal users' NFT assets, the same scam that hit garry tan, peter schiff and others, asking users to be aware of the risks involved.
Amount of loss: - Attack method: Account Compromise
Description of the event: TrustTheTrident ($SELLC) suffered an attack that resulted in approximately $95,000 in losses.
Amount of loss: $ 95,000 Attack method: Contract Vulnerability
Description of the event: A spokesperson for Floating Point Group (FPG), a trading platform for crypto institutions, said it was hit by a cyber attack on June 11 and has lost between $15 million and $20 million in cryptocurrency. fpg has taken security measures and successfully obtained SOC 2 certification after hiring external auditors to conduct a series of cybersecurity audits and penetration tests last December. After the security breach was discovered, FPG froze all third-party accounts and implemented protective measures for all wallets. The company's account isolation measures limited the overall impact of the attack.
Amount of loss: $ 20,000,000 Attack method: Security Vulnerability
Description of the event: NFT giant whale Franklin is suspected to have posted a warning on his Twitter handle @ElectionDayMad1 with text and video that his Twitter account @franklinisbored was stolen, please do not send any cryptocurrency or click on any links, and that none of the tweets from the early morning of June 9 were posted by him.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to official sources, a bug in Arbitrum's sequencer code previously caused a brief outage in the network's batch transaction submission feature, which prevented transactions from being confirmed on the main chain. The bug has since been fixed and the bulk transaction submission feature has been restored.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred on the USEA token on BNB Chain with a loss of about $1.1 million, and the deployer minted a total of 700 million USEAs via the mint function, then transferred them to EOA addresses and sold 1114468 BUSD via PancakeSwap V3.
Amount of loss: $ 1,100,000 Attack method: Rug Pull
Description of the event: Ordinals eco-wallet Xverse tweeted: Xverse has fixed a bug that caused wallet helpers to be stored unencrypted on local devices, and all users should update the Chrome extension to the latest version. The risk of this bug is minimal if it is confirmed that no helper words leave the user's local device. However, if users are concerned about the threat, they can migrate their assets to a newly generated wallet. This error does not affect Xverse iOS and Android apps.
Amount of loss: - Attack method: Mnemonic leaked
Description of the event: NFDAO (NFD) bulk liquidity has been removed. The deployer's associated wallet removed the liquidity and made a profit of about $88,300. bsc address: 0xe1AFC0A3c9aA2537DEea233EF7dc0952ceEDfDA3.
Amount of loss: $ 88,300 Attack method: Rug Pull
Description of the event: According to a tweet from MistTrack, the Twitter account of Cole, co-founder of the NFT project Pudgy Penguins, appears to have been attacked, seemingly by the PinkDrainer hacker group. Please do not click on suspicious links.
Amount of loss: - Attack method: Account Compromise
Description of the event: On June 3, multiple Atomic Wallet users posted on social media that their wallet assets had been stolen. Atomic says less than 1% of monthly active users are currently affected/reported. According to SlowMist, Atomic Wallet officially offlined cloudflare’s download site and sha256sum verification site in an emergency. From this, it is speculated that there may be a security problem in the link of downloading the historical version. It is reported that this incident is suspected to be related to the North Korean hacker group Lazarus Group.
Amount of loss: $ 100,000,000 Attack method: Unknown
Description of the event: Jump Crypto, the digital asset trading arm of Jump Trading, said on Twitter that its security team discovered a stack overflow vulnerability in CosmWasm, a smart contract platform designed by the Cosmos ecosystem. The bug would stop users uploading new smart contracts on Cosmos-based blockchains from functioning on those chains entirely.
Amount of loss: - Attack method: Overflow Vulnerability
Description of the event: DD Coin was attacked and lost about 126,000 USDT. The attacker initially received 1 BNB of funds from Tornado Cash about 17 days ago. DD Coin has lost 21%.
Amount of loss: $ 126,000 Attack method: Flash Loan Attack
Description of the event: The Cellframe Network, a blockchain network based on sharding architecture, is suspected of being attacked by a flash loan. The attacker made a profit of 245 BNB (approximately 74,000 US dollars), and the token CELL has fallen by more than 65%. According to MistTrack analysis, the attacker's address (0x252...079) on Ethereum had withdrawn 1.37 ETH from Binance.
Amount of loss: $ 74,000 Attack method: Flash Loan Attack
Description of the event: The LSDFi protocol unshETH stated that at around 22:00 on May 31, one of the deployment private keys of the unshETH contract was leaked. For the sake of caution, the official has urgently suspended the withdrawal of unshETH's ETH. According to the security model, unshETH's ETH deposit (TVL up to 35 million US dollars) is protected by multi-signature + time lock and is not at risk.
Amount of loss: $ 375,000 Attack method: Private Key Leakage
Description of the event: On-chain detective ZachXBT tweeted that a Rug Pull occurred on Pixel Penguin, a charity project created by Hopeexist1, which claimed to raise funds to help him fight cancer. At present, the social accounts of Hopeexist1 and Pixel Penguin have been deleted, and the Pixel Penguin contract is worth only $117,000 (61.686 ETH).
Amount of loss: $ 117,000 Attack method: Rug Pull
Description of the event: Twitter user @ChrisONCT cited on-chain data to expose a suspected scam Meme coin project Waifu AI World (WFAI). The token economics announced by the project stated that 95% of the supply was allocated to LPs. However, shortly after WFAI went online, 4 new wallets spent a total of 14.4 ETH in four transactions to purchase 647 trillion WFAI, accounting for approximately 83.2% of supply (777 trillion). At present, the project party has blacklisted the wallets that purchased 457 trillion WFAI, and now the total supply of WFAI is 320 trillion, which means that 190 trillion tokens are held by insiders, accounting for 60% of the total token supply. And DWF Labs spent about 20 ETH to purchase 624.9 billion WFAI yesterday afternoon; DEXTools trust score changed from extremely low to extremely high within a few hours.
Amount of loss: - Attack method: Scam
Description of the event: A MEV bot (0xb2…2B96 is the MEV bot call contract, 0xb4…0343 is the single-use MEV bot) borrowed 95,000 WETH (worth nearly $180 million) via flash loan to attack Sashimi Swap. The bot swept away the last remaining money in Sashimi’s investment contract and slETH contract, but only about $3,500. It is reported that Sashimi Swap was attacked in December 2021 and lost $210,000, and the project was subsequently abandoned.
Amount of loss: $ 3,500 Attack method: Flash Loan Attack