1876 hack event(s)
Description of the event: BIT Mining reports that its subsidiary, cryptocurrency mining pool BTC.com, suffered a “cyber attack” on Dec. 3, in which the attackers stole approximately $700,000 in customer assets and $2.3 million in company assets . However, they said some of the funds had been recovered.
Amount of loss: $ 3,000,000 Attack method: Cyber attack
Description of the event: Ankr's deployer key was suspected to be leaked, and hackers minted a total of 60 trillion aBNBc. According to MistTrack analysis, some funds have been cross-chained from BSC to ETH and Polygon. The hacker used Celer Network, PancakeSwap, Multichain, deBridge, 1inch, PancakeSwap, SushiSwap, ParaSwap in the process of transferring funds, and 900 BNB has been transferred to Tornadocash so far. The Ankr team stated, “Our aBNB tokens (the proof tokens for BNB pledges) have been stolen and we are currently working with exchanges to stop trading immediately. Currently all underlying assets on Ankr pledges are safe and all infrastructure Services will not be affected."
Amount of loss: $ 5,000,000 Attack method: Private Key Leakage
Description of the event: After the attack on Ankr’s aBNBc token, an address exchanged 10 BNB for 15.5 million BUSD with the help of the Ankr vulnerability, resulting in the emptying of the Hay liquidity pool. Another user made a profit through the same method, with an income of about $3.5 million. Helio Protocol tweeted that the BNB pledged by users is safe, and the official is in close communication with the Ankr team to discuss the restart plan of aBNBc.
Amount of loss: $ 19,000,000 Attack method: The impact of the Ankr vulnerability
Description of the event: For several weeks last year, Webaverse was targeted by a skilled scam gang posing as investors, Webaverse reported. The Webaverse team and the crooks met in Rome at the end of November 2022, and approximately $4 million was stolen. They reported the theft to the local Rome police station the same day, and then to the FBI a few days later on Form IC3.
Amount of loss: $ 4,000,050 Attack method: Scam
Description of the event: Trust Wallet, a multi-chain non-custodial wallet, tweeted that Ahad Shams, the co-founder of the Web3 metaverse game engine Webverse, said that he did not disclose the mnemonic and was only stolen $4 million worth of cryptocurrency because he was photographed. Trust Wallet believes this is a security incident triggered by a social engineering attack involving an organized crime group from Rome, Italy, with known locations in Milan and Barcelona. It is reported that the theft of Ahad Shams’ funds occurred in November 2022. At that time, it hoped to complete a round of financing for the project. A scammer pretending to be an investor shared an NDA PDF file and KYC information (suspected to contain malware) to prove identity, then had Shams transfer funds to a new non-multisig wallet, and view Ahad Shams trust wallet balance, taking pictures in the process. While no private key or seed phrase was revealed, $4 million in cryptocurrency from the Trust wallet subsequently disappeared, and the crook has never been seen again.
Amount of loss: $ 4,000,000 Attack method: Social engineering scam
Description of the event: According to the intelligence of the SlowMist security team, the Numbers Protocol (NUM) token project on the ETH chain was attacked, and the attacker made a profit of about $13,836. The main reason for this attack is that the NUM token does not have a permit function and has a callback function, so a fake signature can be passed in to deceive the cross-chain bridge and cause the user's assets to be transferred out unexpectedly.
Amount of loss: $ 13,836 Attack method: Contract Vulnerability
Description of the event: Trust Wallet released an analysis report saying: "In November 2022, a vulnerability was discovered in the back-end module WebAssembly (WASM) at the core of the open source repository wallet. The vulnerability affected new wallets generated by browser extension versions 0.0.172 and 0.0.182, and only the private keys of a limited number of new wallets created in these versions were affected. Despite our best efforts, two breaches occurred, resulting in a combined loss of approximately $170,000 at the time of the attack. "
Amount of loss: $ 170,000 Attack method: Wallet Vulnerability
Description of the event: The SheepFarm project on the BNB chain was attacked by a vulnerability. After analysis, it was found that because the register function of the SheepFarm contract could be called multiple times, the attacker 0x2131c67ed7b6aa01b7aa308c71991ef5baedd049 used the register function multiple times to increase his own gems, and then used the upgradeVillage function to accumulate yield while consuming gems properties, and finally call the sellVillage method to convert yield to money before withdrawing money. The attack caused the project to lose about 262 BNB, about $72,000.
Amount of loss: 262 BNB Attack method: Contract Vulnerability
Description of the event: The Ranger project on the BSC chain was an exit scam, and the Ranger token fell by 95%. The contract deployer sent the tokens to an external account, which was then sold for a profit of about $77,000. Do not confuse this project with similarly named tokens and symbols, refer to the contract address: bsc: 0xc9efd09c8170e5ce43219967a0564a9b610e5ea2.
Amount of loss: $ 77,000 Attack method: Rug Pull
Description of the event: Rug pull occurred in the DeFiAI project, and the contract deployer made a profit of about 40 million US dollars. According to SlowMist MistTrack analysis, funds have been transferred to Fixedfloat and MEXC.
Amount of loss: $ 40,000,000 Attack method: Rug Pull
Description of the event: The price of the Flare project has dropped by more than 95%, which is suspected to be a Rug Pull scam project. Flare token deployers and associated addresses received approximately 4 billion Flare tokens. The scam has so far made around $18.5 million.
Amount of loss: $ 18,500,000 Attack method: Rug Pull
Description of the event: The DFX Finance project on the ETH chain was attacked, and the attackers made a profit of about $231,138. According to SlowMist analysis, the main reason for this attack is that the Curve contract flash loan function does not have re-entrancy protection, which causes the attack to re-enter the deposit function to transfer tokens to judge the balance of flash loan repayments. The account so that the attacker can successfully withdraw money to profit.
Amount of loss: $ 231,138 Attack method: Reentrancy Attack
Description of the event: In its official Telegram channel, FTX said it had been compromised, instructing users not to install any new upgrades and to remove all FTX apps. Over $600 million stolen from FTX's crypto wallets.
Amount of loss: $ 600,000,000 Attack method: Telegram was hacked
Description of the event: According to the monitoring of the SlowMist security team, the brahTOPG project on the ETH chain was attacked, and the attacker made a profit of about $89,879. The main reason for this attack is that the Zapper contract strictly checks the data passed in by the user, which leads to the problem of arbitrary external calls. The attacker uses this arbitrary external call problem to steal the tokens of users who are still authorized to the contract.
Amount of loss: $ 89,879 Attack method: Contract Vulnerability
Description of the event: The MooCakeCTX project suffered a flash loan attack, and the attackers made a profit of $143,921. According to Fairyproof’s analysis, the suspected reason is that the contract reinvested (the earn function was not called) before the user pledged (depositAll function) without settlement of the reward, that is, when the user pledged, the contract did not settle the previous reward and conduct new investment. This will cause users to get the previous pledge dividends immediately after the pledge. After the attacker borrows 50,000 cake tokens using a flash loan in the same block, he pledges it twice in a row, and then withdraws the pledged cake tokens and returns them to make a profit.
Amount of loss: $ 143,921 Attack method: Flash Loan Attack
Description of the event: Ethereum L2 protocol Loopring tweeted that it was hit by a large-scale DDoS attack. While the funds were not at risk, the service was down for 11 hours. Currently, domain access on the mobile app side has been reconfigured and the Loopring wallet service has been restored.
Amount of loss: - Attack method: DDoS Attack
Description of the event: An address on the BNB Chain minted more than $1 billion of pGALA tokens out of thin air, and sold them through PancakeSwap to make a profit. The pGALA contract hacker has made a profit of $4.3 million. One Smart Money address arbitraged nearly $6.5 million in this attack, even more than the attacker's profit. Multi-link is tweeted by the protocol pNetwork, and the pGALA contract on the BNB Chain needs to be redeployed due to the misconfiguration of the cross-chain bridge. Huobi Global announced that it would re-list GALA after proposing that the GALA purchased after the abnormal event would be renamed pGALA, and the project party agreed to pay full compensation to the holders of the currency before the accident.
Amount of loss: $ 10,800,000 Attack method: Configuration Error
Description of the event: Crypto derivatives exchange Deribit tweeted that $28 million in losses from Deribit’s hot wallet was stolen, but customer funds were safe and the losses were covered by company reserves. According to the analysis of SlowMist MistTrack, the loss included 6967.65 ETH, 691 BTC and about 3.41 million USDC, and then the attacker exchanged USDC for 2143.95 ETH.
Amount of loss: $ 28,000,000 Attack method: Wallet Stolen
Description of the event: Solend, a lending protocol on Solana, tweeted that an oracle attack against USDH affecting Stable, Coin98, and Kamino’s isolated pools was detected, resulting in $1.26 million in bad debt. Additionally, Solend claims that all other pools, including the Main pool, are safe.
Amount of loss: $ 1,260,000 Attack method: Oracle attack
Description of the event: The multi-chain exchange protocol Rubic tweeted that an administrator’s wallet address, which manages the RBC/BRBC cross-chain bridge and staking rewards, was stolen, and the team suspected that malware stole the private key. The attacker sold about 34 million RBC/BRBC on Uniswap and PancakeSwap, the user's staking funds are safe and the smart contract is not exploited.
Amount of loss: $ 1,200,000 Attack method: Private Key Leakage