1716 hack event(s)
Description of the event: The X account of MuratiAI (@MuratiAI), an AI network and bot platform centered around anime, is suspected to have been hacked, with phishing links being posted. Until further notice, please refrain from clicking any links or responding to any messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: Scroll-based DEX protocol Ambient Finance announced on X platform that their domain has been hijacked. Until further notice, please do not interact with the Ambient Finance frontend.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: Tapioca DAO experienced a major security breach, with attackers stealing around $4.4 million in cryptocurrency, causing the TAP token price to plummet by over 95%. The attackers obtained private keys through a social engineering attack, leading to the transfer of significant funds. However, the project team, in collaboration with security firm SEAL911, successfully transferred 1,000 ETH (approximately $2.7 million) to a secure location, preventing further losses. The hacker still holds a portion of the stolen assets, and the team is actively working to recover the remaining funds.
Amount of loss: $ 4,400,000 Attack method: Social Engineering
Description of the event: The official X account of Eigenlayer, the Ethereum re-staking protocol, is suspected to have been hacked. The hacker has posted a fake phishing link; please do not interact with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: DeFi analyst Anon Vee posted on X that several users have reported that the Orderly Network ecosystem project IBXtrade is suspected of a rug pull. It is reported that IBXtrade launched a pre-sale three days ago with a target to raise 2,000 SOL (approximately $3.2 million) and refund any unselected participants. The pre-sale ended up raising over 160,000 SOL (about $24 million), with participants originally expecting the project to return $21.8 million. However, instead of issuing refunds, the IBXtrade team created a poll on a website entirely under their control, asking whether the pre-sale cap should be raised. The poll eventually passed, and IBXtrade claimed to have refunded 65,000 SOL ($9.7 million) to participants. In reality, the team simply transferred these SOL to multiple addresses they created, and users reported not receiving any refunds.
Amount of loss: - Attack method: Rug Pull
Description of the event: Radiant Capital posted on X acknowledging issues with its lending markets on BNB Chain and Arbitrum. Trading on Base and Mainnet markets has been paused. According to SlowMist’s security team analysis, the incident occurred after the Radiant attacker illegally gained control of 3 multisig permissions and upgraded to a malicious contract to steal funds.
Amount of loss: $ 51,000,000 Attack method: Multisignature Theft
Description of the event: ZK startup Lagrange's X account has been allegedly compromised, and a scam link related to the LGR token has been posted. Please stay vigilant and be cautious of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to AggrNews, the Instagram account of Kabosumama, the owner of the Shiba Inu Kabosu, the inspiration behind the popular DOG project "Doge" meme, has been hacked. Kabosumama previously posted on her blog, stating that she was unable to log in. Additionally, BWEnews reported that the hacker is particularly cunning, having posted a fake update about a new family member. The hacker launched a memecoin ahead of time, luring victims into investing, only to pull out and run with the funds shortly after.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of Bitcoin L2 Zulu Network appears to have been compromised. The hacker has posted a fake phishing link. Please avoid interacting with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the decentralized intellectual property (IP) platform KOR Protocol appears to have been compromised. The hacker has posted a fake phishing link. Please avoid interacting with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by Scam Sniffer, the X account of Ordinals Wallet was hacked, and a phishing link was posted. Upon review, the related post has already been deleted.
Amount of loss: - Attack method: Account Compromise
Description of the event: A suspicious attack involving HYDT tokens has occurred on BSC, resulting in a loss of approximately $58,000.
Amount of loss: $ 58,000 Attack method: Price Manipulation
Description of the event: The X account of the crypto data tracking service Spot On Chain has reportedly been compromised. It was said to have posted a fake EIGEN airdrop phishing link this morning, while also disabling the comment section for the tweet. Users are advised to be cautious and avoid interacting with the link.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the staking protocol Symbiotic has been suspected of being hacked. The hacker has already posted a fake phishing link. Please do not interact with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: EigenLayer disclosed on X that in an isolated incident this morning, an email thread involving one investor’s transfer of tokens into custody was compromised by a malicious attacker. As a result, 1,673,645 EIGEN tokens were erroneously transferred to the attacker’s address. The attacker sold these stolen EIGEN tokens via a decentralized swap platform and transferred stablecoins to centralized exchanges. EigenLayer stated that they are in contact with these platforms and law enforcement. A portion of the funds have already been frozen. The compromise has not impacted the broader ecosystem. There is no known vulnerability in the protocol or token contracts and this compromise was not related to any on-chain functionality.
Amount of loss: $ 5,700,000 Attack method: Email Thread Compromise
Description of the event: According to a report by Cointelegraph, the homepage of toy manufacturer LEGO Group was hacked on October 5th local time, briefly displaying a "LEGO Coin" token scam. The fraudulent token was present on the LEGO Group's website for approximately 75 minutes before being removed.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Fire ($FIRE) token on Ethereum was exploited just 24 seconds after its launch, resulting in the theft of 9 ETH (approximately $24,000). The root cause was related to the token burn mechanism within the transfer() function.
Amount of loss: $ 2,4000 Attack method: Contract Vulnerability
Description of the event: The multi-chain liquidity re-staking protocol Bedrock announced on social media that the team is aware of a security vulnerability involving uniBTC, with the total estimated loss from the theft around $2 million. According to the SlowMist security team’s analysis, the attack was caused by Bedrock mistakenly supporting the minting of uniBTC at a 1:1 exchange rate with the native token.
Amount of loss: $ 2,000,000 Attack method: Contract Vulnerability
Description of the event: According to on-chain sleuth ZachXBT, the project Truflation was hacked a few hours ago for $5M+ on multiple chains from the treasury multisig and personal wallets.
Amount of loss: $ 5,000,000 Attack method: Malware Attack
Description of the event: Onyx protocol suffered a security breach, resulting in a loss of over $3.8 million. The attacker exploited a known precision issue in the Compound V2 code. Additionally, the NFTLiquidation contract failed to properly validate untrusted user input, allowing the attacker to inflate the self-liquidation reward amount, which further worsened the losses.
Amount of loss: $ 3,800,000 Attack method: Contract Vulnerability