2041 hack event(s)
Description of the event: Ethereum L2 protocol Loopring tweeted that it was hit by a large-scale DDoS attack. While the funds were not at risk, the service was down for 11 hours. Currently, domain access on the mobile app side has been reconfigured and the Loopring wallet service has been restored.
Amount of loss: - Attack method: DDoS Attack
Description of the event: An address on the BNB Chain minted more than $1 billion of pGALA tokens out of thin air, and sold them through PancakeSwap to make a profit. The pGALA contract hacker has made a profit of $4.3 million. One Smart Money address arbitraged nearly $6.5 million in this attack, even more than the attacker's profit. Multi-link is tweeted by the protocol pNetwork, and the pGALA contract on the BNB Chain needs to be redeployed due to the misconfiguration of the cross-chain bridge. Huobi Global announced that it would re-list GALA after proposing that the GALA purchased after the abnormal event would be renamed pGALA, and the project party agreed to pay full compensation to the holders of the currency before the accident.
Amount of loss: $ 10,800,000 Attack method: Configuration Error
Description of the event: Crypto derivatives exchange Deribit tweeted that $28 million in losses from Deribit’s hot wallet was stolen, but customer funds were safe and the losses were covered by company reserves. According to the analysis of SlowMist MistTrack, the loss included 6967.65 ETH, 691 BTC and about 3.41 million USDC, and then the attacker exchanged USDC for 2143.95 ETH.
Amount of loss: $ 28,000,000 Attack method: Wallet Stolen
Description of the event: Solend, a lending protocol on Solana, tweeted that an oracle attack against USDH affecting Stable, Coin98, and Kamino’s isolated pools was detected, resulting in $1.26 million in bad debt. Additionally, Solend claims that all other pools, including the Main pool, are safe.
Amount of loss: $ 1,260,000 Attack method: Oracle attack
Description of the event: The multi-chain exchange protocol Rubic tweeted that an administrator’s wallet address, which manages the RBC/BRBC cross-chain bridge and staking rewards, was stolen, and the team suspected that malware stole the private key. The attacker sold about 34 million RBC/BRBC on Uniswap and PancakeSwap, the user's staking funds are safe and the smart contract is not exploited.
Amount of loss: $ 1,200,000 Attack method: Private Key Leakage
Description of the event: According to Cointelegraph, Skyward Finance, the NEAR on-chain asset issuance platform, suffered a vulnerability exploit and has lost 110 NEAR tokens (about $3 million). The Ref Finance and Skyward teams have been informed of the existence of the vulnerability. The attackers reportedly purchased large amounts of Skyward Tokens on Ref Finance, then redeemed them through the Treasury on Skyward Finance, and then earned more than the value of the Skyward Tokens originally invested.
Amount of loss: $ 3,000,000 Attack method: Contract Vulnerability
Description of the event: The FITE (FTE) project is suspected of Rug pull, its website fit[.]app has been shut down, and social media has been deleted. Scammers have transferred 1900 BNB to Tornado Cash.
Amount of loss: 1900 BNB Attack method: Rug Pull
Description of the event: The ownership of the MEV infrastructure Eden Network deployer address was hacked and took control of the EDEN token contract. The attacker claims that a new token contract will be deployed, and Eden Network can redeem ownership after purchasing 200 ETH of NEDEN.
Amount of loss: - Attack method: Private Key Leakage
Description of the event: The THORChain network of the cross-chain DeFi protocol was interrupted. The official said that the consensus problem has been identified and a patch will be released. The code pushes cosmos.Uint (instead of uint64) into the string, which causes the string to get an arbitrarily large integer instead of the actual value, causing the memo string to be on a different node. On October 28th, THORChain was back online and produced blocks. The network is signing block transactions, so pending transactions should start going through. Once the queue is cleared, the transaction will be re-enabled. Expect 2-3 hours. During the network outage, investors did not lose any funds. However, the exchange deposits and withdrawals of Thorchain's native currency RUNE have been suspended on centralized exchanges such as Kucoin.
Amount of loss: - Attack method: Network interruption
Description of the event: FriesDAO was attacked and lost about $2.3 million. An attacker gained control of the FriesDAO protocol operator's wallet through the Profanity wallet generator vulnerability, which would force the use of the private key of the address generated by the tool. FriesDAO stated in the official Discord channel that the official developers are currently trying to negotiate with the attackers to negotiate a white hat bounty in exchange for the return of the stolen funds.
Amount of loss: $ 2,300,000 Attack method: Profanity Vulnerability
Description of the event: Browser security plug-in Pocket Universe tweeted that a new vulnerability was discovered in Opensea’s old contracts that could be used to steal users’ NFTs, potentially emptying wallets once the transaction was signed. It can steal any NFT users listed on Opensea before May 2022 (i.e. before Seaport upgrades), mainly involving the Wyvern protocol, which grants proxy contracts the right to withdraw user NFTs, and this new exploit will Trick the user into signing a transaction, giving the attacker ownership of the user's proxy contract. Cosine, the founder of SlowMist, tweeted that it is necessary to be vigilant about the new use of this old problem, which is related to the old OpenSea protocol, but many users of the old protocol have not cancelled the relevant authorization, and this use is invalid for the new OpenSea protocol (Seaport).
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Team Finance tweeted that the protocol’s management funds were hacked during the migration from Uniswap v2 to v3, with an identified loss of approximately $14.5 million worth of tokens. On October 31, the Team Finance white hat hacker address has returned $13.4 million in digital assets, including 548.7 ETH ($860,000) to FEG, 765,000 DAI and 11.8 million TSUKA ($626,000) to Tsuka, about 5 million DAI and 74.6 trillion CAW (~$5.5 million) to CAW, 209 ETH ($328,000) to KNDX, smithbot.eth has returned 263 billion KNDX ($292,000) to KNDX.
Amount of loss: $ 14,500,000 Attack method: Contract Vulnerability
Description of the event: The UvTokenWallet Eco Staking mining pool contract was hacked. The key reason for the vulnerability is that the mining pool contract withdrawal function does not strictly judge the user input, so that the attacker can directly pass in the malicious contract address and use the malicious contract to empty the relevant funds. SlowMist MistTrack conducted a traceability analysis of the funds: so far, hackers have transferred a total of 5,011 BNB of profit to Tornado Cash. In addition, the source of the attack fee is also Tornado Cash.
Amount of loss: 5,011 BNB Attack method: Contract Vulnerability
Description of the event: The project Layer2DAO on Optimism was attacked by hackers. The hackers stole 49.95 million L2DAO tokens and sold some tokens by obtaining the multi-signature permission of Layer2DAO. Layer2DAO said it has repurchased more than 30 million tokens remaining in the hands of hackers through treasury funds. The L2DAO price fell by about 90% at one point.
Amount of loss: 49,950,000 L2DAO Attack method: Permission Stolen
Description of the event: Several FTX users were hacked and stolen coins, which 3Commas said was due to phishing websites. In a collaborative investigation conducted by 3Commas and FTX, it was discovered that some API keys were associated with new 3Commas accounts, but the API keys were not obtained from 3Commas, but from outside the 3Commas platform. At the same time, FTX will provide a total of approximately $6 million in compensation to FTX accounts affected by the phishing incident.
Amount of loss: $ 6,000,000 Attack method: Phishing attack
Description of the event: NFT platform Blur tweeted that it noticed a phishing account with the ID @Blur_DAO and reminded users not to click on fake links. The fake account tweeted that the BLUR token query was now open, and posted a phishing URL.
Amount of loss: - Attack method: Phishing attack
Description of the event: The Discord server of NFT project Vivity was attacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: SlowMist founder Cosine tweeted that Gate.io’s official Twitter account may have been hacked. Hackers sent phishing messages to trick users into visiting gąte[.]com. Once you click "Claim", the eth_sign signature phishing will appear, which may lead to the theft of related assets such as Ethereum.
Amount of loss: - Attack method: Account Compromise
Description of the event: The redeem() function in OlympusDAO’s BondFixedExpiryTeller contract resulted in a loss of approximately $292,000 due to inability to properly validate inputs. The OlympusDAO hacker has returned the stolen funds to the DAO.
Amount of loss: $ 292,000 Attack method: Contract Vulnerability
Description of the event: Aptos ecological wallet Petra tweeted that the Aptos Labs team discovered a vulnerability on Petra on October 20. The mnemonic is related to account creation in existing wallets, and the mnemonic displayed on the page may be inaccurate. To access the exact 12 mnemonic phrases, set up, manage your account, enter your password, and click Show Key Recovery Phrase. Currently, Petra has fixed the vulnerability.
Amount of loss: - Attack method: Mnemonic Vulnerability