2179 hack event(s)
Description of the event: DeFi protocol Saddle Finance was attacked, causing the protocol to lose more than $10 million.
Amount of loss: $ 10,000,000 Attack method: Flash Loan Attack
Description of the event: In April, attackers exploited a vulnerability to steal $80 million from Rari Capital, and the asset management project Babylon Finance, Rari's main lending pool, lost $3.4 million as a result. On Aug. 31, Babylon Finance founder Ramon Recuero published a blog post announcing that Babylon would be shutting down and pledging to distribute remaining project funds to holders.
Amount of loss: $ 3,400,000 Attack method: Affected by the Rari Capital vulnerability
Description of the event: Fantom-based decentralized derivatives protocol DEUS Finance was attacked, and the hackers made about $13.4 million in profit. The hack utilized a flash loan-assisted manipulation of price oracles read from the StableV1 AMM-USDC/DEI pair, and then used the manipulated collateral DEI price to borrow and drain the pool.
Amount of loss: $ 13,400,000 Attack method: Flash Loan Attack
Description of the event: The official Instagram of the NFT project Bored Ape Yacht Club (BAYC) was hacked, and the attackers have stolen 91 NFTs including 4 BAYC, 7 MAYC, 3 BAKC, 1 CloneX, etc.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Wiener DOGE project was exploited maliciously, causing $30,000 in damages. Attackers exploited the inconsistency between WDODGE's charging mechanism and swap pools to launch the attack. The root cause of the incident is that the sender's LP pair is not excluded from the transfer fee through the tightened token contract. As a result, the attacker is able to drain the deflationary tokens in the LP pair, which in turn causes the pair price to become unbalanced.
Amount of loss: $ 30,000 Attack method: Flash loan attack
Description of the event: The Last Kilometer project was exploited in a flash loan attack, resulting in a loss of $26,495.
Amount of loss: $ 26,495 Attack method: Flash loan attack
Description of the event: The Medamon project was exploited in a flash loan attack, resulting in a loss of $3,159.
Amount of loss: $ 3,159 Attack method: Flash Loan Attack
Description of the event: The PI-DAO project was exploited in a flash loan attack, resulting in a loss of $6,445.
Amount of loss: $ 6,445 Attack method: Flash Loan Attack
Description of the event: The Akutars (@AkuDreams) project auction contract was permanently unable to withdraw 11,539.5 ETH due to multiple code flaws. According to SlowMist analysis, even if the problem of users' inability to refund is solved, due to the inconsistency between the number of bidders and the number of auctions and the defects of the project party's withdrawal function, Akutars funds will eventually be permanently locked.
Amount of loss: 11,539.5 ETH Attack method: Contract Vulnerability
Description of the event: The DeFi ecological protocol ZEED was attacked and lost about $1 million. At present, the attacker's gains are all in the attack contract.
Amount of loss: $ 1,000,000 Attack method: Contract Vulnerability
Description of the event: The SlowMist security team found that funds from about 52 addresses were maliciously transferred to terra1fz57nt6t3nnxel6q77wsmxxdesn7rgy0h27x30 from April 12 to April 21, with a total loss of about $4.31 million. The SlowMist security team stated that this attack was a phishing attack on batches of Google keyword advertisements. When a user searches for the well-known Terra project on Google, the first advertisement link (the domain name may be the same) on the Google search result page is actually a phishing website. When a user visits this phishing website and connects to the wallet, the phishing website will remind you to directly enter the mnemonic phrase. Once the user enters and clicks submit, the assets will be stolen by the attacker.
Amount of loss: $ 4,310,000 Attack method: Phishing Attack
Description of the event: A Rug Pull occurred in MaxAPY Finance, an automatic pledge protocol on BNB Chain, and its official Twitter account and Telegram group have been deleted. MaxAPY contract owners have transferred 1,042 BNB.
Amount of loss: 1042 BNB Attack method: Rug Pull
Description of the event: The Discord of NFT project Ugly People has been hacked, and attackers are spreading fake mint links.
Amount of loss: - Attack method: Account Compromise
Description of the event: The protocol loss caused by the flash loan attack of Ethereum-based algorithm stablecoin project Beanstalk Farms is about 182 million US dollars. The specific assets include 79238241 BEAN3CRV-f, 1637956 BEANLUSD-f, 36084584 BEAN and 0.54 UNI-V2_WETH_BEAN . The attackers made over $80 million, including about 24,830 ETH and 36 million BEAN. The main reason for this attack is that there is no time interval between the voting and execution of the proposal, so that the attacker can directly execute malicious proposals without community review after completing the voting.
Amount of loss: $ 182,000,000 Attack method: Flash loan attack
Description of the event: According to official sources, a large amount of FACE tokens were dumped on-chain, and the investigation turned out that one of the FACE tokens held by the team was transferred and sold by an unauthorized account.
Amount of loss: - Attack method: Phishing attack
Description of the event: The developer of Klaytn-based NFT project Metaconz tweeted that a malicious bot was installed on the administrator account of Metaconz’s Discord overseas team on Saturday, causing 79 users to lose 11.9 ETH (about $36,000), the team said. It promised to compensate all losses, and 53 users have so far been compensated. In addition, the developer reminded that if the user executes the setApprovalForAll function in Etherscan, please transfer the wallet unconditionally. Therefore, in this attack, the hacker used this function to deprive the victim of the wallet permission.
Amount of loss: 11.9 ETH Attack method: Account Compromise
Description of the event: Metaverse DeFi protocol Rikkei Finance was attacked because the attacker changed the oracle machine to a malicious contract. Rikkei Finance said users affected by the exploit will be fully compensated, and the team said the bug is being fixed and services have been fully restored. The total loss value is approximately $1.1 million (2671 BNB).
Amount of loss: $ 1,100,000 Attack method: Contract Vulnerability
Description of the event: Elephant Money was attacked, resulting in the loss of 27,416.46 BNB. The attacker first used WBNB to buy a large amount of ELEPHANT, and then used BUSD to mint the TRUNK stablecoin. During the minting process, the Elephant contract will convert BUSD to WBNB and then back to ELEPHANT to drive up the ELEPHANT price. The attacker then sells ELEPHANT at a profit.
Amount of loss: 27,416.46 BNB Attack method: Flash loan attack
Description of the event: According to official news, Marvin Inu’s cross-chain bridge was hacked, and tokens worth 110 ETH were stolen and sold, causing a sharp drop in price. The project party has closed the cross-chain bridge and fixed the loopholes. At the same time, it has adjusted the purchase tax to 0%, and promised to repurchase and destroy the tokens to make up for this loss after the price fluctuations stabilize.
Amount of loss: 110 ETH Attack method: Contract Vulnerability
Description of the event: There is a fundamental vulnerability in the CF token contract that allows anyone to transfer someone else's CF balance. The losses so far are around $1.9 million, while the CF/USDT trading pair on pancakeswap has been affected.
Amount of loss: $ 1,900,000 Attack method: Contract Vulnerability