1895 hack event(s)
Description of the event: DeFi protocol ValueDeFi is suspected of being hacked again after being hacked on the 5th. ValueDeFi reminds users in the community, "All non-50/50 transaction pools of the project have been used. Please stop purchasing gvVALUE and vBSWAP until the project team provides a solution." It was subsequently confirmed that more than 3,000 ETH (approximately 10 million U.S. dollars) were lost.
Amount of loss: $ 10,000,000 Attack method: Contract Vulnerability
Description of the event: On May 7, 2021, Colonial Pipeline, the largest oil and gas pipeline operator in the United States, was targeted by a ransomware attack. The ransomware attack involved national critical infrastructure, which caused global shock and widespread concern. Was blackmailed to pay 5 million U.S. dollars worth of Bitcoin. Court documents show that the government recovered 63.7 bitcoins ($2.3 million).
Amount of loss: $ 2,700,000 Attack method: Ransomware
Description of the event: In response to users reporting that the official website of Hpool could not be opened, Hpool officially responded that the front end of the official website was attacked by DDOS.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Value DeFi stated that at 11:22 on May 5th, the attacker reinitialized the fund pool and set the operator role to himself, and _stakeToken was set to HACKEDMONEY. The attacker controlled the pool and called governmentRecoverUnsupported (), which was exhausted. The original pledge token (vBWAP/BUSD LP). Then, the attacker removes 10839.16 vBWAP/BUSD LP and liquidity, and obtains 7342.75 vBSWAP and 205659.22 BUSD. Subsequently, the attacker sells all 7342.75 vBSWAP at 1inch to obtain 8790.77 BNB, and buys BNB and BUSD renBTC through renBridge. Converted to BTC. The attacker made a total of 205,659.22 BUSD and 8,790.77 BNB. The 2802.75 vBSWAP currently in the reserve fund and the 205,659.22 BUSD of the ValueDeFi deployer will be used to compensate all users in the pool. The remaining 4540 vBSWAP can be compensated in the following two ways. The first option is to cast 4540 vBSWAP to immediately compensate all affected users, and the other option is to cast 2270 vBSWAP to immediately compensate, and the rest will be returned to the contract within 3 months. Value DeFi emphasized that only the vStake profit sharing pool of vBSWAP in bsc.valuedefi.io has received the impression, and other fund pools and funds are in a safe state.
Amount of loss: $ 5,817,780 Attack method: Contract Vulnerability
Description of the event: The Mask Network official stated that the contract address of the second round of ITO was attacked by robots, and the address has been officially blacklisted.
Amount of loss: - Attack method: Robot attack
Description of the event: According to the SlowMist Intelligence, the Binance smart chain project Spartan Protocol was hacked and the loss amounted to about 30 million U.S. dollars. The event was due to a flaw in the calculation of liquidity shares in the protocol.
Amount of loss: $ 30,000,000 Attack method: Contract Vulnerability
Description of the event: Fei Labs, the development team of the decentralized stablecoin project Fei Protocol, tweeted that a vulnerability involving the ETH joint curve contract was discovered and disclosed on May 2 and the contract was immediately suspended. The vulnerability has not been exploited and will not affect any users. . This loophole will cause the flash loan market manipulation to exhaust Fei Protocol's Protocol Control Fund (PCV). In addition, Fei Protocol awarded the vulnerability discoverer Alexander Schlindwein a $800,000 TRIBE token reward. Currently, OpenZeppelin and Alexander Schlindwein have assisted in repair review and verification, sending ETH from the joint curve to the reserve stabilizer instead of the ETH-FEI Uniswap pool to eliminate the attack vector, and adding to the pool to prevent malicious arbitrage Other reviews.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Hotbit said that it suffered a serious cyber attack on April 29th, which caused a large number of basic services to be paralyzed. At the same time, the attacker tried to hack into Hotbit's wallet, but this behavior was identified and blocked by the risk control system. Since the attacker could not access any cryptocurrency assets, he deleted Hotbit's database. Hotbit is currently checking the authenticity and security of the backup data, and will restore servers and services later. At the same time, Hotbit claimed that the attackers obtained plaintext customer information stored in the database, including mobile phone numbers, email addresses, and encrypted currency asset data. Therefore, it is recommended that users pay attention to prevent phishing attacks.
Amount of loss: - Attack method: Network attacks
Description of the event: A loophole in the BSC ecosystem Uranium Finance resulted in the theft of US$50 million in funds. Research analyst Igor Igamberdiev pointed out an error in the Pair contract in Uranium v2. Due to calculation errors, this was used to withdraw almost all tokens. The balance of these Pair contracts has also been overstated. After the hack, Uranium Finance shut down, and the victims received no financial compensation. On February 25, 2025, U.S. authorities seized approximately $31 million in cryptocurrency linked to the 2021 Uranium Finance hack. This seizure was the result of joint efforts by the U.S. District Court for the Southern District of New York and Homeland Security Investigations (HSI) San Diego.
Amount of loss: $ 50,000,000 Attack method: Contract Vulnerability
Description of the event: At 00:35 on April 24th, SBF, the co-founder of the FTX exchange, tweeted that the website suffered a small DDOS attack. User funds and core systems will not be affected, only the throughput of API and GUI will be affected.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Six siblings of Turkish exchange Thodex executives and CEO have been formally arrested, a Turkish court said. And Thodex CEO Faruk Fatih Özer disappeared, leaving behind a collapsed exchange with total losses estimated to range from $24 million to $2.5 billion. Faruk was arrested in August more than a year after fleeing Turkey. In September 2023, Faruk and his siblings were sentenced to 11,196 years in prison and will also pay a fine of 135 million lira (approximately $5 million).
Amount of loss: $ 2,500,000,000 Attack method: Scam
Description of the event: Ankitt Gaur, founder and CEO of Layer 2 DeFi lending protocol EasyFi (EASY), said, “On April 19, team members reported that a large number of EASY tokens were transferred from the official EasyFi wallet to the Ethereum network and several unknowns on the Polygon network. Wallet. Someone may have attacked the management key or mnemonic. The hacker successfully obtained the administrator key and transferred $6 million of existing liquid funds in the form of USD/DAI/USDT from the protocol pool, and transferred 298 Ten thousand EASY tokens (approximately 30% of the total supply of EASY tokens, currently valued at 40.9 million U.S. dollars) were transferred to the wallet of the suspected hacker (0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37)."
Amount of loss: $ 46,900,000 Attack method: Private Key Leakage
Description of the event: Encrypted lending service Celsius has discovered a data breach in one of its third-party service providers, which has exposed the personal information of its customers. According to the email, the hacker gained access to the "third-party email distribution system" used by Celsius. Hackers use this information to send fraudulent emails and text messages to trick them into revealing the private keys of their funds. On April 14, Celsius users started reporting a fraudulent website claiming to be the official Celsius platform. Some users also receive text messages and emails claiming to be Celsius official, can link to the website, and prompt the recipient to enter sensitive information. It is reported that Celsius' competitor BlockFi suffered a similar data breach last spring.
Amount of loss: - Attack method: Information Leakage
Description of the event: According to sources, since April 12, 2021, a person who has access to Binance Smart Chain account 0x35f16a46d3cf19010d28578a8b02dfa3cb4095a1 (PancakeSwap administrator account) has stolen 59,765 Cakes (approximately US$1,800,000) from the PancakeSwap lottery pool. After hackers exploited the vulnerability several times, PancakeSwap banned the account.
Amount of loss: $ 1,800,000 Attack method: Private Key Leakage
Description of the event: Polkatrain, an ecological IDO platform of Polkadot, had an accident this morning. According to SlowMist analysis, the contract in question is the POLT_LBP contract of the Polkatrain project. This contract has a swap function and a rebate mechanism. When users purchase through the swap function When the PLOT token is used, a certain amount of rebate will be obtained, and the rebate will be forwarded to the user in the form of calling transferFrom by the _update function in the contract. Since the _update function does not set the maximum amount of rebates for a pool, nor does it determine whether the total rebates have been used up when rebates are made, malicious arbitrageurs can continuously call the swap function to exchange tokens to get the contract. Rebate reward. The SlowMist security team reminds DApp project parties to fully consider the business scenario and economic model of the project when designing the AMM exchange mechanism to prevent unexpected situations.
Amount of loss: $ 3,000,000 Attack method: Arbitrage attack
Description of the event: The DeFi quantitative hedge fund Force DAO posted a blog stating that it was responsible for the previous attack and has implemented procedures to ensure that any such incidents are mitigated in the future. A total of 183 ETH (about 367,000 U.S. dollars) worth of FORCE tokens were exhausted and liquidated in this attack.
Amount of loss: 183 ETH Attack method: Contract Vulnerability
Description of the event: According to BSC news, Turtle.dex has run away, taking away about 9,000 BNB, worth more than 2 million U.S. dollars, and the website and telegram group have been deleted. BSC news refers to this as a well-thought-out and planned running behavior. At present, part of the funds have been converted into ETH to enter the Binance Exchange, and investors are urging Binance to freeze related accounts. On March 15th, in response to the question of whether it would run away, Turtle officially stated: No, because the turtles have short hands. Note: Turtle means sea turtle.
Amount of loss: 9,000 BNB Attack method: Rug Pull
Description of the event: Renowned computer maker Acer has been hit by a ransomware gang, REvil, demanding up to $50 million in XMR to decrypt the company's computers and not leak data on the dark web. The ransomware gang announced on their data breach website that they had compromised Acer and shared as evidence some images of allegedly stolen files for files containing financial spreadsheets, bank balances and bank communications .
Amount of loss: - Attack method: Ransomware
Description of the event: DeFi gathers reasonable financial services SIL.Finance contract has high-risk loopholes. Later, SIL.Finance issued an article saying that the incident was caused by a vulnerability in the smart contract permissions, which in turn triggered a general preemptive trading robot to submit a series of transactions for profit. After discovering that the smart contract could not be withdrawn due to high-risk loopholes, after 36 hours of efforts such as SlowMist, it has successfully recovered USD 12.15 million.SIL.Finance stated that if any user assets are damaged in this incident, the team decided to use its own funds to launch a compensation plan: all users who suffered losses will receive 2 times the compensation, which will be issued in SIL.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Recently, Iron Finance, a stablecoin mortgage platform based on Binance Chain, was attacked. Two vFarm liquidity pools (50% IRON—50% SIL pool; 50% IRON—50% BUSD pool) lost a total of 170,000 US dollars. Later, the official publication of the incident stated that: 1. The cause of the attack was due to the upgrade of the cloud service (FaaS) and the change in the reward rate integer, but the official team was not aware of the problem. Later, an attacker made a profit of 170,000 U.S. dollars by selling all the local token SIL rewards. 2. The Iron Finance smart contract has no loopholes. 3. vFarms will be restarted on March 18th, and SIL tokens will be restarted to sIRON. 4. Users should not sell or exchange IRON tokens for the time being. When the new pool is restarted, the full amount of BUSD can be redeemed. The Iron Finance agreement was launched on the BSC in early March. The IRON stablecoin is pegged to the U.S. dollar, partly backed by collateral such as BUSD and USDT, and partly backed by the SIL algorithm.
Amount of loss: $ 170,000 Attack method: Affected by Cloud Service Upgrade