1939 hack event(s)
Description of the event: UL LLC (commonly known as Underwriters Laboratories) suffered a ransomware attack that encrypted its server and caused the server to shut down the system when it recovered. To prevent the attack from spreading further, the company shut down the system so that certain employees could not perform their work. According to sources familiar with the attack, UL decided not to pay the ransom, but to restore from backup.
Amount of loss: - Attack method: Ransomware
Description of the event: F2Pool was attacked by DDos, and some addresses experienced short-term failures, which have been restored.
Amount of loss: - Attack method: DDoS Attack
Description of the event: According to CryptoPotato, the ransomware group DoppelPaymer launched another attack, this time leaking sensitive data of KMA, the North American branch of automaker Kia Motors. Criminals demand Bitcoin to pay the ransom, and the total ransom may be as high as 600 Bitcoins (worth more than 30 million U.S. dollars). KMA stated that the company has experienced “IT outages involving internal, reseller, and customer-facing systems” and stated that it is working to resolve these issues. The ransom note left by the DoppelPaymer ransomware group stated that they had broken into KMA's system.
Amount of loss: - Attack method: Ransomware
Description of the event: The privacy coin Verge (XVG) underwent a reorganization of 560,000 blockchains after a 51% attack on Monday. Lucas Nuzzi of CoinMetrics stated that the history of token transactions over 200 days has been deleted.
Amount of loss: - Attack method: 51% attack
Description of the event: The attacker uses Lightning Loan to Alpha Finance for leveraged lending, and uses Alpha Finance’s own Cream IronBank quota to return the Lightning Loan. In this process, the attacker obtains a large amount of cySUSD by adding liquidity to Cream, allowing the attacker to use it. These cySUSD are further borrowed in Cream Finance. Due to problems with Alpha Finance, both agreements suffered losses at the same time.
Amount of loss: $ 37,500,000 Attack method: Flash loan attack
Description of the event: DeFi revenue aggregator BT.Finance tweeted, "It was hacked. The attacked strategies include ETH, USDC and USDT. Other strategies are not affected. BT.Finance withdrawal fee protection has reduced the loss of this attack by nearly 140,000 US dollars." BT.Finance expressed the hope that hackers can return the funds and will use BT tokens to thank its bug test. According to ICO Analytics, the affected funds are approximately US$1.5 million.
Amount of loss: $ 1,500,000 Attack method: Flash loan attack
Description of the event: Bitcoin trading market KeepChange stated that the exchange received a request for withdrawal from a customer's account to an address belonging to the attacker, and a control subsystem of the platform suspended the request, resulting in no loss of Bitcoin. However, the attackers stole some customer data, including email addresses, names, number of transactions, total transaction amounts, and passwords.
Amount of loss: - Attack method: Information Leakage
Description of the event: Yearn v1 yDAI vault was attacked and the attackers stole 2.8 million US dollars. Banteg, the core developer of Yearn finance, subsequently stated that the attacker received 2.8 million US dollars and vault lost 11 million US dollars.
Amount of loss: $ 11,000,000 Attack method: Flash loan attack
Description of the event: The DeFi insurance project ArmorFi has paid a $1.5 million bug bounty to the white hat hacker Alexander Schlindwein. Because the hacker discovered a "critical loophole" in the agreement, and may cause all the company's underwriting funds to be depleted.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: According to feedback from Binance Smartchain investors, on February 1st, the BSC listed project Multi Financial ran away, and it only took about 5000 BNB in one day. The compromised investor stated that it had reported that Binance had blocked the address of the project party and reported to the police. Recently, there have been many running incidents on BSC. The popcornswap project has approached 48,000 BNB. In a few days, three other projects (Zap Finance and Tin Finance, SharkYield) ran away. The current SharkYield ran away is suspected to have taken away 6000 BNB. Binance said that BSC is the same public chain as Ethereum and should not be responsible for the above projects. It hopes that users will manually intervene in investment and select high-quality projects to participate.
Amount of loss: 5,000 BNB Attack method: Rug Pull
Description of the event: Another DeFi project popcornswap on Binance Smart Chain has gone. It is reported that some users said in the community that the project used cake's LP, the contract was open source but there was no audit, and the LP was run in less than two hours. Currently, there are more than 40,000 BNB in the wallet and no action is taken.
Amount of loss: 48,000 BNB Attack method: Rug Pull
Description of the event: Weibo user “CryptoBlanker” broke the news: the refi.finance project party directly used the reserved setBoardroom() function to change the Boardroom address to the address it deployed. Light BAS was taken away 2,600, worth 111 ETH (about 144,000 US dollars).
Amount of loss: 111 ETH Attack method: Rug Pull
Description of the event: On January 27, 2021, SushiSwap was attacked again. This attack took advantage of the fact that DIGG itself did not have a WETH trading pair, and the attacker created this trading pair and manipulated the initial transaction price, resulting in a huge slippage during the fee exchange process. The attacker only needs to use a small amount of DIGG and WETH provide initial liquidity to obtain huge profits.
Amount of loss: 81 ETH Attack method: Price Manipulation
Description of the event: User information of BuyUCoin, an Indian cryptocurrency exchange, was leaked, and personal data of more than 325,000 people appeared in the database of the hacker organization. According to Indian news media Inc42, a hacker group called ShinyHunters placed a database containing the names, phone numbers, email addresses, tax identification numbers and bank account information of more than 325,000 BuyUCoin users.
Amount of loss: - Attack method: Information Leakage
Description of the event: The privacy coin project Firo stated on Twitter that it is currently under 51% attacks and it is recommended that users do not trade during this period until the network returns to normal.
Amount of loss: - Attack method: 51% attack
Description of the event: On January 11, the Michigan state police claimed that an anonymous person mailed death threats to Governor Gretchen Whitmer and employees of the state in an attempt to collect $2 million worth of Bitcoin. The letter said that unless the governor transfers more than $2 million in cryptocurrency to him before January 25, the state employee will die. A Michigan State Police spokesperson responded that the threat was not credible.
Amount of loss: - Attack method: Ransomware
Description of the event: The Tor network was attacked and all v3 onion addresses were inaccessible. Darknetdaily posted that this seems to be a new type of attack that will affect the entire network and cause the consensus authorization node to overload. Hugbunter, the administrator of the dark web forum Dread, said that all v3 onion addresses are currently inaccessible. The cause of the accident is unknown, but it may cause a huge attack on the entire network. Hugbunter speculated that an article he published earlier might have spawned this attack. The article advocated that competitors in the market should be prevented from launching DDoS attacks against each other.
Amount of loss: - Attack method: Network Attack
Description of the event: The ZKSwap token ZKS, a decentralized exchange based on ZK Rollup, has problems due to Uniswap adding liquidity. ZKSwap officially stated that the reason for this phenomenon was that someone used scripts to brush transactions, resulting in a higher price for first adding liquidity. The project party can only sell a part of ZKS to return the price to normal levels. All the USDT obtained from selling ZKS has been injected into the liquidity pool and will not be withdrawn in the next 3 months
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: Twitter netizens said that due to a loophole in the award contract, the coverage agreement lost $3 million. Conversion, the data on the chain shows that attackers (0xf05Ca...943DF) have used the cover contract to issue a total of about 10,000 COVER, and have replaced them with assets such as WBTC and DAI. Later, the blockchain browser showed that the attacker (address label Grap Finance: Deployer) who made a profit of 3 million US dollars by issuing additional COVER returned 4350 ETH to the address labelled YieldFarming.insure: Deployer. CoverProtocol officially tweeted announcing that it will provide a new COVER token based on the snapshot before the breakthrough was repeated. And the 4350 ETH returned by the attacker will also be returned to LP token holders through snapshot processing.
Amount of loss: $ 3,000,000 Attack method: Contract Vulnerability
Description of the event: The Altilly Exchange platform was attacked by legally authorized access. According to the official weighing, the attacker gained access to 30 BTC and 12,000 USDT and stole them while controlling the server.
Amount of loss: 30 BTC + 12,000 USDT Attack method: Unauthorized access