1923 hack event(s)
Description of the event: The Tor network was attacked and all v3 onion addresses were inaccessible. Darknetdaily posted that this seems to be a new type of attack that will affect the entire network and cause the consensus authorization node to overload. Hugbunter, the administrator of the dark web forum Dread, said that all v3 onion addresses are currently inaccessible. The cause of the accident is unknown, but it may cause a huge attack on the entire network. Hugbunter speculated that an article he published earlier might have spawned this attack. The article advocated that competitors in the market should be prevented from launching DDoS attacks against each other.
Amount of loss: - Attack method: Network Attack
Description of the event: The ZKSwap token ZKS, a decentralized exchange based on ZK Rollup, has problems due to Uniswap adding liquidity. ZKSwap officially stated that the reason for this phenomenon was that someone used scripts to brush transactions, resulting in a higher price for first adding liquidity. The project party can only sell a part of ZKS to return the price to normal levels. All the USDT obtained from selling ZKS has been injected into the liquidity pool and will not be withdrawn in the next 3 months
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: Twitter netizens said that due to a loophole in the award contract, the coverage agreement lost $3 million. Conversion, the data on the chain shows that attackers (0xf05Ca...943DF) have used the cover contract to issue a total of about 10,000 COVER, and have replaced them with assets such as WBTC and DAI. Later, the blockchain browser showed that the attacker (address label Grap Finance: Deployer) who made a profit of 3 million US dollars by issuing additional COVER returned 4350 ETH to the address labelled YieldFarming.insure: Deployer. CoverProtocol officially tweeted announcing that it will provide a new COVER token based on the snapshot before the breakthrough was repeated. And the 4350 ETH returned by the attacker will also be returned to LP token holders through snapshot processing.
Amount of loss: $ 3,000,000 Attack method: Contract Vulnerability
Description of the event: The Altilly Exchange platform was attacked by legally authorized access. According to the official weighing, the attacker gained access to 30 BTC and 12,000 USDT and stole them while controlling the server.
Amount of loss: 30 BTC + 12,000 USDT Attack method: Unauthorized access
Description of the event: According to sources, the Russian cryptocurrency exchange Livecoin previously stated that it was attacked and lost control of its server. Later, Livecoin announced its closure on Twitter and provided a link to its new domain name "Livecoin.news".
Amount of loss: - Attack method: Server compromised
Description of the event: A major security breach in the British cryptocurrency exchange Exmo has caused the platform to freeze all withdrawals. Since EXMO has a separate server for each cryptocurrency, the hacking only affected six cryptocurrencies, BTC, XRP, ZEC, USDT, ETC, and ETH, and the affected assets were equivalent to 6% of the company's total assets. According to The Block research analyst Igor Igamberdiev, EXMO seems to have lost $10.5 million in funds. The exchange provided a list of stolen coins and their addresses, and analysis showed that most of the funds had been sent to Poloniex. The lost coins include Bitcoin (BTC), Ethereum (ETH), XRP, Ethereum Classic (ETC), Tether (USDT) and Zcash (ZEC).It was reported on December 25 that the hackers who attacked Exmo had withdrawn $4 million of stolen funds through Poloniex.
Amount of loss: $ 10,500,000 Attack method: Wallet Stolen
Description of the event: DeFi portal DefiPrime said on Twitter this morning that at 06:34 on December 18th, Beijing time, the liquidity LP token mortgage loan DeFi agreement Warp Finance suffered a lightning loan attack and about 8 million US dollars were stolen. In addition, Warp Finance officials also tweeted that they are investigating illegal stablecoin loans that were lent in the last hour, and recommend not to deposit stablecoins until the official finds out the violation.Afterwards, Warp Finance issued a statement regarding the lightning loan attack. It is said that lightning loan attackers can steal up to US$7.7 million worth of stablecoins, but the Warp Finance team has formulated a plan to recover approximately US$5.5 million worth of stablecoins still in the mortgage vault. The US$5.5 million will be The proportion is distributed to users who have suffered losses.
Amount of loss: $ 7,700,000 Attack method: Flash loan attack
Description of the event: On December 14th, the Procuratorate of Cordoba, Argentina prosecuted 12 scammers involved in the OneCoin cryptocurrency Ponzi scheme and ordered their arrests last Thursday. Eight of them have been arrested. It was previously reported that the OneCoin Ponzi scheme caused relevant investors to suffer a total of US$4.4 billion in financial losses from their investment in the project from April 2014 to March 2018.
Amount of loss: $ 4,40,000,000 Attack method: Scam
Description of the event: DeFi insurance agreement Nexus Mutual stated on Twitter that the personal address of its founder Hugh Karp was attacked by a platform user, stolen 370,000 NXM and lost more than 8 million US dollars. The official said that this is a targeted attack, only the official name, Karp used a hardware wallet, the attacker obtained remote access to his computer, and modified the wallet plug-in MetaMask, deceived him to sign the transaction, the attacker Completed KYC 11 days ago, and then changed to a new address on December 3. , To transfer funds to the attacker’s own address.
Amount of loss: 370,000 NXM Attack method: Permission Stolen
Description of the event: According to reports, DeTrade Fund was the biggest scam on Friday, the platform allowing any user to profit by putting money into its arbitrage system and defrauding more than 1,400 ETH raised in a pre-sale. Twitter user Artura discovered that DeTrade Fund is actually run by a Lithuanian. Shortly after Artura’s tweet, the scam’s affiliate addresses distributed hundreds of ETH to presale participants, returning around 65-70% of the initial stolen funds.
Amount of loss: $ 1,200,000 Attack method: Scam
Description of the event: Foxconn was attacked by ransomware, which temporarily caused problems in its production facilities in Mexico and resulted in the theft of data. It is reported that the ransomware attack occurred on Thanksgiving weekend and the hacker was a DoppelPaymer group. The target of the attack was the Foxconn factory in Juarez, Chihuahua. About 1,200 servers were infected. 100GB of unencrypted files were stolen. The ransomware attack also caused 20TB to 30TB of backup data to be deleted. It is reported that the DoppelPaymer group demanded a ransom of 1804.0955 Bitcoin (approximately 220 million yuan) in exchange for an encryption key and promise not to publish the stolen data. Foxconn did not pay, and at least part of the data has been published on the dark web. In response, Foxconn responded that its factories in the Americas have indeed been attacked by cyber ransomware recently. At present, its internal information security team has completed software and operating system security updates, and at the same time improved the level of information security protection. At the same time, the affected factories are restoring the network, which has little impact on the group's overall operations.
Amount of loss: - Attack method: Ransomware
Description of the event: Aeternity (AE) was attacked by 51% yesterday. According to core members of the Aeternity community, the 51% attack caused a loss of more than 39 million AE tokens. The official team is solving the problem. The main damages are exchanges and mining pools. Exchanges are concentrated in OKEx, Gate, and Binance. In this regard, Aeternity Chaohua Community Moderator "February Honghong" said that 51% attacks will not create new tokens. He can understand it as copying a fake token from the attacker and sending it to Exchange withdrawals are often the unlucky ones, and mining pools are the same. Therefore, 51% attacks are not technical vulnerabilities. POW itself is such an operating mechanism, so the team will not settle claims.
Amount of loss: $ 5,201,240 Attack method: 51% attack
Description of the event: The cryptocurrency exchange Poloniex issued an announcement stating that since December 5th at 6:30 UTC (14:30 Beijing time), its service was interrupted due to a distributed denial of service (DDoS) attack. At present, Poloniex has resumed normal trading, and user funds have not suffered any loss.
Amount of loss: - Attack method: DDoS Attack
Description of the event: At 3:00 pm on December 1st, Beijing time, the security technical team discovered through Skynet that the Compounder.Finance project located at the address of 0x0b283b107f70d23250f882fbfe7216c38abbd7ca has undergone multiple large-value transactions. After verification, it was found that these transactions were internal operations of Compounder.Finance project owners, transferring a large number of tokens to their own accounts. According to statistics, Compounder.Finance eventually lost a total of about 80 million yuan worth of tokens.
Amount of loss: $ 80,000,000 Attack method: Project owner internal operations
Description of the event: On December 1, the Australian cryptocurrency exchange BTC Markets accidentally disclosed the full names and email addresses of all its customers in marketing emails sent to customers, which may expose all customers to potential phishing attacks. These emails are sent in batches of 1,000, which means that every customer has received the names and email addresses of 999 other users. BTC Markets CEO Caroline Bowler said that the company sincerely apologized for the incident and emphasized that the executives of the exchange are currently working around the clock to minimize the impact of violations and implement “additional security features”. To prevent future information leakage. Bowler advises BTC Markets customers to ensure that two-factor authentication is enabled to protect their accounts and to change the password of their email account.
Amount of loss: - Attack method: Information Leakage
Description of the event: DeFi asset mortgage platform Saffron Finance issued an announcement stating that Epoch 1 redemption errors caused by contract loopholes resulted in 50 million DAI deposits deposited by Epoch 1 being locked for 8 weeks. The team is currently working on an emergency fix to solve this problem and will transition to Epoch 2. Saffron Finance is a DeFi asset mortgage platform released by an anonymous team. The token is SFI, allowing liquidity providers to select customized risk exposures to obtain returns. In each cycle, users can choose different risk-return combinations (A, AA, S) on Saffron to provide liquidity. A cycle of 14 days (LP locks within 14 days). After the cycle ends, users can remove liquidity and obtain Interest and prorated SFI.
Amount of loss: $ 50,000,000 Attack method: Contract Vulnerability
Description of the event: The liquidity mining project SushiSwap (SUSHI) community governor 0xMaki announced in the Discord group that the SushiSwap vulnerability has been fixed, and the lost funds (approximately US$10,000) will be compensated from the SUSHI asset library. Previously, SushiSwap was attacked by a liquidity provider. The attacker obtained between 10,000 and 15,000 US dollars in a transaction. However, after this operation was discovered by 0xMaki, 0xMaki sent a transaction to the attacker with a message saying "I found you and we are working hard to fix it. Contact me on Discord to get bug bounty-0xMaki". According to analysis, the attacker uses SLP and WETH to create a new token pool, uses SLP1 of the new token pool to convert in Sushi Maker, and uses a small amount of SLP to transfer all SLPs in the Sushi Maker contract to the tokens they created. In the pool, all the handling fees of the corresponding transaction pair within a period of time will be collected into the bag. Repeat this process for other trading pairs and continue to make profits.
Amount of loss: $ 15,000 Attack method: Price Manipulation
Description of the event: DeFi robo-advisor Rari Capital released an official Twitter saying that contract vulnerabilities have been fixed with the cooperation of Quantstamp and no funds have been lost. Previously, due to loopholes in the RGT Distributor contract, RGT token application and deposit and withdrawal operations have been suspended. Rari Capital is currently reviewing the code update to confirm that there are no other vulnerabilities in the entire code.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Compound's price feed error caused the liquidation of $90 million in assets. According to DeBank founder, the huge liquidation of Compound was caused by the dramatic fluctuations in the DAI price of the oracle information source Coinbase Pro. It is a typical oracle attack to manipulate the information source that the oracle relies on to perform short-term price manipulation to achieve misleading prices on the chain.
Amount of loss: - Attack method: Oracle Attack
Description of the event: Ethereum DeFi project Pickle Finance was attacked, losing about 20 million DAI. According to SlowMist analysis, the attacker completes an attack by forging the contract addresses of _fromJar and _toJar when calling the swapExactJarForJar function in the Controller contract, and then transferring the fake currency in exchange for the real DAI in the contract. SlowMist indicates that the swapExactJarForJar function in Pickle Finance's Controller contract allows two arbitrary jar contract addresses to be passed in for token exchange. Among them, _fromJar, _toJar, _fromJarAmount, and _toJarMinAmount are all variables that users can control. Attackers use this feature, fill in both _fromJar and _toJar with their own addresses, and _fromJarAmount is the amount of DAI set by the attacker to extract the contract, about 20 million DAI.
Amount of loss: $ 20,000,000 Attack method: Fake currency for real currency