1988 hack event(s)
Description of the event: Hotbit said that it suffered a serious cyber attack on April 29th, which caused a large number of basic services to be paralyzed. At the same time, the attacker tried to hack into Hotbit's wallet, but this behavior was identified and blocked by the risk control system. Since the attacker could not access any cryptocurrency assets, he deleted Hotbit's database. Hotbit is currently checking the authenticity and security of the backup data, and will restore servers and services later. At the same time, Hotbit claimed that the attackers obtained plaintext customer information stored in the database, including mobile phone numbers, email addresses, and encrypted currency asset data. Therefore, it is recommended that users pay attention to prevent phishing attacks.
Amount of loss: - Attack method: Network attacks
Description of the event: A loophole in the BSC ecosystem Uranium Finance resulted in the theft of US$50 million in funds. Research analyst Igor Igamberdiev pointed out an error in the Pair contract in Uranium v2. Due to calculation errors, this was used to withdraw almost all tokens. The balance of these Pair contracts has also been overstated. After the hack, Uranium Finance shut down, and the victims received no financial compensation. On February 25, 2025, U.S. authorities seized approximately $31 million in cryptocurrency linked to the 2021 Uranium Finance hack. This seizure was the result of joint efforts by the U.S. District Court for the Southern District of New York and Homeland Security Investigations (HSI) San Diego.
Amount of loss: $ 50,000,000 Attack method: Contract Vulnerability
Description of the event: At 00:35 on April 24th, SBF, the co-founder of the FTX exchange, tweeted that the website suffered a small DDOS attack. User funds and core systems will not be affected, only the throughput of API and GUI will be affected.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Six siblings of Turkish exchange Thodex executives and CEO have been formally arrested, a Turkish court said. And Thodex CEO Faruk Fatih Özer disappeared, leaving behind a collapsed exchange with total losses estimated to range from $24 million to $2.5 billion. Faruk was arrested in August more than a year after fleeing Turkey. In September 2023, Faruk and his siblings were sentenced to 11,196 years in prison and will also pay a fine of 135 million lira (approximately $5 million).
Amount of loss: $ 2,500,000,000 Attack method: Scam
Description of the event: Ankitt Gaur, founder and CEO of Layer 2 DeFi lending protocol EasyFi (EASY), said, “On April 19, team members reported that a large number of EASY tokens were transferred from the official EasyFi wallet to the Ethereum network and several unknowns on the Polygon network. Wallet. Someone may have attacked the management key or mnemonic. The hacker successfully obtained the administrator key and transferred $6 million of existing liquid funds in the form of USD/DAI/USDT from the protocol pool, and transferred 298 Ten thousand EASY tokens (approximately 30% of the total supply of EASY tokens, currently valued at 40.9 million U.S. dollars) were transferred to the wallet of the suspected hacker (0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37)."
Amount of loss: $ 46,900,000 Attack method: Private Key Leakage
Description of the event: Encrypted lending service Celsius has discovered a data breach in one of its third-party service providers, which has exposed the personal information of its customers. According to the email, the hacker gained access to the "third-party email distribution system" used by Celsius. Hackers use this information to send fraudulent emails and text messages to trick them into revealing the private keys of their funds. On April 14, Celsius users started reporting a fraudulent website claiming to be the official Celsius platform. Some users also receive text messages and emails claiming to be Celsius official, can link to the website, and prompt the recipient to enter sensitive information. It is reported that Celsius' competitor BlockFi suffered a similar data breach last spring.
Amount of loss: - Attack method: Information Leakage
Description of the event: According to sources, since April 12, 2021, a person who has access to Binance Smart Chain account 0x35f16a46d3cf19010d28578a8b02dfa3cb4095a1 (PancakeSwap administrator account) has stolen 59,765 Cakes (approximately US$1,800,000) from the PancakeSwap lottery pool. After hackers exploited the vulnerability several times, PancakeSwap banned the account.
Amount of loss: $ 1,800,000 Attack method: Private Key Leakage
Description of the event: Polkatrain, an ecological IDO platform of Polkadot, had an accident this morning. According to SlowMist analysis, the contract in question is the POLT_LBP contract of the Polkatrain project. This contract has a swap function and a rebate mechanism. When users purchase through the swap function When the PLOT token is used, a certain amount of rebate will be obtained, and the rebate will be forwarded to the user in the form of calling transferFrom by the _update function in the contract. Since the _update function does not set the maximum amount of rebates for a pool, nor does it determine whether the total rebates have been used up when rebates are made, malicious arbitrageurs can continuously call the swap function to exchange tokens to get the contract. Rebate reward. The SlowMist security team reminds DApp project parties to fully consider the business scenario and economic model of the project when designing the AMM exchange mechanism to prevent unexpected situations.
Amount of loss: $ 3,000,000 Attack method: Arbitrage attack
Description of the event: The DeFi quantitative hedge fund Force DAO posted a blog stating that it was responsible for the previous attack and has implemented procedures to ensure that any such incidents are mitigated in the future. A total of 183 ETH (about 367,000 U.S. dollars) worth of FORCE tokens were exhausted and liquidated in this attack.
Amount of loss: 183 ETH Attack method: Contract Vulnerability
Description of the event: According to BSC news, Turtle.dex has run away, taking away about 9,000 BNB, worth more than 2 million U.S. dollars, and the website and telegram group have been deleted. BSC news refers to this as a well-thought-out and planned running behavior. At present, part of the funds have been converted into ETH to enter the Binance Exchange, and investors are urging Binance to freeze related accounts. On March 15th, in response to the question of whether it would run away, Turtle officially stated: No, because the turtles have short hands. Note: Turtle means sea turtle.
Amount of loss: 9,000 BNB Attack method: Rug Pull
Description of the event: Renowned computer maker Acer has been hit by a ransomware gang, REvil, demanding up to $50 million in XMR to decrypt the company's computers and not leak data on the dark web. The ransomware gang announced on their data breach website that they had compromised Acer and shared as evidence some images of allegedly stolen files for files containing financial spreadsheets, bank balances and bank communications .
Amount of loss: - Attack method: Ransomware
Description of the event: DeFi gathers reasonable financial services SIL.Finance contract has high-risk loopholes. Later, SIL.Finance issued an article saying that the incident was caused by a vulnerability in the smart contract permissions, which in turn triggered a general preemptive trading robot to submit a series of transactions for profit. After discovering that the smart contract could not be withdrawn due to high-risk loopholes, after 36 hours of efforts such as SlowMist, it has successfully recovered USD 12.15 million.SIL.Finance stated that if any user assets are damaged in this incident, the team decided to use its own funds to launch a compensation plan: all users who suffered losses will receive 2 times the compensation, which will be issued in SIL.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Recently, Iron Finance, a stablecoin mortgage platform based on Binance Chain, was attacked. Two vFarm liquidity pools (50% IRON—50% SIL pool; 50% IRON—50% BUSD pool) lost a total of 170,000 US dollars. Later, the official publication of the incident stated that: 1. The cause of the attack was due to the upgrade of the cloud service (FaaS) and the change in the reward rate integer, but the official team was not aware of the problem. Later, an attacker made a profit of 170,000 U.S. dollars by selling all the local token SIL rewards. 2. The Iron Finance smart contract has no loopholes. 3. vFarms will be restarted on March 18th, and SIL tokens will be restarted to sIRON. 4. Users should not sell or exchange IRON tokens for the time being. When the new pool is restarted, the full amount of BUSD can be redeemed. The Iron Finance agreement was launched on the BSC in early March. The IRON stablecoin is pegged to the U.S. dollar, partly backed by collateral such as BUSD and USDT, and partly backed by the SIL algorithm.
Amount of loss: $ 170,000 Attack method: Affected by Cloud Service Upgrade
Description of the event: A cross-chain stablecoin (TSD) on ETH and BSC stated that malicious attackers used TSD DAO to mint 11.8 billion TSD tokens in their accounts and sold them all on Pancakeswap. The specific process is that True Seigniorage Dollar stated that the developer account only has 9% of the DAO, and the malicious attacker has gradually controlled 33% of the DAO with the accumulation of low prices, and then proposed an implementation plan and voted in favor. In the implementation, the attacker added code to Mint and minted 11.8 billion TSDs for himself.
Amount of loss: $ 7,095,340 Attack method: Contract Vulnerability
Description of the event: Many DeFi protocol websites on BSC (Binance Smart Chain) were attacked by DNS, including Cream Finance and BSC header DEX PancakeSwap. The attacker requested users to submit personal private keys or mnemonics through the website. The relevant project team has passed Twitter Remind users not to visit the website and do not submit information such as private keys. Later PancakeSwap and Cream Finance both stated that they had regained access to DNS.
Amount of loss: - Attack method: DNS attack
Description of the event: The community token platform TryRoll was suspected of being attacked, and the tokens issued based on it were sold in a large amount on Uniswap. Among them, WHALE lost 1,362 ETH, FWB lost 797 ETH, KARMA lost 155 ETH, JULIEN lost 115 ETH, hackers made a total of 2998 ETH, and 700 ETH was deposited in the mixed currency platform Tornado.Cash. In addition, Roll announced that it has raised $500,000 in funding for creators affected by this.
Amount of loss: 2,998 ETH Attack method: Private Key Leakage
Description of the event: The oracle project HSO on the Huobi Eco-Chain HECO carried out IDO and ran away with 30,000 HT. The website and TELEGRAM could not be opened. Later, under the full promotion of HECO core code contribution team Star Lab, HECO technical community and HECO White Hat Security Alliance, 24823 HTs have been recovered.
Amount of loss: 5,177 HT Attack method: Rug Pull
Description of the event: The decentralized exchange DODO announced the progress of the attack on some fund pools. The main reason for this attack was that the crowdfunding fund pool contract initialization function did not prevent repeated calls, which led to hackers reinitializing the contract and completing the attack through lightning loans. In this incident, there were three participants, a hacker and two trading robots. A total of approximately US$3.8 million worth of funds were attacked. At present, the owners of the two trading robots have returned approximately US$3.1 million in tokens. In addition, funds worth approximately US$200,000 are frozen on the centralized exchange, and the remaining value of approximately US$500,000 is borne by the DODO team, and all funds will be returned within 24 hours. At the same time, security companies Chengdu Lian'an and SlowMist Technology have been invited to conduct a new round of code audits, and it is expected that the crowdfunding pool building function will be restored within a week.
Amount of loss: $ 500,000 Attack method: Init function unlimited
Description of the event: Curve Finance tweeted that a vulnerability was found in the Pool Factory v1 version of the fund pool, and it is recommended that v1 users use crv.finance to withdraw funds immediately. Curve.fi and Pool Factory v2 fund pools do not respond. But it only affects the v1 pool, and hackers cannot use it to steal user funds.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: CNA, one of the largest insurance companies in the United States, paid a ransom of US$40 million (approximately 257 million yuan) after being attacked by ransomware in March to regain control of its network. The company has confirmed that an organization named Phoenix is the perpetrator of this attack.
Amount of loss: $ 40,000,000 Attack method: Ransomware