1937 hack event(s)
Description of the event: According to FXStreet, the community accused Daniel Wood of the DeFi project based on the Tron blockchain and the anonymous developer of the JustSwap whitelist project SharkTron for running away. Although the specific losses are not yet known, Twitter users reported that they lost 366 million to 400 million TRX (worth about 10 million US dollars). The TRON Foundation officially tweeted that it has contacted Binance to jointly track down the stolen funds and related personnel, and that some funds have been frozen by Binance. The TRON Foundation will also cooperate with other exchanges to track stolen funds. In addition, the TRON Foundation recommends that the victims submit a report to the local police.
Amount of loss: $ 10,000,000 Attack method: Rug Pull
Description of the event: On November 9th, a user named "aaron67" posted about his BSV theft experience, saying that please stop using the multisig accumulator multi-signature solution implemented by ElectrumSV immediately. The locking script of this scheme had serious bugs, so that 600 BSV was stolen on November 6th. After the incident, the user had contacted Roger Taylor, the author of ElectrumSV, for the first time, and the serious bug was subsequently confirmed. At the same time, the Note.SV developers stated that they had done an analysis for the first time to find the source of the bug, and notified the wallet author and community users.
Amount of loss: 600 BSV Attack method: Security Vulnerability
Description of the event: According to reports, the Grin network has recently suffered 51% attacks. An unknown entity controlled more than 57% of network computing power on Saturday. According to the Grin website, the team advises people to wait for "additional confirmation on payment finality." According to a reminder announcement issued on the Grin website on November 9, "Important notice: Grin's network computing power has increased significantly in a short period of time. It is worth noting that this coincides with the time when the Nicehash rate doubled. Currently, more than 50% of the network computing The power is outside the known pool. Considering these circumstances, it is wise to wait for additional confirmation of the transaction to ensure the finality of the payment.” According to previous reports, on November 8, 2Miners tweeted that Grin Network is receiving 51 % Attacked, payment has stopped. Please do so at your own risk, as new blocks may be rejected.
Amount of loss: - Attack method: 51% attack
Description of the event: Phishing and scams targeting Ledger wallet owners are increasing, and one of the scam websites obtained more than 1,150,000 XRP from victims. This scam uses phishing emails to direct users to a fake Ledger website. On this fake website, the victim was tricked into downloading malware that pretended to be a security update, resulting in the theft of all Ledger wallet balances. According to the fraud identification website xrplorer operated by the community, the XRP obtained from the scam was sent to Bittrex through 5 deposits, but the exchange “cannot freeze XRP in time”.
Amount of loss: 1,150,000 XRP Attack method: Phishing attack
Description of the event: DeFi lending platform PercentFinance wrote in a blog on November 4 that some currency markets encountered problems that could cause users' funds to be permanently locked. The team frozen currency markets specifically for USDC, ETH, and WBTC. A total of 446,000 USDC, 28 WBTC and 313 ETH have been frozen, valued at approximately US$1 million. The article stated that half of these fixed funds belonged to PercentFinance's "community improvement team." Withdrawals in other markets have already begun, but the team urges users not to borrow money from any of PercentFinance's markets during this period. It is reported that PercentFinance is a fork of Compound Finance.
Amount of loss: $ 1,000,000 Attack method: Unknown
Description of the event: Cointelegraph reported that on November 2, a project called Axion Network launched the token AXN and was hacked a few hours after it was hacked. 79 billion AXN were minted and sold to the market. The token price was almost zero. The hacker made a profit of 1,300 ETH, or about $500,000.
Amount of loss: $ 500,000 Attack method: Using the unstake function of the Axion Staking contract, we managed to mint approximately 80 billion AXN tokens
Description of the event: Recently, AlonGal, the chief technology officer of the cybercrime intelligence company HudsonRock, tweeted that on October 27, the EtherCrash cold wallet that claimed to be "the most mature and largest gambling game in Ethereum" was stolen, with a loss of about 2.5 million U.S. dollars. for. It is reported that EtherCrash has issued a notice on Discord in which it mentioned that the EtherCrash cold wallet was stolen and there were two large withdrawals. EtherCrash stated that it will compensate users for their property losses, but it will take some time because the losses are more serious.
Amount of loss: $ 2,500,000 Attack method: Wallet Stolen
Description of the event: Data on the chain shows that a large amount of funds in the Harvest Finance fund pool were transferred, and about 24 million US dollars (Specifically, approximately USD 34 million)were successfully cashed out through multiple contract transactions, most of which were cashed out through renBTC. The initial ETH source used by the hacker this time was the Ethereum anonymous transfer platform Tornado.cash. The Hash for this operation is: 0x35f8d2f572fceaac9288e5d462117850ef2694786992a8c3f6d02612277b0877. It can be seen from the Ethereum browser that the hacker transferred 20 WETH to the Harvest Finance contract (address: 0xc6028a9fa486f52efd2b95b949ac630d287ce0af), and finally transferred the 20 ETH back to his address. Harvest Finance updated its Twitter saying that, like other arbitrage economic attacks, this time it originated from a huge flash loan and manipulated the price of one currency Lego (Curve y Pool) many times to deplete another currency Lego (fUSDT, fUSDC) Of funds. The attacker then converted the funds into renBTC and cashed out. Like other lightning loan attacks, the attacker did not give a response time, and attacked end-to-end for 7 minutes. The attacker returned $2,478,549.94 to Deployer in the form of USDT and USDC. On December 7, Harvest Finance officially announced the launch of GRAIN, USDC and USDT claim portals. Officials said that according to the previous hacker's refund of $2.5 million in funds, this reduced user losses to 13.5%. Officials are using USDC, USDT, and GRAIN tokens for mixed compensation to help users who were previously affected by the attack to make claims. Users will receive GRAIN tokens in proportion to their deposits, and the $2.5 million returned by hackers will be distributed proportionally.
Amount of loss: $ 21,500,000 Attack method: Flash loan attack
Description of the event: An investigation by ZDNet revealed that hackers stole $22 million from users of Bitcoin wallet Electrum by enticing users to install fake software updates. And this technique was highest in 2018. Since this attack was first discovered two years ago, the Electrum team has taken some measures to prevent this attack. But this attack still applies to users who use older versions of the application.
Amount of loss: $ 22,000,000 Attack method: Fake software updates
Description of the event: Recently, a user suffered a phishing attack while visiting the Curve exchange website, and lost 20 Bitcoins. It is reported that the fraud group used the Google advertising system to purchase Google search ads, pretending to be the Curve exchange for fraudulent advertising. Due to google’s new advertising program, ads are usually displayed in the first place in search, which has caused many users to be deceived.
Amount of loss: 20 BTC Attack method: Phishing attack
Description of the event: The WLEO contract of the Ethereum project was hacked, resulting in the theft of $42,000 worth of funds. The hackers stole Ethereum from the pool of the decentralized exchange Uniswap by casting WLEO to themselves and replacing it with Ethereum.
Amount of loss: $ 42,000 Attack method: Casting WLEO
Description of the event: Encrypted wallet ZenGo researcher Alex Manuskin revealed that UniCats, a so-called "yield farming platform" based on the Ethereum network, is suspected of stealing at least $200,000 in encryption from several users, including the governance token UNI of the decentralized financial platform Uniswap assets. A backdoor in the smart contract allows UniCats to retain control of its user tokens even if these tokens have been withdrawn from the user pool. Previous attacks against Bancor also used similar vulnerabilities.
Amount of loss: $ 200,000 Attack method: Scam
Description of the event: The decentralized wallet imToken tweeted that users reported that 310,000 DAI had been reduced, which conflicted with DeFi Saver Exchange. imToken recommends that the automated management system of collateralized bond warehouses (CDP) imi stated that its security team is investigating the incident and trying to troubleshoot all user wallets that hit and issue warnings. DeFiSaver responded that this part of the funds is safe and is contacting users. DeFiSaver admitted that this was related to the foreign exchange benefits reported in June.
Amount of loss: 310,000 DAI Attack method: Exchange leak
Description of the event: A user named Kazuo Kusunose posted on Google forums that he had lost $15,000 due to an encryption scam discovered in Google ads. Allegedly, the suspicious website named Coindaq.io tried to use the digital renminbi that China is studying, claiming that users can deposit funds on the platform to participate in the sale of digital renminbi. The victim expressed the hope that Google can investigate the matter and establish a webpage targeted at the alleged fraud.
Amount of loss: $ 15,000 Attack method: Scam
Description of the event: According to bluekirbyfi twitter messages, yearn. Finance founder Andre Cronje, launched the game project Eminence (EMN) encounter a flash loan attack, hackers will return $8 million of funds to the yearn deployer contracts.
Amount of loss: - Attack method: Flash loan attack
Description of the event: KuCoin exchange issued an announcement stating that KuCoin detected large withdrawals of Bitcoin and ERC-20 tokens in multiple hot wallets in the early morning of the 26th, and the deposit and withdrawal services have been suspended. KuCoin stated that the total amount involved in the KuCoin platform accounts for a relatively low proportion of the total funds held on the KuCoin platform, and the assets in the KuCoin cold wallet are not affected. At the same time, KuCoin has redeployed the hot wallet for the first time. KuCoin officially stated that if any user suffers losses in this incident, KuCoin and its insurance fund will be fully borne by KuCoin. KuCoin has now started a comprehensive internal security review. During this period, the deposit and withdrawal services will be suspended. The specific opening time will be Further notice. Kucoin said it will announce more details as soon as possible. As previously reported, starting at 2:49 am Beijing time on September 26, Etherscan marked the address of the cryptocurrency exchange KuCoin to transfer a large number of tokens, including MKR, USDT, OCEN, etc., to a new address beginning with 0xeb31973e0f. Including 11,486 Ethereum, 19,788,586 USDT, 525,405 Gladius (GLA), 77,874 Hawala (HAT), 21,660,274 Ocean Token (OCEAN), 8,893,428 Chroma (CHR), 30,452,178 Ampleforth Network (AMPL), 198,678 Ankr (ANKR) etc.
Amount of loss: $ 150,000,000 Attack method: Wallet Stolen
Description of the event: On September 26, the SushiSwap imitation project named GemSwap was exposed and LP was taken away. The query found that the project posted a tweet at around 15:00 today and revealed that it was attacked by the developer of "whatitdobb". It is understood that the project completed the liquidity migration earlier today, but the developer who initiated the attack had The relevant permission was obtained and the tokens in the liquidity pool were able to be taken away. The specific losses caused by this attack are currently unclear.
Amount of loss: - Attack method: Rug Pull
Description of the event: The financial blogger "Super Bitcoin" stated on Weibo that Mr. Huai (weibo username "crash X") participated in the liquidity mining project Soda, and suddenly discovered a loophole in which 20,000 ETH can be directly liquidated Drop. But he chose to tell the development team, but the development team did not pay attention. He had no choice but to liquidate an ETH, and sent a Weibo warning to inform the developers of the existence of this bug. One hour later, the parties to the Soda agreement responded by prompting the borrower to repay and the mortgager to withdraw, and at the same time indicated that they would fix the loopholes and suspend the front-end borrowing function. But as of the early morning of September 21st, more than 400 ETH in Soda's mortgage loan pool were still maliciously liquidated. In the morning of the same day, the agreement officially stated on Twitter that the vulnerability has been fixed, and the newly deployed smart contract is expected to take effect at 21:00 on September 22.
Amount of loss: 446 ETH Attack method: Unknown
Description of the event: According to the intelligence of the SlowMist Zone, the LV Finance project of the Ethereum mining project is suspected of running away within an hour and 4 million have been transferred away. Unlike previous projects, the project used fake audit websites and provided false audit information to trick investors into doing business. Invest and run away when the amount in the fund pool is large enough after a period of time. Currently, the project website lv.finance is no longer accessible.
Amount of loss: $ 4,000,000 Attack method: Rug Pull
Description of the event: The Bantiample team, a project on the Binance Smart Chain, has cashed out 3000 BNB to run away. At present, the main developer of the team has deleted the Telegram account, and the project token BMAP has fallen by more than 90% in a single day. According to the project's description, BMAP is a kind of AMPL-like imitation. Every time a user participates in a transaction, the total amount is reduced by 1%. However, it is actually just a common token, and it does not have the functions described by the project party. It just uses the AMPL project hotspot to commit fraud.
Amount of loss: 3,000 BNB Attack method: Rug Pull