1939 hack event(s)
Description of the event: According to the intelligence of the SlowMist Zone, the LV Finance project of the Ethereum mining project is suspected of running away within an hour and 4 million have been transferred away. Unlike previous projects, the project used fake audit websites and provided false audit information to trick investors into doing business. Invest and run away when the amount in the fund pool is large enough after a period of time. Currently, the project website lv.finance is no longer accessible.
Amount of loss: $ 4,000,000 Attack method: Rug Pull
Description of the event: The Bantiample team, a project on the Binance Smart Chain, has cashed out 3000 BNB to run away. At present, the main developer of the team has deleted the Telegram account, and the project token BMAP has fallen by more than 90% in a single day. According to the project's description, BMAP is a kind of AMPL-like imitation. Every time a user participates in a transaction, the total amount is reduced by 1%. However, it is actually just a common token, and it does not have the functions described by the project party. It just uses the AMPL project hotspot to commit fraud.
Amount of loss: 3,000 BNB Attack method: Rug Pull
Description of the event: According to Spanish prosecutors, they are investigating Arbistar's alleged manipulation of a Bitcoin trading scam. The disappearance of investor funds has affected 32,000 households who cannot use their savings invested in Bitcoin trading platform Arbistar. Earlier, it was reported that crypto company Arbistar announced that it would close a trading tool called Community Bot. The operator said that all funds on the platform are currently frozen and prevent users from withdrawing funds. Allegedly, the amount stolen may exceed 100 million euros (120 million U.S. dollars), which may be the “largest scam in Spain” related to cryptocurrencies.
Amount of loss: $ 120,000,000 Attack method: Scam
Description of the event: bZx officially tweeted that at 3:28 am Eastern time (15:30, September 13th, Beijing time), we began to study the decline in TVL of the agreement. By 6:18 AM EST (18:30, September 13th, Beijing time), we confirmed that several iTokens had repeated incidents. Lending is temporarily suspended. The duplicate method has been patched from the iToken contract code, and the agreement has resumed normal operation. According to the information of the founder of Compound, there are a total of US$2.6 million in LINK, US$1.6 million in ETH, and US$3.8 million in stablecoins, with a total of US$8 million in assets affected. 1inch co-founder Anton Bukov tweeted that the attacker had stolen about 4,700 ETH in this incident and attached the address of the stolen funds. In response, bZx said that the funds are currently not at risk. The funds listed have been deducted from our insurance fund. On September 16, bZx released an iToken repeat incident report, and the attacker has returned all funds.
Amount of loss: - Attack method: Replay Attack
Description of the event: Amplify, a user of DeFi, discovered a bug in SYFI, a smart contract for DeFi, and made 747 ETH on a single transaction, but from other users. The project crashed.
Amount of loss: 747 ETH Attack method: Unknown
Description of the event: The wRAM of the EOS ecological DeFi liquidity mining project Coral was attacked by hackers and lost more than 120,000 EOS.
Amount of loss: 120,000 EOS Attack method: Reentrancy Attack
Description of the event: According to SlowMist Zone intelligence, EOS project EMD is suspected to be on the run. To date, EmeraldMine1 has transferred 780,000 USDT, 490,000 EOS and 56,000 DFS to Account SJI111111111, and 121,000 EOS has been transferred to Changenow coin Laundering. Current lost MARKET value: US $2,468,838 =17,281,866 RMB.
Amount of loss: $ 2,468,838 Attack method: Rug Pull
Description of the event: A user with a Twitter account named Amplify revealed that he made a profit of US$250,000 from a system vulnerability in the new DeFi project Soft Finance.
Amount of loss: $ 250,000 Attack method: Unknown
Description of the event: European encrypted exchange ETERBASE has been hacked, resulting in the theft of some hot wallets and the loss of more than $5.4 million in assets.
Amount of loss: $ 5,400,000 Attack method: Wallet Stolen
Description of the event: Banco Estado Bank, one of the three largest banks in Chile, had to shut down its nationwide business on the 7th due to a cyber attack by REvil ransomware.
Amount of loss: - Attack method: Ransomware
Description of the event: It is said that hackers used the encrypted virus NetWalker to enter the database and steal information from federal agencies. The dark web payment page linked in the ransomware description shows that the hacker initially paid $2 million worth of bitcoin to unlock the file. Within a week, this number had increased to 355 BTC, which is approximately $3.62 million.The Argentine government refused to pay the ransom.
Amount of loss: - Attack method: Ransomware
Description of the event: Hackers carried out ransomware attacks against Tower Semiconductor Ltd (TSEM), a maker of wireless chips and camera sensors listed on the Israeli Nasdaq, and demanded hundreds of thousands of dollars in bitcoin ransoms. For safety reasons, TSEM shut down some running servers and suspended production in some factories.
Amount of loss: - Attack method: Ransomware
Description of the event: The transfer logic of TRON's DeFi project CherryFi calls the safeTransfer function to perform specific transfer operations. However, the USDT transfer logic does not return a value, which causes the safeTransfer call to never succeed, which leads to the lockup of funds, and therefore users cannot perform USDT transfers in and out. It is understood that the CherryFi code has not been audited.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: Nine Chainlink node operators were subjected to so-called "spam attacks." The attackers obtained approximately 700 ETH (worth approximately $335,000 at the time) from their "hot wallets".
Amount of loss: 700 ETH Attack method: Spam attacks
Description of the event: The well-known darknet market Empire Market has closed its operations. When it exited, the website defrauded about 2638 bitcoins from 1.3 million users, worth nearly 30 million U.S. dollars.
Amount of loss: $ 30,000,000 Attack method: Scam
Description of the event: Bitfly tweeted that another massive 51% attack on ETC today resulted in the restructuring of more than 7,000 blocks, equivalent to about two days of mining time. All missing blocks are removed from balances that have never expired, and all expenditures are checked for missing transactions.
Amount of loss: - Attack method: 51% attack
Description of the event: GitHub user "1400 BitcoinStolen" said that a huge amount of his Bitcoin money had disappeared in the hack. This user uses a bitcoin purse Electrum, the user has no security update the software, so when he transfers the currency, it prompts to update and fix potential problems, but when he according to tip operation, the software takes advantage of a vulnerability to connect the hacker server, 1400 bitcoins (worth $16 million) is placed into the hacker's wallet.
Amount of loss: $ 16,000,000 Attack method: Fake software update
Description of the event: Encrypted wallet provider Ledger recently experienced database leaks and wallet vulnerabilities, putting users' bitcoins at risk. The chief technology officer of Ledger stated that in terms of database leakage, the attacker accessed part of our e-commerce and marketing database through a third-party misconfigured API key on our website, allowing unauthorized access to our customers’ contact information and Order data. Ledger fixed this issue on the same day and disabled the API key.
Amount of loss: - Attack method: Information Leakage
Description of the event: The New Zealand Stock Exchange (NZX) went offline for two days in a row due to a cyber attack. NZX said on Tuesday it was first hit by a distributed denial of service (DDoS) attack from abroad. The emails threatening DDoS attacks came from Fancy Bear, a well-known Russian hacking group.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Twitter users reported that DeFi's liquidity mining project Degen.Money exploited a double approval vulnerability to get users' Money. The first authorization gives the pledge contract, and the second authorization gives the right to transfer money, which will result in the user's funds being taken away by the attacker. YFI founder Andre Cronje says the project does have risks.
Amount of loss: - Attack method: Double Authorization Vulnerability