1722 hack event(s)
Description of the event: The attacker malisringho continually initiated 35 game requests to the EOS Lelego contract llgcontract1., eventually guessing 27 times, making a total profit of 6,282.5 EOS, and then successfully transferring 6,500 EOS to the Binance Exchange.
Amount of loss: 6,282.5 EOS Attack method: Random number attack
Description of the event: EOS game contract LuckyGo has been off the line and the attacker iloveloveeos (malicious contract) was exposed in September because of attack on FairDice.
Amount of loss: - Attack method: Random number attack
Description of the event: A large number of HVTs in the AirDropsDAC contract account were transferred to the sym111111add account under abnormal operation, the account was then exchanged for 2,514 EOS at Newdex, which was subsequently transferred to the gizdkmjvhege account.
Amount of loss: 2,514 EOS Attack method: Private Key Leakage
Description of the event: According to a report by Finder on November 12, AurumCoin (AU), a new digital currency based on the monetary gold standard system (the US dollar operation method), has recently suffered a 51% attack and lost 15,752.26 Australian dollars (approximately 11,362 US dollars).
Amount of loss: $ 11,362 Attack method: 51% attack
Description of the event: The game contract was attacked by the attacker lockonthecha.
Amount of loss: 20,000 EOS Attack method: Random number attack
Description of the event: The well-known DApp EOSDice was hacked again due to random number issues. The attacker was a hacker who previously attacked EOSDice and FFGame DApp. The project side wrongly add a controlled seed in random algorithm which lead the attack.
Amount of loss: 4,633 EOS Attack method: Random number attack
Description of the event: The hacker has launched a total of 700 attacks on the MyEosVegas game contract eosvegasjack.
Amount of loss: 10,000 EOS Attack method: Unknown
Description of the event: By deploying the attack contract and using the same algorithm as FFgame to calculate the random number in the contract, the attacker immediately uses the random number attack contract in inline_action after generating the random number, resulting in the winning result being "predicted", thus reaching the super high winning rate.
Amount of loss: 1,331 EOS Attack method: Random number attack
Description of the event: Attacked by the attacker, the specific content is unknown.
Amount of loss: 200 EOS Attack method: Unknown
Description of the event: Hackers successfully sandwiched crypto-stealing code into the middle of a popular web traffic-measuring plugin from StatCounter, which is now used on more than two million websites, including government sites. They have determined, however, that the rather wide swath of infections may have been designed to eventually infect cryptocurrency trading sites, and that the scheme did, in fact, infect popular crypto-trading site Gate.io. By situating the code in the middle of StatCounter’s downloadable javascript web traffic analysis tool, hackers made it harder to detect.
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: Random number was cracked by attacker.
Amount of loss: 2,545 EOS Attack method: Random number attack
Description of the event: EOSeven was transferred 600 million SVN from eosevendice2 to account tuningfinish, then back 450 million to eosevendice2. After that, tuningfinish sold the SVN token on Newdex and finally transferred the resulting EOS to Binance Exchange.
Amount of loss: - Attack method: Insider Manipulation
Description of the event: The hacker "refundwallet" tried to attack the EOSCast game contract "eoscastdmgb1". The hacker first used the "fake EOS" attack method to conduct 8 transfer attacks, but failed, and then successfully attacked 9 times by using the "fake EOS transfer variant". According to the rules of the game, hackers launched attacks with 100, 1,000, and 10,000 fake EOS. Each attack can get 198, 9,800, 19,600 EOS. When the last attack was carried out, the game party noticed an abnormal attack and transferred it in time. After leaving the remaining 8,000 EOS in the bonus pool, in the end, the hacker made a total of 72,912 EOS.
Amount of loss: 70,000 EOS Attack method: Fake EOS Vulnerability Attack
Description of the event: The official forgot to put the seed into the database when expanding the server, and no longer record the seed after the 868590 game.
Amount of loss: 1374.375 EOS Attack method: Operational Mistake
Description of the event: MapleChange, based in Canada, announced on Twitter the exchange "sustained a hack" and was investigating the issue. The post also said the exchange had turned off users' accounts temporarily. About refunding its customers, it opened a Discord server (a platform for users to chat) so customers could post there about their missing funds, based on which it would initiate refunds. The exchange's website was down.
Amount of loss: 913 BTC Attack method: Unknown
Description of the event: Vulnerability of the random number generator, the attacker can try to calculate the future number of random number generator algorithms by using the information of the previous block and stolen $60,000 from the EosRoyale wallet.
Amount of loss: 11,000 EOS Attack method: Random number attack
Description of the event: Trade.io confirmed via their Medium blog that someone or some entity gained access to the assets, resulting in over 50 million in Trade (TIO) tokens being stolen from the firm’s cold storage wallets. The 50 million tokens are valued at $7.5 million at the current $0.15 price per TIO. The ongoing investigation has revealed that some of the TIO tokens had made their way to cryptocurrency exchanges Bancor and Kucoin. Kucoin has suspended TIO transactions, while Bancor has permanently removed TIO.
Amount of loss: 50,000,000 TIO Attack method: Unknown
Description of the event: RatingToken, a third-party big data platform owned by Cheetah, has detected that DAPP World Conquest developed based on EOS was hacked. Subsequently, the official issued an announcement on its Discord to confirm the fact of the attack. The hacker used the tax payment rules of the game to reject subsequent buyers, which led to the abnormal end of the game. The hacker took all the EOS in the fund pool, and only 0.0155 EOS was left in the contract.
Amount of loss: 4,555 EOS Attack method: Rule Exploitation
Description of the event: The attacker exploited the vulnerabilities in the EOSBet contract to falsify the transfer prompt.
Amount of loss: 145,321 EOS Attack method: Transfer error prompt
Description of the event: The attacker created a malicious contract masquerading as an ERC20 token, and the "transfer" function re-invokes the payment channel contract repeatedly, each time exhausting some ETH.
Amount of loss: 165.38 ETH Attack method: Reentrancy attack