1769 hack event(s)
Description of the event: Decentralized Finance (DCF) was attacked on the BSC chain, resulting in a loss of approximately $8,800.
Amount of loss: $ 8,800 Attack method: Flash Loan Attack
Description of the event: A suspicious attack involving JHY (JHY) occurred on the BSC chain, resulting in a loss of approximately $11,200.
Amount of loss: $ 11,200 Attack method: Contract Vulnerability
Description of the event: A suspicious reentrancy attack involving bnbs (bnbs) occurred on the BSC chain, resulting in a loss of approximately $20,300.
Amount of loss: $ 20,300 Attack method: Reentrancy Attack
Description of the event: Clober DEX liquidity vault on Base Network was exploited resulting in a loss of 133.7 ETH (~$501k). The root cause of the attack was a reentrancy vulnerability in the _burn() function of the Rebalancer contract.
Amount of loss: $ 501,000 Attack method: Contract Vulnerability
Description of the event: The algorithmic stablecoin protocol Haven Protocol has issued a warning about a hack exploiting a vulnerability in "range proof validation." This flaw allows attackers to mint illicit XHV undetected. According to reports from exchanges, the amount of XHV exceeds 500 million tokens, while audit data indicates a current supply of only 263 million tokens. The surplus is likely generated through this exploit. The team found a weakness in the "range proof validation", which was introduced after the Haven 3.2 rebase to Monero and has advised exchanges to halt trading on all pairs.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: A suspicious attack involving LABUBU (LABUBU) occurred on the BSC chain, resulting in a loss of approximately $11,900.
Amount of loss: $ 11,900 Attack method: Contract Vulnerability
Description of the event: The Cardano Community posted on X, stating that the Cardano Foundation's X account has been compromised. They are currently addressing the issue and advised users to temporarily ignore all posts from the account.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Omnichain meta-yield aggregator MAAT tweeted that a security breach in the MAAT alpha version, resulting in unauthorized withdrawals of $240,000 USDT.
Amount of loss: $ 240,000 Attack method: Security Vulnerability
Description of the event: Arata tweeted that the Arata ecosystem and CEX wallet have been exploited. The hacker managed to sell a significant portion of the tokens.
Amount of loss: - Attack method: Unknown
Description of the event: Vestra DAO tweeted that a hacker exploited a vulnerability in the locked staking contract, manipulating the reward mechanism to claim rewards exceeding their entitlement. As a result, a total of 73,720,000 VSTR tokens were stolen. The stolen tokens were gradually sold on Uniswap, causing approximately $500,000 in ETH liquidity losses.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist security team’s monitoring, RunWay (BYC) appears to have been attacked on BSC, resulting in a loss of approximately $100K.
Amount of loss: $ 100,000 Attack method: Contract Vulnerability
Description of the event: DeBox officially announced that due to the leakage of the private key of an operational account's personal EOA wallet, 31.03 ETH and 4.879 million BOX tokens were stolen.
Amount of loss: $ 275,000 Attack method: Private Key Leakage
Description of the event: The GAGAW (GAGAW) on BSC is suspected to have been attacked, resulting in a loss of approximately $70K.
Amount of loss: $ 70,000 Attack method: Contract Vulnerability
Description of the event: According to Clipper's post-mortem, on December 1, 2024, an attacker exploited a vulnerability in a smart contract used by Clipper, manipulating the single-asset deposit and withdrawal feature. This manipulation affected the liquidity pools on the Optimism and Base networks, causing an imbalance that allowed the attacker to withdraw more assets than they had deposited. The attack resulted in a loss of approximately $457,878.
Amount of loss: $ 457,878 Attack method: Contract Vulnerability
Description of the event: The cryptocurrency exchange XT has reportedly fallen victim to a hacking incident, resulting in the loss of approximately $1.7 million worth of crypto assets. The hacker has converted the funds into 461.58 ETH and deposited them into the address 0xB43f…8F83.
Amount of loss: $ 1,700,000 Attack method: Unknown
Description of the event: The DeSci project Pump Science tweeted that the wallet T5j2UB...jjb8sc was exploited due to an oversight in their GitHub repository. The exploiter gained access to the keypair, which had been embedded in the source code of their website.
Amount of loss: - Attack method: Private Key Leakage
Description of the event: On November 25, DCF on the BNB Chain was attacked, resulting in a loss of approximately $440,000. The root cause of the vulnerability was an error in the logic implemented by the project team in the transfer function of DCF.
Amount of loss: $ 440,000 Attack method: Flash Loan Attack
Description of the event: The Akashalife (AK1111) on BSC was suspected to have been attacked, resulting in a loss of approximately $31.5K.
Amount of loss: $ 31,500 Attack method: Contract Vulnerability
Description of the event: On-chain investigator ZachXBT stated on his personal Telegram channel that the wallet associated with crypto KOL JRNY appears to have been compromised, with approximately $4 million worth of crypto assets transferred and sold. This suggests that the wallet's private key may have been leaked.
Amount of loss: $ 4,000,000 Attack method: Private Key Leakage
Description of the event: The Sweepr Token (SWEEPR) on ETH was suspected to have been attacked, resulting in a loss of approximately $14K.
Amount of loss: $ 14,000 Attack method: Contract Vulnerability