1486 hack event(s)
Description of the event: Decentralized lending protocol Prisma Finance was hacked, with total losses now increased to approximately 3,257.7 ETH (equivalent to around $11.6 million USD). The protocol has currently been suspended for investigation. Officials remind vault owners to disable authorization for related LST and LRT contract delegations.
Amount of loss: $ 11,600,000 Attack method: Unknown
Description of the event: The Blast ecosystem project Munchables was attacked, resulting in the theft of 17,400 ETH (approximately $62.3 million).
Amount of loss: $ 62,300,000 Attack method: Unknown
Description of the event: The email newsletter account of Web3 media company Decrypt has been compromised, and a phishing scam email has been sent to all of our subscribers. Please do not click on any links. Currently, the attacker has profited $3,000 through phishing.
Amount of loss: $ 3,000 Attack method: Account Compromised
Description of the event: The project ZongZiFa on BSC was exploited through a flash loan, resulting in a loss of approximately $229,000. The attacker manipulated the price of ZongZi to gain invitation rewards.
Amount of loss: $ 229,000 Attack method: Flash Loan Attack
Description of the event: The RWA infrastructure of the Curio Ecosystem suffered an attack, resulting in a loss of $16 million, involving smart contracts based on MakerDAO within its ecosystem. The attacker exploited a permission access logic vulnerability.
Amount of loss: $ 16,000,000 Attack method: Contract Vulnerability
Description of the event: According to a tweet by Coffee, a developer at Yuga Labs, the liquidity pool (LP) of the Telegram game Super Sushi Samurai was attacked on Blast, resulting in approximately $4.6 million in losses due to vulnerabilities in its token contract.
Amount of loss: $ 4,600,000 Attack method: Contract Vulnerability
Description of the event: The astrology-based project Lucky Star Currency rug-pulled in October 2023, resulting in a loss of $1.1 million. On March 22, 2024, ownership of the project was transferred to a malicious smart contract, which then drained tokens valued at almost $300,000 from those who still held them.
Amount of loss: $ 300,000 Attack method: Rug Pull
Description of the event: Dolomite Exchange's old contracts were exploited for ~$1.8 million. On March 24th, Dolomite tweeted that they have reached an agreement with the white-hat hacker for the return of user funds. Currently, half of the stolen ETH has been returned by the white-hat hacker.
Amount of loss: $ 1,800,000 Attack method: Contract Vulnerability
Description of the event: The hackers gained access to AirDAO LP through a social engineering scam and drained the liquidity pool of AMB/ETH. The scam involved an email with a malicious attachment, impersonating one of their known partners. In total, the hackers stole 41,612,782.10627101 AMB and 126.5 ETH.
Amount of loss: $ 1,050,000 Attack method: Social Engineering
Description of the event: TICKER project developer steals $900,000. A developer brought on to run a presale for the TICKER token stole $900,000 from the project. 15% of the token supply was sent to the developer to distribute via an airdrop, but instead of doing so, the developer sold the majority of the tokens for around $900,000.
Amount of loss: $ 900,000 Attack method: Insider Manipulation
Description of the event: Decentralized exchange (DEX) aggregator ParaSwap announced the discovery of a critical vulnerability affecting its approved aggregation smart contract Augustus V6. This vulnerability impacts users who have authorized the Augustus V6 contract. In response, ParaSwap has temporarily halted the V6 API and employed white-hat attack methods to ensure the safety of user funds. These funds have been securely transferred to a secure wallet starting with 0x66E90 and are slated to be returned to users promptly. Additionally, ParaSwap urges users to revoke authorization for the Augustus V6 contract to mitigate potential risks. Currently, it is known that 4 addresses have been affected by this vulnerability, resulting in a total loss of approximately $24,000. ParaSwap is taking measures to address and fix this vulnerability while ensuring the safety of user funds.
Amount of loss: $ 24,000 Attack method: Security Vulnerability
Description of the event: The @GoDaddy account for the L2 cross-chain bridge LayerSwap's domain http://layerswap[.]io was compromised. The compromise of the domain led to a phishing site being displayed, resulting in approximately 50 users losing ~$100K worth assets. To address this, Layerswap is refunding the affected users in full plus and an additional 10% as a compensation for the caused inconvenience.
Amount of loss: $ 100,000 Attack method: DNS Hijacking Attack
Description of the event: The treasury of Remilia, the parent company of Milady, has been drained, with assets from multiple official Remilia wallets being transferred and sold.
Amount of loss: - Attack method: Unknown
Description of the event: According to blockchain detective ZachXBT, an account impersonating Ansem (@blknoiz06) profited over $2.6 million by phishing during the recent meme coin craze.
Amount of loss: $ 2,600,000 Attack method: Social Engineering
Description of the event: The AI-driven UGC platform NFP, aimed at the next generation of content creators, disclosed on Twitter that they have experienced a security breach. Hackers infiltrated several wallets, including the wallet of the NFP contract manager, and illegally gained control of some NFP treasury and ecosystem funds, as well as funds belonging to other victims.
Amount of loss: - Attack method: Unknown
Description of the event: The DeFi project Mozaic was exploited, who stole approximately $2 million from the project. According to Mozaic, this individual was a Mozaic developer who had illegally obtained the private keys of a security module by compromising the data of a core team member. They also stated that about 90% of the stolen funds have now been frozen on MEXC.
Amount of loss: $ 2,000,000 Attack method: Private Key Leakage
Description of the event: The DeFi protocol MOBOX was attacked due to a vulnerability in the borrow function, resulting in a loss of approximately $750,000.
Amount of loss: $ 750,000 Attack method: Contract Vulnerability
Description of the event: On March 14, 2024, according to intelligence from the SlowMist security team, the IT token on the BSC was attacked, with the attacker profiting approximately $15,200. The attacker exploited the transfer function in the IT token, which allowed additional tokens to be minted to the pool based on the amount of tokens being exchanged, gradually increasing the reserve of IT tokens in the pool, manipulating the price, and continuously exchanging BSC-USD tokens from the pool for profit.
Amount of loss: $ 15200 Attack method: Contract Vulnerability
Description of the event: The AI service provider Cloud AI reported that both their deployer and treasury account have been compromised by hackers. The attackers acquired 58,900 CloudAI tokens and some ETH. All CloudAI tokens have been exchanged for ETH. The total loss is approximately $360,000.
Amount of loss: $ 360,000 Attack method: Unknown
Description of the event: The Twitter account of Web3 chat solution beoble has been compromised, with phishing links being posted. Please refrain from clicking on any links until further notice is provided by the official team.
Amount of loss: - Attack method: Twitter was hacked