1547 hack event(s)
Description of the event: Based on Compound's Optimism native lending protocol, Sonne Finance has fallen victim to a lightning loan attack by hackers, resulting in losses exceeding $20 million USD.
Amount of loss: $ 20,000,000 Attack method: Flash Loan Attack
Description of the event: BlockTower Capital’s main hedge fund has been compromised and partially drained by fraudsters. The company has $1.7 billion in assets under management. Despite hiring blockchain forensic analysts to investigate the specifics of the fund theft and informing its limited partners of the incident, the stolen funds have yet to be recovered, and the hackers have not been apprehended.
Amount of loss: - Attack method: Unknown
Description of the event: Bitcoin DeFi application ALEX Lab was drained of over $4.3 million in various tokens after a suspected private key compromise attacked its bridging service. Hackers transferred over $300,000 USD worth of BTC, $3.3 million USD worth of stablecoins, and $75,000 USD worth of Sugar Kingdom (SKO) tokens.
Amount of loss: $ 4,300,000 Attack method: Private Key Leakage
Description of the event: Patton on the ETH appears to have exit scammed, resulting in a 100% price drop and causing losses exceeding $260,000.
Amount of loss: $ 266,000 Attack method: Rug Pull
Description of the event: According to the SlowMist Security Alert system, potential suspicious activities related to Tsuru have resulted in a loss of 138.78 ETH.
Amount of loss: $ 410,000 Attack method: Contract Vulnerability
Description of the event: According to the monitoring of the SlowMist Security Alert system, the Web3 game project Galaxy Fox has been attacked, resulting in a loss of approximately $300,000.
Amount of loss: $ 300,000 Attack method: Contract Vulnerability
Description of the event: The official Twitter account of the public chain project NEAR Protocol appears to have been compromised. Currently, its profile picture on Twitter has been changed to a solid black image, and its bio has been updated to display the word "Dark" with garbled characters. Around 4 AM, several strange tweets with garbled characters were posted, including "re claim your sovereig nty," "darkness," "take back your," and "The sun rises in the east." As of now, NEAR has not provided any explanation on its other official social media channels.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: The Blast ecosystem project Bloom was attacked, resulting in a loss of approximately $540,000. On May 10th, Bloom announced that they had successfully recovered most of the stolen funds. The Bloom team stated that after paying a 10% bug bounty, they had retrieved $486,000 of the stolen funds, which accounts for 90% of the total amount ($540,000). All recovered funds will be redistributed to liquidity providers.
Amount of loss: $ 540,000 Attack method: Contract Vulnerability
Description of the event: GPU on BNBChain was attacked, with a loss of about $32,000. There is a logic vulnerability in the _transfer function of the contract. When transferring money to yourself, the balance will increase by the amount of the transfer.
Amount of loss: $ 32,000 Attack method: Contract Vulnerability
Description of the event: Fantom ecosystem project GNUS fell victim to an attack, resulting in a loss of approximately $1.27 million. GNUS.ai posted on Twitter: “Due to a recent exploit, a hacker was able to mint fake GNUS tokens on Fantom, transfer them via Axelar Bridge to Ethereum and Polygon, and sell them into existing liquidity pools. We will be conducting a snapshot at the block preceding the exploit. To ensure fairness, please refrain from purchasing GNUS tokens post-exploit, as we'll be issuing a new token.”
Amount of loss: $ 1,270,000 Attack method: Security Vulnerability
Description of the event: OSN on BNBChain is suspected to have been attacked. The attacker initiated multiple attack transactions, resulting in a loss of ~$110K. The attacker took advantage of the OSNLpDividendTracker contract which sells its own tokens as a reward for users adding liquidity.
Amount of loss: $ 110,000 Attack method: Contract Vulnerability
Description of the event: The Social Fi project Perpy Finance was attacked. A hacker was able to update the contract and illicitly withdrew 58,489,594 PRY tokens. These were then transferred and exchanged for 41.895 ETH. According to Perpy Finance's incident analysis report, "this breach was made possible by an error in initializing the proxy contract for the staking liquid module, which was a fork of the staking vested model previously audited and used by Camelot. We overconfidently chose not to audit this fork, incorrectly considering it risk-free, a decision that led to this exploit."
Amount of loss: $ 132,000 Attack method: Contract Vulnerability
Description of the event: On May 4th, ZOOMER tweeted that "Bitfinex data breach confirmed, 2.5TB of data and 400k customers' data leaked: Shinobi Research". On the same day, Bitfinex's CTO, Paolo Ardoino, tweeted: "Tldr: seems fake. The alleged hackers have posted 2 mega links with sample data contains 22.5k records of email and passwords. We don't store plaintext passwords, nor 2FA secrets in clear text. Only 5k of 22.5k emails are matching with bitfinex users. If that was part of our database we would expect 100% matching. The alleged hackers didn't contact us. We're performing deep analysis of our systems and no breach was found currently. Also the KYC platform has heavy rate limiting that would disallow downloading in bulk."
Amount of loss: - Attack method: Unknown
Description of the event: On May 3rd, a whale fell victim to an address poisoning attack, resulting in the loss of 1155 WBTC, valued at approximately $70 million.
Amount of loss: $ 70,000,000 Attack method: Address Poisoning Attack
Description of the event: NOVAMIND_ (NMD) on ETH is suspected of a rug pull. ~41 ETH (~$123k) was transferred to a multisig and the token price has dropped ~97%.
Amount of loss: $ 123,000 Attack method: Rug Pull
Description of the event: On April 30th, the cross-chain lending protocol Pike Finance tweeted that its Pike Beta protocol had been attacked, resulting in losses of 99,970.48 ARB, 64,126 OP, and 479.39 ETH. The exploit was caused by weak security measures in Pike's contract functions when handling CCTP transfers. On April 26th, Pike Finance's USDC pool was hacked, resulting in losses of approximately $300,000.
Amount of loss: $ 1,680,000 Attack method: Security Vulnerability
Description of the event: The blockchain data analysis platform Dune tweeted that its account was compromised earlier today and a fake post about a Dune Airdrop was live for about 15 minutes. The Dune team now has control over the account again.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: A hacker stole approximately $181,000 worth of crypto assets from Yield’s strategic contracts present on the Arbitrum blockchain. The hacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets and then withdrew extra pool tokens.
Amount of loss: $ 181,000 Attack method: Contract Vulnerability
Description of the event: Crypto detective ZachXBT stated on his Telegram channel that the Middle Eastern cryptocurrency exchange Rain appears to have been hacked, resulting in a loss of $14.8 million USD. The breach occurred on April 29, 2024, when Rain's BTC, ETH, SOL, and XRP wallets experienced suspicious outflows of funds, which were quickly transferred to instant exchanges and converted into BTC and ETH.
Amount of loss: $ 14,800,000 Attack method: Unknown
Description of the event: A vulnerability has been detected in the unverified Ember Sword NFT auction that allowed the extraction of 60 WETH, equivalent to approximately $195,000, from 159 victims who approved the contract.
Amount of loss: $ 195,000 Attack method: Contract Vulnerability