1350 hack event(s)
Description of the event: Xai, a Layer 3 solution for AAA gaming, has issued an alert for phishing impersonating Xai, where attackers have fraudulently obtained approximately $374 ETH, valued at approximately $845.8K.
Amount of loss: $ 845,800 Attack method: Phishing Attack
Description of the event: Abattoir of Zir (DIABLO) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 235,705 Attack method: Rug Pull
Description of the event: On December 7, 2023, Time on the ETH were attacked due to a security vulnerability in the thirdweb pre-built smart contracts, which resulted in approximately $190,000 in profits for the attacker.
Amount of loss: $190,000 Attack method: Contract Vulnerability
Description of the event: Strong Finance (STRONG) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 60,919 Attack method: Rug Pull
Description of the event: CKD TOKEN (CKD) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 539,000 Attack method: Rug Pull
Description of the event: On December 5, 2023, thirdweb, the Web3 base development platform, indicated that a security vulnerability was discovered in pre-built smart contracts. The impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. Please see a full list of impacted smart contracts and mitigation steps at this link (https://blog.thirdweb.com/security-vulnerability/).
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: A Discord Mod on LayerZero has reported that a scammer who introduced a phishing link within a proposal vote on the Stargate Snapshot platform, enticing users to stake $STG tokens. Over 1K users took part in the vote, resulting in a loss of ~$43K
Amount of loss: $ 43,000 Attack method: Phishing Attack
Description of the event: MYX Finance (QMYX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 128,727 Attack method: Rug Pull
Description of the event: The FCN-TRUST (FCN) token On BSC was exploited for over $504k in a flash loan attack. The attack caused the token price to crash by 99%.
Amount of loss: $ 504,000 Attack method: Flash Loan Attack
Description of the event: Optimism decentralized trading protocol Velodrome tweeted that the frontend is currently compromised, please do not interact with Velodrome for the time being, the team is investigating. On December 1, Velodrome posted an update stating, "We are happy to announce that earlier today we were able to regain control of our domain following a social engineering attack on our provider. We are still working to restore our primary domain and will share an update soon. More details on the attack + response will follow." On December 2, Velodrome tweeted that their provider was exploited again and please do not interact with our front end. On the same day, Velodrome stated that "the domain has been restored again and is locked at the TLD level pending transfer to a new provider. You can now resume using https://velodrome.finance. Our decentralized frontend can be accessed at http://velo.drome.eth.limo and has remained uncompromised."
Amount of loss: $ 250,000 Attack method: DNS Attack
Description of the event: Aerodrome tweeted that the frontend is currently compromised, please do not interact with Aerodrome for the time being, the team is investigating.
Amount of loss: - Attack method: DNS Attack
Description of the event: Symbiogenesis (SYSIS) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 54,086 Attack method: Rug Pull
Description of the event: AssetClub (ACC) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 84,423 Attack method: Rug Pull
Description of the event: Expanso (EXPSO) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 87,317 Attack method: Rug Pull
Description of the event: CJewels (JWL) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 65,784 Attack method: Rug Pull
Description of the event: Kyber Network tweeted that KyberSwap Elastic has experienced a security incident. According to the analysis of the SlowMist security team, the root cause of this attack is that in calculating the number of tokens needed for the exchange from the current price to the boundary scale price, the liquidity will be added to the portion of the fee compounding because of KyberSwap Elastic's reinvestment curve, thus causing its calculation result to be larger than expected, which can cover the user's need for exchange, but the actual price has already crossed the boundary scale, which makes the protocol think that the liquidity within the current scale has already met the need for exchange, and therefore does not carry out liquidity update. The protocol assumes that the liquidity within the current scale is sufficient to cover the redemption needs, and therefore does not update the liquidity. The result is that the liquidity is increased twice when the reverse exchange crosses the boundary scale, allowing the attacker to obtain more tokens than expected.
Amount of loss: $ 54,700,000 Attack method: Liquidity Exploit
Description of the event: Lido officials say that over the course of the last 24 hours, Lido DAO contributors were made aware of a platform vulnerability that affected an active Node Operator using the Lido on Ethereum protocol (InfStones) sometime over the course of the previous few months. The vulnerability was disclosed to InfStones in July 2023 by security researchers dWallet Labs. The Node Operator has announced that the vulnerability has been 184 addressed. The vulnerability is related to the possible exposure of root-level access to 25 validator servers that may not be related to the Lido protocol, including possibly key material, to external attackers. It is not clear to contributors at this time if servers and/or keys related to Lido validators were included in the scope of affected systems or not.
Amount of loss: - Attack method: Third-party Library Vulnerability
Description of the event: Fake TrustPad (TPAD) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 240,006 Attack method: Rug Pull
Description of the event: DarkProtocol (DARK) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 230,833 Attack method: Rug Pull
Description of the event: Dor (DOR) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 240,270 Attack method: Rug Pull