1815 hack event(s)
Description of the event: Stability AI's official X account posted information related to the STAI token contract, which appears to have been compromised. Be cautious to avoid falling victim to a scam.
Amount of loss: - Attack method: Account Compromise
Description of the event: The ZKsync team tweeted that the @ZKsyncIgnite account has been compromised. Do not interact with the account or click any links. Wait for the @zksync account to confirm when the account has been reclaimed.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to Scam Sniffer's monitoring, the X account of the decentralized autonomous wireless network project DAWN was compromised and used to post phishing tweets.
Amount of loss: - Attack method: Account Compromise
Description of the event: The CAT Protocol within the Bitcoin ecosystem posted on Platform X, stating that they recently detected and mitigated an attempted attack on the CAT Protocol, confirming that no user funds were lost. On January 18, CAT Protocol updated on Platform X that the recent security incident had been amicably resolved and classified it as a white-hat action.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: The attacker exploited a vulnerability in The Idols project's smart contract to steal 97 stETH (approximately $324,000) from the project.
Amount of loss: $ 324,000 Attack method: Contract Vulnerability
Description of the event: Moonray's Discord was Compromised, and the attackers posted fraudulent airdrop messages. Users are advised to stay cautious and aware of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: On January 13, 2025, the SlowMist MistEye security monitoring system detected an attack on UniLend, resulting in a loss of ~$197K.
Amount of loss: $ 197,600 Attack method: Contract Vulnerability
Description of the event: According to Foresight News, the Foresight Ventures X account was hacked and is currently in the process of being recovered. Please do not click or trust any links or token information posted by this account.
Amount of loss: - Attack method: Account Compromise
Description of the event: The X account of Ryan Zarick, co-founder and CTO of LayerZero Labs, was briefly compromised and used to post a fraudulent airdrop claim along with a phishing link.
Amount of loss: - Attack method: Account Compromise
Description of the event: Litecoin posted on X, stating that their X account was briefly compromised and some unauthorized content was published. These posts were deleted within seconds. They are still investigating the incident but have immediately found a delegated account that was compromised and removed it.
Amount of loss: - Attack method: Account Compromise
Description of the event: BUIDL was suspected to have been attacked on BSC, resulting in an approximate loss of $8K.
Amount of loss: $ 8,000 Attack method: Contract Vulnerability
Description of the event: The SuperVerse X account was compromised and used to post a fraudulent airdrop claim containing a phishing link.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the blockchain AI project Aizel Network was hacked at noon on January 11 and is currently in the process of being recovered. The official reminder to users is to be cautious of the content posted by this account, do not trust any token information, and avoid clicking on any suspicious links or participating in any suspicious activities.
Amount of loss: - Attack method: Account Compromise
Description of the event: tong, the founder of Holoworld AI, posted on X stating that the Holoworld AI X account has been hacked. Please do not click on any links.
Amount of loss: - Attack method: Account Compromise
Description of the event: Multiple attack transactions targeting the Alien Base BunniHub contract resulted in a loss of approximately $38,000.
Amount of loss: $ 38,000 Attack method: Lack of Slippage Protection
Description of the event: FortuneWheel was suspected to have been attacked on BSC, resulting in an approximate loss of $21.6K.
Amount of loss: $ 21,600 Attack method: Price Manipulation
Description of the event: Virtuals Protocol announced on X that their official Discord server has been compromised. They advised users not to click on any posts or private messages from administrators until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Arbitrum-based liquidity management project Orange Finance suffered a $830,000 asset theft due to a misconfigured multi-sig. The attacker gained ownership of each vault, modified their implementations, and withdrew both the deposited assets and excessively approved funds. About 94% (roughly $780,000) of the total loss came from deposited assets, while the remaining 6% (around $47,000) resulted from excessive approvals.
Amount of loss: $ 830,000 Attack method: Private Key Leakage
Description of the event: According to Moby Post-Mortem Report, on January 8, an attacker took control of the Private Key used to authorize upgrades to Moby’s core contracts, compromising the protocol. This led to the exposure of 3.77 wBTC, 207.76 wETH, and 1,500,351.5 USDC in the sOLP and mOLP liquidity pools. Of the stolen funds, 1,470,091.74 USDC was recovered with the assistance of Seal911 team.
Amount of loss: $ 2,500,000 Attack method: Private Key Leakage
Description of the event: HORS was suspected to have been attacked on BSC, resulting in an approximate loss of $10.3K.
Amount of loss: $ 10,300 Attack method: Contract Vulnerability