SlowMist Zone | 中文

The total amount of money lost by blockchain hackers is about

$ 19,328,904,494.47

Total hack events 468

  • 2021-07-23

    Hacked target: THORChain

    Description of the event: THORChain (RUNE), a decentralized cross-chain transaction protocol, said it was attacked again, and many ERC20 tokens including XRUNE were affected. This attack targeted ETH routing and lost 8 million U.S. dollars. The attacker "intentionally limited the impact of the attack, which seems to be done by a white hat."

    Amount of loss: $ 8,000,000 Attack method: Unknown

  • 2021-07-21

    Hacked target: Sanshu Inu

    Description of the event: Using the mechanism of deflation token KEANU to attack the reward vulnerabilities in the Memestake contract deployed by Sanshu Inu, the attacker finally made a profit of about 56 ETH.

    Amount of loss: $ 110,881 Attack method: Contract reward vulnerabilities

  • 2021-07-19

    Hacked target: Array Finance

    Description of the event: The DeFi project Array Finance was attacked by a lightning loan. The attacker used Array Finance's pricing mechanism to rely on aBPT's totalSupply to attack Array Finance. Officials stated that the attacker made a profit of about 272.94 ETH, worth about $515,000.

    Amount of loss: $ 515000 Attack method: flash loan attack

  • 2021-07-17

    Hacked target: PancakeBunny

    Description of the event: DeFi revenue aggregator PancakeBunny tweeted that its version on Polygon was attacked by outsiders and has suspended all Polygon Sushi Vaults. According to officials, Polygon vaults, BSC PancakeBunny vaults, and BUNNY are currently safe. Details will be announced later. The attacker made a profit of 1281 WETH.

    Amount of loss: $ 2,402,462 Attack method: flash loan attack

  • 2021-07-16

    Hacked target: THORChain

    Description of the event: The decentralized cross-chain transaction protocol THORChain (RUNE) updated the attack situation, claiming that the amount of lost assets was about 4000 ETH. The initial assessment is that the attack was a logical vulnerability when Eth Bifrost used the routing contract to capture ERC-20 tokens. The attacker use. Not long ago, THORChain updated Eth Bifrost to allow the routing contract to be "encapsulated" by the contract. The attacker uses this to send a transaction with msg.value = 200 ETH and immediately uses the contract to transfer it back to itself, while Bifrost will report msg. value = 200 instead of depositAmount = 0, so as to realize the profit of calling the routing contract with the amount of 0 ETH.

    Amount of loss: $ 7,600,000 Attack method: "Fake Top-up" Vulnerability

  • 2021-07-23

    Hacked target: THORChain

    Description of the event: THORChain (RUNE), a decentralized cross-chain transaction protocol, said it was attacked again, and many ERC20 tokens including XRUNE were affected. This attack targeted ETH routing and lost 8 million U.S. dollars. The attacker "intentionally limited the impact of the attack, which seems to be done by a white hat."

    Amount of loss: $ 8,000,000 Attack method: Unknown

  • 2021-07-21

    Hacked target: Sanshu Inu

    Description of the event: Using the mechanism of deflation token KEANU to attack the reward vulnerabilities in the Memestake contract deployed by Sanshu Inu, the attacker finally made a profit of about 56 ETH.

    Amount of loss: $ 110,881 Attack method: Contract reward vulnerabilities

  • 2021-07-19

    Hacked target: Array Finance

    Description of the event: The DeFi project Array Finance was attacked by a lightning loan. The attacker used Array Finance's pricing mechanism to rely on aBPT's totalSupply to attack Array Finance. Officials stated that the attacker made a profit of about 272.94 ETH, worth about $515,000.

    Amount of loss: $ 515000 Attack method: flash loan attack

  • 2021-07-17

    Hacked target: PancakeBunny

    Description of the event: DeFi revenue aggregator PancakeBunny tweeted that its version on Polygon was attacked by outsiders and has suspended all Polygon Sushi Vaults. According to officials, Polygon vaults, BSC PancakeBunny vaults, and BUNNY are currently safe. Details will be announced later. The attacker made a profit of 1281 WETH.

    Amount of loss: $ 2,402,462 Attack method: flash loan attack

  • 2021-07-16

    Hacked target: THORChain

    Description of the event: The decentralized cross-chain transaction protocol THORChain (RUNE) updated the attack situation, claiming that the amount of lost assets was about 4000 ETH. The initial assessment is that the attack was a logical vulnerability when Eth Bifrost used the routing contract to capture ERC-20 tokens. The attacker use. Not long ago, THORChain updated Eth Bifrost to allow the routing contract to be "encapsulated" by the contract. The attacker uses this to send a transaction with msg.value = 200 ETH and immediately uses the contract to transfer it back to itself, while Bifrost will report msg. value = 200 instead of depositAmount = 0, so as to realize the profit of calling the routing contract with the amount of 0 ETH.

    Amount of loss: $ 7,600,000 Attack method: "Fake Top-up" Vulnerability

  • 2021-07-15

    Hacked target: T-Mobile

    Description of the event: Mobile phone operator T-Mobile filed a lawsuit for failing to prevent the SIM exchange scam, which cost a customer $55,000 in Bitcoin. The plaintiff Richard Harris accused T-Mobile of improper behavior, including failing to adequately protect customer information, hiring appropriate support personnel, and violating federal and state laws that caused him to lose 1.63 bitcoins.

    Amount of loss: $ 55,000 Attack method: SIM exchange scam

  • 2021-07-14

    Hacked target: ApeRocket Finance

    Description of the event: ApeRocket, the DeFi revenue mining aggregator and optimizer, released the lightning loan attack details and compensation plan. ApeRocket's BSC version and Polygon version encountered lightning loan attacks at 4:30 AM and 8:00 AM (UTC), respectively, and lost 260,000 US dollars and 1,000,000.

    Amount of loss: $ 1,260,000 Attack method: flash loan attack

  • 2021-07-14

    Hacked target: Bondly Finance

    Description of the event: The digital collectibles market platform Bondly Finance released an analysis report on the previous attack. Bondly Finance believes that the attacker obtained access to the password account belonging to Bondly CEO Brandon Smith through a carefully planned strategy. The password account contains the assistance of his hardware wallet. Recalling the phrase to restore the phrase, after copying, allowed the attacker to access the BONDLY smart contract, and the company wallet that was also leaked, resulting in the minting of 373 million BONDLY tokens.

    Amount of loss: $ 2,937,064 Attack method: Control access to password accounts

  • 2021-07-13

    Hacked target: DeFiPie

    Description of the event: 以太坊和币安智能链上的借贷协议 DeFiPie (PIE)遭到黑客攻击,建议所有流动性提供者从应用程序中提取所有流动性,PIE 代币 24 小时跌逾 66%。

    Amount of loss: 0 Attack method: Reentry attack

  • 2021-07-12

    Hacked target: Anyswap

    Description of the event: The cross-chain bridge project Anyswap issued an announcement stating that the newly launched V3 cross-chain liquidity pool was hacked in the early hours of yesterday, with a total loss of 2.39 million USDC and 5.5 million MIM. According to Etherscan, the hacker has sold all MIMs and obtained 548 Million DAI, which means that Anyswap's total loss is more than 7.87 million U.S. dollars. According to the explanation of the reason for the theft in the Anyswap announcement, two v3 router transactions were detected under the V3 router MPC account on the BSC. These two transactions have the same R value signature, and the hacker reversed the private key of this MPC account. At present, the team has fixed the code to avoid using the same R signature. Multi-chain router V3 will restart in about 48 hours. There is no security risk for v1 and v2. Anyswap stated that it has taken remedial measures to provide full compensation. Anyswap will refill the stolen liquidity within 48 hours, and the liquidity provider will be able to withdraw assets from the fund pool again without any loss.

    Amount of loss: $ 7,870,000 Attack method: Same R value signature

  • 2021-07-12

    Hacked target: helios

    Description of the event: The polygon chain DeFi project helios runs off.

    Amount of loss: $ 1,446,704 Attack method: Scam

  • 2021-07-11

    Hacked target: Chainswap

    Description of the event: The cross-chain bridge Chainswap announced the details of the stolen incident on its official blog. A total of 20 project assets were stolen, with a total value of approximately US$4 million. At present, the ChainSwap team has reached a consensus with the affected projects and initially formulated and implemented a compensation plan. According to the project investigation, due to the error in the token cross-chain quota code, the on-chain swap bridge quota is automatically increased by the signature node, the purpose of which is to be more decentralized without manual control. However, due to a logical flaw in the code, this led to a vulnerability that automatically increases the number of invalid addresses that are not whitelisted.

    Amount of loss: $ 4,000,000 Attack method: Token cross-chain quota code error

  • 2021-07-11

    Hacked target: OptionRoom

    Description of the event: According to official news, Polkadot's ecological oracle and prediction protocol OptionRoom stated that it was affected by the "cross-chain asset bridge ChainSwap attack", and many projects including OptionRoom were affected by the hacker attack. Hackers can obtain 2.3 million ROOM tokens on Ethereum and 10 million ROOM tokens on BSC. OptionRoom noticed the hacking before the hackers sold any tokens and decided to remove liquidity from Uniswap and Pancakeswap to protect token holders and liquidity providers from being sold to the liquidity pool by hackers. By selling the deployer's tokens to the Uniswap pool, OptionRoom was able to recover $342,117. In this way, OptionRoom successfully extracted liquidity on behalf of the liquidity provider of the project. The recovered amount will be allocated according to the share of the liquidity provider.

    Amount of loss: $ 647,467 Attack method: Contract vulnerabilities

  • 2021-07-11

    Hacked target: DAFI Protocol

    Description of the event: According to official sources, DAFI Protocol, an on-chain incentive protocol, stated that DAFI worth 200,000 US dollars was sold due to the “cross-chain asset bridge ChainSwap attack”. DAFI Protocol requests the community to withdraw liquidity from Uniswap and LP plans until further notice. DAFI Protocol added that the DAFI token contract and Super Staking are safe.

    Amount of loss: $ 200,000 Attack method: Contract vulnerabilities

  • 2021-07-11

    Hacked target: DAO ventures

    Description of the event: According to official sources, the DeFi asset management platform DAO ventures was stolen 300,000 DVG tokens due to a loophole in the ChainSwap contract of the cross-chain asset bridge. DAOventures stated that it has taken snapshots of DVG holders and LPs before the attack, and stated that it will compensate the affected token holders. The DAOventures team stated that the user's assets in DAOventures are safe. Before the compensation plan is announced, DAOventures reminds users not to purchase the DVG of the transaction for the time being and pay attention to the latest developments of the team.

    Amount of loss: $ 35348 Attack method: Contract vulnerabilities

  • 2021-07-11

    Hacked target: Umbrella Network

    Description of the event: According to official sources, the DeFi oracle Umbrella Network was stolen over 3 million UMB tokens due to a loophole in the ChainSwap contract of the cross-chain asset bridge.

    Amount of loss: $ 416,577 Attack method: Contract vulnerabilities

  • 2021-07-11

    Hacked target: Dora Factory

    Description of the event: According to official sources, due to a contract vulnerability in the cross-chain asset bridge ChainSwap, 7872 DORA locked in the ChainSwap cross-chain bridge contract was taken out by hackers and sold through Uniswap.

    Amount of loss: $ 42,373 Attack method: Contract vulnerabilities

  • 2021-07-09

    Hacked target: Circle

    Description of the event: Circle Internet Financial, the issuer of the US dollar stable currency USDC, reported in a regulatory filing with the US Securities and Exchange Commission (SEC) that Circle Internet Financial lost US$2 million in email fraud last month. Circle stated that the email fraud incident did not affect customer funds and accounts, Circle's information system is still safe, and the US$2 million is the company's own funds.

    Amount of loss: $ 2,000,000 Attack method: Email scam

  • 2021-07-09

    Hacked target: Android 应用程序

    Description of the event: Lookout Threat Lab security researchers exposed more than 170 Android applications, and the number of deceived users exceeded 93,000. Among them, 25 applications managed to evade the Google Play Store detection and successfully launched, but this is mainly because they do not involve any malicious operations, and may even be purely to fool users. Lookout security researchers pointed out that these counterfeit applications belong to the BitScam and CouldScam series respectively, claiming to provide cloud-based cryptocurrency mining services that can aggregate the computing power of users' mobile devices and share mining revenue. These apps are not free, and various additional payment excuses such as subscriptions and upgrades will be made. Prices range from 12.99 to 259.99 US dollars, and cryptocurrencies such as BTC or ETH are accepted as payment methods. LookoutThreatLab estimates that these malware creators defrauded 300,000 U.S. dollars through illegal sales and 50,000 U.S. dollars in cryptocurrency through fake payments and upgrade services.

    Amount of loss: $ 350,000 Attack method: Scam

  • 2021-07-04

    Hacked target: RAI Finance

    Description of the event: RAI Finance, a cross-chain transaction protocol based on the Polkadot blockchain, issued a post stating that due to the vulnerability of the ChainSwap smart contract, the RAI access and payment permission addresses connected to it were also hacked and stolen. The total amount of stolen RAI in the account reached 2.9 million. On July 5, Rai Finance tweeted that after investigation by the team, hackers had returned 2.2 million RAIs to ChainSwap Deployer. The total loss caused by this incident was reduced to 670,000 RAI.

    Amount of loss: $ 414,013 Attack method: RAI access and payment authority addresses were attacked

  • 2021-07-03

    Hacked target: Haven Protocol

    Description of the event: Based on Monero’s privacy-centric DeFi protocol Haven Protocol (XHV), it released analysis reports and measures for three serious attacks related to it in late June. The chain rollback plan will be initiated and a hard fork will be implemented. Fix the known vulnerabilities in protocol minting. Regarding specific attacks, on June 24, 203,000 xUSD and 13.5 xBTC were minted in two attacks; on June 27, an unknown amount of XHV was minted due to a vulnerability in the conversion verification of xAsset; June 29 , The attacker exploited a vulnerability that allowed the minting of 9 million xUSD.

    Amount of loss: $ 8,186,549 Attack method: minting vulnerabilities

  • 2021-07-03

    Hacked target: DEXTools

    Description of the event: The DEX trading tool DEXTools (DEXT) tweeted that it was recently hacked and affected some DEXT holders. In this regard, the liquidity has been removed from Uniswap and Pancake and will be exchanged today (token swap). , This should refer to the issuance of new tokens), the snapshot has been taken. DEXTools reminds users not to purchase DEXT tokens for the time being, and more detailed measures will be announced soon.

    Amount of loss: 0 Attack method: Unknown

  • 2021-07-02

    Hacked target: XDX Swap

    Description of the event: XDX Swap on DDEX, a cross-chain decentralized exchange on the Heco chain, was attacked. The attacker made a profit of 85.17 ETH (approximately $176,000) and cross-chained it to Ethereum.The DDEX code appears to have a backdoor.

    Amount of loss: $ 176000 Attack method: Code vulnerabilities

  • 2021-07-02

    Hacked target: Chainswap

    Description of the event: The cross-chain asset bridge Chainswap announced the details of the hacking incident today, saying that at 04:30 AM UTC on July 2nd, they noticed an abnormality on the cross-chain bridge. Some users reported that their tokens were actively removed from wallets interacting with ChainSwap. After it was taken out, the ChainSwap team immediately froze the cross-chain bridge, shut down all nodes, and deployed the fix within 30 minutes. The team of the affected project received an alert. According to the announcement, the stolen assets include 32237576.17 TSHP, 80052.82027 CORRA, 643405.7157 BLANK, 2922720 RAI, 19392.27712 ROOM, 4820309.98 DEXT, 210,108.22 UMB, 55476328.8 FAIR. Chainswap stated that after negotiating with hackers, it has recovered some of the CORRA and RAI tokens, and the total loss is estimated to be 800,000 US dollars. At present, a small amount of affected tokens have been repurchased from the market and returned to the contract wallet. The rest will be fully paid by Chainswap Vault Compensation. In addition, Chainswap will also issue compensation to affected users.

    Amount of loss: $ 800,000 Attack method: Technical vulnerabilities

Submit Comments