SlowMist Zone | 中文

The total amount of money lost by blockchain hackers is about

$ 14,519,796,780.47

Total hack events 400

  • 2021-04-05

    Hacked target: Polkatrain

    Description of the event: According to news from the SlowMist Zone, Polkatrain, the IDO platform of Polkadot, had an accident this morning. The SlowMist safety team immediately intervened in the analysis and identified specific problems. The contract in question this time is the POLT_LBP contract of the Polkatrain project. The contract has a swap function and a rebate mechanism. When users buy PLOT tokens through the swap function, they get a certain amount of rebates, and the rebates will be It is sent to the user by calling transferFrom in the _update function in the contract. Since the _update function does not set the maximum amount of rebates in a pool, nor does it determine whether the total rebates are used up when rebates, malicious arbitrageurs can continue to call the swap function to exchange tokens to get the contract. Rebate rewards. The SlowMist security team reminds DApp project parties to fully consider the business scenario and economic model of the project when designing the AMM exchange mechanism to prevent accidents.

    Amount of loss: $ 3,000,000 Attack method: Rebate arbitrage

  • 2021-04-04

    Hacked target: Force DAO

    Description of the event: The DeFi quantitative hedge fund Force DAO posted a blog stating that it was responsible for the previous attack and has implemented procedures to ensure that any such incidents are mitigated in the future. A total of 183 ETH (about 367,000 U.S. dollars) worth of FORCE tokens were exhausted and liquidated in this attack. Force DAO said there will be snapshots and new tokens. Force DAO has begun an internal reorganization and will announce a plan in the next few days to make up for the affected FORCE holders and LPs.

    Amount of loss: 183 ETH Attack method: Token issuance

  • 2021-03-25

    Hacked target: 江西南昌

    Description of the event: On March 25, the Qingyunpu Branch of the Nanchang Public Security Bureau of Jiangxi Province held a press conference on "Detecting a Major Blockchain Bitcoin Theft". This is the first case in the province that Nanchang police successfully uncovered the use of hacker network technology to steal blockchain currency New types of cybercrime cases. It is understood that on February 26, the informant Huang discovered that his mobile phone number was reported as lost inexplicably, and then discovered that the blockchain currency with a market value of nearly 14.5 million yuan in the "Radar Net" account that was tied to the mobile phone number was transferred go. The police research and judgment found that before the incident, five Lianyungang nationals in Jiangsu drove to Nanchang, reported the loss of the victim's ID card and reissued the victim's mobile phone card. On March 8, Nanchang police arrested 4 criminal suspects and went to Guangdong on the 15th to arrest 2 criminal suspects. At present, all 6 suspects have been detained for criminal purposes, and the investigation of the funds involved in the case is in progress.

    Amount of loss: $ 2218991.51 Attack method: Theft

  • 2021-03-20

    Hacked target: Turtle.dex

    Description of the event: According to BSC news, Turtle.dex has run away, taking away about 9,000 BNB, worth more than 2 million U.S. dollars, and the website and telegram group have been deleted. BSC news refers to this as a well-thought-out and planned running behavior. At present, part of the funds have been converted into ETH to enter the Binance Exchange, and investors are urging Binance to freeze related accounts. On March 15th, in response to the question of whether it would run away, Turtle officially stated: No, because the turtles have short hands. Note: Turtle means sea turtle.

    Amount of loss: 9000 BNB Attack method: Scam

  • 2021-03-19

    Hacked target: SIL.Finance

    Description of the event: DeFi gathers reasonable financial services SIL.Finance contract has high-risk loopholes. Later, SIL.Finance issued an article saying that the incident was caused by a vulnerability in the smart contract permissions, which in turn triggered a general preemptive trading robot to submit a series of transactions for profit. After discovering that the smart contract could not be withdrawn due to high-risk loopholes, after 36 hours of efforts such as SlowMist, it has successfully recovered USD 12.15 million.SIL.Finance stated that if any user assets are damaged in this incident, the team decided to use its own funds to launch a compensation plan: all users who suffered losses will receive 2 times the compensation, which will be issued in SIL.

    Amount of loss: 0 Attack method: Permission vulnerability

  • 2021-04-05

    Hacked target: Polkatrain

    Description of the event: According to news from the SlowMist Zone, Polkatrain, the IDO platform of Polkadot, had an accident this morning. The SlowMist safety team immediately intervened in the analysis and identified specific problems. The contract in question this time is the POLT_LBP contract of the Polkatrain project. The contract has a swap function and a rebate mechanism. When users buy PLOT tokens through the swap function, they get a certain amount of rebates, and the rebates will be It is sent to the user by calling transferFrom in the _update function in the contract. Since the _update function does not set the maximum amount of rebates in a pool, nor does it determine whether the total rebates are used up when rebates, malicious arbitrageurs can continue to call the swap function to exchange tokens to get the contract. Rebate rewards. The SlowMist security team reminds DApp project parties to fully consider the business scenario and economic model of the project when designing the AMM exchange mechanism to prevent accidents.

    Amount of loss: $ 3,000,000 Attack method: Rebate arbitrage

  • 2021-04-04

    Hacked target: Force DAO

    Description of the event: The DeFi quantitative hedge fund Force DAO posted a blog stating that it was responsible for the previous attack and has implemented procedures to ensure that any such incidents are mitigated in the future. A total of 183 ETH (about 367,000 U.S. dollars) worth of FORCE tokens were exhausted and liquidated in this attack. Force DAO said there will be snapshots and new tokens. Force DAO has begun an internal reorganization and will announce a plan in the next few days to make up for the affected FORCE holders and LPs.

    Amount of loss: 183 ETH Attack method: Token issuance

Submit Comments