761 hack event(s)
Description of the event: The blockchain network Elrond is suspected of having a security breach, and hackers "obtained" nearly 1.65 million $EGLD "out of thin air" and sold it through the decentralized exchange Maiar. On June 8, Elrond founder and CEO Beniamin Mincu tweeted that the previous bug has been resolved, all funds and users are safe, and almost all stolen funds have been recovered.
Amount of loss: - Attack method: Virtual Machine Vulnerability
Description of the event: Discord servers for Yuga Lab projects Bored Ape Yacht Club (BAYC) and Otherside appear to have been affected by phishing attacks. The attackers allegedly stole more than 145 ethereum ($256,000) worth of tokens. It appears that the community administrator's account was compromised, which gave attackers access to the administrator account on the server. They then went on to post a link to a phishing site that encouraged users to link their wallets to access "exclusive giveaways." Subsequently, the NFT project BAYC stated on its official Twitter that its Discord server was briefly attacked today, and the team quickly resolved the problem, but some NFTs were still affected.
Amount of loss: 145 ETH Attack method: Discord admin account hacked
Description of the event: The work of Animoon with 9999 NFTs is taken from Pokémon. They claim to have signed a non-disclosure agreement (NDA) with Pokémon partner TopDeck. But with no evidence of an actual P2E game being developed, the Animoon team disappeared, deleting their Twitter account and website.
Amount of loss: $ 6,300,000 Attack method: Scam
Description of the event: According to The Block, Mirror Protocol, a synthetic asset protocol developed by Terraform Labs, was attacked again, with more than $2 million in capital losses. The capital pools of Bitcoin, Ethereum and Polkadot have been exhausted, and the remaining capital pools are linked to stocks. If the vulnerability is not fixed before the market opens at 4:00 EST (16:00 GMT), all of its token asset pools will be at risk.
Amount of loss: $ 2,000,000 Attack method: Oracle Price Vulnerability
Description of the event: DeFi project Novo is suspected of being attacked, and hackers have transferred 280 BNB (about $89,600) to Tornado.cash.
Amount of loss: 200 BNB Attack method: Contract vulnerabilities
Description of the event: On May 30, after the launch of the new Terra chain, the price of the oracle machine of LUNC (Luna Classic) reached $5, while the actual price was much lower than $5. An Anchor platform user noticed the vulnerability and deposited about 20 million tokens. Lido Bonded Luna Token, and successfully lent 40 million UST, eventually withdrawing and making a profit of about $800,000.
Amount of loss: $ 800,000 Attack method: Oracle Price Vulnerability
Description of the event: A Rug Pull occurred in the NFT metaverse game project Pokemoney on BNBChian, its Token PMY has dropped by 99.98%%, and about 11,800 BNB (about 3.5 million US dollars) have been withdrawn and transferred.
Amount of loss: $ 3,500,000 Attack method: Scam
Description of the event: Terra research forum member FatMan tweeted that the Mirror Protocol, a synthetic asset protocol developed by Terraform Labs, has a longstanding vulnerability. Since October 2021, attackers have exploited this vulnerability for multiple attacks within a period of 7 months, and the highest single profit exceeded $4 million ($4.3 million using $10,000), none of which was recovered by Terraform Labs Or the Mirror team found out. By the time the bug was fixed, the attacker's total profit from exploiting the bug could have exceeded $30 million. FatMan said the bug was discovered and questioned by Mirror forum members 11 days ago and has since been fixed, but the Mirror team has not made any statement on the matter.
Amount of loss: $ 90,000,000 Attack method: Contract vulnerabilities
Description of the event: DecentraWorld’s DEWO token price plummeted, the founding team of DecentraWorld drained the project’s funds and stole 3,127 BNB (about $1 million), and the project’s official website and Twitter account were deleted.
Amount of loss: 3,127 BNB Attack method: Scam
Description of the event: The first algorithmic stablecoin project on Binance Smart Chain, bDollar, suffered a price manipulation attack, and the attacker made a profit of 2,381 WBNB (worth about $730,000). This attack mainly exploits the design loophole of the claimAndReinvestFromPancakePool function in the DAO fund proxy contract CommunityFund when adding liquidity. It does not fully consider that after the price is maliciously raised, the project party will passively use the funds in its own contract when adding liquidity. The situation of high-level connection.
Amount of loss: 2381 WBNB Attack method: price manipulation
Description of the event: The project behind the Llamaverse, the Llamascape NFT series, was hacked. Hackers targeted their Discord server and scammers took around 30-40 ETH.
Amount of loss: 30-40 ETH Attack method: Discord server hacked
Description of the event: @QANplatform was attacked on both Ethereum and BNBChain. $QANX is down 36% with around 325 ETH of stolen funds.
Amount of loss: 325 ETH Attack method: Unknown
Description of the event: According to Pinpoint News, Klaytn-based DeFi project Kronos DAO misappropriated users’ DAI pledged in its vaults to invest in Kairos Cash and lost 6 million DAI. The 6 million DAI staked by users turned into 6 million Kairos Cash in the Kronos Dao Vault, which Kronos Dao explained was “used as a strategic investment.” Investors, however, questioned that the explanation was insufficient and that no advance notice was given. At present, Kronos Dao has closed Kakao Talk and Telegram communication channels, leaving only Discord as a communication channel.
Amount of loss: 6,000,000 DAI Attack method: Misappropriation of funds
Description of the event: The American actor SethGreen suffered from a phishing attack resulting in the loss of 4 NFTs. This includes 1 BAYC, 2 MAYC and 1 Doodle. The scammer sold all 4 NFTs for nearly 160 ETH (about $330,000).
Amount of loss: 160 ETH Attack method: Phishing attack
Description of the event: Axie Infinity says the Mee6 bot on its main server was hacked. Hackers use Mee6 bot to add permissions to fake Jiho account to post fake announcements about mint. MEE6 is a Discord bot that allows admins to automatically assign and remove roles and send messages. The fake announcement has now been removed.
Amount of loss: - Attack method: Discord server hacked
Description of the event: The Feminist Metaverse project on BNB Chain was attacked. The attackers have transferred 1838 BNB to Tornado.cash, about $540,000.
Amount of loss: 1,838 BNB Attack method: Flash loan attack
Description of the event: Discord for NFT series Lazy Lions was hacked. Notably, this attack appears to infiltrate many other large NFT projects throughout the day, seemingly due to MEE6 staff being able to use MEE6 remotely to give themselves roles in any server.
Amount of loss: - Attack method: Discord server hacked
Description of the event: NFT project Alien Frens tweeted that Discord had been attacked. Users are asked not to click on any MINT links.
Amount of loss: - Attack method: Discord server hacked
Description of the event: The multi-chain DeFi protocol FEG was attacked again, and the flash loan attack suffered on the BNB chain lost about $1.3 million in assets. The subsequent flash loan attack on Ethereum caused a loss of about $590,000, with a total loss of about $1.9 million in assets. This attack is similar to yesterday's attack and is caused by a vulnerability in the "swapToSwap()" function. This function directly uses the "path" entered by the user as a trusted party without screening and validating the incoming parameters. Additionally, the function will allow an unverified "path" parameter (address) to use the current contract's assets. Therefore, by calling "depositInternal()" and "swapToSwap()", the attacker can obtain permission to use the assets of the current contract, thereby stealing the assets within the contract.
Amount of loss: $ 1,900,000 Attack method: Flash loan attack
Description of the event: There was an abnormality on the Tianqiong Digital Collection platform. The price of its collections on the secondary market skyrocketed thousands of times, and collections with a price of nearly 10 million yuan were sold in seconds. The Tianqiongshuzang announcement stated that the platform was maliciously attacked by hackers and used false balances to purchase and steal player collections.
Amount of loss: - Attack method: Fake balance