1909 hack event(s)
Description of the event: Sleepless AI (AI) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 91,000 Attack method: Rug Pull
Description of the event: The inscription project Libra Protocol on Arbitrum is suspected to have exit scammed. Currently, the project team has transferred the received mint fees to the address 0x0c12acc8e53c6ff7ab3fad5eaa97056ae950288f.
Amount of loss: $ 550,107 Attack method: Rug Pull
Description of the event: Fake NFPrompt (NFP) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 173,193 Attack method: Rug Pull
Description of the event: Multi-chain trading platform Thunder suffered an attack. Thunder responded by stating that a third-party service it uses appears to have been targeted. No one's private keys are compromised. Only 114 wallets out of over 14,000 were affected.
Amount of loss: $ 192,000 Attack method: Third-party Vulnerability
Description of the event: Recently, Telcoin Wallet was subjected to a targeted attack, and Telcoin tweeted that it is aware of the situation with the Telcoin app. Use of the app has been temporarily frozen while the issue is investigated and an update will be provided as soon as possible.
Amount of loss: $ 1,240,000 Attack method: Unknown
Description of the event: MegabotETH is suspected of a rug pull. Approximately 742k has been stolen.
Amount of loss: $ 742,000 Attack method: Rug Pull
Description of the event: Pike Finance, a cross-chain lending protocol on Base, is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 52,600 Attack method: Rug Pull
Description of the event: Ordinal Dex (ORDEX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 70,600 Attack method: Rug Pull
Description of the event: UniSat Wallet's official tweet is suspected to have been hacked.It posted a promotional tweet for a program with closed comments and a suspected malicious link.
Amount of loss: - Attack method: Account Compromise
Description of the event: PineProtocol seems to have been exploited. According to SlowMist's analysis, the exploiter's IP is 116.*.*.112. The exploiter has withdrawn ETH from FixedFloat and ChangeNOW, and has transferred 20 ETH to TornadoCash. The exploiter appears to have received part of the bounty.
Amount of loss: $ 90,000 Attack method: Flash Loan Attack
Description of the event: The INX Digital Company, a security token and digital asset trading platform, announced that on December 20, 2023, it learned of a cyberattack that occurred on the computer systems of a third-party vendor providing services to one of the Company's subsidiaries. As a result, a malicious actor managed to access the third-party vendor's servers and executed unauthorized trades which resulted in a loss of funds of the Company's subsidiary of approximately $1.6 million. The Company took immediate actions to remediate the security vulnerability and to investigate the nature and scope of the incident. The Company also notified relevant law enforcement in the appropriate jurisdictions and is working with the affected trading venue to investigate this incident and take appropriate legal action. INX customers were not affected by the incident, and the security breach at the third-party provider did not have any impact on the platforms and servers of INX. No personal information or other data of INX's customers was compromised, and INX.One remains fully operational.
Amount of loss: $ 1,600,000 Attack method: Third-party Vulnerability
Description of the event: @0xKofi's Twitter account has been hacked; please do not click on the scam link.
Amount of loss: - Attack method: Account Compromise
Description of the event: Metakey's Discord has been compromised. Do not click the link in announcements.
Amount of loss: - Attack method: Account Compromise
Description of the event: On December 17th, according to SlowMist Cos, Flooring Protocol may have been subjected to a hacker attack, and users are advised to promptly revoke contract authorizations. In a tweet on December 17th, Flooring Protocol announced that "We have determined the cause of exploit to be linked to FP's peripheral/multi-call contract. The team has deployed a fix 2 hours ago, patching the issue. While we continue to investigate and monitor, rest assured that the main contract is safe. Assets in vaults and safeboxes are not affected."
Amount of loss: $ 1,600,000 Attack method: Contract Vulnerability
Description of the event: On December 16, the SlowMist security team issued an alert that @NftTrader appeared to have been exploited due to a reentrancy issue. On December 17, the NFT Trader hacker claimed in on-chain messages that the original attack had been perpetrated by someone else, but that they were one of the many copycat attackers, describing themselves as someone who had "[come] here to pick up residual garbage". They requested victims send additional ETH to get their NFTs back. "If you want the monkey nft back, then you need to pay me a bouty, which is what I deserve", they wrote, asking for NFT holders to send them 10% of the Ape floor price. On December 17, Boring Security tweeted, "All 36 BAYC and 18 MAYC that the exploiter had are now in our possession. We sent her 10% of the floor price of the collections as bounty. We will be working with the affected victims getting them back to them free of charge."
Amount of loss: $ 3,000,000 Attack method: Reentrancy Attack
Description of the event: the Ledger Connect Kit suffered a supply chain attack, with attackers stealing at least $600,000. The SlowMist security team immediately initiated an analysis of the relevant code and discovered that the attackers implanted malicious JavaScript code in versions @ledgerhq/connect-kit=1.1.5/1.1.6/1.1.7. They directly replaced the normal window logic with a Drainer class, triggering not only a fake DrainerPopup popup but also handling the transfer logic for various assets. Attackers launched phishing attacks against cryptocurrency users through CDN.
Amount of loss: $ 600,000 Attack method: Malicious Code Injection Attack
Description of the event: According to information from SlowMist Zone, the OKX DEX contract appears to have encountered an issue. After SlowMist's analysis, it was found that when users exchange, they authorize the TokenApprove contract, and the DEX contract transfers the user's tokens by calling the TokenApprove contract. The DEX contract has a claimTokens function that allows a trusted DEX Proxy to make calls, with its functionality being to invoke the claimTokens function of the TokenApprove contract to transfer tokens authorized by the user. The trusted DEX Proxy is managed by the Proxy Admin, and the Proxy Admin Owner can upgrade the DEX Proxy contract through the Proxy Admin. On December 12, 2023, at 22:23:47, the Proxy Admin Owner upgraded the DEX Proxy contract to a new implementation contract through the Proxy Admin. The new implementation contract's functionality is to directly call the claimTokens function of the DEX contract to transfer tokens. Subsequently, attackers began calling the DEX Proxy to steal tokens. The Proxy Admin Owner upgraded the contract again at 23:53:59 on December 12, 2023, with similar functionality, and continued stealing tokens after the upgrade. This attack may be a result of the Proxy Admin Owner's private key being leaked. Currently, the DEX Proxy has been removed from the trusted list.
Amount of loss: $ 2,700,000 Attack method: Private Key Leakage
Description of the event: On December 13th, Peapods Finance was hacked by white hat hackers due to a reentrancy vulnerability. On December 14th, Peapods Finance tweeted that the hackers returned 90% of the funds. On December 15th, the hacker, @0xaxxe, tweeted that he returned the white hat fee to the team.
Amount of loss: $ 230,000 Attack method: Reentrancy Attack
Description of the event: The perpetual contract on Osmosis, Levana, has been subjected to an attack resulting in a loss exceeding $1.14 million. A post-incident report provided by its team indicates that between December 13th and December 26th, attackers successfully drained 10% of Levana's liquidity pool. Levana states that efforts are underway to rectify the issue, assuring that existing trading positions and profits remain unaffected. Future plans involve compensating affected liquidity providers through airdrops and the distribution of protocol fees collected during the attack period.
Amount of loss: $ 1,140,000 Attack method: Oracle Attack
Description of the event: According to on-chain data, a user deposited 0.5 BNB into Venus and borrowed a series of assets, including stkBNB, ankrBNB, etc. The user then exchanged them for 116.45 ETH assets and transferred them to another account. In response to the attack on Venus, official personnel from the Venus Protocol addressed the issue on Telegram, stating, "The core pool and XVS are not affected. The attack occurred due to a price malfunction in Binance's oracle, involving the BNB price in a small independent pool. The snBNB team is currently addressing this issue. The cause has been identified, and it has been reported to the Binance oracle team."
Amount of loss: $ 270,000 Attack method: Oracle Attack