1909 hack event(s)
Description of the event: A massive suspicious withdrawal occurred on cryptocurrency exchange Remitano, with $2.7 million worth of cryptocurrency being withdrawn. Some blockchain analysts believe the exchange may have been hacked. Tether has frozen an address allegedly used by an attacker that held $1.4 million worth of cryptocurrency.
Amount of loss: $ 2,700,000 Attack method: Wallet Stolen
Description of the event: On September 13th, the Hong Kong Securities and Futures Commission issued a statement titled "Regarding Unregulated Virtual Asset Trading Platforms," stating that the virtual asset trading platform JPEX did not have a license from the Commission and had not applied for one. On September 14th, the JPEX community discovered that the withdrawal limit on the JPEX platform was only 1000 USDT, while the withdrawal fee was as high as 999 USDT, effectively preventing users from withdrawing their funds. As of October 3rd, the police have received reports from 2,467 victims, involving approximately HKD 1.522 billion in total.
Amount of loss: $ 194,337,178 Attack method: Scam
Description of the event: The cryptocurrency exchange CoinEx suffered a hacker attack. The cause of the incident was initially determined to be the leakage of hot wallet private keys. The damage caused is estimated to have reached US$70 million, and the impact has affected multiple blockchains. CoinEx tweeted that it had identified and quarantined suspicious wallet addresses related to the hack and that deposit and withdrawal services had been suspended. On September 13, SlowMist found during the analysis process that CoinEx hackers were related to Stake.com hackers and Alphapo hackers. CoinEx hackers may be the North Korean hacker group Lazarus Group.
Amount of loss: $ 70,000,000 Attack method: Private Key Leakage
Description of the event: OxODexPool suffered from a flash loan. ETH: 0x6128d5F7c64Dab48a1C66f9D62EaeFa1d5aA03ed. Approximately 40 ETH (~$61k) was lost. The stolen funds currently reside in the attacker's wallet.
Amount of loss: $ 61,000 Attack method: Flash Loan Attack
Description of the event: Milady founder Charlotte Fang said that a developer of Milady misappropriated approximately $1 million from the Bonkler treasury of Milady's official project. The developer also seized the code base and asked the team to hand over more funds and NFT reserves. Currently, the Twitter accounts of miladymaker and remilionaire are controlled by this developer. Charlotte Fang said the relevant members have been identified and will be held accountable to the fullest extent of the law. Minting of Bonkler NFTs is temporarily suspended and Bonkler’s community vaults, contracts, and NFTs are safe. Other series of NFTs from Milady parent company Remilia are not affected for the time being.
Amount of loss: $ 1,000,000 Attack method: Insider Manipulation
Description of the event: Stablecoin issuer Paxos admitted in a statement that the account that paid out nearly 20 BTC in fees in a single transaction in the early hours of September 11 belonged to the company. Paxos claims that end users have not been affected and all user funds are safe. The announcement comes after users on twitter speculated that PayPal could be responsible for the transaction, as analytics platform OXT identified relevant wallet accounts belonging to PayPal. A Paxos spokesperson said: "PayPal takes no responsibility for this as this error was caused by Paxos itself. This transaction affected Paxos company operations, Paxos customers and end users were not affected, and all customer funds are safe. This was caused by a vulnerability in a single transfer, which has now been fixed. Paxos is contacting miners to recover the funds."
Amount of loss: $ 500,000 Attack method: Transfer Vulnerability
Description of the event: On September 11, Witnet - the multichain decentralized oracle, tweeted that the Witnet Discord server has been compromised and deleted temporarily.
Amount of loss: - Attack method: Account Compromise
Description of the event: There is a large liquidity removal on the fake Base token. BSC: 0x2025273c4B985a00bc60E871a9031a12FF216F9B. Deployer 0x6d3503d16Bb93a7d9b47F510C7568868F2BFcCEf has profited ~$71.6k.
Amount of loss: $ 71,600 Attack method: Rug Pull
Description of the event: Ether co-founder Vitalik Buterin's Twitter account is suspected to have been hacked and posted a link (actually a phishing link) to a free Proto Danksharding Memorial NFT pickup related to ConsenSys. ZachXBT says the hackers have now stolen $700,000. Upon review, the tweet containing the phishing link has been removed.
Amount of loss: $ 700,000 Attack method: Account Compromise
Description of the event: On September 10, according to on-chain intelligence from the SlowMist security team, when the LDO token contract is processing a transfer operation, if the transfer amount exceeds the amount actually held by the user, the operation will not trigger the rollback of the transaction. Instead, it will directly return a `false` as the processing result. This approach is different from many common ERC20 standard token contracts. Due to the above characteristics, there is a potential risk of "fake top-up", and malicious attackers may try to use this feature to conduct fraud. On September 11, Lido stated that this behavior was expected and complies with ERC20 token standards. LDO and stETH are still safe. The Lido Token Integration Guide will be updated with LDO details to show this more obviously.
Amount of loss: - Attack method: False top-up
Description of the event: BFCToken suffered from a flash loan attack, resulting in losses of ~$38k. BSC: 0x595eac4a0ce9b7175a99094680fbe55a774b5464. The attacker was able to burn BFCTokens from the pool at no expense by exploiting the "_transfer" function.
Amount of loss: $ 38,000 Attack method: Flash Loan Attack
Description of the event: On September 9, PEPE stated on Twitter that PEPE’s old Telegram account had been hacked and was no longer under official control. The Twitter account "lordkeklol" has been compromised and used to perpetrate scams and is in no way affiliated with PEPE or its team members. All official information from PEPE will be released via its Twitter account in the coming weeks.
Amount of loss: - Attack method: Account Compromise
Description of the event: A phishing link was posted in the announcements channel of ACG WORLDS discord server. Do not interact with hxxps://asusworlds.com/tcom/.
Amount of loss: - Attack method: Account Compromise
Description of the event: Ordinals Wallet suffered a SIM Swap attack. The Twitter account was hacked and phishing links were posted. The attacker is PinkDrainer.
Amount of loss: - Attack method: Account Compromise
Description of the event: On September 7, crypto trust company Fortress said on twitter that its customers were affected by a "compromised third-party provider of cloud tools," but that there was no loss of funds. On September 13, Fortress Trust founder and CEO Scott Purcell said that the company lost $12 million to $15 million in cryptocurrencies in a recent hack, most of which was Bitcoin but two stablecoins. A small amount of USDC and USDT were also stolen, and the company immediately made up for the loss. "Of the 225,000 customers, only 4 customers were actually affected." Purcell repeatedly emphasized that the fault of the security breach lies with the third-party provider, not the Fortress Trust or the company's hosting partners Fireblocks or BitGo. The vendor has been identified as Retool, and Retool admitted that it was the victim of a phishing attack.
Amount of loss: $ 15,000,000 Attack method: Third-party Vulnerability
Description of the event: We have seen a large liquidity removal on a fake Patex token. BSC: 0xbFDf31187Ea84651414545eDEA0a27104D514a70. Deployer gained ~$97.5k from removing liquidity on a honeypot token.
Amount of loss: $ 97,500 Attack method: Rug Pull
Description of the event: We have detected a malicious flash loan on HCT token. BSC: 0x0FDfcfc398Ccc90124a0a41d920d6e2d0bD8CcF5. Approximately 30.5 BNB was lost. 30 BNB has been deposited into Tornado Cash by EOA 0xC89.
Amount of loss: 30.5 BNB Attack method: Flash Loan Attack
Description of the event: A phishing link has been posted in the major announcements channel of Victory Point Discord server. Do not interact with hxxps://victorypoints.xyz/airdrop/
Amount of loss: - Attack method: Account Compromise
Description of the event: According to official sources, Base had previously experienced a block failure. The Base team immediately investigated, and a fix was subsequently deployed, and block production began to resume. At present, the team confirmed that the network operation and RPC API have returned to normal, and will continue to monitor. Base later tweeted that the glitch had been fixed and no funds were at risk.
Amount of loss: - Attack method: Block Failure
Description of the event: The token GALA of the blockchain gaming platform Gala Games underwent a major upgrade on May 15, 2023, and the token contract address was updated. As a result, there are now two tokens in circulation, both called GALA. The price ratio of old GALA and normal GALA is 1:12. The attacker has been using old GALA tokens to deposit funds on various exchanges since July 27 this year to test fake deposits. At the same time, hackers were also involved in the LDO “fake top-up” incident and the Nomad Bridge attack last August. On September 6, hackers deposited old GALA tokens to CoinHub, successfully causing the exchange to treat the deposited old GALA tokens as normal GALA tokens. Then the hacker user withdrew the real GALA. Now there is only $168 worth of GALA left in the exchange hot wallet, and the hacker earned 2.7 ETH.
Amount of loss: 2.7 ETH Attack method: False top-up