1513 hack event(s)
Description of the event: Optimism and Wintermute both released announcements, disclosing to the community a loss of 20 million OP tokens. At the time of the release of OP tokens, Optimism entrusted Wintermute to provide liquidity services for OP in the secondary market. As part of the agreement, Optimism will provide Wintermute with 20 million OP tokens. To receive the tokens, Wintermute gave Optimism a multi-signature address, to which Optimism transferred 20 million OPs after Optimism test sent two transactions and Wintermute confirmed it was correct. After Optimism transferred the coins, Wintermute found that they had no way to control these coins, because the multi-signature addresses they provided were only deployed on the Ethereum mainnet for the time being and have not yet been deployed to the Optimism network. To gain control of these tokens, Wintermute immediately initiated remediation operations. However, attackers have already noticed this vulnerability and deployed multi-signature to this address on the Optimism network before Wintermute, successfully controlling the 20 million tokens. At present, the Optimism hacker has returned 17 million OP tokens and transferred 1 million OP to the Vitalik address, and Vitalik has returned the funds.
Amount of loss: 2,000,000 OP Attack method: Multi-signature address transfer vulnerability
Description of the event: Osmosis, the decentralized exchange (DEX) built on the Cosmos network, was shut down just before 3 a.m. ET on Wednesday after attackers exploited a liquidity provider (LP) vulnerability to steal around 5 million Dollar. About an hour after Osmosis tweeted about the attack, 4 hackers accounted for 95% of the total, according to a tweet from Osmosis, Cosmos ecosystem validator FireStake admitted on Twitter, A "momentary error of judgement" led to two members of their team who exploited the vulnerability for roughly $2 million, and they decided to voluntarily return the funds and "fix the problem."
Amount of loss: $ 3,000,000 Attack method: LP vulnerability
Description of the event: GYM NETWORK Hacked, Lost $2.1M, Stolen Funds Moved to Tornado Cash. According to the official Twitter account, the attack was caused by an attack on the Claim & Pool function, which resulted in a significant price drop.
Amount of loss: $ 2,100,000 Attack method: Contract Vulnerability
Description of the event: Cosmos ecosystem developer @TheJunonaut tweeted that a critical bug was discovered on Osmosis that could drain all liquidity pools. Anyone can add liquidity to any pool and get an additional 50% when removing it. Responding to community discussions about the attack, Osmosis tweeted that the liquidity pool was not "completely drained" and that developers were fixing bugs, determining the size of the loss (likely around $5 million), and working on recovery.
Amount of loss: $ 5,000,000 Attack method: Funds Pool Vulnerability
Description of the event: The ApolloX project was attacked due to a flaw in the ApolloX signature system. The attacker used the signature system flaw to generate 255 signatures, with a total of 53,946,802 $APX extracted from the contract, worth about $1.6 million.
Amount of loss: $ 1,600,000 Attack method: Signature system flaws
Description of the event: The Baby Elon project on BNBChain had a rug pull on June 8, and they took 623 BNB (~$179,000) and quickly moved the funds to Tornado Cash.
Amount of loss: 623 BNB Attack method: Rug Pull
Description of the event: A Rug Pull occurred on the project BabyElon on BNB Chian, the token dropped 98%, and the scammers have transferred 623 BNB to Tornado Cash, with a loss of about $180,000.
Amount of loss: $ 180,000 Attack method: Rug Pull
Description of the event: Equalizer Finance suffered flash loan attacks on four chains: Ethereum, BSC, Polygon and Optimism. The main reason for this attack is that the FlashLoanProvider contract of the Equalizer Finance protocol is not compatible with the Vault contract. According to officials, funds on Ethereum and BSC have been recovered, but funds on Optimism and Polygon remain unaccounted for.
Amount of loss: $ 50,000 Attack method: Compatibility Issue
Description of the event: The blockchain network Elrond is suspected of having a security breach, and hackers "obtained" nearly 1.65 million $EGLD "out of thin air" and sold it through the decentralized exchange Maiar. On June 8, Elrond founder and CEO Beniamin Mincu tweeted that the previous bug has been resolved, all funds and users are safe, and almost all stolen funds have been recovered.
Amount of loss: $ 113,000,000 Attack method: Virtual Machine Vulnerability
Description of the event: Discord servers for Yuga Lab projects Bored Ape Yacht Club (BAYC) and Otherside appear to have been affected by phishing attacks. The attackers allegedly stole more than 145 ethereum ($256,000) worth of tokens. It appears that the community administrator's account was compromised, which gave attackers access to the administrator account on the server. They then went on to post a link to a phishing site that encouraged users to link their wallets to access "exclusive giveaways." Subsequently, the NFT project BAYC stated on its official Twitter that its Discord server was briefly attacked today, and the team quickly resolved the problem, but some NFTs were still affected.
Amount of loss: 145 ETH Attack method: Discord was hacked
Description of the event: The fomo-dao project is suspected of being attacked, and the attacker has made a profit of $110,000, which has been transferred to Tornado.cash.
Amount of loss: $ 110,000 Attack method: Flash Loan Attack
Description of the event: The Discord of Homeless Friends NFT was attacked, homelessfriends[.]net is a phishing website.
Amount of loss: - Attack method: Discord was hacked
Description of the event: The work of Animoon with 9999 NFTs is taken from Pokémon. They claim to have signed a non-disclosure agreement (NDA) with Pokémon partner TopDeck. But with no evidence of an actual P2E game being developed, the Animoon team disappeared, deleting their Twitter account and website.
Amount of loss: $ 6,300,000 Attack method: Rug Pull
Description of the event: The project CoFiXProtocol on BNB Chian suffered a price manipulation attack, and the attackers made a profit of about $140,000.
Amount of loss: $140,000 Attack method: Price Manipulation
Description of the event: A Rug Pull occurred in StarMan, the coin price fell 99.5%, and the scammers have transferred about 640.4 BNB to Tornado Cash. Losses were valued at approximately $196,000.
Amount of loss: $ 196,000 Attack method: Rug Pull
Description of the event: Rug Pull on Armadillo Coin on BNB Chian, scammers have transferred 663.4 BNB to Tornado.Cash.
Amount of loss: 663.4 BNB Attack method: Rug Pull
Description of the event: Mirror Protocol, a synthetic asset protocol built on Terra, has been attacked again, was attacked again, with more than $2 million in capital losses. The capital pools of Bitcoin, Ethereum and Polkadot have been exhausted, and the remaining capital pools are linked to stocks. If the vulnerability is not fixed before the market opens at 4:00 EST (16:00 GMT), all of its token asset pools will be at risk.
Amount of loss: $ 2,000,000 Attack method: Oracle Price Vulnerability
Description of the event: DeFi project Novo is suspected of being attacked, and hackers have transferred 280 BNB (about $89,600) to Tornado.cash.
Amount of loss: 200 BNB Attack method: Contract Vulnerability
Description of the event: On May 30, after the launch of the new Terra chain, the price of the oracle machine of LUNC (Luna Classic) reached $5, while the actual price was much lower than $5. An Anchor platform user noticed the vulnerability and deposited about 20 million tokens. Lido Bonded Luna Token, and successfully lent 40 million UST, eventually withdrawing and making a profit of about $800,000.
Amount of loss: $ 800,000 Attack method: Contract Vulnerability
Description of the event: A Rug Pull occurred in the NFT metaverse game project Pokemoney on BNBChian, its Token PMY has dropped by 99.98%%, and about 11,800 BNB (about 3.5 million US dollars) have been withdrawn and transferred.
Amount of loss: $ 3,500,000 Attack method: Rug Pull