1756 hack event(s)
Description of the event: Arata tweeted that the Arata ecosystem and CEX wallet have been exploited. The hacker managed to sell a significant portion of the tokens.
Amount of loss: - Attack method: Unknown
Description of the event: Vestra DAO tweeted that a hacker exploited a vulnerability in the locked staking contract, manipulating the reward mechanism to claim rewards exceeding their entitlement. As a result, a total of 73,720,000 VSTR tokens were stolen. The stolen tokens were gradually sold on Uniswap, causing approximately $500,000 in ETH liquidity losses.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: DeBox officially announced that due to the leakage of the private key of an operational account's personal EOA wallet, 31.03 ETH and 4.879 million BOX tokens were stolen.
Amount of loss: $ 275,000 Attack method: Private Key Leakage
Description of the event: The co-founder of the security organization Fuzzland, @shoucccc, posted on X stating that Clipper DEX has been hacked due to an API vulnerability (such as private key leakage). Currently, losses exceed $500,000, with $6.5 million at risk. Users are urged to withdraw their funds immediately.
Amount of loss: $ 500,000 Attack method: API Vulnerability
Description of the event: The cryptocurrency exchange XT has reportedly fallen victim to a hacking incident, resulting in the loss of approximately $1.7 million worth of crypto assets. The hacker has converted the funds into 461.58 ETH and deposited them into the address 0xB43f…8F83.
Amount of loss: $ 1,700,000 Attack method: Unknown
Description of the event: The DeSci project Pump Science tweeted that the wallet T5j2UB...jjb8sc was exploited due to an oversight in their GitHub repository. The exploiter gained access to the keypair, which had been embedded in the source code of their website.
Amount of loss: - Attack method: Private Key Leakage
Description of the event: On November 25, DCF on the BNB Chain was attacked, resulting in a loss of approximately $440,000. The root cause of the vulnerability was an error in the logic implemented by the project team in the transfer function of DCF.
Amount of loss: $ 440,000 Attack method: Flash Loan Attack
Description of the event: The Akashalife (AK1111) on BSC was suspected to have been attacked, resulting in a loss of approximately $31.5K.
Amount of loss: $ 31,500 Attack method: Contract Vulnerability
Description of the event: On-chain investigator ZachXBT stated on his personal Telegram channel that the wallet associated with crypto KOL JRNY appears to have been compromised, with approximately $4 million worth of crypto assets transferred and sold. This suggests that the wallet's private key may have been leaked.
Amount of loss: $ 4,000,000 Attack method: Private Key Leakage
Description of the event: The Sweepr Token (SWEEPR) on ETH was suspected to have been attacked, resulting in a loss of approximately $14K.
Amount of loss: $ 14,000 Attack method: Contract Vulnerability
Description of the event: The Matez (MATEZ) on BSC is suspected to have been attacked, resulting in a loss of at least $80K.
Amount of loss: $ 80,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist Security Team, the BSCGem (BSCGem) on BSC is suspected to have been attacked, resulting in a loss of approximately $17.3K.
Amount of loss: $ 17,300 Attack method: Contract Vulnerability
Description of the event: The lending project Polter Finance on Fantom lost ~$12 million due to an oracle price-related flash loan attack on its newly launched SpookySwap (BOO) market.
Amount of loss: $ 12,000,000 Attack method: Flash Loan Attack
Description of the event: The MFT (MFT) on BSC is suspected to have been attacked, resulting in a loss of approximately $33.7K.
Amount of loss: $ 33,700 Attack method: Contract Vulnerability
Description of the event: Binance co-founder CZ confirmed on X that the official X account of his educational project, Giggle Academy, has been hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: The funds of multiple users of the on-chain trading terminal DEXX have been stolen. According to statistics from the SlowMist Security Team, the total losses from this incident have reached $21 million.
Amount of loss: $ 21,000,000 Attack method: Private Key Leakage
Description of the event: The X account of the meme project dogwifcoin (WIF) is suspected to have been hacked, posting multiple token contract messages. Users are advised to stay vigilant.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Aptos-based DeFi project Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m. Thala has since paused all related contracts and frozen Thala token assets ($9m MOD and $2.5m THL). With the assistance of other organizations, the team identified the exploiter and negotiated a $300k bounty for a full recovery of user assets.
Amount of loss: $ 25,500,000 Attack method: Contract Vulnerability
Description of the event: GMGN stated in the community, "The GMGN website has suffered a malicious attack, suspected to involve multiple methods, including common crawler attacks and flood attacks. The development team is currently working on emergency repairs, and the token details page, holdings collection feature, and transaction activity records have been restored."
Amount of loss: - Attack method: Unknown
Description of the event: The vETH token suffered an attack, resulting in approximately $450K in losses.
Amount of loss: $ 450,000 Attack method: Price Manipulation