1627 hack event(s)
Description of the event: Blast ecosystem DEX MonoSwap disclosed on Twitter that the platform has been hacked. Users are advised not to add liquidity or stake. If you have any staking positions, please withdraw them immediately to avoid financial loss.
Amount of loss: $ 1,300,000 Attack method: Malicious Software
Description of the event: dYdX posted on Twitter that dYdX v3 website (dYdX . exchange) has been compromised. Users are advised not to visit the website or click on any related links. The dYdX v4 is not affected.
Amount of loss: - Attack method: Unknown
Description of the event: The liquidity restaking protocol Renzo tweeted that the Renzo Discord server has been compromised by malicious attackers. Please do not click on any links posted in the server.
Amount of loss: - Attack method: Account was Compromised
Description of the event: UPS on BNBChain was attacked again, losing about $521K. On April 8th, UPS was previously attacked on BNBChain, losing about $30K.
Amount of loss: $ 521,000 Attack method: Unknown
Description of the event: ETHTrustFund conducted a rugpull and stole approximately $2 million worth of cryptocurrencies on Base.
Amount of loss: $ 2,000,000 Attack method: Rug Pull
Description of the event: The arbitrum.com website appears to have been hacked and is being redirected to the official website of the Meme project MOG. Please stay vigilant and ensure the safety of your assets.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: A misconfiguration in the Rho Markets lending protocol allowed an MEV bot operator to take $7.6 million from the project's users across multiple chains. The MEV bot operator sent an on-chain message indicating their willingness to return all the funds. Subsequently, the MEV bot operator returned the funds as planned.
Amount of loss: $ 7,600,000 Attack method: Oracle Misconfiguration
Description of the event: The cryptocurrency exchange WazirX posted preliminary investigation results of the cyber attack on Twitter, stating that one of its multisig wallets was compromised, resulting in a loss of over $230 million.
Amount of loss: $ 230,000,000 Attack method: Wallet Stolen
Description of the event: According to the monitoring by the SlowMist security team, the cross-chain bridge aggregation protocol LI.FI has experienced suspicious transactions, resulting in user losses of over $10 million. Please revoke approvals to the related contracts.
Amount of loss: $ 10,000,000 Attack method: Contract Vulnerability
Description of the event: According to Fuzzland co-founder Chaofan Shou, the cross-chain lending protocol Minterest was attacked. The attacker used a flash loan attack, resulting in a loss of approximately $1.4 million for the protocol.
Amount of loss: $ 1,400,000 Attack method: Flash Loan Attack
Description of the event: According to on-chain sleuth ZachXBT, the Ethena Discord server has been hacked. Do not click on any links for the time being.
Amount of loss: - Attack method: Account was Compromised
Description of the event: According to monitoring by the SlowMist security team, Dough Finance was attacked due to a contract vulnerability. Some unauthorized funds were extracted by hackers, resulting in a loss of approximately $1.81 million.
Amount of loss: $ 1,810,000 Attack method: Contract Vulnerability
Description of the event: Web3 domain provider Unstoppable Domains stated on Twitter that Unstoppabledomains.com was attacked. Until further notice, please do not open any emails from @unstoppabledomains.com or use the website.
Amount of loss: - Attack method: Unknown
Description of the event: Compound DAO security advisor Michael Lewellen tweeted that the Compound Finance official website (http://compound.finance) has been compromised and is currently hosting a phishing site. Do not interact with the site until further notice.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: According to a message posted by Wasabi Wallet on Twitter, users have reported that a coordinator named WasabiCoordinator is gradually stealing user funds through a complex attack. Wasabi Wallet advises all users connected to this coordinator to immediately stop CoinJoin operations and announces that a new version will be released soon to prevent such attacks. Subsequently, Wasabi Wallet tweeted that there were three types of attacks in this incident: attacks on free coordinators, supply chain (GitHub) compromise, user-targeted attacks.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: According to monitoring by the SlowMist security team, Linking The World (LW) was attacked on BNBChain due to a contract vulnerability, losing approximately $80,000.
Amount of loss: $ 80,000 Attack method: Contract Vulnerability
Description of the event: Polkadot issued a warning on Twitter, alerting users that the official Twitter account of Interlay, a cross-chain interoperability project, was compromised and used to post a scam message. Users are advised to be cautious and avoid clicking any links.
Amount of loss: - Attack method: Account was compromised
Description of the event: 23pds, the CISO at SlowMist, tweeted that the 2FA service Authy has been hacked, resulting in the theft of the phone numbers of 33 million users. If you are an Authy user, please be vigilant against phishing attacks. The official developer, Twilio, has confirmed the vulnerability. Many professionals in the crypto industry use this 2FA software, so please ensure the security of your assets.
Amount of loss: - Attack method: Information Leakage
Description of the event: Some users of the Bittensor wallet software suffered wallet drains as thieves emptied their cryptocurrency wallets of the project’s TAO token. Around 32,000 TAO, notionally worth around $8 million, was siphoned. Although blockchain sleuth ZachXBT hypothesized that the attack may have been thanks to a private key leak, Bittensor later claimed that affected users had in fact been compromised by a malicious Bittensor package that had been uploaded to Python's PyPi package manager. It's not yet clear how the malicious package made it onto the package manager.
Amount of loss: $ 8,000,000 Attack method: Security Vulnerability
Description of the event: According to Cointelegraph, the Twitter account of American actress Sydney Sweeney was hacked, with now-deleted posts promoting a crypto token bearing her name in an apparent pump-and-dump scheme.
Amount of loss: - Attack method: Account was compromised