ETH DApp total loss money by hacked is about
$ 366,882,557.34
ETH DApp : 34 hack event(s)
-
2020-10-30
Hacked target: EtherCrash
Description of the event: Recently, AlonGal, the chief technology officer of the cybercrime intelligence company HudsonRock, tweeted that on October 27, the EtherCrash cold wallet that claimed to be "the most mature and largest gambling game in Ethereum" was stolen, with a loss of about 2.5 million U.S. dollars. for. It is reported that EtherCrash has issued a notice on Discord in which it mentioned that the EtherCrash cold wallet was stolen and there were two large withdrawals. EtherCrash stated that it will compensate users for their property losses, but it will take some time because the losses are more serious.
Amount of loss: $ 2,500,000 Attack method: Cold wallet was stolen -
2020-10-26
Hacked target: Harvest Finance
Description of the event: Data on the chain shows that a large amount of funds in the Harvest Finance fund pool were transferred, and about 24 million US dollars (Specifically, approximately USD 34 million)were successfully cashed out through multiple contract transactions, most of which were cashed out through renBTC. The initial ETH source used by the hacker this time was the Ethereum anonymous transfer platform Tornado.cash. The Hash for this operation is: 0x35f8d2f572fceaac9288e5d462117850ef2694786992a8c3f6d02612277b0877. It can be seen from the Ethereum browser that the hacker transferred 20 WETH to the Harvest Finance contract (address: 0xc6028a9fa486f52efd2b95b949ac630d287ce0af), and finally transferred the 20 ETH back to his address. Harvest Finance updated its Twitter saying that, like other arbitrage economic attacks, this time it originated from a huge flash loan and manipulated the price of one currency Lego (Curve y Pool) many times to deplete another currency Lego (fUSDT, fUSDC) Of funds. The attacker then converted the funds into renBTC and cashed out. Like other lightning loan attacks, the attacker did not give a response time, and attacked end-to-end for 7 minutes. The attacker returned $2,478,549.94 to Deployer in the form of USDT and USDC. This will be distributed proportionally to affected depositors through snapshots.
Amount of loss: $ 31,500,000 Attack method: Flash Loan Attack -
2020-10-12
Hacked target: WLEO
Description of the event: The WLEO contract of the Ethereum project was hacked late yesterday, resulting in the theft of $42,000 worth of funds. The hackers stole Ethereum from the pool of the decentralized exchange Uniswap by casting WLEO to themselves and replacing it with Ethereum. This is not the first time Uniswap has encountered a similar hack. After the hacker attack, the price of WLEO dropped by 99%.
Amount of loss: $ 42,000 Attack method: Casting WLEO -
2020-09-29
Hacked target: Eminence
Description of the event: According to bluekirbyfi twitter messages, yearn. Finance founder Andre Cronje, launched the game project Eminence (ENM) encounter "Flash" attack, hackers will return $8 million of funds to the yearn deployer contracts. Officials are investigating the situation and will redistribute the $8 million hit.
Amount of loss: $ 8,000,000 Attack method: Flash Loan Attack -
2020-09-26
Hacked target: GemSwap
Description of the event: On September 26, the SushiSwap imitation project named GemSwap was exposed and LP was taken away. The query found that the project posted a tweet at around 15:00 today and revealed that it was attacked by the developer of "whatitdobb". It is understood that the project completed the liquidity migration earlier today, but the developer who initiated the attack had The relevant permission was obtained and the tokens in the liquidity pool were able to be taken away. The specific losses caused by this attack are currently unclear.
Amount of loss: 0 Attack method: Developer attack -
2020-09-20
Hacked target: Soda
Description of the event: The financial blogger "Super Bitcoin" stated on Weibo that Mr. Huai (weibo username "crash X") participated in the liquidity mining project Soda, and suddenly discovered a loophole in which 20,000 ETH can be directly liquidated Drop. But he chose to tell the development team, but the development team did not pay attention. He had no choice but to liquidate an ETH, and sent a Weibo warning to inform the developers of the existence of this bug. One hour later, the parties to the Soda agreement responded by prompting the borrower to repay and the mortgager to withdraw, and at the same time indicated that they would fix the loopholes and suspend the front-end borrowing function. But as of the early morning of September 21st, more than 400 ETH in Soda's mortgage loan pool were still maliciously liquidated. In the morning of the same day, the agreement officially stated on Twitter that the vulnerability has been fixed, and the newly deployed smart contract is expected to take effect at 21:00 on September 22.
Amount of loss: 446 ETH Attack method: Unknown -
2020-09-20
Hacked target: LV Finance
Description of the event: According to the intelligence of SlowMist Zone, the Ethereum mining project LV Finance project is suspected to be off the road. Unlike previous projects, the project used fake audit websites and provided false audit information to trick investors into making investments. After a period of time, the amount in the fund pool was large enough Run away from time to time. Currently, the project website lv.finance is no longer accessible. In this morning’s news, according to users’ reports, LV Finance is suspected of running away, and 4 million have been transferred in less than an hour. Currently its website is no longer accessible. It is said that some users have directly lost 80% of their assets.
Amount of loss: $ 4,000,000 Attack method: Ponzi -
2020-09-19
Hacked target: Bantiample
Description of the event: The Bantiample team, a project on the Binance Smart Chain, has cashed out 3000 BNB to run away. At present, the main developer of the team has deleted the Telegram account, and the project token BMAP has fallen by more than 90% in a single day. According to the project's description, BMAP is a kind of AMPL-like imitation. Every time a user participates in a transaction, the total amount is reduced by 1%. However, it is actually just a common token, and it does not have the functions described by the project party. It just uses the AMPL project hotspot to commit fraud.
Amount of loss: 3,000 BNB Attack method: Fraud -
2020-09-14
Hacked target: bZx
Description of the event: bZx officially tweeted that at 3:28 am Eastern time (15:30, September 13th, Beijing time), we began to study the decline in TVL of the agreement. By 6:18 AM EST (18:30, September 13th, Beijing time), we confirmed that several iTokens had repeated incidents. Lending is temporarily suspended. The duplicate method has been patched from the iToken contract code, and the agreement has resumed normal operation. According to the information of the founder of Compound, there are a total of US$2.6 million in LINK, US$1.6 million in ETH, and US$3.8 million in stablecoins, with a total of US$8 million in assets affected. 1inch co-founder Anton Bukov tweeted that the attacker had stolen about 4,700 ETH in this incident and attached the address of the stolen funds. In response, bZx said that the funds are currently not at risk. The funds listed have been deducted from our insurance fund. On September 16, bZx released an iToken repeat incident report, and the attacker has returned all funds.
Amount of loss: $ 8,000,000 Attack method: Duplicate funding acquisition -
2020-09-10
Hacked target: SYFI
Description of the event: Amplify, a user of DeFi, discovered a bug in SYFI, a smart contract for DeFi, and made 747 ETH on a single transaction, but from other users. The project crashed.
Amount of loss: 747 ETH Attack method: Unknown -
2020-09-09
Hacked target: Soft Finance
Description of the event: A user with a Twitter account named Amplify revealed that he made a profit of US$250,000 from a system vulnerability in the new DeFi project Soft Finance.
Amount of loss: $ 250,000 Attack method: Unknown -
2020-08-28
Hacked target: Degen.Money
Description of the event: Twitter users reported that DeFi's liquidity mining project Degen.Money exploited a double approval vulnerability to get users' Money. The first authorization gives the pledge contract, and the second authorization gives the right to transfer money, which will result in the user's funds being taken away by the attacker. YFI founder Andre Cronje says the project does have risks.
Amount of loss: 0 Attack method: double approval -
2020-08-25
Hacked target: YFValue
Description of the event: The DeFi project YFValue (YFV) officially released an announcement stating that the team found a loophole in the YFV pledge pool yesterday, and malicious participants used the vulnerability to reset the YFV timer in the pledge separately. There is a risk of being locked in $170 million in funds. Currently, a malicious participant is trying to blackmail the team using this vulnerability.
Amount of loss: $ 170,000,000 Attack method: Reset the YFV timer in the pledge separately -
2020-08-14
Hacked target: BASED
Description of the event: The DeFi liquidity farming anonymous project BASED officially announced that it would redeploy the pledge pool. The official tweeted that a hacker tried to freeze "Pool1" permanently, but the attempt failed, and "Pool1" will continue as planned. The mortgage funds and BASED tokens are currently safe.
Amount of loss: 0 Attack method: Unknown -
2020-08-13
Hacked target: YAM
Description of the event: On August 13, 2020, the well-known Ethereum DeFi project YAM officially posted on Twitter that it found loopholes in the contract. The price plummeted by 99% within 24 hours, resulting in the “permanent destruction” of the governance contract. Curve tokens worth 750,000 USD It is locked and cannot be used.
Amount of loss: 0 Attack method: Unknown -
2020-07-01
Hacked target: VETH
Description of the event: Coingecko researcher Daryllautk tweeted that VETH suffered a hacker attack on the decentralized exchange Uniswap. The hacker stole 919,299 VETH (worth $900,000) using only 0.9ETH. After the attack, VETH officially stated that the contract was used by the UX improvement it placed in transferForm(), which was their fault. They will redeploy vether4 and will compensate all affected Uniswap pledgers.
Amount of loss: $ 900,000 Attack method: Unknown -
2020-06-30
Hacked target: Balancer
Description of the event: According to DeBank Twitter, hackers once again used dYdX's lightning loan to attack the COMP trading pair in Balancer's part of the liquidity pool, and took away the unreceived COMP rewards from the pool to make a profit of 10.8 ETH, which is about $2408.
Amount of loss: $ 2408 Attack method: Unknown -
2020-06-29
Hacked target: Balancer
Description of the event: The Balancer liquidity pool was attacked by Lightning Loan and lost $500,000. The two losses suffered by Balacer are STA and STONK. At present, the liquidity of these two token pools has been exhausted. Both STA and STONK tokens are deflation tokens, which means that this attack only affects the liquidity pool of deflation tokens.
Amount of loss: $ 500,000 Attack method: Unknown -
2020-06-25
Hacked target: Web3 DeFi
Description of the event: The malicious Web3 applications "phishing dapps" were discovered in a recent study, they pretend to be legitimate applications or services to steal cryptocurrencies. For example, since MakerDAO officially closed the single-mortgage Sai system, such phishing tools have begun to appear, and they pretended to need a new tool to help users migrate from SAI to DAI. For example, a domain name provides a simple interface to start the migration from SAI to the new DAI at a 1:1 ratio, it seems like an official channel. However, the actual transaction to be signed simply sends the SAI to an address owned by the attacker. SAI, which has been traced to more than US$100,000, was transferred to the attacker's account.
Amount of loss: $ 100,000 Attack method: phishing attack -
2020-06-24
Hacked target: Atomic Loans
Description of the event: Atomic Loans, issued a decision on vulnerability disclosure and suspension of new loan requests. The decision shows that the security researcher samczsun privately disclosed two vulnerabilities in the currently deployed contracts and lender agents.oth vulnerabilities would've allowed a malicious borrower to unlock part/ all of their BTC collateral without repaying their loan in specific circumstances. Up to now, neither of these vulnerabilities were exploited by any users, and there were no funds impacted on the platform. Additionally the platform has disabled the ability for any borrower or lender to participate in new loans until they launch v2.
Amount of loss: 0 Attack method: Unknown -
2020-06-23
Hacked target: DDM
Description of the event: The official DeFi money market agreement DMM Twitter said that during $DMG public sale today, its telegram was unfortunately brigaded by malicious actors who impersonated the DMM Foundation with sole the intent of stealing funds. After digging through the on-chain transactions to find those affected, the official sent a total of $40k worth of DMG to those affected at an exchange rate of $0.40 per DMG, hoping to make sure everyone who lost funds were made whole.
Amount of loss: $ 4,0000 Attack method: Unknown -
2020-06-18
Hacked target: Bancor
Description of the event: Due to the unverified safeTransferFrom () function in the new Bancor network contract, user funds are about to be depleted. The Bancor team stated: 1. A security vulnerability was discovered in the new Bancor Network v0.6 contract released two days ago; 2. After the vulnerability was discovered, the team conducted a white hat attack to transfer funds to a secure address; 3. The audit of the smart contract has been completed.But there are still $135,229 preemptively traded by two unknown arbitrage robots.
Amount of loss: $ 135,229 Attack method: Unknown -
2020-05-18
Hacked target: tBTC
Description of the event: The tBTC team suspected it had found a major contract vulnerability, and it suspended the recharge service and re-audited it urgently. tBTC is an ERC-20 token that does not require trust and is guaranteed by redeemable BTC.
Amount of loss: - Attack method: Unknown -
2020-04-25
Hacked target: Hegic
Description of the event: Hegic: There are 152.2 ETH (about 28,537 USD) permanently locked in the contract pool of unexercised put / call options. Out of the 19 contracts, 16 are put options (DAI is locked) and 3 are call options (ETH is locked). Hegic said it will process a 100% refund for all involved users.
Amount of loss: $28,537 Attack method: Unknown -
2020-04-19
Hacked target: Lendf.Me
Description of the event: DeFi lending protocol Lendf.Me was hacked.
Amount of loss: $24,696,616 Attack method: ERC777 Reentrancy Rick -
2020-04-18
Hacked target: Uniswap
Description of the event: Uniswap was hacked and lost 1278 ETH.
Amount of loss: $220,000 Attack method: ERC777 Reentrancy Rick -
2020-02-18
Hacked target: bZx
Description of the event: bZx was attacked again with an estimated loss of $645,000 of ETH
Amount of loss: $645,000 Attack method: The defect of risk control in economic model -
2020-02-15
Hacked target: bZx
Description of the event: DeFi lending protocol bZx exploited, may lose up to $350,000.
Amount of loss: $350,000 Attack method: The defect of risk control in economic model -
2018-10-09
Hacked target: SpankChain
Description of the event: The attacker created a malicious contract masquerading as an ERC20 token, and the "transfer" function re-invokes the payment channel contract repeatedly, each time exhausting some ETH.
Amount of loss: 165.38 ETH Attack method: reentrancy-attack-on-smart-contract -
2018-08-01
Hacked target: Fomo 3D
Description of the event: Ethereum Fomo 3D was hacked and hacker used special attack techniques to take the bonus.
Amount of loss: 10,469.66 ETH Attack method: Transaction Congestion Attack -
2018-07-31
Hacked target: Fomo 3D
Description of the event: Ethereum Fomo 3D was hacked, Fomo 3D website 24-hour access reduced 21.95 percent, 24-hour flow decreased 38.32%
Amount of loss: - Attack method: DDoS -
2018-07-10
Hacked target: Bancor
Description of the event: The Bancor platform theft was related to the BancorConverter contract, and the attacker (hacker/mole) is very likely to get the private key of the 0x009bb5e9fcf28e5e601b7d0e9e821da6365d0a9c.
Amount of loss: 24,984 ETH,3,236,967 BNT,229,356,645 NPXS, Attack method: Suspected private key stolen -
2017-07-20
Hacked target: Parity
Description of the event: As reported by the startup, the issue is the result of a bug in a specific multi-signature contract known as wallet.sol., the attacker can take over the wallet immediately and absorb all the funds
Amount of loss: ~30,000,000 USD Attack method: Unauthorized operation -
2016-06-17
Hacked target: The DAO
Description of the event: The DAO smart contract running on the Ethereum suffered a reentrancy-attack-on-smart-contract.
Amount of loss: ~60,000,000 USD Attack method: reentrancy-attack-on-smart-contract