1577 hack event(s)
Description of the event: The Omnichain NFT protocol Holograph protocol was exploited, resulting in a loss of approximately $14.4 million. According to the team, a former contractor exploited an infinite mint vulnerability in their smart contract to release an additional 1 billion HLG tokens, which were further dumped. This malicious actor, who had funded the operator contract roughly 26 days before the attack, deployed an unverified contract on Mantle, which was used to mint the additional tokens caused by a function that exploited the protocol's verification method.
Amount of loss: $ 14,400,000 Attack method: Contract Vulnerability
Description of the event: After the attack on June 10, UwU Lend was exploited again by the same attacker, resulting in a loss of $3.72 million. The attacker held a significant amount of USDE tokens obtained from the first attack, which allowed them to leverage the remaining USDE funds and drain other UwU lending pools.
Amount of loss: $ 3,720,000 Attack method: Contract Vulnerability
Description of the event: On June 10, 2024, according to the security monitoring system MistEye by SlowMist, the digital asset lending platform UwU Lend on the EVM chain was attacked, resulting in a loss of approximately $19.3 million. The attacker manipulated the price oracle by making large exchanges in the CurveFinance pool, affecting the price of the sUSDE token, and used the manipulated price to arbitrage other assets from the pool.
Amount of loss: $ 19,300,000 Attack method: Contract Vulnerability
Description of the event: MEV Bot JokInTheBoxETH was attacked, lost ~$34K. The root cause of the exploit was poorly implemented unstake function fo the staking contract. Since the unstake function does not check the state of the variable "unstake", the exploiter could unstake multiple times and drian the assets.
Amount of loss: $ 34,000 Attack method: Contract Vulnerability
Description of the event: $1.5 million was stolen from the liquidity pool on the Blast network’s gaming platform YOLO Games. The root cause was the lack of permission checks in the "exitPool" function, allowing anyone to impersonate liquidity providers and drain the pool. The attacker has already returned 90% of the stolen assets.
Amount of loss: $ 1,500,000 Attack method: Contract Vulnerability
Description of the event: Ethereum Layer 2 protocol Loopring posted on Twitter that the some Loopring Smart Wallets were targeted in a security breach. The attack exploited wallets with only one Guardian, specifically the Loopring Official Guardian. The hacker initiated a Recovery process, falsely posing as the wallet owner to reset ownership and withdraw assets. The attack succeeded by compromising Loopring's 2FA service, allowing the hacker to impersonate the wallet owner and gain approval for the Recovery from the Official Guardian. Subsequently, the attacker transferred assets out of the affected wallets.
Amount of loss: $ 5,000,000 Attack method: Security Vulnerability
Description of the event: Gemholic, a crypto project, is accused of a rug pull after moving $3.5M in recently recovered funds and vanishing from social media.
Amount of loss: $ 3,400,000 Attack method: Rug Pull
Description of the event: According to monitoring by the SlowMist security team, the TLN Protocol on BNBChain has been attacked again. On May 31, TLN Protocol suffered a loss of approximately $280,000 due to a contract vulnerability exploited by hackers.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, SteamSwap(STM) on BNBChain was attacked, resulting in a loss of approximately $105K.
Amount of loss: $ 105,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, NCD on BNBChain was attacked, resulting in a loss of approximately $20,000.
Amount of loss: $ 20,000 Attack method: Contract Vulnerability
Description of the event: DEX Velocore experienced a security breach on June 2nd, 2024, resulting in financial losses approximating $6.8 million in ETH. The primary cause of the incident was faulty logic within the velocore__execute() function of the ConstantProductPool. When a user makes a swap on Velocore, the Vault contract makes an external call to this function to calculate the result of the swap.
Amount of loss: $ 6,800,000 Attack method: Contract Vulnerability
Description of the event: DMM Bitcoin, a Japanese cryptocurrency exchange, announced it lost 48 billion yen ($305 million) worth of bitcoin (BTC) due to a hack.
Amount of loss: $ 305,000,000 Attack method: Unknown
Description of the event: According to monitoring by the SlowMist security team, the TLN Protocol on BNBChain was attacked, resulting in a loss of approximately $280,000.
Amount of loss: $ 280,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, the MixedSwapRouter on Arbitrum was attacked, resulting in a loss of approximately 293,000 WINR, valued at around $16,000.
Amount of loss: $ 16,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist security team, potential suspicious activity has been detected in the GameFi protocol MetaDragon, and users are advised to remain vigilant. MetaDragon stated that users need to convert their META NFTs into tokens as soon as possible to minimize community losses. The META NFT contract has just been hacked. The hacker converted many NFTs in wallets to META tokens and sold them. The attack path originated from the META NFT.
Amount of loss: $ 181,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, EXcommunity on BNBChain is suspected of being attacked, resulting in a loss of approximately $37,000.
Amount of loss: $ 37,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist security team, the liquidity aggregator protocol Orion's contract was attacked, resulting in a loss of approximately $616,000.
Amount of loss: $ 616,000 Attack method: Contract Vulnerability
Description of the event: Sebastiani, co-founder of The Sandbox, posted on X platform that one of The Sandbox team members was hacked and his Twitter account used to send SCAM tweets and DMs, disguised as if these were official.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: According to the SlowMist security team, RedKeysGame on BNBChain was attacked, resulting in a loss of approximately $10,000.
Amount of loss: $ 10,584 Attack method: Contract Vulnerability
Description of the event: According to community feedback, the Base ecosystem's meme coin NORMIE has been attacked. The attacker exploited a design flaw in the NORMIE token's cross-chain bridge, manipulating the price on the Base Chain using flash loans. Since transactions with NORMIE on the Base Chain incur taxes, these taxes are automatically directed to a wallet controlled by the project team. The attacker injected a large amount of funds into this wallet via flash loans, significantly diluting the token's supply and causing a flash crash in the price.
Amount of loss: $ 882,000 Attack method: Flash Loan Attack