145 hack event(s)
Description of the event: FixedFloat, a decentralized exchange, tweeted that they have encountered another attack, with hackers exploiting vulnerabilities in their third-party services. The company assured that both company and user funds remain unaffected.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: BitForex, a cryptocurrency exchange headquartered in Hong Kong, has closed access to its platform after approximately $56.5 million in suspicious funds outflow occurred across multiple blockchains. Blockchain detective ZachXBT was the first to notice the withdrawals, noting that the exchange has halted withdrawals and has not responded to customer support inquiries. These fund outflows appear to be an exit scam rather than an external attack, especially considering the lack of communication and the exchange's questionable status. The company faced regulatory scrutiny in Japan in mid-2023 for operating without a license and was accused of inflating trading volumes. Its CEO resigned in January, promising a transition to a new team.
Amount of loss: $ 56,500,000 Attack method: Rug Pull
Description of the event: According to on-chain data, the cryptocurrency exchange FixedFloat appears to have been exploited, resulting in the theft of approximately $26.1 million worth of Bitcoin and Ethereum. On February 18th, FixedFloat tweeted: "We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon. We will provide details on this case a little later."
Amount of loss: $ 26,100,000 Attack method: Unknown
Description of the event: Tron founder Justin Sun tweeted that Htx.com and HTX_DAO have been attacked by DDoS attack. The official HTX Twitter account also mentioned that the HTX application is currently experiencing interruptions, and the technical team is actively working to resolve the issues.
Amount of loss: - Attack method: DDoS Attack
Description of the event: OKX Wallet BRC20 marketplace has experienced a vulnerability where a large number of fake sats are displayed in the order book. Users are advised to immediately cease trading sats to avoid purchasing false assets and potential asset loss. On December 30th, OKX announced on Twitter that the Ordinals market has been restored, and trading for the affected currencies has resumed as usual. For genuine users who mistakenly purchased tokens due to this issue, the platform will compensate them after completing the assessment.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: Multi-chain trading platform Thunder suffered an attack. Thunder responded by stating that a third-party service it uses appears to have been targeted. No one's private keys are compromised. Only 114 wallets out of over 14,000 were affected.
Amount of loss: $ 192,000 Attack method: Third-party Vulnerability
Description of the event: The INX Digital Company, a security token and digital asset trading platform, announced that on December 20, 2023, it learned of a cyberattack that occurred on the computer systems of a third-party vendor providing services to one of the Company's subsidiaries. As a result, a malicious actor managed to access the third-party vendor's servers and executed unauthorized trades which resulted in a loss of funds of the Company's subsidiary of approximately $1.6 million. The Company took immediate actions to remediate the security vulnerability and to investigate the nature and scope of the incident. The Company also notified relevant law enforcement in the appropriate jurisdictions and is working with the affected trading venue to investigate this incident and take appropriate legal action. INX customers were not affected by the incident, and the security breach at the third-party provider did not have any impact on the platforms and servers of INX. No personal information or other data of INX's customers was compromised, and INX.One remains fully operational.
Amount of loss: $ 1,600,000 Attack method: Third-party Vulnerability
Description of the event: According to information from SlowMist Zone, the OKX DEX contract appears to have encountered an issue. After SlowMist's analysis, it was found that when users exchange, they authorize the TokenApprove contract, and the DEX contract transfers the user's tokens by calling the TokenApprove contract. The DEX contract has a claimTokens function that allows a trusted DEX Proxy to make calls, with its functionality being to invoke the claimTokens function of the TokenApprove contract to transfer tokens authorized by the user. The trusted DEX Proxy is managed by the Proxy Admin, and the Proxy Admin Owner can upgrade the DEX Proxy contract through the Proxy Admin. On December 12, 2023, at 22:23:47, the Proxy Admin Owner upgraded the DEX Proxy contract to a new implementation contract through the Proxy Admin. The new implementation contract's functionality is to directly call the claimTokens function of the DEX contract to transfer tokens. Subsequently, attackers began calling the DEX Proxy to steal tokens. The Proxy Admin Owner upgraded the contract again at 23:53:59 on December 12, 2023, with similar functionality, and continued stealing tokens after the upgrade. This attack may be a result of the Proxy Admin Owner's private key being leaked. Currently, the DEX Proxy has been removed from the trusted list.
Amount of loss: $ 2,700,000 Attack method: Private Key Leakage
Description of the event: Virtual Asset Platform HOUNAX Investigated for Fraud. On November 1, HOUNAX was placed by the Hong Kong Securities and Futures Commission (SFC) on a warning list of "Suspicious Virtual Asset Trading Platforms," which is designed to alert investors to risks. On November 29, Hong Kong police reported that 158 Hong Kong investors had been lured by the unlicensed platform HOUNAX and lost approximately HK$155 million ($19.83 million).
Amount of loss: $ 19,830,000 Attack method: Scam
Description of the event: HTX (formerly Huobi) and its related Heco Bridge were hacked for a combined $113.3 million.
Amount of loss: $ 113,300,000 Attack method: Unknown
Description of the event: Trader Joe, the largest native DEX on Avalanche, tweeted that the team's preliminary analysis identified a potential exploit in a 3rd party analytics plugin hacked JavaScript code used by the frontend.
Amount of loss: - Attack method: Malicious Code Injection Attack
Description of the event: DEX SpookySwap on Fantom tweeted that the team is investigating a frontend vulnerability on their domain. Please do not execute any transactions on the DEX. On November 19, Spooky updated that a 3rd party JavaScript plugin enabled code injection from npm packages. This enabled replacing the spooky router contract on the Spooky Fi frontend with a malicious contract which sent funds that users attempted to swap to the exploiter.
Amount of loss: $ 5,000 Attack method: Malicious Code Injection Attack
Description of the event: About $9m from the dYdX v3 insurance fund were used to fill gaps on liquidations processed in the YFI market, and the CEO said this was pretty clearly a targeted attack against dYdX, including market manipulation of the entire $YFI market.
Amount of loss: $ 9,000,000 Attack method: Price Manipulation
Description of the event: On November 10, the Poloniex exchange was hacked. According to the analysis of the SlowMist, the Poloniex hack currently affects about $130M.
Amount of loss: $ 130,000,000 Attack method: Unknown
Description of the event: On November 8, 2023, CoinSpot was exploited across two of its hot wallets, resulting in a loss of over 1,283 ETH, worth approximately $2.472 million.
Amount of loss: $ 2,472,000 Attack method: Private Key Leakage
Description of the event: Philippine exchange Coins.ph lost 12 million $XRP ($6 million) in a hack.
Amount of loss: $ 6,000,000 Attack method: Private Key Leakage
Description of the event: On October 10th, the BRC20 exchange platform Ordswap issued a tweet, stating that they had lost control of their website domain, and the issue appeared to be related to the website development and hosting company Netlify. They advised users not to access their website until they regained control of the domain. Ordswap users reported that the compromised website was redirecting users to phishing links.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: On September 24th, according to Definalist on Twitter, scammers had deposited fake APT tokens into South Korea's largest exchange, Upbit. After these fake tokens were deposited into numerous user accounts, many users proceeded to directly sell them. The only explanation for this situation is that Upbit's wallet system only checked the type and data and processed deposits and withdrawals.
Amount of loss: - Attack method: False top-up
Description of the event: On September 25th, Cyvers Alerts tweeted that a certain EOA address received 5000 ETH from HTX yesterday, and this morning, they noticed that HTX had conducted a hot wallet migration. It has been confirmed that one of HTX's hot wallets was compromised, resulting in a loss of 8.2 million USD, and the hacker's address has been disclosed. HTX has issued a public statement on the blockchain, addressing the hacker and offering a 5% white hat bonus if the stolen funds are returned by October 2nd; otherwise, they will transfer the information to law enforcement authorities for further action and to prosecute the hacker. Justin Sun also stated that HTX has fully covered the losses incurred from the attack and has successfully resolved all related issues. All user assets are safe and the platform is operating completely normally. On October 7, the HTX attackers returned 4,999 ETH (about $8.2 million) of the stolen funds.
Amount of loss: $ 8,200,000 Attack method: Unknown
Description of the event: On September 20th, the DeFi liquidity protocol Balancer fell victim to a DNS hijacking attack. Funds have been directed to an address starting with 0x6457, resulting in a total loss of approximately $350,000. The attacker’s fee came from the phishing group AngelDrainer. The attacker may be related to Russia.
Amount of loss: $ 350,000 Attack method: DNS Hijacking Attack