97 hack event(s)
Description of the event: Nowswap, a decentralized exchange on Ethereum, was attacked by a flash loan. The attacker emptied Nowswap’s liquidity pool. The liquidity pool was reduced from US$1,069,197 to US$24.15. The attacker made a profit of 536,000 USDT and 158 WETH. A total of more than 1 million US dollars. The attacker used the K value verification vulnerability in the Nowswap USDT/WETH transaction pair contract to perform multiple exchanges, and each exchange obtained multiple times the normal due assets, until the assets in the trading pair pool were exhausted.
Amount of loss: $ 1,000,000 Attack method: K value verification vulnerability
Description of the event: Twitter netizen "mhonkasalo" stated that there was a bug in the dYdX pledge contract. The user received 0 stkDYDX when pledged, the front end was disabled, and there were 64 affected addresses. Later, dYdX released the "Pledge Contract Bug" incident report. During the deployment of the upgradeable smart contract, the dYdX security module made an error, which caused the ratio of DYDX to stkDYDX to change from 1 to 0, so that users who pledged DYDX did not receive stkDYDX. dYdX stated that the error was caused by an error in the smart contract deployment process. It believed that there was no error in the code itself. The security module was previously audited by the smart contract, and based on the liquidity module design, the design was also audited. The security module is thoroughly tested before deployment. At present, user funds are safely locked in the security module until the end of the 28-day epoch, and no security module rewards are distributed and no withdrawals are possible. In order to restore the contract function, an upgrade is required. The suggested solution is to restore the security module function, allow the pledged user to retrieve the funds, and compensate the user for the wrong reward for participating in the security module.
Amount of loss: - Attack method: Error in smart contract deployment
Description of the event: The Bilaxy exchange tweeted that the hot wallet was hacked and lost approximately 296 tokens (including ETH). Users, please do not send any more funds to the Bilaxy account.
Amount of loss: $ 21,709,378 Attack method: Hot wallet was stolen
Description of the event: Liquid, a Japanese-based cryptocurrency exchange, said its hot wallet was attacked and it was transferring assets to cold wallets. It is currently investigating and has suspended its deposit and withdrawal services.
Amount of loss: $ 91,350,000 Attack method: Stolen hot wallet
Description of the event: The NEAR ecological decentralized exchange Ref.Finance team tweeted that at around 2 pm UTC on August 14th, the Ref team noticed the abnormal behavior of the REF-NEAR trading pair, and then discovered that the patch of the recently deployed contract An error, which has been exploited by multiple users, affected approximately 1 million REFs and 580,000 NEARs. At present, the Ref team has suspended the contract for 48 hours to prevent further attacks and coordinated with the exchange to block the corresponding account. The user does not need to take any action, and Ref will fully compensate any permanently lost funds. At the same time, the Ref team expressed the hope that the corresponding account will return the funds. If it is not returned within 48 hours, it will adopt operations such as forking the token contract and issuing new tokens to the corresponding project party.
Amount of loss: $ 3,202,539 Attack method: Fix bug
Description of the event: According to Bloomberg News, the founder of the cryptocurrency investment platform Africrypt lost contact and 69,000 bitcoins (currently valued at approximately US$2.3 billion) on the platform were transferred. At 4 o'clock, Ameer Cajee, chief operating officer of Africrypt, told the client that the platform was hacked and asked them not to report the lost funds to the authorities. The investor has since hired a lawyer to conduct an investigation, but the lawyer has not been able to contact the founder of the company and has notified the South African Criminal Investigation Department. In addition, the lawyer found that funds on the Africrypt platform were transferred from their accounts and customer wallets, and made it untraceable through the Bitcoin mixer.
Amount of loss: $ 2,300,000,000 Attack method: Scam
Description of the event: Hotbit said that it suffered a serious cyber attack on April 29th, which caused a large number of basic services to be paralyzed. At the same time, the attacker tried to hack into Hotbit's wallet, but this behavior was identified and blocked by the risk control system. Since the attacker could not access any cryptocurrency assets, he deleted Hotbit's database. Hotbit is currently checking the authenticity and security of the backup data, and will restore servers and services later. At the same time, Hotbit claimed that the attackers obtained plaintext customer information stored in the database, including mobile phone numbers, email addresses, and encrypted currency asset data. Therefore, it is recommended that users pay attention to prevent phishing attacks.
Amount of loss: - Attack method: Network attacks
Description of the event: Unable to recover the investment, users of the Turkish cryptocurrency exchange Thodex filed a lawsuit accusing the exchange of fraud. At the same time, Thodex founder Faruk Fatih Ozer has fled the country. According to reports, Thodex has approximately 390,000 active users, and the amount involved may be as high as US$2 billion.
Amount of loss: $ 2,000,000,000 Attack method: Scam
Description of the event: According to BSC news, Turtle.dex has run away, taking away about 9,000 BNB, worth more than 2 million U.S. dollars, and the website and telegram group have been deleted. BSC news refers to this as a well-thought-out and planned running behavior. At present, part of the funds have been converted into ETH to enter the Binance Exchange, and investors are urging Binance to freeze related accounts. On March 15th, in response to the question of whether it would run away, Turtle officially stated: No, because the turtles have short hands. Note: Turtle means sea turtle.
Amount of loss: 9,000 BNB Attack method: Scam
Description of the event: The decentralized exchange DODO announced the progress of the attack on some fund pools. The main reason for this attack was that the crowdfunding fund pool contract initialization function did not prevent repeated calls, which led to hackers reinitializing the contract and completing the attack through lightning loans. In this incident, there were three participants, a hacker and two trading robots. A total of approximately US$3.8 million worth of funds were attacked. At present, the owners of the two trading robots have returned approximately US$3.1 million in tokens. In addition, funds worth approximately US$200,000 are frozen on the centralized exchange, and the remaining value of approximately US$500,000 is borne by the DODO team, and all funds will be returned within 24 hours. At the same time, security companies Chengdu Lian'an and SlowMist Technology have been invited to conduct a new round of code audits, and it is expected that the crowdfunding pool building function will be restored within a week.
Amount of loss: $ 500,000 Attack method: Init function unlimited
Description of the event: On February 20th, the New Zealand exchange Cryptopia was hacked again. Together with the $30 million stolen in 2019, Cryptopia reported that it was the target of another theft on February 1, 2021. Hackers stole about 62,000 New Zealand dollars (45,000 US dollars) in cryptocurrency. The investigation revealed that the hacker accessed a wallet that has been dormant since the hack in January 2019. The wallet belongs to Stakenet and is controlled by Grant Thornton, the liquidator of Cryptopia. According to the survey results, the dormant wallet holds approximately USD 1.96 million worth of Xtake, which is the native token of Stakenet. Previously, in December last year, the New Zealand stolen exchange Cryptopia user claim process was officially opened.
Amount of loss: $ 45,000 Attack method: Unknown
Description of the event: User information of BuyUCoin, an Indian cryptocurrency exchange, was leaked, and personal data of more than 325,000 people appeared in the database of the hacker organization. According to Indian news media Inc42, a hacker group called ShinyHunters placed a database containing the names, phone numbers, email addresses, tax identification numbers and bank account information of more than 325,000 BuyUCoin users.
Amount of loss: - Attack method: Data leak
Description of the event: The Altilly Exchange platform was attacked by legally authorized access. According to the official weighing, the attacker gained access to 30 BTC and 12,000 USDT and stole them while controlling the server.
Amount of loss: 30 BTC + 12,000 USDT Attack method: Unauthorized access
Description of the event: According to sources, the Russian cryptocurrency exchange Livecoin previously stated that it was attacked and lost control of its server. In this regard, some people in the encryption community believe that this is an exit scam. An anonymous user said that large withdrawals had been blocked the day before the hacker attack. And a few hours before Livecoin’s announcement, customers could no longer withdraw small amounts.
Amount of loss: - Attack method: Scam
Description of the event: A major security breach in the British cryptocurrency exchange Exmo has caused the platform to freeze all withdrawals. Since EXMO has a separate server for each cryptocurrency, the hacking only affected six cryptocurrencies, BTC, XRP, ZEC, USDT, ETC, and ETH, and the affected assets were equivalent to 6% of the company's total assets. According to The Block research analyst Igor Igamberdiev, EXMO seems to have lost $10.5 million in funds. The exchange provided a list of stolen coins and their addresses, and analysis showed that most of the funds had been sent to Poloniex. The lost coins include Bitcoin (BTC), Ethereum (ETH), XRP, Ethereum Classic (ETC), Tether (USDT) and Zcash (ZEC).It was reported on December 25 that the hackers who attacked Exmo had withdrawn $4 million of stolen funds through Poloniex.
Amount of loss: $ 10,500,000 Attack method: Stolen hot wallet
Description of the event: The cryptocurrency exchange Poloniex issued an announcement stating that since December 5th at 6:30 UTC (14:30 Beijing time), its service was interrupted due to a distributed denial of service (DDoS) attack. At present, Poloniex has resumed normal trading, and user funds have not suffered any loss.
Amount of loss: - Attack method: DDoS attack
Description of the event: On December 1, the Australian cryptocurrency exchange BTC Markets accidentally disclosed the full names and email addresses of all its customers in marketing emails sent to customers, which may expose all customers to potential phishing attacks. These emails are sent in batches of 1,000, which means that every customer has received the names and email addresses of 999 other users. BTC Markets CEO Caroline Bowler said that the company sincerely apologized for the incident and emphasized that the executives of the exchange are currently working around the clock to minimize the impact of violations and implement “additional security features”. To prevent future information leakage. Bowler advises BTC Markets customers to ensure that two-factor authentication is enabled to protect their accounts and to change the password of their email account.
Amount of loss: - Attack method: Data leak
Description of the event: Mike Kayamori, CEO of cryptocurrency exchange Liquid, posted a notice on the official website that a data leakage security incident occurred on the exchange on November 13. A domain hosting provider that manages a core domain name mistakenly transferred control of the account and domain name to a malicious intruder, allowing it to change DNS records, thereby controlling a large number of internal email accounts, and being able to partially damage the exchange’s Infrastructure and gain access to stored documents. After detecting the intruder, immediate action was taken to intercept and contain the attack to prevent further intrusions and reduce the risk of customer accounts and assets, while conducting a comprehensive review of the infrastructure. It can be confirmed that the customer's funds are safe, and the cold wallet based on MPC (Multi-Party Computing Protocol) is safe and has not been damaged. The relevant regulatory agencies have been notified of the intrusion and will continue to communicate in the next few days. The attacker may have obtained the user's email, name, address, and password. At present, Liquid is investigating whether the attacker has accessed the identity documents and photos submitted to KYC for verification, and will provide updates after the investigation.Liquid announced the final findings on January 20, 2021. Liquid stated that 169,782 items of user data including email addresses, names, encryption passwords, API keys, etc. have been leaked. Among them, the personal information that may be accessed illegally is the user who went through the KYC process before October 2018, such as the user's ID card, self-portrait picture, proof of address and other identity verification documents 28,639.
Amount of loss: - Attack method: Data leak
Description of the event: Recently, a user suffered a phishing attack while visiting the Curve exchange website, and lost 20 Bitcoins. It is reported that the fraud group used the Google advertising system to purchase Google search ads, pretending to be the Curve exchange for fraudulent advertising. Due to google’s new advertising program, ads are usually displayed in the first place in search, which has caused many users to be deceived.
Amount of loss: 20 BTC Attack method: Phishing attack
Description of the event: KuCoin exchange issued an announcement stating that KuCoin detected large withdrawals of Bitcoin and ERC-20 tokens in multiple hot wallets in the early morning of the 26th, and the deposit and withdrawal services have been suspended. KuCoin stated that the total amount involved in the KuCoin platform accounts for a relatively low proportion of the total funds held on the KuCoin platform, and the assets in the KuCoin cold wallet are not affected. At the same time, KuCoin has redeployed the hot wallet for the first time. KuCoin officially stated that if any user suffers losses in this incident, KuCoin and its insurance fund will be fully borne by KuCoin. KuCoin has now started a comprehensive internal security review. During this period, the deposit and withdrawal services will be suspended. The specific opening time will be Further notice. Kucoin said it will announce more details as soon as possible. As previously reported, starting at 2:49 am Beijing time on September 26, Etherscan marked the address of the cryptocurrency exchange KuCoin to transfer a large number of tokens, including MKR, USDT, OCEN, etc., to a new address beginning with 0xeb31973e0f. Including 11,486 Ethereum, 19,788,586 USDT, 525,405 Gladius (GLA), 77,874 Hawala (HAT), 21,660,274 Ocean Token (OCEAN), 8,893,428 Chroma (CHR), 30,452,178 Ampleforth Network (AMPL), 198,678 Ankr (ANKR) etc. Up to now, the new address has deposited ERC 20 tokens worth about 146 million U.S. dollars, and the transfer records are two, and the two transfers totaled about 50,000 USDT to the address starting with 0xc6f928cf9431.
Amount of loss: $ 150,000,000 Attack method: Stolen hot wallet