249 hack event(s)
Description of the event: According to on-chain analyst ZachXBT's monitoring, the group of scammers who stole 8 figs with Magnate, Kokomo, Lendora, Solfire, etc is back with a new project on Blast @Leaperfinance. Last week they funded an address on Blast with ~$1M of laundered funds from the previous rugs and have begun adding liquidity to bait people in. Over time, the fraudulent team increased their TVL to over a million dollars, then stole all user funds deposited into the protocol, and forged KYC documents using low-level auditing companies. Currently, this fraudulent group has initiated scams on platforms such as Base, Solana, Scroll, Optimism, Arbitrum, Ethereum, and Avalanche.
Amount of loss: - Attack method: Scam
Description of the event: The Twitter account of Wormhole co-founder Robinson Burkey was hacked, and a suspicious link was posted.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: In the Blast ecosystem, the project Avolend Finance is suspected to be a rug pull. Currently, its official website and Twitter account cannot be accessed.
Amount of loss: - Attack method: Rug Pull
Description of the event: The Blast ecosystem project Munchables was attacked, resulting in the theft of 17,400 ETH (approximately $62.3 million). The Blast ecosystem project Munchables was attacked, resulting in a loss of approximately $62.5 million. On the same day, Blast founder Pacman tweeted: "$97m has been secured in a multisig by Blast core contributors. Took an incredible lift in the background but I’m grateful the ex munchables dev opted to return all funds in the end without any ransom required.."
Amount of loss: $ 62,500,000 Attack method: Insider Manipulation
Description of the event: The email newsletter account of Web3 media company Decrypt has been compromised, and a phishing scam email has been sent to all of our subscribers. Please do not click on any links. Currently, the attacker has profited $3,000 through phishing.
Amount of loss: $ 3,000 Attack method: Account Compromised
Description of the event: The RWA infrastructure of the Curio Ecosystem suffered an attack, resulting in a loss of $16 million, involving smart contracts based on MakerDAO within its ecosystem. The attacker exploited a permission access logic vulnerability.
Amount of loss: $ 16,000,000 Attack method: Contract Vulnerability
Description of the event: The new blockchain game Super Sushi Samurai, based on the Blast layer-2, was attacked due to a vulnerability in its token contract, resulting in a loss of approximately $4.6 million. Shortly after the theft, the attacker contacted the project, claiming to be a whitehat. Later, Super Sushi Samurai confirmed that the funds had been returned, minus a 5% bounty.
Amount of loss: $ 4,600,000 Attack method: Contract Vulnerability
Description of the event: The hackers gained access to AirDAO LP through a social engineering scam and drained the liquidity pool of AMB/ETH. The scam involved an email with a malicious attachment, impersonating one of their known partners. In total, the hackers stole 41,612,782.10627101 AMB and 126.5 ETH.
Amount of loss: $ 1,050,000 Attack method: Social Engineering
Description of the event: Decentralized exchange (DEX) aggregator ParaSwap announced the discovery of a critical vulnerability affecting its approved aggregation smart contract Augustus V6. This vulnerability impacts users who have authorized the Augustus V6 contract. In response, ParaSwap has temporarily halted the V6 API and employed white-hat attack methods to ensure the safety of user funds. These funds have been securely transferred to a secure wallet starting with 0x66E90 and are slated to be returned to users promptly. Additionally, ParaSwap urges users to revoke authorization for the Augustus V6 contract to mitigate potential risks. Currently, it is known that 4 addresses have been affected by this vulnerability, resulting in a total loss of approximately $24,000. ParaSwap is taking measures to address and fix this vulnerability while ensuring the safety of user funds.
Amount of loss: $ 24,000 Attack method: Contract Vulnerability
Description of the event: According to blockchain investigator ZachXBT, an account impersonating Solana ecosystem KOL Ansem (@blknoiz06) capitalized on the recent meme coin craze to profit over $2.6 million through phishing.
Amount of loss: $ 2,600,000 Attack method: Social Engineering
Description of the event: The AI-driven UGC platform NFP, aimed at the next generation of content creators, disclosed on Twitter that they have experienced a security breach. Hackers infiltrated several wallets, including the wallet of the NFP contract manager, and illegally gained control of some NFP treasury and ecosystem funds, as well as funds belonging to other victims.
Amount of loss: $ 10,400,000 Attack method: Unknown
Description of the event: The DeFi project Mozaic was exploited, who stole approximately $2 million from the project. According to Mozaic, this individual was a Mozaic developer who had illegally obtained the private keys of a security module by compromising the data of a core team member. They also stated that about 90% of the stolen funds have now been frozen on MEXC.
Amount of loss: $ 2,000,000 Attack method: Insider Manipulation
Description of the event: The AI service provider Cloud AI reported that both their deployer and treasury account have been compromised by hackers. The attackers acquired 58,900 CloudAI tokens and some ETH. All CloudAI tokens have been exchanged for ETH. The total loss is approximately $360,000.
Amount of loss: $ 360,000 Attack method: Unknown
Description of the event: The Twitter account of Web3 chat solution beoble has been compromised, with phishing links being posted. Please refrain from clicking on any links until further notice is provided by the official team.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: The Web3 full-stack interoperability infrastructure Polyhedra Network suffered a wallet access vulnerability attack on the BNB chain, with attackers extracting $1.4 million, including $700,000 worth of THE tokens. Subsequently, they exchanged all tokens for BNB. The attacker's funds originated from Tornado Cash.
Amount of loss: $ 1,400,000 Attack method: Private Key Leakage
Description of the event: The Blast ecosystem's LaunchPad and yield aggregator BLASTOFF announced that its Future Yield Minter Vault has been hacked, resulting in the theft of approximately 150 ETH (approximately $600,000). The official team has disabled staking in the affected pool and is currently conducting a thorough investigation.
Amount of loss: $ 600,000 Attack method: Unknown
Description of the event: The Unizen defi platform lost around $2.1 million in the Tether stablecoin in an attack that took advantage of a vulnerability an external call from the project smart contract. On March 12th, Unizen's CTO Martin Granström tweeted that they had recovered $185,000 worth of stolen funds from four hackers.
Amount of loss: $ 2,100,000 Attack method: Contract Vulnerability
Description of the event: The Twitter account of the security company @sherlockdefi was hacked, with the attackers using the account to post a tweet containing phishing links.
Amount of loss: - Attack method: Twitter was hacked
Description of the event: Capital Killer, an anti-capitalist hacker group, revealed on twitter that they have attacked the Grayscale official website, claiming it as a gift to the AVAV community in support of fairness and anti-capitalism. Currently, the Grayscale official website is inaccessible, but the page for Grayscale's Bitcoin ETF GBTC remains accessible.
Amount of loss: - Attack method: Unknown
Description of the event: Aleo, a blockchain project that advertises it's a place for "fully private applications" with "built-in privacy" has just emailed private identification documents — including selfies and photographs of government identification cards — to the wrong users. Aleo acknowledged their screw-up on social media, claiming that only ten individuals were impacted, and that it had happened thanks to a "copy/paste error in email metadata".
Amount of loss: - Attack method: Information Leakage