170 hack event(s)
Description of the event: On April 3, MEV bots suffered a malicious sandwich attack that cost them around $25 million. Data on the chain shows that the malicious verifier who attacked the MEV bots today has been punished by Slash and kicked out of the verifier queue. According to SlowMist analysis, the reason why the MEV bots was attacked was that even if the beacon block was incorrect, the relay still returned the payload to the proposer, which resulted in the proposer being able to access the content of the block before another block was finalized. The attacker takes advantage of this problem to maliciously construct an invalid block, so that the block cannot be verified, and the relay cannot broadcast (the status code is 202) to obtain the transaction content in advance. mev-boost-relay has urgently released a new version to alleviate this problem, and it is recommended that relay operators upgrade the relay in time.
Amount of loss: $ 25,000,000 Attack method: Malicious Sandwich Attack
Description of the event: The address of Patricio Worthalter, founder of POAP, was attacked by phishing. The attacker transferred 85,898 RPL (approximately $3.83 million) from Worthalter’s address to DEX, and sold all RPL at a price of 1,802 ETH (approximately $3.25 million). price drop.
Amount of loss: $ 3,830,000 Attack method: Phishing Attack
Description of the event: One of the Devs in the Arbitrum Discord got hacked, Notice the spelling mistake in Arbtirum in the link
Amount of loss: - Attack method: Unknown
Description of the event: Circle tweeted that the Circle Chief Strategy Officer's Twitter account (@ddisparte) has been taken over by a scammer. Any link to an offer is a scam. We are investigating this situation and taking appropriate action. Earlier, Circle’s Chief Strategy Officer tweeted that a loyalty rewards distribution program would be launched for USDC holders. However, the tweet has now been deleted.
Amount of loss: - Attack method: Twitter Account was Hacked
Description of the event: According to the official Twitter, the General Bytes encrypted currency ATM service was attacked on March 17 and 18. The attacker used the upload interface in the system to upload and run a malicious Java program, and then the attacker obtained the permissions of the database in the server and Hot wallet withdrawal API Key. According to SlowMist MistTrack, the loss was about $1.8 million.
Amount of loss: $ 1,800,000 Attack method: Malware
Description of the event: According to the BBC, a scam called iEarn Bot has affected thousands of victims in several countries. In the scam, victims were persuaded to sign up for an "AI intelligent quantitative trading robot" called iEarn Bot, which appeared to successfully trade cryptocurrencies on their behalf. However, after some time, the victims realize that they are unable to withdraw their due earnings nor withdraw the funds they invested. iEarn Bot claims to be an American company, despite its website being riddled with misinformation. The man identified as the company's founder told the BBC he had nothing to do with the scheme, with companies and institutions listed as "strategic partners" saying they had no such partnerships. The BBC uncovered a cryptocurrency wallet that received payments from around 13,000 other people totaling close to $1.3 million.
Amount of loss: $ 1,300,000 Attack method: Scam
Description of the event: The SUCKR project on the Aptos chain is suspected of being a rug pull. The hacker called the mint_SUCKR (admin privilege function) function to mint a large number of SUCKR tokens and exchange them for USDT. The price of SUCKR tokens plummeted by 9% 249h.
Amount of loss: - Attack method: Rug Pull
Description of the event: Tender.fi is suspected of being attacked by white hat hackers and lost $1.59 million. Hackers used Tender.fi’s misconfigured oracles to borrow $1.59 million worth of crypto assets with just $70 worth of GMX tokens as collateral. On March 8, on-chain data showed that the hackers who attacked the Arbitrum ecological lending protocol Tender.fi had returned their funds, and the Tender.fi team agreed to pay the hackers 62 ETH ($96,500) as a bounty.
Amount of loss: $ 1,590,000 Attack method: Misconfiguration of the oracle
Description of the event: Arbitrum ecological DEX ArbiSwap is suspected of Rug Pull. ArbiSwap deployers minted 1 trillion ARBI before Rug Pull, and then converted ARBI into USDC, which caused a sharp drop in ARBI in the USDC/ARBI transaction pair. In the next block, the robot passed USDC to ARBI then traded ETH for spatial arbitrage, making a profit of 68.47 ETH. ArbiSwap has transferred 84 ETH to the Ethereum mainnet and sent it to TornadoCash.
Amount of loss: 84 ETH Attack method: Rug Pull
Description of the event: @HideYoApes previously owned several expensive NFTs from Yuga Labs, including a Bored Ape, Mutant Ape, three Bored Ape Kennel Club NFTs, a SewerPass, and two Otherdeeds. The attacker sold all the NFTs for a profit of 127.3 wETH (~$208,000). HideYoApes explained on Twitter that he had downloaded and installed the MetaMask wallet extension from MetaMask’s official website.
Amount of loss: $ 208,000 Attack method: Phishing Attack
Description of the event: Hackers exploited a vulnerability in the Dexible smart contract code to withdraw funds from crypto wallets using funds approved for spending. The team added that "a small number of whales" lost 85% of the funds stolen in the attack. Data on the chain shows that Block Tower Capital, a digital asset investment company, was one of the victims. The address labeled Block Tower Capital had $1.5 million worth of TRU tokens stolen in this incident. The attackers transferred TRU tokens to SushiSwap for ether (ETH) and then to TornadoCash.
Amount of loss: $ 1,500,000 Attack method: Affected by Dexible events
Description of the event: The email account of domain name registrar Namecheap has been hacked and hackers are using the account to send phishing emails. According to a report by BleepingComputer, the phishing campaign originated from SendGrid, an email platform used by Namecheap to send marketing emails and renewal notifications. The phishing emails pretended to be from logistics provider DHL and cryptocurrency wallet MetaMask. The email posing as MetaMask stated that the recipient's account had been suspended and would need to complete a KYC verification process before it could be reactivated. The email also contained a Namecheap marketing link that redirected users to a fake MetaMask page that asked users to enter their seed phrase or private key, seeking to steal the recipient's personal information and cryptocurrency wallet assets. The official MetaMask response stated that MetaMask will not collect KYC information, nor will it send emails to users about their accounts.
Amount of loss: - Attack method: Phishing Attack
Description of the event: The DeFi aggregation platform dForce was attacked in Arbitrum and Optimism, and the attackers made a profit of about 3.65 million US dollars. According to the analysis of SlowMist, the root cause of this attack is that the attacker used the process of first transferring Native tokens and then burning LP when removing liquidity in wstETH/ETH Pool, triggering the callback of receiving Native tokens to re-enter to manipulate the virtual price and Liquidate other users for profit. On February 13, dForce tweeted that the attackers had returned all stolen funds to the project multi-signature addresses on Arbitrum and Optimism, and all affected users would be compensated.
Amount of loss: $ 3,650,000 Attack method: Price Manipulation
Description of the event: Umami Finance, a DeFi protocol on Arbitrum, offers yield products to institutional clients. On January 31, they announced they were suspending yields, saying they were concerned about regulatory tactics. Soon after, the project CEO started dumping tokens on the market, cashing out 44,000 UMAMI tokens. These were ostensibly priced at $800,000, and although the sell-off sent UMAMI prices crashing by more than 60%, the CEO still netted around $380,000 in USDC.
Amount of loss: $ 380,000 Attack method: Rug Pull
Description of the event: SperaxUSD, the Arbitrum ecological stablecoin protocol, tweeted that an attacker increased the token balance of his address to 9.7 billion without providing the corresponding collateral, and before the Sperax team and Arbitrum ecosystem partners jointly stopped, Approximately $300,000 was liquidated.
Amount of loss: $ 300,000 Attack method: Contract Vulnerability
Description of the event: Kevin Rose, the founder of the NFT project Moonbirds, tweeted that his personal wallet was hacked and 25 Chromie Squiggles and other NFTs were lost, with an estimated loss of more than $1 million. Arran Schlosberg, vice president of engineering at Proof Collective, said their NFTs are safe after Kevin Rose was hacked and lost $1 million. Schlosberg said the phishing attack tricked Rose into signing a malicious signature, and the hackers then transferred his valuable NFT.
Amount of loss: $ 1,000,000 Attack method: Phishing Attack
Description of the event: The Robinhood Twitter account was hacked and used to promote a fraudulent crypto project. The hackers announced the launch of a new token called $RBH, which they say will be priced at $0.0005 on Binance Smart Chain. About 25 people purchased the fraudulent tokens for a total of just under $8,000 before the link was removed. Robinhood said in a blog post that the unauthorized content posted on Robinhood Twitter, Instagram and Facebook was removed within minutes, and the team believes the source of the incident was a third-party vendor.
Amount of loss: $ 8,000 Attack method: Twitter was hacked
Description of the event: Dogechain ecological multi-purpose GameFi and DeFi agreement Doglands may have exit scams. The contract addresses on the project chain are 0x106E6a2D5433247441c1Cdf4E3e24a0696a46d0, 0x12b17 and 0x0e815, which drain all the reserves in the LP tokens, with a value of about $204000. The funds have now been transferred to Ethereum through the cross-chain bridge and transferred to multiple addresses. Doglands has deleted the official Twitter and website.
Amount of loss: $ 204,000 Attack method: Rug Pull
Description of the event: Encrypted KOL NFT God tweeted that due to hackers hacking into its Twitter, Substack, Gmail, Discord and wallets, it lost all its encrypted assets and NFTs, and the hackers also posted fraudulent links through the stolen accounts. The reason for being hacked was that the Ledger was set as a hot wallet instead of a cold wallet on the new device, and the mnemonic was imported and used in the wallet on the networked computer. Then yesterday, after downloading the video streaming software OBS for the game live broadcast, I clicked on Google. The sponsored links of the website downloaded malware that gave hackers access to their funds. Yu Xian, the founder of SlowMist, said that the core reason is that the computer runs a game program with a Trojan horse, and then the mnemonic of encrypted assets is connected to the Internet on this computer, so it may be stolen by hackers.
Amount of loss: - Attack method: Malicious software
Description of the event: A vulnerability known as CVE-2022-3656 affects more than 2.5 billion users of Google Chrome and Chromium-engine-based browsers. This vulnerability allows the theft of sensitive files such as encrypted wallets and cloud provider files. The vulnerability was discovered by examining how the browser interacts with the file system. Specifically, the browser did not properly check whether a symlink pointed to an inaccessible location, allowing sensitive files to be stolen. This problem is often referred to as symbolic link following. Attackers may use encrypted phishing sites to strategically gain access to users' sensitive files.
Amount of loss: - Attack method: Browser Vulnerability