351 hack event(s)
Description of the event: On March 18, the Simple Staking pools of Voltage Finance, a DeFi platform built on the Fuse Network, suffered an unauthorized withdrawal, resulting in a total loss of $171,027.20 in USDCE and $151,085.87 in WETH.
Amount of loss: $ 320,000 Attack method: Contract Vulnerability
Description of the event: Kaito official representative Sandra (@sandraaleow) posted on X that Kaito AI founder Yu Hu and Kaito's X account have been compromised. However, no KAITO wallets have been affected.
Amount of loss: - Attack method: Account Compromise
Description of the event: Berally, a platform for social trading using AI agents within the Berachain ecosystem, is suspected to have been hacked. The official statement reads: “Partial information of the deployer's key was leaked, leading to the sell-off of all vesting tokens and withdrawal of funds from the liquidity pool. The dApp contract remains secure and unaffected by the hack, but please temporarily revoke access to the dApp and Staking. An investigation is underway, and an update will be provided as soon as possible.”
Amount of loss: $ 86,725 Attack method: Private Key Leakage
Description of the event: Jupiter co-founder Meow's X account was reportedly hacked and posted token CA-related content, which has now been deleted. Users are advised to stay vigilant.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to Pond.fun's official disclosure, the Linea-based meme coin launchpad Pond.fun was hacked this morning. Initial on-chain and off-chain evidence suggests that Pond.fun’s lead software engineer was behind the attack. The attacker drained liquidity from the Pond.fun smart contract and sold off the project tokens.
Amount of loss: $ 145,000 Attack method: Insider Manipulation
Description of the event: Zoth, a restaking platform for "real world assets" (or RWAs), was hacked for around $ 285,000 when an exploiter discovered a bug in the platform's collateral calculations.
Amount of loss: $ 285,000 Attack method: Contract Vulnerability
Description of the event: Pumpfun's X account has been hacked, and the attacker is using it to promote fake tokens.
Amount of loss: - Attack method: Account Compromise
Description of the event: Suji Yan, the founder of the Mask Network, suffered the loss of more than $4 million in various cryptocurrency assets to an apparent wallet hack.
Amount of loss: $ 4,000,000 Attack method: Unknown
Description of the event: The crypto-focused stablecoin neobank Infini was attacked, with the attacker gaining access to a wallet with admin rights and stealing nearly $50 million from the company.
Amount of loss: $ 50,000,000 Attack method: Lack of Strict Access Control
Description of the event: On February 18, 2025, Abstract discovered a security incident involving the Cardex app within The Portal, affecting approximately 9,000 wallets with a total loss of around $400,000 in ETH. A leaked key in Cardex's frontend code led to the compromise of the session signer wallet. Since this wallet was shared across all sessions, all users who had created sessions on Cardex were impacted.
Amount of loss: $ 400,000 Attack method: Private Key Leakage
Description of the event: According to community reports, the X account of ai16z founder Shaw has allegedly been compromised by hackers. Users are advised to exercise caution and avoid interacting with suspicious links.
Amount of loss: - Attack method: Account Compromise
Description of the event: Argentine President Javier Milei promoted a cryptocurrency called $LIBRA on social media. Following his endorsement, the token's price surged rapidly but later suffered a severe crash.
Amount of loss: $ 250,000,000 Attack method: Rug Pull
Description of the event: The leading lending platform on the Starknet chain, zkLend, has suffered an attack. The core reason for this breach lies in the fact that the value of the accumulator in an empty market can be manipulated and amplified using a unique mechanism in flash loans. Additionally, the market contract's use of the SafeMath library performs division using direct division, allowing the attacker to exploit the amplified accumulator to trigger a rounding-down vulnerability for profit.
Amount of loss: $ 9,600,000 Attack method: Contract Vulnerability
Description of the event: The X account of Tanzanian businessman and entrepreneur Mohammed Dewji MO (@moodewji) was compromised. The hacker falsely announced the launch of a TANZANIA token and sold it to investors.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to a post by SlowMist founder Cos on X, the X account of former Malaysian Prime Minister Dr Mahathir Mohamad (@chedetofficial) was compromised and used to promote a fake token. The creator of the associated contract address (CA) has ties to a previously known malicious group.
Amount of loss: - Attack method: Account Compromise
Description of the event: On February 4, 2025, the Ionic protocol suffered a social engineering attack, allowing the attacker to use a forged Lombard Bitcoin Token (LBTC) as collateral. This asset was deployed on the Mode network. The attacker deployed the forged LBTC on January 9, 2025, while Ionic records indicate that the attacker began interacting with the platform as early as December 12, 2024. After several weeks of business development (BD) discussions, the Ionic team approved the fraudulent asset as eligible collateral and provided a Balancer pool with $400,000 in liquidity, along with API3 oracle price feeds. Ultimately, the Ionic Mode main market accepted the forged LBTC as collateral, with a total supply of 250 LBTC. The attacker minted 250 LBTC in their own wallet and deposited them into Ionic as collateral, stealing $12.3 million worth of supplied assets.
Amount of loss: $ 12,300,000 Attack method: Social Engineering
Description of the event: The official TIME Magazine X account was allegedly compromised and posted about the TIME token.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Tor Project X account has been compromised. The hacker is using the account to promote a fake token. Users should stay vigilant.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to DL News, Dean Norris, the actor who played Hank Schrader in Breaking Bad, became the target of a hack on the X platform for the second time in six months. The attack started with a tweet from Norris' account announcing his decision to launch his own cryptocurrency called Dean, along with the contract address. The attackers even shared a manipulated photo of Norris holding a notebook with the token's symbol and date hastily written on it. Within hours, the meme coin's market value surged to $7 million, but after Norris confirmed the scam, its value plummeted by 90%.
Amount of loss: - Attack method: Account Compromise
Description of the event: The X account of former Brazilian President Jair Messias Bolsonaro was hacked and used to promote the token. The original post has since been deleted.
Amount of loss: - Attack method: Account Compromise