352 hack event(s)
Description of the event: The Cardano Community posted on X, stating that the Cardano Foundation's X account has been compromised. They are currently addressing the issue and advised users to temporarily ignore all posts from the account.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Omnichain meta-yield aggregator MAAT tweeted that a security breach in the MAAT alpha version, resulting in unauthorized withdrawals of $240,000 USDT.
Amount of loss: $ 240,000 Attack method: Security Vulnerability
Description of the event: On-chain investigator ZachXBT stated on his personal Telegram channel that the wallet associated with crypto KOL JRNY appears to have been compromised, with approximately $4 million worth of crypto assets transferred and sold. This suggests that the wallet's private key may have been leaked.
Amount of loss: $ 4,000,000 Attack method: Private Key Leakage
Description of the event: Binance co-founder CZ confirmed on X that the official X account of his educational project, Giggle Academy, has been hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: The funds of multiple users of the on-chain trading terminal DEXX have been stolen. According to statistics from the SlowMist Security Team, the total losses from this incident have reached $21 million.
Amount of loss: $ 21,000,000 Attack method: Private Key Leakage
Description of the event: The Aptos-based DeFi project Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m. Thala has since paused all related contracts and frozen Thala token assets ($9m MOD and $2.5m THL). With the assistance of other organizations, the team identified the exploiter and negotiated a $300k bounty for a full recovery of user assets.
Amount of loss: $ 25,500,000 Attack method: Contract Vulnerability
Description of the event: GMGN stated in the community, "The GMGN website has suffered a malicious attack, suspected to involve multiple methods, including common crawler attacks and flood attacks. The development team is currently working on emergency repairs, and the token details page, holdings collection feature, and transaction activity records have been restored."
Amount of loss: - Attack method: Unknown
Description of the event: According to on-chain detective ZachXBT, the cryptocurrency gambling platform MetaWin was reportedly attacked, resulting in the theft of over $4 million on the Ethereum and Solana blockchains.
Amount of loss: $ 4,400,000 Attack method: Unknown
Description of the event: According to on-chain investigator ZachXBT, American rapper Wiz Khalifa's X account was hacked, posting fake announcements about a WIZ token. The hacker responsible is reportedly the same person who compromised Andy Ayrey's (Truth Terminal founder) X account a few days earlier. Please exercise caution and stay aware of potential risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by Scam Sniffer, Lottie Player suffered a supply chain attack, impacting projects such as 1inch and Movement.
Amount of loss: - Attack method: Supply Chain Attack
Description of the event: On Oct 31st, Collaterizable Leverage Lending Platform Shoebill Finance experienced a security incident affecting the BTC Market on the BOB chain. The incident stemmed from an unexpected interaction within the oracle configuration during the integration of solvBTC and solvBTC.BBN assets. This interaction inadvertently created an exploitable condition that was leveraged by the attacker through a multi-stage exploit.
Amount of loss: $ 1,520,000 Attack method: Oracle Misconfiguration
Description of the event: Andy Ayrey, founder of the AI bot project Truth Terminal, announced the launch of a new token IB on X. It is suspected that his account may have been hacked.
Amount of loss: - Attack method: Account Compromise
Description of the event: Scroll ecosystem stablecoin project Essence Finance is suspected of rugpulled, its stablecoin CHI has fallen by more than 92% to $0.077 in the past 24h, more than $20 million of collateral is suspected to have been removed.
Amount of loss: $ 20,000,000 Attack method: Rug Pull
Description of the event: According to a MistTrack tweet, a suspicious outflow was detected from a wallet controlled by the U.S. government (0xc9E...34c): nearly $20 million was transferred to 0x3486ee700ccaf3e2f9c5ec9730a2e916a4740a9f, including: 5.4M USDC, 1.12M USDT, 13.7M aUSDC and 178 ETH. Most tokens were swapped into ETH. Approximately 19.3M worth of tokens were later returned to the U.S. government address.
Amount of loss: $ 20,000,000 Attack method: Unknown
Description of the event: The X account of MuratiAI (@MuratiAI), an AI network and bot platform centered around anime, is suspected to have been hacked, with phishing links being posted. Until further notice, please refrain from clicking any links or responding to any messages.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to on-chain investigator ZachXBT, the crypto payment service provider Transak recently fell victim to a ransomware attack. Transak reported that the incident occurred when an attacker accessed an employee's laptop without authorization through a sophisticated phishing attack. The attacker used the stolen credentials to log into the system of a third-party KYC vendor used for document scanning and verification services. As a result, the attacker gained access to specific user information stored in the vendor’s dashboard.
Amount of loss: - Attack method: Malware Attack
Description of the event: DeFi analyst Anon Vee posted on X that several users have reported that the Orderly Network ecosystem project IBXtrade is suspected of a rug pull. It is reported that IBXtrade launched a pre-sale three days ago with a target to raise 2,000 SOL (approximately $3.2 million) and refund any unselected participants. The pre-sale ended up raising over 160,000 SOL (about $24 million), with participants originally expecting the project to return $21.8 million. However, instead of issuing refunds, the IBXtrade team created a poll on a website entirely under their control, asking whether the pre-sale cap should be raised. The poll eventually passed, and IBXtrade claimed to have refunded 65,000 SOL ($9.7 million) to participants. In reality, the team simply transferred these SOL to multiple addresses they created, and users reported not receiving any refunds.
Amount of loss: $ 21,800,000 Attack method: Rug Pull
Description of the event: According to AggrNews, the Instagram account of Kabosumama, the owner of the Shiba Inu Kabosu, the inspiration behind the popular DOG project "Doge" meme, has been hacked. Kabosumama previously posted on her blog, stating that she was unable to log in. Additionally, BWEnews reported that the hacker is particularly cunning, having posted a fake update about a new family member. The hacker launched a memecoin ahead of time, luring victims into investing, only to pull out and run with the funds shortly after.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of Bitcoin L2 Zulu Network appears to have been compromised. The hacker has posted a fake phishing link. Please avoid interacting with it.
Amount of loss: - Attack method: Account Compromise
Description of the event: The X account of the crypto data tracking service Spot On Chain has reportedly been compromised. It was said to have posted a fake EIGEN airdrop phishing link this morning, while also disabling the comment section for the tweet. Users are advised to be cautious and avoid interacting with the link.
Amount of loss: - Attack method: Account Compromise