363 hack event(s)
Description of the event: The official Witness Chain Discord has been hacked. Please do not click on any links until the situation is resolved.
Amount of loss: - Attack method: Account Compromise
Description of the event: French football star Kylian Mbappe's X account was hacked, and a token called MBAPPE was posted. The tweet has since been deleted. The MBAPPE token's market value skyrocketed to tens of millions of dollars within minutes, only to quickly plummet to zero.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to an official tweet from Web3 liquidity provider Orderly Network, their Discord server has been compromised. The official team advises users not to click on any links until the situation is fully resolved to avoid potential losses.
Amount of loss: - Attack method: Account Compromise
Description of the event: The official X account of the crypto venture capital firm Aquarius was hacked. The attacker has already changed the username, associated email, and phone number. Additionally, the previous username has been taken over by another spam account controlled by the attacker.
Amount of loss: - Attack method: Account Compromise
Description of the event: On-chain sleuth ZachXBT revealed that McDonald's Instagram account was allegedly hacked and used to promote the meme token GRIMACE.
Amount of loss: - Attack method: Account Compromise
Description of the event: The X account of AvaLabs COO Luigi D'Onorio DeMeo appears to have been compromised. Please do NOT interact with any addresses or links it has posted.
Amount of loss: - Attack method: Account Compromise
Description of the event: OMPx was attacked, resulting in a loss of approximately $107,000. The attacker obtained initial funds through Railgun, and the stolen funds have already been deposited into Railgun.
Amount of loss: $ 107,000 Attack method: Unknown
Description of the event: Anzen Finance, the issuer of RWA stablecoins, announced on the X platform that on July 30, due to an error in the Blast vault contract, a white hat hacker exploited the vault to steal 500,000 USDz. The white hat returned $450,000 in a timely manner and received a $50,000 bounty as a reward.
Amount of loss: $ 500,000 Attack method: Contract Vulnerability
Description of the event: On July 26th, the official Twitter account of SAT20 Labs was hacked, and the attacker posted tweets containing links to install malware.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to the SlowMist security team, the community TinTinLand's pinned tweet on July 20 contained a phishing link. With the assistance of the SlowMist security team, TinTinLand promptly resolved the account theft issue and conducted an authorization review and security reinforcement of their Twitter account.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to the monitoring by the SlowMist security team, the cross-chain bridge aggregation protocol LI.FI has experienced suspicious transactions, resulting in user losses of over $10 million. Please revoke approvals to the related contracts.
Amount of loss: $ 11,600,000 Attack method: Contract Vulnerability
Description of the event: Web3 domain provider Unstoppable Domains stated on Twitter that Unstoppabledomains.com was attacked. Until further notice, please do not open any emails from @unstoppabledomains.com or use the website.
Amount of loss: - Attack method: Unknown
Description of the event: On July 8, rapper Doja Cat's Twitter account was hacked to promote a memecoin. Doja Cat quickly posted on her Instagram account, stating that her Twitter account had been compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: 23pds, the CISO at SlowMist, tweeted that the 2FA service Authy has been hacked, resulting in the theft of the phone numbers of 33 million users. If you are an Authy user, please be vigilant against phishing attacks. The official developer, Twilio, has confirmed the vulnerability. Many professionals in the crypto industry use this 2FA software, so please ensure the security of your assets.
Amount of loss: - Attack method: Information Leakage
Description of the event: On July 1, according to Protos, the crypto-friendly bank Evolve Bank & Trust recently admitted that despite discovering "unauthorized activity"—specifically, the theft of 33 TB of user data—a month ago, they only publicly disclosed the incident last week. Reportedly, the stolen data pertains to 155,586 accounts associated with companies like Bitfinex, Nomad, and Copper. The bank stated that the data breach was due to an employee clicking on a malicious link and that the attack was halted within a few days, with no further unauthorized activity detected.
Amount of loss: - Attack method: Information Leakage
Description of the event: According to Decrypt, the social media account of the renowned heavy metal band Metallica were recently hacked. The hackers used these accounts to promote scam cryptocurrency tokens. Several celebrities were also implicated, becoming tools for the scam's promotion. The hackers posted false information to entice fans and investors into purchasing worthless tokens.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to monitoring by on-chain detective ZachXBT, the online gambling platform Sportsbet was also suspected to be attacked by the same hacker as BtcTurk, resulting in a loss of over $3.5 million.
Amount of loss: $ 3,500,000 Attack method: Unknown
Description of the event: Arthur (@Arthur_0x), the founder of DeFiance Capital, posted on X to warn that the official X account of DeFiance Capital has been compromised. Please avoid clicking on any links shared by the account.
Amount of loss: - Attack method: Account Compromise
Description of the event: Cryptocurrency portfolio management company CoinStats temporarily suspended user activities after 1,590 crypto wallets were affected by a security incident. CoinStats stated, "The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident. None of the connected wallets and CEXes were impacted. Thanks to the immediate incident reponse from the CoinStats team, only 1.3% of all CoinStats Wallets were affected, totaling 1,590 wallets. The list might change as the investigation is ongoing but we don’t expect significant changes." On June 26, Narek Gevorgyan released a security incident update, stating that the security vulnerability was due to the company's AWS infrastructure being hacked. Evidence indicates that it was done through one of employees who was socially engineered into downloading malicious software onto his work computer.
Amount of loss: $ 2,000,000 Attack method: Malware Attack
Description of the event: The rapper 50 Cent has claimed that his Twitter account and website were hacked to promote a memecoin called GUNIT.
Amount of loss: - Attack method: Account Compromise