98 hack event(s)
Description of the event: Terra research forum member FatMan tweeted that the Mirror Protocol, a synthetic asset protocol developed by Terraform Labs, has a longstanding vulnerability. Since October 2021, attackers have exploited this vulnerability for multiple attacks within a period of 7 months, and the highest single profit exceeded $4 million ($4.3 million using $10,000), none of which was recovered by Terraform Labs Or the Mirror team found out. By the time the bug was fixed, the attacker's total profit from exploiting the bug could have exceeded $30 million. FatMan said the bug was discovered and questioned by Mirror forum members 11 days ago and has since been fixed, but the Mirror team has not made any statement on the matter.
Amount of loss: $ 30,000,000 Attack method: Contract vulnerabilities
Description of the event: According to Pinpoint News, Klaytn-based DeFi project Kronos DAO misappropriated users’ DAI pledged in its vaults to invest in Kairos Cash and lost 6 million DAI. The 6 million DAI staked by users turned into 6 million Kairos Cash in the Kronos Dao Vault, which Kronos Dao explained was “used as a strategic investment.” Investors, however, questioned that the explanation was insufficient and that no advance notice was given. At present, Kronos Dao has closed Kakao Talk and Telegram communication channels, leaving only Discord as a communication channel.
Amount of loss: 6,000,000 DAI Attack method: Misappropriation of funds
Description of the event: The American actor SethGreen suffered from a phishing attack resulting in the loss of 4 NFTs. This includes 1 BAYC, 2 MAYC and 1 Doodle. The scammer sold all 4 NFTs for nearly 160 ETH (about $330,000).
Amount of loss: 160 ETH Attack method: Phishing attack
Description of the event: Crypto-data sites Etherscan, CoinGecko, and others have reported incidents of malicious pop-ups prompting users to connect their MetaMask wallets. The phishing attack appears to come from a domain displaying the Bored Ape Yacht Club logo. Currently, the website associated with this domain appears to have been removed.
Amount of loss: - Attack method: Malicious pop-ups
Description of the event: According to the official release, the MM.finance website was hit by a DNS attack, and the attacker managed to inject malicious contract addresses into the front-end code. The attacker exploited the DNS vulnerability to modify the router contract address in the escrow file, and digital assets worth more than $2,000,000 were stolen, bridged to the Ethereum network through multi-chain, and then laundered through Tornado Cash.
Amount of loss: $ 2,000,000 Attack method: DNS Hijacking Attack
Description of the event: The SlowMist security team found that funds from about 52 addresses were maliciously transferred to terra1fz57nt6t3nnxel6q77wsmxxdesn7rgy0h27x30 from April 12 to April 21, with a total loss of about $4.31 million. The SlowMist security team stated that this attack was a phishing attack on batches of Google keyword advertisements. When a user searches for the well-known Terra project on Google, the first advertisement link (the domain name may be the same) on the Google search result page is actually a phishing website. When a user visits this phishing website and connects to the wallet, the phishing website will remind you to directly enter the mnemonic phrase. Once the user enters and clicks submit, the assets will be stolen by the attacker.
Amount of loss: $ 4,310,000 Attack method: Scam
Description of the event: The Education Grants Council (UGC) of India was hacked, the hackers used the Twitter account to post a fake Azuki NFT airdrop link and changed the profile to the Azuki NFT co-creator, replacing the avatar with an Azuki-related image. The agency recovered the account after it was held hostage for six hours.
Amount of loss: - Attack method: Twitter account hacked
Description of the event: Agora was attacked and lost over $4 million.
Amount of loss: $ 4,000,000 Attack method: Contract vulnerabilities
Description of the event: In response to the hacking of multiple NFT project Discord accounts, the Discord robot Ticket Tool tweeted that a recent update to the add command had a vulnerability that allowed some type of privilege attack. Has rolled back to a previously uncompromised secure version and will investigate in detail how this happened. Furthermore, the robot itself was not compromised.
Amount of loss: - Attack method: add command to update vulnerabilities
Description of the event: Ola Finance on the Fuse chain published a blog post on the hacking incident, stating that the attack lost approximately $4.67 million, including 216,964.18 USDC, 507,216.68 BUSD, 200,000 fUSD, 550.45 WETH, 26.25 WBTC, and 1,240,000.00 FUSE. The attack uses a reentrancy vulnerability in the ERC677 token standard.
Amount of loss: $ 4,670,000 Attack method: Reentry attack
Description of the event: Twitter user cr0ss.eth said Defiance Capital founder Arthur's hot wallet was suspected to have been stolen. OpenSea data shows that in Arthur's wallet address 0x4C53c32980ccE49aaA4bCc53Eef3f143Bc27E0aF, 60 NFTs including 17 azuki and 5 cloneX were transferred on the chain, totaling about 310 ETH.
Amount of loss: 310 ETH Attack method: Stolen hot wallet
Description of the event: Crypto lender BlockFi has confirmed a data breach at Hubspot, one of its third-party vendors, Cointelegragh reported. Hubspot stores BlockFi's user data, including names, email addresses, and phone numbers. According to the announcement, hackers stole BlockFi’s customer data on March 18. Hubspot has confirmed that an unauthorized third party obtained certain BlockFi customer data deposited on its platform. BlockFi is currently cooperating with Hubspot's investigation to clarify the overall impact of the data breach. While the exact details of the stolen data have yet to be identified and disclosed, BlockFi emphasized that data such as passwords, government-issued IDs, and Social Security numbers were never stored on Hubspot.
Amount of loss: - Attack method: Data leak
Description of the event: Hundred Finance, the Compound fork project on the Gnosis chain, tweeted that it suffered a hacker attack and lost more than $6 million.
Amount of loss: $ 6,000,000 Attack method: Flash loan attack
Description of the event: The Agave contract on Gnosis Chain was attacked due to an untrusted external call. The attacker calls the liquidateCall function to liquidate himself without any debt. During the liquidation process, the liquidation contract called the attacker contract. During the process, the attack contract deposited 2728 WETH obtained through the flash loan and minted 2728 aWETH. And use this as collateral to lend out all available assets in the Agave project. After the external call ends, the liquidateCall function directly liquidates the 2728 aWETH previously deposited by the attacker and transfers it to the liquidator.
Amount of loss: $ 5,400,000 Attack method: Flash loan attack
Description of the event: ActiveCampaign (AC), an external email marketing provider used by Unchained, was hacked last week, according to Joe Kelly, CEO of Bitcoin financial services firm Unchained Capital. Information shared with AC, including customer email addresses, usernames, account status, whether customers have active multi-signature vaults or loans using Unchained Capital, and possibly IP addresses may have flowed out without authorization. Kelly said no systems on Unchained were affected, meaning customer profile information that was never shared with AC was not leaked. Kelly added that while customer Bitcoin custody is protected by multi-signature cold storage, customers should still be aware of what's going on and be wary of phishing attacks.
Amount of loss: - Attack method: Phishing attack
Description of the event: IRA Financial Trust, which offers self-directed retirement accounts in South Dakota, tweeted that it found “suspicious activity affecting our limited customer base with accounts on the Gemini cryptocurrency exchange. Upon discovery, we immediately launched an investigation and contacted state and federal law enforcement. Department.” That same day, unidentified hackers withdrew $21 million in bitcoin and $15 million in ether from IRA Financial Trust’s accounts.
Amount of loss: $ 36,000,000 Attack method: Unknown
Amount of loss: $ 1,830,000 Attack method: Front-end malicious attack
Description of the event: The digital asset service provider StoboxCompany was attacked by hackers, and its official statement that the private key had been leaked, affected by this, the token fell by 96.93%. StoboxCompany officially stated that the address of the deployer of Stobox tokens was hacked. Since the address of the deployer of ETH and BSC is the same, all reserve funds have been stolen or liquidated. Remind users to stop buying/selling, and the official will restore the STBU snapshot to the last transaction before the hacker attack.
Amount of loss: - Attack method: Private key leak
Description of the event: An attack occurred at Tinyman Pools on January 1 /2, algorand-based automated market maker (AMM) Tinyman tweeted. The attack exploits a previously unknown hole in the contract and allows the attacker to extract assets from a pool to which he has no access. So far, attacks have been executed on multiple pools, but not all of them have been attacked.
Amount of loss: $ 2,000,000 Attack method: Contract vulnerabilities
Description of the event: The data on CoinMarketCap's website flashed bugs, and the quotes of multiple cryptocurrencies were wrong.
Amount of loss: - Attack method: Data error