24 hack event(s)
Description of the event: Bitcoin hardware wallet provider Ledger reminded users that a series of new scams that used fake Ledger hardware wallets to defraud user assets have recently occurred. Some users whose information was leaked a year ago received packages requiring users to replace their hardware wallets. Including a fake official letter and a tampered Ledger hardware wallet. Ledger stated that the letter stated in the letter that "you need to replace the existing hardware wallet to protect your funds" is a scam, and the bonus Ledger Nano is also fake. If the user enters the seed word according to the instructions in the letter, the user's encrypted assets will be stolen .
Amount of loss: - Attack method: Fake Ledger hardware wallet
Description of the event: DeFi insurance agreement Nexus Mutual stated on Twitter that the personal address of its founder Hugh Karp was attacked by a platform user, stolen 370,000 NXM and lost more than 8 million US dollars. The official said that this is a targeted attack, only the official name, Karp used a hardware wallet, the attacker obtained remote access to his computer, and modified the wallet plug-in MetaMask, deceived him to sign the transaction, the attacker Completed KYC 11 days ago, and then changed to a new address on December 3. , To transfer funds to the attacker’s own address.
Amount of loss: 370,000 NXM Attack method: Modify wallet plugin
Description of the event: On November 9th, a user named "aaron67" posted about his BSV theft experience, saying that please stop using the multisig accumulator multi-signature solution implemented by ElectrumSV immediately. The locking script of this scheme had serious bugs, so that 600 BSV was stolen on November 6th. After the incident, the user had contacted Roger Taylor, the author of ElectrumSV, for the first time, and the serious bug was subsequently confirmed. At the same time, the Note.SV developers stated that they had done an analysis for the first time to find the source of the bug, and notified the wallet author and community users.
Amount of loss: 600 BSV Attack method: Lock script bug
Description of the event: Phishing and scams targeting Ledger wallet owners are increasing, and one of the scam websites obtained more than 1,150,000 XRP from victims. This scam uses phishing emails to direct users to a fake Ledger website. On this fake website, the victim was tricked into downloading malware that pretended to be a security update, resulting in the theft of all Ledger wallet balances. According to the fraud identification website xrplorer operated by the community, the XRP obtained from the scam was sent to Bittrex through 5 deposits, but the exchange “cannot freeze XRP in time”.
Amount of loss: 1,150,000 XRP Attack method: Phishing attack
Description of the event: An investigation by ZDNet revealed that hackers stole $22 million from users of Bitcoin wallet Electrum by enticing users to install fake software updates. And this technique was highest in 2018. Since this attack was first discovered two years ago, the Electrum team has taken some measures to prevent this attack. But this attack still applies to users who use older versions of the application.
Amount of loss: $ 22,000,000 Attack method: Fake software updates
Description of the event: GitHub user "1400 BitcoinStolen" said that a huge amount of his Bitcoin money had disappeared in the hack. This user uses a bitcoin purse Electrum, the user has no security update the software, so when he transfers the currency, it prompts to update and fix potential problems, but when he according to tip operation, the software takes advantage of a vulnerability to connect the hacker server, 1400 bitcoins (worth $16 million) is placed into the hacker's wallet.
Amount of loss: $ 16,000,000 Attack method: Fake software update
Description of the event: Encrypted wallet provider Ledger recently experienced database leaks and wallet vulnerabilities, putting users' bitcoins at risk. The chief technology officer of Ledger stated that in terms of database leakage, the attacker accessed part of our e-commerce and marketing database through a third-party misconfigured API key on our website, allowing unauthorized access to our customers’ contact information and Order data. Ledger fixed this issue on the same day and disabled the API key.
Amount of loss: - Attack method: Database leak
Description of the event: A cryptocurrency trader tweeted that a hacker hacked into his Ledger crypto wallet and stole more than 100,000 ERC-20 tokens. In addition, the trader stated that his account is in a safe state.
Amount of loss: 100,000 ERC-20 Attack method: Hacking into a crypto wallet
Description of the event: On July 25, 2020, there was unauthorized access to Ledger's database, resulting in data leakage. The leaked data includes e-commerce and marketing data, but payment information and encrypted assets are safe. Ledger’s announcement claimed that the API Key was used to achieve unauthorized access to the database. Currently, the API Key has become invalid.
Amount of loss: - Attack method: Unauthorized access to the database
Description of the event: Attacker creates malicious Ledger Chrome extensions and tricks users into downloading malicious Ledger Chrome extensions through Google search ad serving and other methods to steal users' cryptocurrency. So far, it is known that at least 1.4 million XRP are stolen.
Amount of loss: 1,400,000 XRP Attack method: Phishing attack
Description of the event: IOTA has shut down its entire network this week after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds.Estimated loss of 850000 MIOTA (valued at us $2.3 million).
Amount of loss: 8,550,000 MIOTA Attack method: Vulnerability in the application
Description of the event: Electrum suffers from "Update Phishing" theft. (The "Update Phishing" attack continues, and the older version (less than 3.3.4) is still under threat.)
Amount of loss: 2,000 BTC Attack method: Phishing attack
Description of the event: Gatehub Crypto Wallet Data Breach Compromises Passwords of 1.4M Users.
Amount of loss: - Attack method: Data leak
Description of the event: Safuwallet, It has stolen already lots of funds by injecting malicious code.
Amount of loss: - Attack method: Malicious code injection
Description of the event: Fusion released According to an official announcement, the Fusion transaction wallet (0x8e6bDa71f3f0F49dDD29969De79aFCFac4457379) was attacked on September 28, resulting in the theft of 10 million native FSN and 3.5 million ERC20 FSN tokens, worth about 5.57 million U.S. dollars. It is reported that the wallet was attacked because the private key was stolen. In response to the theft, Fusion Foundation officials have also transferred all remaining funds to the cold wallet. At the same time, Fusion officials are also tracking abnormal transactions, and uncertain evidence indicates that the theft may be caused by Fusion Foundation personnel.
Amount of loss: 10,000,000 FSN + 3,500,000 ERC20 FSN Attack method: Private key stolen
Description of the event: My Dash Wallet has been embedded with a malicious script, the malicious script will upload the user's DASH currency account balance, keystore, private key, seed and other key information to https://api.dashcoinanalytics.com/stats.php.
Amount of loss: - Attack method: Malicious Script
Description of the event: An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$. This vulnerability affects Trezor One, Trezor T, Keepkey and all other Trezor clones. Unfortunately, this vulnerability cannot be patched.
Amount of loss: - Attack method: Extracting Seed
Description of the event: MGC wallet is exposed to carry user assets disappear, users' digital assets are aggregated to 0x4f9cxx, 0x2b29xx beginning two addresses in a short time.
Amount of loss: - Attack method: Scam
Description of the event: The TokenStore wallet was exposed as a "runaway", which swept away billions of investors' money, involving BTC, XRP, ETH and other mainstream currencies.
Amount of loss: 1,000,000,000 CNY Attack method: Scam
Description of the event: The attacker controls some of the GateHub database account API permissions, but the user's private key is secure. GateHub officials have identified 103 wallets that were compromised and a total of 18,473 accounts that may have been affected, including 5,045 with active balances.
Amount of loss: 23,200,000 XRP Attack method: Account API permissions are controlled