1950 hack event(s)
Description of the event: The official Twitter account of ARPA, a permissionless threshold network based on the BLS signature scheme, has been compromised, and false token claiming links have been posted.
Amount of loss: - Attack method: Account Compromise
Description of the event: The ERC 404 project Rugged Art was attacked due to a reentrancy vulnerability, resulting in a loss of 11 ETH.
Amount of loss: $ 32,395 Attack method: Reentrancy Attack
Description of the event: On February 18th, Starcoin, a project within the Move ecosystem, tweeted that they detected abnormal activities on their network that required immediate attention to safeguard the integrity and security of the system. As a precautionary measure, Starcoin has temporarily suspended our network to conduct a thorough investigation together with SlowMist.
Amount of loss: - Attack method: Unknown
Description of the event: The CEO of SocialFi xPET tweeted that SocialFi was attacked due to vulnerabilities related to the newly launched PvP feature, resulting in hackers stealing 91.5 ETH (approximately $25,400).
Amount of loss: $ 254,000 Attack method: Contract Vulnerability
Description of the event: According to on-chain data, the cryptocurrency exchange FixedFloat appears to have been exploited, resulting in the theft of approximately $26.1 million worth of Bitcoin and Ethereum. On February 18th, FixedFloat tweeted: "We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon. We will provide details on this case a little later."
Amount of loss: $ 26,100,000 Attack method: Third-party Vulnerability
Description of the event: The ERC-X protocol Miner (MINER) has been attacked, please do not interact. According to the Miner team's analysis, the _update function of the contract was exploited. The root cause of this exploit is a double-transfer vulnerability caused by a lack of input validation.
Amount of loss: $ 466,000 Attack method: Contract Vulnerability
Description of the event: The hot wallet of the crypto gambling platform Duelbits was attacked, resulting in a loss of approximately $4.6 million.
Amount of loss: $ 4,600,000 Attack method: Private Key Leakage
Description of the event: The blockchain gaming platform PlayDapp was hacked, with the attacker's address being added as a minter, minting 200 million PLA tokens (valued at $36.5 million). Shortly after the incident, PlayDapp sent a message to the attacker through on-chain transactions, requesting the return of the stolen funds and offering a $1 million bug bounty reward, but negotiations ultimately failed. On February 12, the hacker minted an additional 1.59 billion PLA tokens, valued at $253.9 million, and began transferring them through cryptocurrency trading platforms. On February 13, PlayDapp announced on Twitter that the PLA smart contract had been paused, while also advising users to cease trading for migration snapshots and stating that every effort is being made to protect holders' assets.
Amount of loss: $ 290,000,000 Attack method: Private Key Leakage
Description of the event: Keith Grossman, the president of MoonPay, currently has a compromised X account distributing wallet drainer links.
Amount of loss: - Attack method: Account Compromise
Description of the event: The Not Found (404) project on ETH is suspected to have exited with losses of approximately $156,000, as the deployer withdrew a large amount of liquidity.
Amount of loss: $ 156,000 Attack method: Rug Pull
Description of the event: A critical security incident within the Starlay protocol’s USDC lending pool on the Acala EVM platform. An exploit was identified and executed due to abnormal behavior in the liquidity index calculation mechanism, which allowed an attacker to withdraw an amount far exceeding their original deposit after borrowing LDOT.
Amount of loss: $ 2,100,000 Attack method: Contract Vulnerability
Description of the event: The user-friendly crypto wallet designed for DeFi and NFTs, Phantom, reported a DDoS attack on its platform. Someone attempted to overload its systems, causing potential temporary interruptions in some services. User assets are secure.
Amount of loss: - Attack method: DDoS Attack
Description of the event: The project Detto Finance in the Base ecosystem is suspected of a rug pull, with its social media accounts currently inaccessible, resulting in approximately $95,000 in losses.
Amount of loss: $ 94,147 Attack method: Rug Pull
Description of the event: The DeFi protocol Abracadabra Money (MIM_Spell) has fallen victim to an attack, resulting in approximately $6.5 million in losses. Following the attack, Abracadabra.Money (MIM_Spell) provided an update on the situation via Twitter, stating that their technical team identified the vulnerability. Preliminary findings indicate the exploit targeted specific Cauldrons V3 & V4, allowing unauthorized MIM borrowing. They’ve mitigated the issue by setting borrowing limits to zero for these cauldrons.
Amount of loss: $ 6,500,000 Attack method: Contract Vulnerability
Description of the event: Klaytn, the South Korean public blockchain, tweeted a reminder to users that its official Discord server has been attacked. Until further notice, please refrain from clicking on any links or interacting with any posts. The team is currently working to remove malicious bots and regain control.
Amount of loss: - Attack method: Account Compromise
Description of the event: On January 31st, according to blockchain investigator ZachXBT, Ripple fell victim to a hacking attack resulting in the theft of 213 million XRP, valued at approximately $112.5 million. Ripple's co-founder, Chris Larsen, tweeted, "Yesterday, there was unauthorized access to a few of my personal XRP accounts (not @Ripple) – we were quickly able to catch the problem and notify exchanges to freeze the affected addresses. Law enforcement is already involved."
Amount of loss: $ 112,500,000 Attack method: Private Key Leakage
Description of the event: The lending market ZeroLend has experienced a DDoS attack.
Amount of loss: - Attack method: DDoS Attack
Description of the event: The official Twitter account of zk-data marketplace Masa is suspected to be compromised, and fake airdrop links have been posted.
Amount of loss: - Attack method: Account Compromise
Description of the event: DWF Labs tweeted that the Twitter account of their managing partner, Andrei Grachev, has been compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: Barley Finance tweeted that there has been a vulnerability attack on the wBARL pod. The team is working on resolving the issue. Details are as follows: 1. The exploiter took more than 10% of the total BARL supply in the pod, of which about 9% was the development team's collateral, used from Marketing and Dev allocations. Therefore, the damage to users is insignificant. 2. The solution is to change the wBARL pod contract to remove the functions that cause the exploit.
Amount of loss: $ 130,000 Attack method: Contract Vulnerability