2028 hack event(s)
Description of the event: The decentralized betting platform ZKasino is suspected to have exited. Recently, users on Twitter reported that ZKasino removed the message "Ethereum will be returned and can be bridged back" from the Bridge Funds interface, causing users to be unable to withdraw. Subsequently, the project team transferred the ETH assets deposited by users to the 0x791 multi-signature address, and then deposited them into the staking protocol Lido for yield farming.
Amount of loss: $ 33,000,000 Attack method: Rug Pull
Description of the event: Hedgey Finance suffered two exploits, one on the Ethereum and another on the Arbitrum network. The ETH attack resulted in a loss of $1.9 million, while the Arbitrum exploit led to a theft of $42.8 million in ARB tokens.
Amount of loss: $ 44,700,000 Attack method: Flash Loan Attack
Description of the event: The Twitter account of the cross-chain bridge Meson Finance posted a tweet containing a phishing link. Meson Finance tweeted that the relevant content has been deleted and confirmed that the issue originated from a third-party API rather than a direct attack on the account.
Amount of loss: - Attack method: Account Compromise
Description of the event: Fake PRCL on the BNB Chain appears to have exit scammed, resulting in a 100% price drop and causing losses exceeding $100,000.
Amount of loss: $ 100,000 Attack method: Rug Pull
Description of the event: Token issuance protocol Mars was attacked and lost about 1M MARS 和 137 个 WBNB.
Amount of loss: $ 98,000 Attack method: Unknown
Description of the event: Grand Base, a real world assets platform built on the Base layer-2 blockchain, the team behind the project claimed that the deployer wallet had been compromised, allowing an attacker to drain the project's liquidity pool. Altogether, 615 ETH (~$2 million) was taken from the project. On April 20th, Grand Base tweeted that during the token reboot process, the team had managed to retrieve our veNFTs from the hacked address and transferred them to a multi-sig wallet. The veNFT position represents and amount of $225,000 and will be used to build robust liquidity when the time comes.
Amount of loss: $ 2,000,000 Attack method: Private Key Leakage
Description of the event: Fake JILLBODEN on BNBChain is suspected of a rug pull, and the current token price has dropped by 100%.
Amount of loss: $ 335,339 Attack method: Rug Pull
Description of the event: Fake VDZ on BNBChain is suspected of a rug pull, and the current token price has dropped by 100%.
Amount of loss: $ 323,088 Attack method: Rug Pull
Description of the event: According to on-chain analyst ZachXBT's monitoring, the group of scammers who stole 8 figs with Magnate, Kokomo, Lendora, Solfire, etc is back with a new project on Blast @Leaperfinance. Last week they funded an address on Blast with ~$1M of laundered funds from the previous rugs and have begun adding liquidity to bait people in. Over time, the fraudulent team increased their TVL to over a million dollars, then stole all user funds deposited into the protocol, and forged KYC documents using low-level auditing companies. Currently, this fraudulent group has initiated scams on platforms such as Base, Solana, Scroll, Optimism, Arbitrum, Ethereum, and Avalanche.
Amount of loss: - Attack method: Scam
Description of the event: The GFA token was exploited on the BNB chain, which resulted in a loss of assets worth approximately $15,000. The root cause of the exploit is a lack of access control. The vulnerable contracts had functions for calculating rewards, for which anyone could invoke a call to them. The hacker was able to manually calculate and generate the rewards and drain the tokens. The exploiter has already laundered the stolen assets into Tornado Cash.
Amount of loss: $ 15,000 Attack method: Contract Vulnerability
Description of the event: The Bitcoin-native lending protocol, Zest Protocol twitted that it experienced an attack. The attacker lent out an amount exceeding the value of their collateral by artificially inflating its value. The attack has been mitigated, and all unauthorized access has been disabled. The attacker removed 324,000 STX from the protocol, and this loss will be compensated from the Zest Protocol's treasury, ensuring full reimbursement of user assets.
Amount of loss: $ 1,000,000 Attack method: Price Manipulation
Description of the event: Fake Masa on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 502,000 Attack method: Rug Pull
Description of the event: Sumer Money was exploited on the Base chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $310,000. The root cause of the exploit is a lack of reentrancy protection, which led to the manipulation of the underlying assets.
Amount of loss: $ 310,000 Attack method: Reentrancy Attack
Description of the event: Sumer Money was exploited on the Base chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $310,000.
Amount of loss: $ 310,000 Attack method: Contract Vulnerability
Description of the event: The price of Empower AI (EMPAI) on Ethereum has dropped by 100%. A whale 0xE4808...f3bA has dumped 1,000,000,000,000 EMPAI for about 66.44 WETH (valued at around $23,750).
Amount of loss: $ 237,500 Attack method: Rug Pull
Description of the event: Fake Monad on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 266,000 Attack method: Rug Pull
Description of the event: Jupiter, a trading aggregator in the Solana ecosystem, tweeted that they noticed a large number of spam bots hitting our RPCs and limited them. Users are advised to try their operations again. The team is working super hard on helping users in this new congested environment and dealing with extraordinary volume.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Fake Truflation on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 256,600 Attack method: Rug Pull
Description of the event: Fake Oasis AI on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 301,600 Attack method: Rug Pull
Description of the event: The full-chain Web3 ecosystem xBlast, built inside Telegram, disclosed on Twitter that it had been hacked. The attacker transferred XBL tokens from its project's main wallet address and sold them for approximately 22 ETH. xBlast's proposed solution is to deploy a new XBL token and restore liquidity, promising fair compensation for all losses.
Amount of loss: $ 84,500 Attack method: Unknown