2027 hack event(s)
Description of the event: South Korean Web3 social music service Somesing announced that it fell victim to a security vulnerability attack last Saturday, resulting in a loss of 730 million native tokens (SSX), equivalent to approximately $11.58 million.
Amount of loss: $ 11,580,000 Attack method: Unknown
Description of the event: Citadel Finance was exploited on the Arbitrum chain, which resulted in a loss of 43 ETH, worth approximately $93,000. The root cause of the exploit is price manipulation of the underlying assets.
Amount of loss: $ 93,000 Attack method: Price Manipulation
Description of the event: The Algorand Foundation tweeted that the Twitter account of Staci Warden (@StaciW_DC), the CEO of the Foundation, has been compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: AltLayer, a temporary extension layer built on Optimistic Rollups, tweeted that early this morning, its Twitter profile was not displaying past tweets on the timeline. After approximately 3 hours of handling, the account has now been restored to normal. The entire incident may have been an organized attack. AltLayer advises users to stay safe and cross-check any information and links across multiple channels.
Amount of loss: - Attack method: Account Compromise
Description of the event: On January 25th, the staking contract of the space-themed open-world Web3 game Nebula Revelation suffered a reentrancy attack. On January 28th, Nebula Revelation announced a compensation plan of 159,831 USDT. The team promises comprehensive compensation and has decided to reimburse users at the price before the theft to ensure fairness.
Amount of loss: $ 180,000 Attack method: Reentrancy Attack
Description of the event: Saga DAO, a community-run fan club for Solana's sellout mobile phone fell victim to a hacker attack, resulting in a theft of 750 SOL, equivalent to approximately $60,000. On February 2nd, SagaDAO tweeted that all funds stolen last week had been recovered. 65,761.03 USDC has been sent back to the Align multisig wallet protected by Phase Labs. The funds were returned from the original attacker's address.
Amount of loss: $ 65,761 Attack method: Unknown
Description of the event: JohnLennonC0IN (BEATLES) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 54,900 Attack method: Rug Pull
Description of the event: The blockchain gaming platform GMEE has announced via Twitter that the GMEE token contract on Polygon experienced unauthorized GitLab access a few hours ago, resulting in the theft of 600 million GMEE tokens. Subsequently, the attacker exchanged the tokens for ETH and MATIC.
Amount of loss: $ 7,000,000 Attack method: Contract Vulnerability
Description of the event: The DeFi protocol Concentric Finance, built on the Camelot v3 protocol, has suffered a severe security breach. In an official post on social media, Concentric.fi stated that the security breach due to a targeted social engineering attack on one of their team members holding the deployer wallet. The attacker exploited vulnerabilities to upgrade the vaults, mint new LP tokens, and subsequently drained the platform's assets.
Amount of loss: $ 1,700,000 Attack method: Social Engineering
Description of the event: Bullran Index was attacked due to a lack of permission control. An MEV bot was able to burn the BUI tokens that a user deposited into a custom safe contract and exploit the lack of permission control to extract 136 ETH.
Amount of loss: $ 310,000 Attack method: Contract Vulnerability
Description of the event: Tron founder Justin Sun tweeted that Htx.com and HTX_DAO have been attacked by DDoS attack. The official HTX Twitter account also mentioned that the HTX application is currently experiencing interruptions, and the technical team is actively working to resolve the issues.
Amount of loss: - Attack method: DDoS Attack
Description of the event: LongNoseDog (LONG) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 309,749 Attack method: Rug Pull
Description of the event: BSC 上的 Poldo (POLDO) 疑跑路,部署者撤走了大量流动性,导致价格下跌 100%。
Amount of loss: $ 311,607 Attack method: Rug Pull
Description of the event: CRONUS (CRONUS) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 316,355 Attack method: Rug Pull
Description of the event: The decentralized, non-custodial liquidity market protocol Rosa Finance on Arbitrum was exploited, resulting in a loss of approximately $45,000.
Amount of loss: $ 44,800 Attack method: Unknown
Description of the event: According to a tweet from Manta Network, the Manta Pacific chain encountered an RPC attack at approximately 9 AM UTC. Kenny Li, co-founder of Manta Network (@superanonymousk), provided updates on Twitter regarding the DDoS attack on Manta Network. He mentioned that Manta Network experienced a calculated DDoS attack at 9:30 AM UTC, coinciding with the start of their TGE activity. Since then, the RPC nodes have faced over 135 million requests, indicating that this was a very aggressive and timed attack.
Amount of loss: - Attack method: DDoS Attack
Description of the event: Arkham official announced on Twitter that its CEO, Miguel Morel, fell victim to a SIM card swap attack. Miguel Morel's Twitter account was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: Trezor, the manufacturer of encrypted hardware wallets, has announced that it is currently investigating a security incident that occurred on January 17, 2024. Unauthorized access was detected to the third-party support portal used by Trezor. No damage has been inflicted on customers' digital assets. Internal audits indicate that the exposure might be limited to information of customers who have interacted with Trezor Support since December 2021, encompassing only email and names/nicknames.
Amount of loss: - Attack method: Third-party Vulnerability
Description of the event: The crypto index project BasketDAO was exploited on the Ethereum Mainnet due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $107,000. The root cause of the exploit is an arbitrary low-level call in the approval process of their smart contracts.
Amount of loss: $ 107,000 Attack method: Contract Vulnerability
Description of the event: The interoperability protocol Socket tweeted that the protocol experienced a security incident. An attacker exploited a vulnerability on a newly added module under the Socket Aggregator system. The module was responsible for swapping tokens on behalf of users. The vulnerability in said module allowed the attacker to steal funds from users who had given infinite approval of tokens to the Socket Gateway contract. The attack was carried out through 2 malicious transactions on Ethereum. The total exploited value is estimated to be around $3.3m. On January 23rd, Socket announced the successful recovery of 1032 ETH from the funds involved in the incident. A recovery and distribution plan for users will be promptly released.
Amount of loss: $ 3,300,000 Attack method: Contract Vulnerability