1980 hack event(s)
Description of the event: The MEV Bot (0x05f016765c6c601fd05a10dba1abe21a04f924a5) was exploited and lost about 1k ETH! The core reason is that the 0xf6ebebbb function used to trigger arbitrage in the contract lacks authentication. The attacker calls this function to exchange the tokens in the contract into the pool on curve, and then uses funds of the flash loan to reverse exchange and obtain profit.
Amount of loss: $ 2,152,392 Attack method: Flash Loan Attack
Description of the event: On November 7, TheStandard.io was exploited for ~$290k. The key vulnerability here was the low liquidity in the PAXG pool, which the attacker exploited to manipulate the market. On November 9, 243k $EUROs has been returned to the protocol from the attacker which will be burned in due process.
Amount of loss: $ 290,000 Attack method: Liquidity Exploit
Description of the event: Multi-chain launchpad platform TrustPad tweeted that one of the staking contracts was attacked. According to SlowMist's analysis, the lock time was manipulated due to obtaining an incorrect LockStartTime.
Amount of loss: $ 155,000 Attack method: Contract Vulnerability
Description of the event: A fake Ledger Live app on the official Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen.
Amount of loss: $ 588,000 Attack method: Fake Application
Description of the event: Tellor's Twitter account was compromised, and the hacker posted a phishing link related to the $TRB airdrop.
Amount of loss: - Attack method: Account Compromise
Description of the event: According to @fraxfinance, Frax Finance's DNS has been attacked. Please don’t use http://frax[.]finance and http://frax[.]com domains until further notice.
Amount of loss: - Attack method: DNS Hijacking Attack
Description of the event: Fake Memecoin (MEME) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 117,930 Attack method: Rug Pull
Description of the event: Fake Celestia (TIA) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 99.5% price decline.
Amount of loss: $ 208,394 Attack method: Rug Pull
Description of the event: DeFi lending protocol Onyx Protocol has been exploited and has currently lost ~$2.1 million.
Amount of loss: $ 2,100,000 Attack method: Contract Vulnerability
Description of the event: Monero discloses that its community crowdfunding wallet was drained of 2,675.73 XMR (the entire balance). The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR.
Amount of loss: $ 460,000 Attack method: Unknown
Description of the event: According to SlowMist security alert, Unibot has been exploited, and due to the lack of necessary parameter checks, the exploiter can transfer tokens for which users have approved the Unibot contract. Please revoke approval of 0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865.
Amount of loss: $ 560,000 Attack method: Contract Vulnerability
Description of the event: Dracula (DRAC) on BSC is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 38,349 Attack method: Rug Pull
Description of the event: Fake Memecoin (MEME) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 78,947 Attack method: Rug Pull
Description of the event: Fake MEMEPAD (MEMEPAD) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 80,134 Attack method: Rug Pull
Description of the event: Fake TITANX (TITANX) on ETH is suspected of a rug pull, with the deployer removing substantial liquidity, causing a 100% price decline.
Amount of loss: $ 82,385 Attack method: Rug Pull
Description of the event: The Ethereum liquidity restaking pool Astrid was attacked due to a vulnerability in the withdrawal function, resulting in a loss of approximately $228,000. The parameters of the `withdraw()` function, specifically the token address and token amount, were exploitable. On October 29, the hackers returned 80% of the stolen funds (102 ETH).
Amount of loss: $ 228,000 Attack method: Contract Vulnerability
Description of the event: STIMMY on Ethereum pulled liquidity to the tune of 43.8 ETH (~$78.8K) and deleted its social platforms.
Amount of loss: $ 78,800 Attack method: Rug Pull
Description of the event: A fake Linea token is suspected of a rug pull for ~$1.3m. ~$743k has been deposited into Tornado Cash. Contract Address: 0x00000000fEB6A772307C6aA88AB9D57b209aCb18.
Amount of loss: $ 1,300,000 Attack method: Rug Pull
Description of the event: Maestro Router was compromised and approximately $ 510,000 was stolen.
Amount of loss: $ 510,000 Attack method: Contract Vulnerability
Description of the event: Mina Protocol on BNB Chain has dropped 100%. 0x0920…a44A has swapped 1,000,000,000,000,000 $MINA for ~474.26 $BNB (worth ~$106.7K).
Amount of loss: $ 106,730 Attack method: Rug Pull