1939 hack event(s)
Description of the event: There is an exit scam on a fake EigenLayer token. The deployer profited ~$300k. BSC: 0x14ac066ac2CD24CBdE31f78659c11F13aB61E4e7.
Amount of loss: $ 300,000 Attack method: Rug Pull
Description of the event: There was a large liquidity removal on DKP resulting in losses of approximately $204,000 USDT. The token contract is 0xd06fa1BA7c80F8e113c2dc669A23A9524775cF19.
Amount of loss: $ 204,000 Attack method: Rug Pull
Description of the event: A phishing link has been posted in the factory-updates channel of LuckyFactoryNFT. Do not interact with the malicious link.
Amount of loss: - Attack method: Phishing Attack
Description of the event: Mode Discord was hacked. A phishing link was posted in the announcements channel of the Mode Network Discord server.
Amount of loss: - Attack method: Account Compromise
Description of the event: On September 27th, Venom Bears‘ Discord server was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: SpaceChain Discord was hacked. A phishing link was posted in the announcements channel of SpaceChain Discord server.
Amount of loss: - Attack method: Account Compromise
Description of the event: On September 26th, XSDWETHpool On BSC was exploited for ~$12.1k in a flash loan attack. The attacker created a malicious contract to interact with the pool contract and gained 56.96 WBNB. Pool Contract: 0xbfBcB8BDE20cc6886877DD551b337833F3e0d96d.
Amount of loss: $ 12,100 Attack method: Flash Loan Attack
Description of the event: There is an exit scam on a fake Justus Token associated with fake Twitter Justusztoken. Deployer dumped 302 WBNB for a profit of ~$59k. BSC: 0xae7607dE0F0665220E77b76E18d94965076e684c.
Amount of loss: $ 59,000 Attack method: Rug Pull
Description of the event: On September 24th, according to Definalist on Twitter, scammers had deposited fake APT tokens into South Korea's largest exchange, Upbit. After these fake tokens were deposited into numerous user accounts, many users proceeded to directly sell them. The only explanation for this situation is that Upbit's wallet system only checked the type and data and processed deposits and withdrawals.
Amount of loss: - Attack method: False top-up
Description of the event: On September 25th, Cyvers Alerts tweeted that a certain EOA address received 5000 ETH from HTX yesterday, and this morning, they noticed that HTX had conducted a hot wallet migration. It has been confirmed that one of HTX's hot wallets was compromised, resulting in a loss of 8.2 million USD, and the hacker's address has been disclosed. HTX has issued a public statement on the blockchain, addressing the hacker and offering a 5% white hat bonus if the stolen funds are returned by October 2nd; otherwise, they will transfer the information to law enforcement authorities for further action and to prosecute the hacker. Justin Sun also stated that HTX has fully covered the losses incurred from the attack and has successfully resolved all related issues. All user assets are safe and the platform is operating completely normally. On October 7, the HTX attackers returned 4,999 ETH (about $8.2 million) of the stolen funds.
Amount of loss: $ 8,200,000 Attack method: Unknown
Description of the event: There was a flash loan exploit on Kub/Kub-split. The attacker gained ~$78.4k via pool manipulation. Contract: 0xc98E183D2e975F0567115CB13AF893F0E3c0d0bD.
Amount of loss: $ 78,400 Attack method: Flash Loan Attack
Description of the event: On September 23, the Mixin Network cloud service provider database was attacked, the amount of funds involved was ~$200M.
Amount of loss: $ 200,000,000 Attack method: Unknown
Description of the event: There was a large liquidity removal on DUO. The Deployer removed $352.6K WBNB of LP in 3 transactions over a 4 day period. BSC: 0x1ED990bdcAEf4B13b01F4996dDe59EcD04F1343A .
Amount of loss: $ 352,698 Attack method: Rug Pull
Description of the event: The token Cat Nation is suspected to be a rug pull. Transaction pool address (ETH): 0xC9C1776802216e074eF7A19555cE70bB473B25c0.
Amount of loss: $ 29,700 Attack method: Rug Pull
Description of the event: BEDU announced that a team member in their Discord server has been compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: Synthtopia Discord server was compromised.
Amount of loss: - Attack method: Account Compromise
Description of the event: There was a large liquidity removal on Unleashed Beast (BEAST). Deployer removed ~$55.3k from the LP. BSC:0x626b596dd10467ea969179235123f884e133074a.
Amount of loss: $ 55,300 Attack method: Rug Pull
Description of the event: On September 21st, the Linear stable coin $LUSD appears to be under an exploit attack. While the team investigates, do not buy LUSD, do not trade $LUSD. Liquidations are paused and users accounts are not at risk.
Amount of loss: - Attack method: Contract Vulnerability
Description of the event: On September 21st, a large liquidity of YZER was removed. Deployer profited ~$28.6k from this liquidity removal.
Amount of loss: $ 28,600 Attack method: Rug Pull
Description of the event: A phishing link has been posted in the announcements channel of timesoul Discord server.
Amount of loss: - Attack method: Account Compromise