|
CS Token
|
23/05/2023
|
$715K
|
|
Smart Contract Vulnerability
|
|
|
CS Token was exploited on the BNB chain, resulting in a total loss of approximately 714,285 BUSD. The root cause of the attack is in the implementation of the transfer function, where the burn amount parameter is calculated using the sell amount; however, the sell amount parameter doesn't get updated in real time. The attacker converted all of the exploited funds to ETH and cross-chain transferred them to ETH before routing them to Tornado Cash.
|
|
Local Traders
|
23/05/2023
|
379.32 BNB
|
|
Smart Contract Vulnerability
|
|
|
The P2P exchange Local Traders was exploited on the BNB chain, resulting in a loss of approximately 379.32 BNB. The exploit occurred because one of the functions of the contract lacked a permission check and could be called by anyone to modify the owner. The attacker first set himself up as the owner before gaining admin rights to the Oracle price feed. This allowed the exploiter to use another function of the contract to modify the token price to 1 wei. The attacker then proceeded to purchase LCT tokens at a low price and sell them for profits.
|
|
Fintoch
|
22/05/2023
|
$31.6M
|
|
Rug Pull
|
|
|
The team behind the Fintoch project performed an exit scam. Funds worth approximately $31.6 million on the BNB chain have been bridged to multiple addresses on the Ethereum and Tron networks. Fintoch reportedly advertised a 1% daily ROI and claimed to be owned by Morgan Stanley. However, both the Singapore government and Morgan Stanley had issued warnings about this ponzi investment scheme.
|
|
LunaFi
|
22/05/2023
|
$35K
|
|
Smart Contract Vulnerability
|
|
|
The LunaFi project was exploited in the Polygon chain, due to a flaw in their reward calculations, which resulted in a loss of funds worth approximately $35,000.
|
|
Tornado Cash
|
20/05/2023
|
$2.77M
|
|
Malicious Governance Proposal
|
|
|
The governance contract of Tornado Cash was exploited across multiple transactions. The hacker initially made a legitimate-looking proposal, which was effectively passed through the user votes. The exploiter then caused the contract to self-destruct, deployed a malicious contract at the same address, and then executed the code from the malicious contract. This allowed the attacker to secure 1.2 million votes through a malicious proposal. The attacker took complete control of the DAO and drained the tokens held within because this count exceeded the 700K valid votes.
|
|
Swaprum
|
18/05/2023
|
1620 ETH
|
|
Rug Pull
|
|
|
The project Swaprum on the Arbitrum One chain was identified as a rug pull. The deployer of the contract set up a new token contract implementation for the Swaprum token, allowing them to mint 200 million SAPR tokens. The scammer then used these SAPR tokens to drain multiple liquidity pools across multiple transactions and then transfer all funds to ether via Multichain, Across Protocol, and Celer Network, resulting in assets worth 1620 ether being laundered into Tornado Cash. The Twitter profile of the project was subsequently deleted.
|
|
SatoshiSwap
|
15/05/2023
|
$300K
|
|
Rug Pull
|
|
|
The SatoshiSwap project suffered from an exit scam, causing a loss of approximately $300,000. On-chain data reveals that the scammer first gained access to the liquidity pool and then performed a rug pull, which resulted in a total liquidity drain of the protocol.
|
|
LW
|
11/05/2023
|
$48K
|
|
Smart Contract Vulnerability
|
|
|
The LW token was exploited on the PancakeSwap pair of LW-BUSD, resulting in a loss of approximately $48,000.
|
|
Sell Token
|
13/05/2023
|
$87K
|
|
Price Manipulation
|
|
|
The SELLC token of the SellToken project was exploited in the BNB chain, resulting in the loss of approximately $87,000. The root cause of the vulnerability is price manipulation caused by the flawed calculation of their token price.
|
|
DMAN
|
09/05/2023
|
$89,611
|
|
Rug Pull
|
|
|
According to PeckShield, the token DMAN was a rug-pull. The scammer originally funded 4 ETH from Binance and then added 3 ETH of liquidity before swapping 1,200 trillion DMAN tokens for 48.55 ETH, worth approximately $89,611. The price of the token dropped by 100% following the exploit.
|
|
Snooker Token
|
09/05/2023
|
$197K
|
|
Smart Contract Vulnerability
|
|
|
The Snooker's Project SNK token on the BNB Chain was exploited, resulting in a loss of approximately $197,725. The root cause of the vulnerability is a flawed invitation-reward mechanism.
|
|
FREDDIE
|
06/05/2023
|
$52,344
|
|
Rug Pull
|
|
|
According to PeckShield, the token FREDDIE was a rug-pull. The scammer originally funded 2.96 ETH from Orbiter Finance Bridge and then added 2 ETH of liquidity before swapping 4,999 trillion HIS tokens for 28 ETH, worth approximately $52,344. The price of the token dropped by 100% following the exploit.
|
|
HIS
|
08/05/2023
|
$24.57K
|
|
Rug Pull
|
|
|
According to PeckShield, the token HIS was a rug-pull. The scammer originally funded 2.76 ETH from Orbiter Finance Bridge and then added 2 ETH of liquidity before swapping 4,999 trillion HIS tokens for 13 ETH, worth approximately $24,568. The price of the token dropped by 100% following the exploit.
|
|
Hakuna
|
08/05/2023
|
$31.68K
|
|
Rug Pull
|
|
|
According to PeckShield, the token HAKUNA was a rug-pull. The scammer originally funded 2.76 ETH from Orbiter Finance Bridge and then added 2 ETH of liquidity before swapping 4,999 trillion HAKUNA tokens for 17 ETH, worth approximately $31,683.11. The price of the token dropped by 100% following the exploit.
|
|
XIRTAM
|
03/05/2023
|
1909 ETH
|
|
Rug Pull
|
|
|
The project, XIRTAM, was reportedly identified as a rug pull. The scammers took away approximately 1909 ETH worth of funds amounting to $3.5 million from almost 4000 users raised during the presale. The funds were transferred to Binance, which has been effectively seized.
|
|
Yoda
|
04/05/2023
|
$130K
|
|
Rug Pull
|
|
|
According to PeckShield, the Yoda project was a rug-pull, during which the scammers laundered away 68 ETH, worth approximately $130,000, to FixedFloat. The team has since deleted their social media accounts and other groups.
|
|
Deus Finance
|
05/05/2023
|
$6.38M
|
|
Smart Contract Vulnerability
|
|
|
The stable coin DEI, launched by Deus Finance was exploited across multiple chains due to an incorrect allowance mapping, which resulted in the loss of funds worth approximately $6.38 million.
|
|
NeverFall
|
02/05/2023
|
$74.25K
|
|
Price Manipulation
|
|
|
The NeverFall project on the BNB chain was exploited due to price manipulation, resulting in a loss of approximately $74,250. The root cause of the vulnerability is due to the flawed calculation that relies on the balance of the corresponding PancakeSwap pair.
|
|
Level Finance
|
01/05/2023
|
$1.1M
|
|
Smart Contract Vulnerability
|
|
|
Level Finance was exploited due to a smart contract vulnerability, resulting in a loss of approximately $1.1 million. The contract had incorrectly set the way in which rewards are calculated, which allowed multiple referral claims from the same epoch. The exploiter drained approximately 214k LVL tokens and swapped them for 3,345 BNB.
|
|
0vix Protocol
|
28/04/2023
|
$2M
|
|
Price Manipulation
|
|
|
The 0vix Protocol on the Polygon chain was exploited, resulting in a loss of approximately $2 million. The exploit was a result of the price manipulation of the vGHST token, which is listed as a non-collateralizable asset on their platform.
|