|
Balancer
|
20/09/2023
|
$238K
|
|
BGP Hijacking
|
|
|
Balancer was the target of a BGP hijacking attack, which resulted in a loss of funds worth over $238,000.
|
|
Remitano
|
14/09/2023
|
$2.7M
|
|
Private Key Compromise
|
|
|
The hot wallet of the Remitano exchange was exploited across multiple transactions, resulting in a loss of assets worth approximately $2.7 million. An initial unauthorized transfer moved 1,359,253 USDT from the address labeled "Remitano 2" to the attacker's address, followed by transfers of 208,188 USDC and 104,360 Ankr tokens valued at about $2000. Tether promptly froze the address of the exploiter, securing $1.4 million in assets. Additionally, $537,000 worth of USDT on the Tron network was frozen, preventing further illicit movement.
|
|
Milady
|
11/09/2023
|
$1M
|
|
Insider Collaboration
|
|
|
Charlotte Fang, the founder of Milady, has reported a major security breach involving the misappropriation of approximately $1 million in Remilia's generated fees by a developer working on the Bonkler Treasury project. Fortunately, the Bonkler reserves, main contract, and NFTs remain unharmed and secure. In an audacious move, the developer also attempted to seize control of social media accounts and demanded a significant portion of the treasury, including NFT reserves, in coordination with two other team members. The team has identified those involved and vows to pursue legal action to the fullest extent.
|
|
Friend Chips
|
15/09/2023
|
47 ETH
|
|
Rug Pull
|
|
|
The team behind Friend Chips performed an exit scam. The team claimed in a tweet that an anonymous developer had used the bonding function to create 100 million tokens, then dumped them, draining the liquidity pool of all 47 ETH, worth approximately $78,000. They further stated that the team will be funding a relaunch with developers they know personally. The stolen funds have already been laundered to Tornado Cash.
|
|
Mark Cuban
|
16/09/2023
|
$870K
|
|
Hot Wallet Compromise
|
|
|
Entrepreneur and Dallas Mavericks owner Mark Cuban has reportedly lost approximately $870,000 in a cryptocurrency scam. The incident involved the theft of various cryptocurrencies, including stable coins, Lido-staked Ether, ENS, and SuperRare tokens. Cuban's misfortune stemmed from downloading a fraudulent version of Metamask via a Google search, allowing scammers to compromise his private keys and seed phrases.
|
|
CoinEx
|
12/09/2023
|
$59M
|
B
|
Private Key Compromise
|
|
|
CoinEx, the global cryptocurrency exchange, was exploited across nineteen different chains due to the compromise of the private keys, which resulted in a loss of funds worth over $59 million.
|
|
Vitalik Buterin
|
10/09/2023
|
$700K
|
|
Twitter Account Compromise
|
|
|
The Twitter account of Vitalik Buterin, co-founder of the Ethereum Foundation, was compromised, possibly due to a Sim Swap attack. The scammer then posted a phishing link to a free Proto Danksharding NFT relating to ConsenSys. Multiple sources reported that the well-known con artist had stolen over $700,000 in funds. One of the affected individuals lost about 50% of this value as their CryptoPunk NFTs 3983 and 1751 were hijacked.
|
|
FloorDAO
|
05/09/2023
|
40 ETH
|
|
Smart Contract Vulnerability
|
|
|
FloorDAO was exploited due to a smart contract vulnerability, which resulted in a loss of 40 ETH, worth approximately $65,000. The root cause of the exploit is due to design flaws in two of the smart contracts' functions that handled the rebase calculations. The stolen funds have already been laundered into Tornado Cash.
|
|
GMBL Computer
|
06/09/2023
|
500 ETH
|
|
Private Key Compromise
|
|
|
GMBL Computer issued a community alert stating that they have suffered a loss of nearly 500 ETH, roughly amounting to $815,000. The root cause of the exploit is not a smart contract vulnerability but an off-chain issue. The exploiter was able to spoof a call, get a signature from their server, and then pass it to the contract. The team is working on establishing communication with the exploiter in hopes of recovering the stolen funds.
|
|
Stake
|
04/09/2023
|
$41M
|
|
Private Key Compromise
|
|
|
Stake was exploited across multiple chains, resulting in a loss of funds worth approximately $41 million. The root cause of the exploit is likely due to the compromise of the private keys. The stolen assets include 9620 ETH worth $15.7 million on the Ethereum Mainnet, 14.24 million MATIC worth $7.85 million, and 82650 BNB worth $17.7 million.
|
|
Baby Shia Token
|
31/08/2023
|
133 ETH
|
|
Rug Pull
|
|
|
Baby Shia Token was identified as a rug-pull with around 133 ETH, totaling approximately $226,000 worth of funds misappropriated. The deployer of its underlying tokens swapped them for profits, thereby draining the liquidity pool. The social media profile of the team on Twitter was subsequently deleted. It is known that Fixed Float and Change Now funded the associated wallet of the scammer.
|
|
Corede Finance
|
02/09/2023
|
27 ETH
|
|
Rug Pull
|
|
|
Corede Finance was identified as a rug pull, in which the scammer took away funds worth 27 ETH, totaling approximately $43,900.
|
|
BitBrowser
|
26/08/2023
|
$410K
|
|
Private Key Compromise
|
|
|
BitBrowser issued an alert to its community, indicating that a security breach had occurred affecting their server cache data. Those who had activated the extension for data synchronization found their wallets vulnerable to theft. The company advised users to quickly move their assets to a safer location. Numerous community members reported that their private keys had been stolen, leading to speculation that the breach may be connected to the usage of the Bit fingerprint browser. Multiple accounts suggest that the financial impact of this event amounts to a minimum loss of $410,000.
|
|
SOL Big Brain
|
25/08/2023
|
$1.5M
|
|
Phishing Attack
|
|
|
SOL Big Brain suffered a loss of approximately $1.5 million due to a phishing scam. Scammers hijacked a Telegram account belonging to the founder of an affiliated company. They then communicated with SOL Big Brain, who, after verifying the sender's identity, acted on the instructions provided. The culprits had prepared a scheme that used particular wallets susceptible to phishing, enabling them to siphon off the assets. Reportedly, assets in USDC, USDT, and Gearbox were stolen using permit signatures. The assets taken included an estimated $625,000 in USDC, $550,000 in ETH, $115,000 in USDT, and $200 in Gearbox.
|
|
STV
|
26/08/2023
|
$500K
|
|
Price Manipulation
|
|
|
The STV Protocol was exploited on the BNB chain due to price manipulation resulting from a flawed price calculation that relied on token balance. The attack resulted in a loss of over $500,000. The attacker made profits by repeatedly invoking the buy and sell functions. The exploiter has already laundered 1000 BNB, worth approximately $217,000, intoTornado Cash.
|
|
Magnate Finance
|
25/08/2023
|
$6.4M
|
|
Rug Pull
|
|
|
Magnate Finance was identified as a rug pull, with around $6.4 million in assets misappropriated. The deployer account manipulated the price oracle provider, enabling the fraudulent removal of 247 WETH, $1.3 million DAI, and $2 million USDC using fake collateral. The culprit has since transferred most of the ill-gotten gains to ETH, ARB, OP, and BSC via Stargate. Their Telegram and Twitter profiles have been deleted, and the project's website is now offline.
|
|
BTC20
|
19/08/2023
|
$30K
|
|
Price Manipulation
|
|
|
The PresaleV4 contract of BTC20 was exploited as a result of price manipulation, which resulted in a loss of funds worth approximately $30,000. The vulnerable function called another function on the Uniswap router using the WETH-BTC20 pair, which relies on the reserves of the pair. The attacker used a flashswap on this WETH-BTC20 pair and bought all BTC20 up to the allowed limit of 100,000 tokens.
|
|
Thales
|
19/08/2023
|
$35K
|
|
Unknown
|
|
|
A number of Thales hot wallets, serving as temporary deployers or keeper bots, were compromised as a likely result of a core contributor's PC or Metamask being hacked. None of the users funds were affected by the attack, and all of their funds on Optimism, Arbitrum, Polygon, and Base are safe. The attacker was able to seize control of all of their BNB chain smart contracts, causing a total loss of around $35,000.
|
|
Exactly Protocol
|
18/08/2023
|
$7.3M
|
|
Smart Contract Vulnerability
|
|
|
The Exactly Protocol was exploited across multiple transactions on the Optimism chain, which resulted in a loss of over 4324 ETH, totaling approximately $7.3 million. The vulnerable contract lacked input validation, which allowed the attacker to create a malicious contract that stole funds from the users and gained incentives by liquidating their bad debt position. Approximately 1500 ETH have been bridged back to Ethereum through the Across Bridge, while 2833 ETH are still in the process of being bridged back to Ethereum via the Optimism Bridge.
|
|
Rocketswap
|
14/08/2023
|
471 ETH
|
|
Private Key Compromise
|
|
|
Rocketswap was exploited due to the compromise of the private keys, which resulted in a loss of 471 ETH, worth approximately $868,000. According to the team, they needed to use offline signatures when deploying the launchpad and put the private keys on the server. The attacker apparently performed a brute force attack on the server and exploited a proxy contract used for the farm contract, which led to the unauthorized asset transfers. The exploiter swapped the stolen assets for roughly 472 ETH and bridged them to Ethereum via the Stargate bridge.
|