Summary # A hacker exploited a vulnerability in the LendHub protocol to steal approximately $6 million in digital assets. The vulnerability was caused by the existence of two IBSV tokens on the platform, one of which had been deprecated but not removed. The attacker was able to mint and redeem tokens in the old market while borrowing against them in the new market, ultimately making off with the majority of the assets on the platform. ...
Summary # CoinDeal is a defunt cryptocurrency exchange. In January 2023, the U.S. Securities and Exchange Commission (SEC) charged six individuals and two companies for their involvement in a fraudulent investment scheme called CoinDeal, which raised over $45 million from sales of unregistered securities to tens of thousands of investors worldwide. The defendants falsely claimed that investors could generate significant returns by investing in a blockchain technology called CoinDeal, which would be sold for trillions of dollars to a group of wealthy buyers. ...
Summary # On September 19, 2012, James Zhong exploited the Silk Road dark web marketplace and was convicted of committing wire fraud. The attacker managed to unlawfully obtain over 50,000 BTC by creating roughly nine accounts. Additionally, Zhong received 50,000 BitcoinCash(BCH) due to a hard fork coin split in August 2017, when every Bitcoin address also received an identical balance in BCH. Zhong managed to trigger over 140 transactions in rapid succession, fooling Silk Road’s withdrawal-processing system. ...
Summary # On November 1, 2022, Deribit, a cryptocurrency derivatives exchange, was hacked for $28 million. The attacker gained access to the exchange’s hot wallet, which contains a small portion of the exchange’s user funds that are kept online for fast withdrawals. Attackers # The identity of the attacker(s) is unknown. BTC Deribit hacker 1: bc1q2dequzmk5vk8nmmrata8nq4y0zgqn4vc0n2h8y Deribit hacker 2: bc1qw5g8lw4kzltpdcraehy2dt6dqda8080xd6vhl4kg4wwsypwerg9s3x6pvk ETH and USDC Deribit hacker 1: 0xb0606f433496bf66338b8ad6b6d51fc4d84a44cd Deribit hacker 2: 0x8d08aad4b2bac2bb761ac4781cf62468c9ec47b4 Losses # The attackers managed to steal ~691 Bitcoin (BTC) and ~6,947 Ether (ETH) and ~$3,394,823 USDC from the hot wallet, worth approximately $28 million at the time of the attack. ...
Summary # Team Finance experienced a significant breach on the Ethereum blockchain during a migration process from Uniswap v2 to v3, resulting in the theft of approximately $14.5 million. The exploit was executed through vulnerabilities in the smart contract, facilitating unauthorized token transfers and manipulations of the Initialize price within the V3 liquidity pool. Attackers # The identity of the hackers who attacked Team Finance is unknown. Hacker Ethereum Wallets: ...
Summary # On October 11th, 2022, Mango Markets, a decentralized exchange on Solana, was exploited. The hacker manipulated the price oracle for the protocol’s MNGO token by first taking out a long MNGO position on Mango. Then the attacker artificially raised the price of the MNGO token by taking advantage of low liquidity on secondary markets. The exploiter then used the temporary high price of MNGO to take out loans of USDC, various other stable coins, and SOL against unrealized profit on the long MNGO position. ...
Summary # On October 6, 2022, BSC Token Hub, a bridge between BNB Beacon Chain (BEP2) and Binance Smart Chain (BEP20) was exploited. The native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20), also known as BNB Token Hub was exploited. The hacker used a low-level proof vulnerability and 2,000,000 $BNB were drained out of thin air. Consequently, the hacker began bridging the funds to Fantom and Ethereum chains. ...
Summary # On September 20, 2022, Wintermute, a London-based algorithmic market maker offering liquidity across Centralized Finance (CeFi) and Decentralized Finance (DeFi) exchanges and over-the-counter (OTC) deals, was the victim of a security breach. The exploit resulted in a loss of approximately $160 million, impacting 90 different assets including stable coins, Bitcoin, Ether, and various altcoins. The attack was executed through a brute force private key compromise Source. The suspected vulnerability originated from Profanity, a service Wintermute used for generating vanity addresses, despite efforts to blacklist their Profanity-associated accounts after the vulnerability became known. ...
Summary # On August 1, 2022, Nomad, a cryptocurrency platform, experienced a chaotic hacking incident resulting in a loss of more than $190 million. The hack occurred when multiple users took advantage of an accidental error in a recent update, allowing them to drain funds from the blockchain protocol. An investigation conducted by samczsun, the head of security at Paradigm, a web3 investment firm, revealed that one of Nomad’s smart contracts had been modified in a way that made it vulnerable to transaction spoofing. ...
Summary # On June 23, 2022, the Harmony Protocol team discovered a malicious attack on their Horizon Bridge, a blockchain bridge enabling asset transfers between Ethereum, Binance Smart Chain, and Harmony blockchains. In the morning, several transactions compromised the bridge. The hackers were able to steal the following assets: Frax (FRAX), Wrapped Ether (WETH), Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC). ...