Predy Finance
|
13/05/2024
|
$464K
|
|
Smart Contract Vulnerability
|
|
|
Predy Finance was exploited on the Arbitrum chain due to a smart contract vulnerability, which resulted in a loss of 83.7 ETH and 219,585 USDC, totaling approximately $464,000. The root cause of the exploit is a lack of regulated access control.
|
Rain
|
28/04/2024
|
$14.8M
|
|
Unknown
|
|
|
The Rain Exchange was exploited across its BTC, ETH, SOL, and XRP hot wallets, which resulted in a loss of assets worth $14.8 million. The exact reason behind the exploit is unknown at the moment. The stolen funds have since been transferred to instant exchanges and swapped for BTC and ETH. The stolen funds were divided up into wallets containing 137.9 BTC and 1,881 ETH. Rain, in a later communication, assured that any losses incurred during the security incident would be taken care of by compensating the affected users.
|
Pii Park
|
12/05/2024
|
$490K
|
|
Scam
|
|
|
Pii Park, a bogus PI token, was identified as a scam in which funds worth $490,000 were misappropriated. When users call the open position function of the associated contract, they are changed with a small fee in MATIC, with a portion of it sent to an EOA and the other portion swapped for the PI token. The PI tokens were consolidated into an EOA, which further distributed them to three wallets that ultimately dumped them. The initial EOA had also dumped their assets and later laundered the stolen funds through Fixed Float.
|
Sonne Finance
|
13/05/2024
|
$20M
|
|
Smart Contract Vulnerability
|
|
|
Sonne Finance was exploited on the Optimism Mainnet due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $20 million. The root cause of the exploit is a precision-loss vulnerability. The attack vector is a well-known issue on all of the CompoundV2 forks.
|
GNUS Token
|
05/05/2024
|
$1.27M
|
|
Smart Contract Vulnerability
|
|
|
The GNUS token was exploited on the Fantom network due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $1.27 million. The attacker obtained access to one of the critical functions of the contract, which allowed them to copy the token manager's salt deployed on the Ethereum Mainnet and redeploy the token manager on Fantom. They were then able to mint fake GNUS tokens on the Fantom chain and then cross-reference them to the Ethereum Mainnet.
|
Perpy Finance
|
05/05/2024
|
41.895 ETH
|
|
Smart Contract Vulnerability
|
|
|
The staking contract of Perpy Finance was exploited on the Ethereum Mainnet, in which the hacker was able to illicitly take away approximately 58,489,594 PRY tokens, which were later sold for 41.895 ETH, amounting to roughly $132,000. The root cause of the exploit was an error in initializing the unaudited proxy contract for the staking liquid module, which was a fork of the staking vested model previously audited and used by Camelot.
|
Tsuru
|
09/05/2024
|
137.78 ETH
|
|
Smart Contract Vulnerability
|
|
|
Tsuru was exploited on the Base chain due to a smart contract vulnerability, which resulted in a loss of 137.78 ETH, which was worth approximately $410,000. The root cause of the exploit is a lack of regulated access control, which would allow anyone to mint the TSURU token and later swap it for ETH in the Uniswap Liquidity pool. In this blog, we have shared a detailed analysis of this exploit.
|
GPU Token
|
07/05/2024
|
$32K
|
|
Smart Contract Vulnerability
|
|
|
The GPU token was exploited on the BNB chain, which resulted in a loss of assets worth approximately $32,000. The root cause of the exploit is an incorrect balance update. The attacker was able to transfer the tokens to themselves, and the balance calculation would override this update. The price of the underlying token dropped by 100% following the exploit.
|
Lifeform
|
08/05/2024
|
81 ETH
|
|
Scam
|
|
|
A fake Lifeform or LFT token was identified as an exit scam on the Ethereum Mainnet, in which funds worth approximately $243,000 were misappropriated. The deployer was able to call a backdoor function to mint an enormous amount of additional tokens and dump them on the DEX pair to drain roughly 81 ETH worth of assets.
|
Galaxy Fox
|
09/05/2024
|
108 ETH
|
|
Smart Contract Vulnerability
|
|
|
The Galaxy Fox token was exploited on the Ethereum Mainnet due to a lack of regulated access control, which resulted in a loss of over 108 ETH, worth approximately $330,000.
|
OSN Token
|
05/05/2024
|
$110K
|
|
Smart Contract Vulnerability
|
|
|
The OSN token was exploited across a series of transactions on the BNB chain, which resulted in a loss of assets worth approximately $110,000. The attacker took advantage of the flaw in one of their smart contracts, which sells its own tokens as a reward for users adding liquidity.
|
Saturn
|
05/05/2024
|
14.16 BNB
|
|
Price Manipulation
|
|
|
Saturn, the new token issuance protocol, was exploited on the BNB chain, which resulted in a loss of 14.16 BNB, worth approximately $8,343. The protocol would reportedly burn and sync the asset amount before any prior token transfers, which led to a price manipulation attack that caused their SATURN/WBNB pool to be entirely empty.
|
NovaMind
|
01/05/2024
|
41 ETH
|
|
Scam
|
|
|
NovaMind was identified as an exit scam in which funds worth 41 ETH, amounting to roughly $123,000, were misappropriated. The address linked with this transaction transferred these assets to a multisignature wallet, which is likely used for the project presale address. The social media account of the associated project has already been deleted, and the price of its underlying token fell by over 97 percent.
|
Pike
|
29/04/2024
|
$1.65M
|
|
Smart Contract Vulnerability
|
|
|
Pike Finance was exploited across the Ethereum Mainnet, Optimism, and Arbitrum chains, which collectively resulted in a loss of assets worth approximately $1.65 million. The root cause of the exploit is a misalignment in the storage layout of upgradeable smart contracts due to the introduction of a new dependency. This misalignment resulted in situations that allowed the attacker to bypass owner permissions. The attack transaction on the Ethereum Mainnet resulted in a loss of 479.39 ETH, which was worth approximately $1,443,114. On the Optimism chain, the attack resulted in a loss of 64,126 OP, which were worth approximately $150,458, while on the Arbitrum chain, the attack resulted in a loss of 99,970 ARB tokens, which were worth approximately $102,269.
|
Yield Protocol
|
29/04/2024
|
$181K
|
|
Smart Contract Vulnerability
|
|
|
Yield, a discontinued DeFi protocol, was exploited on the Arbitrum chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $181,000. The attacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets, and then withdrew extra pool tokens to complete the attack.
|
FENGSHOU (NGFS)
|
24/04/2024
|
$191K
|
|
Smart Contract Vulnerability
|
|
|
FENGSHOU, or the NGFS token, was exploited on the BNB chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $191,000. The root cause of the exploit is a faulty smart contract implementation caused by a lack of regulated access control.
|
Magpie
|
22/04/2024
|
$129K
|
|
Smart Contract Vulnerability
|
|
|
Magpie, the decentralized liquidity aggregation protocol, was exploited due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $129,000. The incident targeted approximately 221 wallet users. The root cause of the exploit is a lack of input validation in the call data parameter.
|
Pike
|
24/04/2024
|
299,127 USDC
|
|
Smart Contract Vulnerability
|
|
|
Pike Finance was exploited across multiple chains due to a smart contract vulnerability, which resulted in a loss of assets worth approximately 299,127 USDC. The root cause of the exploit is a forged CCTP message to drain the assets on the Ethereum, Arbitrum, and Optimism networks.
|
XBridge
|
23/04/2024
|
$1.44M
|
|
Smart Contract Vulnerability
|
|
|
XBridge was exploited on the Ethereum Mainnet and the BNB chain due to a smart contract vulnerability, which collectively resulted in a loss of assets worth approximately $1.44 million. The root cause of the exploit is a faulty smart contract implementation caused by a lack of regulated access control.
|
Yiedl
|
23/04/2024
|
260 BNB
|
|
Smart Contract Vulnerability
|
|
|
Yiedl was exploited on the BNB chain due to a smart contract vulnerability, which resulted in a loss of 260 BNB, worth approximately $160,000. The root cause of the exploit is due to insufficient parameter validation.
|