Rare Bears Discord phishing attack nabs $800K in NFTs
https://cointelegraph.com/news/rare-bears-discord-phishing-attack-nabs-800k-in-nfts
https://twitter.com/BearsRare/status/1504293859467350019?
"Discord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team are working on the situation as we speak 🙏🏼"
_____________
$622M Ronin sidechain hack
Axie Infinity Tokens AXS, SLP Reeling After $622M Ronin Hack
https://decrypt.co/96433/axie-infinity-tokens-axs-slp-reeling-622m-ronin-hack
A day after Sky Mavis disclosed that a hacker stole 173,600 ETH worth $622 million from the Ronin sidechain, the Axie Infinity Shards (AXS) and Smooth Love Potion (SLP) tokens are still reeling.
Community Alert: Ronin Validators Compromised
https://roninblockchain.substack.com/p/community-alert-ronin-validators?s=r
Topic: DeFi hacks [history] - page 13. (Read 19555 times)
The OneRing Finance DeFi protocol was subjected to a hacker attack, as a result of which the attacker managed to seize funds worth about $2 million. The hacker used a script to execute an instant loan, which had a self-destruct mechanism and, as the developers stated, this makes it very difficult to find the vulnerabilities used. To perform the exploit, the attacker placed a special smart contract on the Fantom platform.
Source: https://medium.com/oneringfinance/onering-finance-exploit-post-mortem-after-oshare-hack-602a529db99b
Source: https://medium.com/oneringfinance/onering-finance-exploit-post-mortem-after-oshare-hack-602a529db99b
Li Finance protocol loses $600,000 in latest DeFi exploit
https://cointelegraph.com/news/li-finance-protocol-loses-600-000-in-latest-defi-exploit
The Li Finance swap aggregator has experienced a smart contract exploit leading to the loss of around $600,000 from 29 users’ wallets.
https://twitter.com/lifiprotocol/status/1505738407938387971?
https://cointelegraph.com/news/li-finance-protocol-loses-600-000-in-latest-defi-exploit
The Li Finance swap aggregator has experienced a smart contract exploit leading to the loss of around $600,000 from 29 users’ wallets.
https://twitter.com/lifiprotocol/status/1505738407938387971?
The Rare Bears project team reported that on March 16, a hacker using a phishing attack on users of the Rare Bears Discord channel was able to seize 179 NFT Bears tokens, thus emptying the project on 286 ETH.
The Fantasy Finance project was subjected to an exploit, as a result of which $ 2.6 million was withdrawn, hackers used a protocol error that allowed XFTM to be minted using a small number of FSM Fantasm tokens, instead of using both of these tokens. The hackers started with 50 FTM, gradually using more and more amounts to exchange so they managed to take over a total of more than 2,800,000 XFTM.
The stolen funds were later exchanged for more than 1,007 ETH of about $2.6 million at current prices using the Tornado Cash privacy protocol.
The developers of Fantasm stated that not the entire pool was emptied and there are still 1,820,012 FTM in it, and also that they are developing a compensation plan for affected users.
Fantasm Finance Team report on the incident: https://medium.com/@fantasmfinance/fantasm-finance-post-mortem-exploit-09-march-2022-daf48ead016f
It is reported that the DeFi protocol Deus Finance DAO was subjected to an exploit due to which. the hacker was able to withdraw about $3 million, including 200,000 DAI and 1101.8 ETH.
The developers reported that they are aware of exploits that relate to a loan contract worth $10 million.
And as they themselves stated that the contract was closed, both $DEUS and $DEI are not affected and they are working on a brief description of the hack that will be published after a full assessment of what happened.
It seems that after a slight lull, a band of hacking of Defi projects began, it is reported that hackers managed to withdraw $11 million from the DeFi protocols Agave and Hundred Finance, for the attack, the attackers used an exploit on the Gnosis Chain network that allowed them to use re-entry and instant loans.
Sorce: https://www.theblockcrypto.com/post/137932/defi-protocols-agave-and-hundred-finance-exploited-on-gnosis-chain-for-11-million
[moderator's note: consecutive posts merged]
The stolen funds were later exchanged for more than 1,007 ETH of about $2.6 million at current prices using the Tornado Cash privacy protocol.
The developers of Fantasm stated that not the entire pool was emptied and there are still 1,820,012 FTM in it, and also that they are developing a compensation plan for affected users.
Fantasm Finance Team report on the incident: https://medium.com/@fantasmfinance/fantasm-finance-post-mortem-exploit-09-march-2022-daf48ead016f
It is reported that the DeFi protocol Deus Finance DAO was subjected to an exploit due to which. the hacker was able to withdraw about $3 million, including 200,000 DAI and 1101.8 ETH.
The developers reported that they are aware of exploits that relate to a loan contract worth $10 million.
And as they themselves stated that the contract was closed, both $DEUS and $DEI are not affected and they are working on a brief description of the hack that will be published after a full assessment of what happened.
It seems that after a slight lull, a band of hacking of Defi projects began, it is reported that hackers managed to withdraw $11 million from the DeFi protocols Agave and Hundred Finance, for the attack, the attackers used an exploit on the Gnosis Chain network that allowed them to use re-entry and instant loans.
Sorce: https://www.theblockcrypto.com/post/137932/defi-protocols-agave-and-hundred-finance-exploited-on-gnosis-chain-for-11-million
[moderator's note: consecutive posts merged]
The list of hacks is quite impressive, although everyone says that decentralized exchanges are safe, and statistics say the opposite, there are hackers who withdraw huge amounts, so there is no 100% confidence anywhere in the crypto world.
I use decentralized exchanges 1 inch and uniswap and they have proven to be safe. And I don’t often see news about decentralized exchange hacks. So far, most of the news tells us about hacks of decentralized projects, but 2022 has just begun, and the results will need to be analyzed in December of this year.
The hacker exploited the Treasure DAO vulnerability and managed to steal more than 100 NFT, worth 426,511 MAGIC about $1.44 million, the bug allowed buying NFT for zero MAGIC tokens used on the Treasure platform.
The list of hacks is quite impressive, although everyone says that decentralized exchanges are safe, and statistics say the opposite, there are hackers who withdraw huge amounts, so there is no 100% confidence anywhere in the crypto world.
Crypto-Related Crime Hit Record $14B in 2021—But Shrank by Volume: Chainalysis
Crypto scammers bagged a whopping $14 billion last year. Still, crime is becoming a much smaller part of the industry.
Andrew Asmakov(C)
https://decrypt.co/89854/crypto-related-crime-hit-record-high-14b-2021-chainalysis
"As Chainalysis reported last month, revenues from crypto scams in 2021 were up 81% on the previous year (corrected to 82% in today’s report) to $7.8 billion.
Of this total, so-called rug pulls—a malicious practice where developers build a seemingly legitimate crypto project only to get away with investors' money—accounted for 37% of all crypto scam revenue, or more than $2.8 billion.
“Many investors could likely have avoided losing funds to rug pulls if they’d stuck to DeFi projects that have undergone a code audit—or if [decentralized exchanges] required code audits before listing tokens,” Chainalysis said.
Cryptocurrency theft grew even more, according to the report, with about $3.2 billion worth of crypto stolen in 2021—a staggering 516% increase compared to 2020."
Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity
https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/
Crypto Scam Revenue Up 81% in 2021, Hits $7.7 Billion: Chainalysis
DeFi rug pulls accounted for 37% of all crypto scam revenue in 2021, up from 1% in 2020, according to the blockchain data platform.
https://decrypt.co/88453/crypto-scam-revenue-hit-7-7-billion-2021-chainalysis
Crypto scammers bagged a whopping $14 billion last year. Still, crime is becoming a much smaller part of the industry.
Andrew Asmakov(C)
https://decrypt.co/89854/crypto-related-crime-hit-record-high-14b-2021-chainalysis
"As Chainalysis reported last month, revenues from crypto scams in 2021 were up 81% on the previous year (corrected to 82% in today’s report) to $7.8 billion.
Of this total, so-called rug pulls—a malicious practice where developers build a seemingly legitimate crypto project only to get away with investors' money—accounted for 37% of all crypto scam revenue, or more than $2.8 billion.
“Many investors could likely have avoided losing funds to rug pulls if they’d stuck to DeFi projects that have undergone a code audit—or if [decentralized exchanges] required code audits before listing tokens,” Chainalysis said.
Cryptocurrency theft grew even more, according to the report, with about $3.2 billion worth of crypto stolen in 2021—a staggering 516% increase compared to 2020."
Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity
https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/
Crypto Scam Revenue Up 81% in 2021, Hits $7.7 Billion: Chainalysis
DeFi rug pulls accounted for 37% of all crypto scam revenue in 2021, up from 1% in 2020, according to the blockchain data platform.
https://decrypt.co/88453/crypto-scam-revenue-hit-7-7-billion-2021-chainalysis
Over 4,000 ‘Criminal Whales’ Hold $25 Billion Worth of Crypto: Report
Criminal crypto balances surged from $3 billion to $11 billion, mostly due to the crypto market's rise in 2021 but also an increase in hacks.
https://decrypt.co/92995/over-4000-criminal-whales-hold-25-billion-worth-crypto-report
"New Chainalysis data has found that 4,068 “criminal whales” hold $25 billion worth of cryptocurrency. The firm defines criminal crypto whales as any private wallet that holds $1 million or more of cryptocurrency and has received 10% or more of those funds through illicit addresses. (In other words, not all of that $25 billion is illicit.)"
Criminal crypto balances surged from $3 billion to $11 billion, mostly due to the crypto market's rise in 2021 but also an increase in hacks.
https://decrypt.co/92995/over-4000-criminal-whales-hold-25-billion-worth-crypto-report
"New Chainalysis data has found that 4,068 “criminal whales” hold $25 billion worth of cryptocurrency. The firm defines criminal crypto whales as any private wallet that holds $1 million or more of cryptocurrency and has received 10% or more of those funds through illicit addresses. (In other words, not all of that $25 billion is illicit.)"
The DeFi team of the Dego protocol reports the hacking of its address providing liquidity on UniSwap and PancakeSwap and the liquidity for Dego pairs has been withdrawn, the team reports that the incident is being investigated and the amount of losses is being determined.
Here is another message about the attack, it seems that the DeFi QiDao Protocol project lost tokens for a total of $13 million, thanks to the exploit, hackers managed to withdraw tokens QI, WETH, USDC, SDT, MOCA, STACK, sdam3CRV and MATIC. Although the project team itself recognizes the fact of the exploit, but claims that users' funds are safe, but analysts see a different picture. 
The DeFi Meter project lost about $4.3 million as a result of a hacker attack, 1391 ETH and 2.74 BTC were withdrawn from the project, as the developers said, the hacker used the vulnerability of the automatic unpacking of gas tokens in the protocol, such as ETH and BNB.
DeFi the KLAYswap project announced a hacking incident, as a result of which the project lost about 2.2 billion KRW, or about $1.83 million, the hacker managed to create a third-party js link on the KLAYswap external interface, as a result of which the user was sent to a fake KLAYswap page.
Details are here: https://medium.com/klayswap/klayswap-incident-report-feb-03-2022-f20ba2d8e4dd
Details are here: https://medium.com/klayswap/klayswap-incident-report-feb-03-2022-f20ba2d8e4dd
It looks like cross-blockchain bridge Wormhole was hacked as a result of the exploit and, according to preliminary estimates, lost more than $326 million. dev's Wormhole itself confirmed a total loss of 120,000 ETH and announced that funds would be added to the bridge to stop the wrapped ETH on Solana. This is one of the biggest hacks in the history of DeFi.
https://www.coindesk.com/tech/2022/02/02/blockchain-bridge-wormhole-suffers-possible-exploit-worth-over-250m/
UPD: The venture capital company Jump Crypto, which owns Certus One, which is the developer of the Wormhole cross-chain bridge, announced that it has invested 120,000 ETH in the Solana-Ethereum bridge. All funds have been restored, Wormhole has been restored. The ETH contract is filled and all wETH are secured 1:1.
https://www.coindesk.com/tech/2022/02/02/blockchain-bridge-wormhole-suffers-possible-exploit-worth-over-250m/
UPD: The venture capital company Jump Crypto, which owns Certus One, which is the developer of the Wormhole cross-chain bridge, announced that it has invested 120,000 ETH in the Solana-Ethereum bridge. All funds have been restored, Wormhole has been restored. The ETH contract is filled and all wETH are secured 1:1.
Qubit Finance, X-Bridge $80M
Binance Smart Chain, Ethereum Crypto Bridge Hacked for $80 Million
https://decrypt.co/91447/binance-smart-chain-ethereum-crypto-bridge-hacked-80-million
"An exploit in decentralized finance (DeFi) protocol Qubit Finance enabled one hacker to walk away with $80 million in stolen crypto yesterday.
The specific smart contract flaw that enabled the attack was located in X-Bridge, a cross-chain bridge that facilitates easy token swaps between Ethereum and Binance Smart Chain. "
Binance Smart Chain, Ethereum Crypto Bridge Hacked for $80 Million
https://decrypt.co/91447/binance-smart-chain-ethereum-crypto-bridge-hacked-80-million
"An exploit in decentralized finance (DeFi) protocol Qubit Finance enabled one hacker to walk away with $80 million in stolen crypto yesterday.
The specific smart contract flaw that enabled the attack was located in X-Bridge, a cross-chain bridge that facilitates easy token swaps between Ethereum and Binance Smart Chain. "
Every day, a new hack now, on January 10, hackers managed to withdraw 165.2 million LMT tokens worth approximately $18.2 million from the hot wallets of the sports NFT platform Lympo (daughter of Animoca Brand), according to the developers , the following wallets were compromised:
https://etherscan.io/address/0x5D32b87A43a2bd1f7df209d2F475b165d2c09E24
https://etherscan.io/address/0x526232F70b97938E19394e57BC5eE1d5d929074e
https://etherscan.io/address/0xB0a60eBA24f6CF18CFDED0672c5C7a7529DcC342
https://etherscan.io/address/0x934dd62782BFe4a8E3f096E014266e5F5adc1b2a
https://etherscan.io/address/0x877eECC3Ae4Bb28f048c16CD65A44cDE025345a1
https://etherscan.io/address/0x36d97147cF8E1B75254748Cf0A102316fCc61697
https://etherscan.io/address/0xA432C0081307733e801Ea7877e725F4E0adfbBfF
https://etherscan.io/address/0x4b936321b0E3E2d919412502B6aDA09E9b7d484b
https://etherscan.io/address/0x75912Da145cA00092AF317F8c3A84073A5665256
https://etherscan.io/address/0x4C801611cdaB559861d4dB24155927F903DEa02A
source: https://twitter.com/Lympo_io/status/1480582931794083842
https://medium.com/lympo-official/lympo-statement-to-the-community-914d6b453b1f
https://etherscan.io/address/0x5D32b87A43a2bd1f7df209d2F475b165d2c09E24
https://etherscan.io/address/0x526232F70b97938E19394e57BC5eE1d5d929074e
https://etherscan.io/address/0xB0a60eBA24f6CF18CFDED0672c5C7a7529DcC342
https://etherscan.io/address/0x934dd62782BFe4a8E3f096E014266e5F5adc1b2a
https://etherscan.io/address/0x877eECC3Ae4Bb28f048c16CD65A44cDE025345a1
https://etherscan.io/address/0x36d97147cF8E1B75254748Cf0A102316fCc61697
https://etherscan.io/address/0xA432C0081307733e801Ea7877e725F4E0adfbBfF
https://etherscan.io/address/0x4b936321b0E3E2d919412502B6aDA09E9b7d484b
https://etherscan.io/address/0x75912Da145cA00092AF317F8c3A84073A5665256
https://etherscan.io/address/0x4C801611cdaB559861d4dB24155927F903DEa02A
source: https://twitter.com/Lympo_io/status/1480582931794083842
https://medium.com/lympo-official/lympo-statement-to-the-community-914d6b453b1f
Animoca Brands’ Lympo NFT platform hacked for $18.7 million
https://cointelegraph.com/news/animoca-brands-lympo-nft-platform-hacked-for-18-7-million
"The sports NFT minting platform suffered a hot wallet security breach across several project wallets, losing $18 million worth of LMT.
Sports nonfungible token (NFT) minting platform and Animoca Brands subsidiary Lympo suffered a hot wallet security breach and lost 165.2 million LMT tokens worth $18.7 million at the time of the hack."
Because of developer incompetence, many DeFi projects get hacked.
Every day, a new hack now, on January 10, hackers managed to withdraw 165.2 million LMT tokens worth approximately $18.2 million from the hot wallets of the sports NFT platform Lympo (daughter of Animoca Brand), according to the developers , the following wallets were compromised:
https://etherscan.io/address/0x5D32b87A43a2bd1f7df209d2F475b165d2c09E24
https://etherscan.io/address/0x526232F70b97938E19394e57BC5eE1d5d929074e
https://etherscan.io/address/0xB0a60eBA24f6CF18CFDED0672c5C7a7529DcC342
https://etherscan.io/address/0x934dd62782BFe4a8E3f096E014266e5F5adc1b2a
https://etherscan.io/address/0x877eECC3Ae4Bb28f048c16CD65A44cDE025345a1
https://etherscan.io/address/0x36d97147cF8E1B75254748Cf0A102316fCc61697
https://etherscan.io/address/0xA432C0081307733e801Ea7877e725F4E0adfbBfF
https://etherscan.io/address/0x4b936321b0E3E2d919412502B6aDA09E9b7d484b
https://etherscan.io/address/0x75912Da145cA00092AF317F8c3A84073A5665256
https://etherscan.io/address/0x4C801611cdaB559861d4dB24155927F903DEa02A
source: https://twitter.com/Lympo_io/status/1480582931794083842
https://medium.com/lympo-official/lympo-statement-to-the-community-914d6b453b1f
https://etherscan.io/address/0x5D32b87A43a2bd1f7df209d2F475b165d2c09E24
https://etherscan.io/address/0x526232F70b97938E19394e57BC5eE1d5d929074e
https://etherscan.io/address/0xB0a60eBA24f6CF18CFDED0672c5C7a7529DcC342
https://etherscan.io/address/0x934dd62782BFe4a8E3f096E014266e5F5adc1b2a
https://etherscan.io/address/0x877eECC3Ae4Bb28f048c16CD65A44cDE025345a1
https://etherscan.io/address/0x36d97147cF8E1B75254748Cf0A102316fCc61697
https://etherscan.io/address/0xA432C0081307733e801Ea7877e725F4E0adfbBfF
https://etherscan.io/address/0x4b936321b0E3E2d919412502B6aDA09E9b7d484b
https://etherscan.io/address/0x75912Da145cA00092AF317F8c3A84073A5665256
https://etherscan.io/address/0x4C801611cdaB559861d4dB24155927F903DEa02A
source: https://twitter.com/Lympo_io/status/1480582931794083842
https://medium.com/lympo-official/lympo-statement-to-the-community-914d6b453b1f
Jump to: