Summary # On April 30, 2024, Pike Finance, a Cross-chain Bridge and a Lending Protocol for native assets, was exploited across the Ethereum, Optimism, and Arbitrum chains due to a smart contract vulnerability. $1.7 million worth of assets was siphoned out from the protocol. The smart contract storage misalignment issue was utilized, whith allowed the attacker to bypass owner permissions. Initially, the protocol was exploited four days before the incident, which led to a loss of nearly $300,000 and a temporary pause of operations.
...
Summary # On December 31, 2023, Orbit Chain, a South Korean cross-chain project, experienced a significant security breach involving their Orbit Bridge. The attacker exploited the Orbit Bridge through a private key compromise and drained approximately $81.54 million worth of assets from the Orbit Bridge’s ETH Vault. The stolen funds were converted into ETH and DAI and then distributed across several addresses.
Attackers # The identity of the attacker remains unknown.
...
Summary # On November 22, 2023, Heco Bridge and HTX Exchange were victims of cyberattacks, resulting in over $113.3 million in losses. The attacks appear coordinated and carried out by the same attacker based on similar exploitative techniques and the connection between the two targets. Blockchain security firms CertiK, Peckshield, and Cyvers have reported over $86.6 million in digital assets losses for Heco Bridge and $13.6 million in losses for HTX.
...
Summary # On July 6, 2023, Multichain Bridge experienced a security breach due to a private key compromise. The total losses amounted to approximately $126 million, including wBTC, wETH, USDT, USDC, and other assets. The stolen assets were transferred to several addresses.
Attackers # The identity of the hackers who attacked Multichain is unknown.
Hacker ETH Wallets:
0x9d5765ae1c95c21d4cc3b1d5bba71bad3b012b68 0xefeef8e968a0db92781ac7b3b7c821909ef10c88 0x418ed2554c010a0c63024d1da3a93b4dc26e5bb7 0x622e5f32e9ed5318d3a05ee2932fd3e118347ba0 0x48bead89e696ee93b04913cb0006f35adb844537 0x027f1571aca57354223276722dc7b572a5b05cd8 Losses # Multichain estimated the losses from the hack to be $126 million.
...
Summary # On April 2, 2023, AllBridge, a multichain token bridge, fell victim to an exploit that resulted in approximately $573,000 worth of assets being drained from its BNB Chain pools. The attacker, acting as both a liquidity provider and a swapper, exploited a flaw in a smart contract that enabled them to manipulate swap prices. This led to the theft of $282,889 in Binance USD (BUSD) and $290,868 in Tether (USDT).
...
Summary # On October 6, 2022, BSC Token Hub, a bridge between BNB Beacon Chain (BEP2) and Binance Smart Chain (BEP20) was exploited. The native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20), also known as BNB Token Hub was exploited. The hacker used a low-level proof vulnerability and 2,000,000 $BNB were drained out of thin air. Consequently, the hacker began bridging the funds to Fantom and Ethereum chains.
...
Summary # On August 1, 2022, Nomad, a cryptocurrency platform, experienced a chaotic hacking incident resulting in a loss of more than $190 million. The hack occurred when multiple users took advantage of an accidental error in a recent update, allowing them to drain funds from the blockchain protocol. An investigation conducted by samczsun, the head of security at Paradigm, a web3 investment firm, revealed that one of Nomad’s smart contracts had been modified in a way that made it vulnerable to transaction spoofing.
...
Summary # On June 23, 2022, the Harmony Protocol team discovered a malicious attack on their Horizon Bridge, a blockchain bridge enabling asset transfers between Ethereum, Binance Smart Chain, and Harmony blockchains. In the morning, several transactions compromised the bridge. The hackers were able to steal the following assets: Frax (FRAX), Wrapped Ether (WETH), Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC).
...
Summary # On March 23, 2022, Ronin Network, a blockchain that powers the popular game Axie Infinity, suffered a 51% attack. This allows the attacker to control the network via compromising validators private keys and perform malicious actions, such as double-spending transactions or preventing new blocks from being mined. The attack resulted in the theft of $625 million worth of Ethereum and USDC. The hackers were able to reorganize over 100 blocks, which allowed them to double-spend large amount of assets.
...
Summary # On February 3, 2022, a security breach occurred on Wormhole, a DeFi platform designed to facilitate the transfer of tokens and NFTs across various blockchains such as Ethereum, Solana, and Binance Smart Chain. The attacker successfully exploited a vulnerability by utilizing a spoofed sysvar account, enabling them to mint 120,000 wrapped ETH (wETH) tokens on the Solana network. These tokens were later deemed invalid. Subsequently, the attacker redeemed 93,750 wETH tokens for an equivalent value of ETH tokens on the Ethereum network.
...