Token

Miner ERC-X avatar collection Suffers $466,000 Loss

February 14, 2024
Attack Types: 
Smart Contract Exploit
Entity Types: 
NFT ,Token
Target Entities: 
Miner ERC-X

Summary # On February 14, 2024, the Miner ERC-X avatar collection experienced a critical security breach on the Ethereum Mainnet, resulting in the unauthorized withdrawal of 168.8 ETH, equivalent to approximately $466,000. The root cause of this breach was a smart contract vulnerability stemming from insufficient input validation, specifically, a double-transfer flaw. This issue enabled an attacker to exploit the contract’s transfer function, effectively duplicating their token balance by executing self-transfers, which were not properly restricted by the contract’s logic. ...

SafeMoon's Smart Contract Exploit: An $8.9M Heist and Unexpected Return of Funds

March 28, 2023
Attack Types: 
Smart Contract Exploit
Entity Types: 
DeFi ,Token
Target Entities: 
Safemoon

Summary # In March 2023, SafeMoon, a DeFi protocol, experienced a significant security breach when a vulnerability in its contract allowed an attacker to steal approximately $8.9 million. The attacker exploited unprotected burn and mint functions, essentially manipulating the value of the SFM token. In a surprising turn of events, the attacker agreed to return 80% of the stolen funds, retaining the remaining 20% as a bug bounty. Attackers # The attacker’s identity remains unknown. ...