Summary # On December 31, 2023, Orbit Chain, a South Korean cross-chain project, experienced a significant security breach involving their Orbit Bridge. The attacker exploited the Orbit Bridge through a private key compromise and drained approximately $81.54 million worth of assets from the Orbit Bridge’s ETH Vault. The stolen funds were converted into ETH and DAI and then distributed across several addresses.
Attackers # The identity of the attacker remains unknown.
...
Summary # On December 25, 2023, Telcoin, experienced a security breach due to incorrect initialization of wallet contracts, which resulted from a mismatch between the actual implementation of the wallet and the corresponding proxy server, the attacker was able to transfer $TEL from user wallets for $1.2 million.
Attackers # The identity of the hackers who attacked Telcoin is unknown.
Hacker ETH Wallets:
0x35d2775e5f95596509951b140d68fc5b9185ff98 0xdb4b84f0e601e40a02b54497f26e03ef33f3a5b7 Losses # Telcoin estimated the losses from the hack to be $1.
...
Summary # Pine Protocol, a decentralized, non-custodial asset-backed lending platform, suffered a security breach on December 21, 2023, due to a vulnerability in its smart contract on the Ethereum Mainnet. This exploit resulted in a loss of approximately 40 ETH ($92,000), exploiting the protocol across multiple transactions. The attack was facilitated by a flaw related to shared pools between two different contracts within the platform.
Attackers # The identity of the attacker is unknown.
...
Summary # On November 22, 2023, Heco Bridge and HTX Exchange were victims of cyberattacks, resulting in over $113.3 million in losses. The attacks appear coordinated and carried out by the same attacker based on similar exploitative techniques and the connection between the two targets. Blockchain security firms CertiK, Peckshield, and Cyvers have reported over $86.6 million in digital assets losses for Heco Bridge and $13.6 million in losses for HTX.
...
Summary # On November 22, 2023, KyberSwap, a decentralized finance platform, experienced a sophisticated exploit resulting in a loss of approximately $49,000,000. The attack involved manipulating the platform’s smart contract through complex transactions. The attacker used flash loans to manipulate token prices, which enabled them to exploit a numerical anomaly in the smart contract. This allowed the attacker to double-count liquidity and withdraw substantial funds. Despite KyberSwap having failsafe mechanisms, the attacker skillfully avoided triggering these protections.
...
Summary # On November 19, 2023, Kronos Research, a Taipei-based cryptocurrency trading and investment firm, was targeted by a hacker who stole over $25 million from the firm’s treasury using unauthorized API keys. This breach enabled the attacker to access the company’s blockchain wallets and conduct unauthorized transactions. The attack’s impact extended beyond Kronos Research, affecting Woo X, an exchange closely affiliated with Kronos Research. As Kronos Research was a major liquidity provider for Woo X, the security incident led to a temporary suspension of certain asset pairs on Woo X due to a liquidity shortage.
...
Summary # On November 10, 2023, Poloniex, a custodial centralized exchange, experienced a security breach due to a private key compromise. The attacker exploited Poloniex’s hot wallets and withdrew funds across three chains: Bitcoin, Ethereum, and Tron. The total losses amounted to approximately $122.98 million, including BTC, USDT, USDC, ETH, TRX, and other assets. The stolen assets were exchanged for native tokens and transferred to sereval addresses.
Attackers # The attackers believed to be the Lazarus Group, North Korean cybercrime group.
...
Summary # On November 10, 2023, Raft Protocol experienced an exploit resulting in a loss of about 1,575 cbETH. The exploiter employed a sophisticated multistep attack strategy focusing on a smart contract’s precision calculation vulnerability. Initially, the attacker obtained cbETH through a flash loan before donating and liquidating the cbETH to the Interest Rate Position Manager. This maneuver manipulated the collateral token’s index rate, allowing the exploiter to systematically increase their position in small increments, exploiting a rounding issue in the mint function.
...
Summary # On November 8, 2023, the Australian crypto exchange, CoinSpot, experienced an attack on two of its hot wallets, resulting in more than $2.4 million in losses due to a private key leak. The recipient of these funds exchanged them using platforms THORchain and Wan Bridge before exchanging them for Bitcoin using Uniswap and spreading them into four wallets. The Australian financial authority, AUSTRAC, is actively addressing the security breach because the amount stolen is more than $10,000.
...
Summary # Astrid Finance, an Ethereum-based liquid restaking pool powered by the Eigen Layer, suffered a significant exploit on October 28, 2023, leading to a loss of $228,000. The exploit was executed through a smart contract vulnerability linked to insufficient input validation, specifically within the withdraw function of the protocol. This flaw enabled the attacker to manipulate transaction parameters, allowing the creation and utilization of fake tokens to illegitimately withdraw funds.
...