Summary # On May 1, 2023, Level Finance, a decentralized finance (DeFi) protocol, was hacked for $1.1 million in LVL tokens. The attacker exploited a vulnerability in the protocol’s Referral Controller Contract.
Attackers # The identity of the attacker is unknown.
BSC:
0x70319d1c09e1373fc7b10403c852909e5b20a9d5 Losses # The attacker stole 214,000 LVL tokens and swapped LVL to 3,345 BNB, which were worth approximately $1.1 million at the time of the hack.
...
Summary: # On April 14, 2023, cryptocurrency exchange Bitrue was hacked, resulting in the theft of cryptocurrencies worth approximately $23 million. Hackers gained access to the exchange’s hot wallets and stole various cryptocurrencies, including ETH, SHIB, QNT, HOT, MATIC, and GALA.
Attackers: # The identity of the hackers who carried out the attack on Bitrue is unknown.
Bitrue Drainer wallet: 0x1819ede3b8411ebc613f3603813bf42ae09ba5a5
Losses: # Bitrue estimated the losses from the hack to be approximately $23 million.
...
Summary # On April 9, 2023, South Korean cryptocurrency exchange GDAC was hacked, resulting in the theft of cryptocurrencies worth approximately $13 million. Hackers gained access to the exchange’s hot wallets and stole various cryptocurrencies, including Bitcoin (BTC), Ethereum (ETH), and Wemix (WEMIX).
Attackers # The attackers behind the GDAC hack remain unidentified.
GDAC Hacker ETH wallets:
0x244615D99684175d31369332039b2D84ce925EC5 0x57192cca8b8e4beb77f3466c6d0550e64cc53b0f Losses # GDAC lost approximately $13 million:
10,000,000 WEMIX 220,000 USDT 350 ETH 60.
...
Summary # On April 8, 2023, SushiSwap, a renowned decentralized exchange, came under attack due to a vulnerability in its newly launched RouteProcessor2 contract. The contract was part of the SushiSwap’s version 3 (V3) upgrades and was deployed on 14 different networks. Before SushiSwap could react, anonymous attackers exploited the vulnerability and managed to drain approximately 1800 Wrapped Ether (WETH) from user wallets.
Attackers # The identity of the attacker is unknown.
...
Summary # On February 7, 2023, CoW Swap, a decentralized exchange (DEX) protocol, fell victim to a smart contract exploit, resulting in a loss of approximately 550 BNB, or about $180,000 USD. The breach occurred due to a flaw in the protocol’s smart contract, which allowed an unidentified attacker to approve fund transfers from the protocol.
Attackers # The identity of the attacker is unknown.
0xc0e82c1ed4786f8b7f806d1b8a6335ec485266ff 0x55a37a2e5e5973510ac9d9c723aec213fa161919 Losses # $166,183 Timeline # January 27, 2023: Barter Solver enters the CoW Swap solver competition.
...
Summary # On February 2, 2023, Orion Protocol, a decentralized blockchain platform that aggregates liquidity across both centralized and decentralized exchanges, fell victim to a sophisticated smart contract exploit. The attacker manipulated a reentrancy vulnerability within the protocol’s core smart contracts, which enabled them to divert approximately $3 million in tokens across the Ethereum and Binance Smart Chain networks.
Attackers # The identity of the attacker is unknown. Two addresses were primarily involved in the attack:
...
Summary # CoinDeal is a defunt cryptocurrency exchange. In January 2023, the U.S. Securities and Exchange Commission (SEC) charged six individuals and two companies for their involvement in a fraudulent investment scheme called CoinDeal, which raised over $45 million from sales of unregistered securities to tens of thousands of investors worldwide. The defendants falsely claimed that investors could generate significant returns by investing in a blockchain technology called CoinDeal, which would be sold for trillions of dollars to a group of wealthy buyers.
...
Summary # On November 1, 2022, Deribit, a cryptocurrency derivatives exchange, was hacked for $28 million. The attacker gained access to the exchange’s hot wallet, which contains a small portion of the exchange’s user funds that are kept online for fast withdrawals.
Attackers # The identity of the attacker(s) is unknown.
BTC
Deribit hacker 1: bc1q2dequzmk5vk8nmmrata8nq4y0zgqn4vc0n2h8y Deribit hacker 2: bc1qw5g8lw4kzltpdcraehy2dt6dqda8080xd6vhl4kg4wwsypwerg9s3x6pvk ETH and USDC
Deribit hacker 1: 0xb0606f433496bf66338b8ad6b6d51fc4d84a44cd Deribit hacker 2: 0x8d08aad4b2bac2bb761ac4781cf62468c9ec47b4 Losses # The attackers managed to steal ~691 Bitcoin (BTC) and ~6,947 Ether (ETH) and ~$3,394,823 USDC from the hot wallet, worth approximately $28 million at the time of the attack.
...
Summary # On October 11th, 2022, Mango Markets, a decentralized exchange on Solana, was exploited. The hacker manipulated the price oracle for the protocol’s MNGO token by first taking out a long MNGO position on Mango. Then the attacker artificially raised the price of the MNGO token by taking advantage of low liquidity on secondary markets. The exploiter then used the temporary high price of MNGO to take out loans of USDC, various other stable coins, and SOL against unrealized profit on the long MNGO position.
...
Summary # On September 20, 2022, Wintermute, a London-based algorithmic market maker offering liquidity across Centralized Finance (CeFi) and Decentralized Finance (DeFi) exchanges and over-the-counter (OTC) deals, was the victim of a security breach. The exploit resulted in a loss of approximately $160 million, impacting 90 different assets including stable coins, Bitcoin, Ether, and various altcoins. The attack was executed through a brute force private key compromise Source. The suspected vulnerability originated from Profanity, a service Wintermute used for generating vanity addresses, despite efforts to blacklist their Profanity-associated accounts after the vulnerability became known.
...