Summary # On February 7, 2023, CoW Swap, a decentralized exchange (DEX) protocol, fell victim to a smart contract exploit, resulting in a loss of approximately 550 BNB, or about $180,000 USD. The breach occurred due to a flaw in the protocol’s smart contract, which allowed an unidentified attacker to approve fund transfers from the protocol.
Attackers # The identity of the attacker is unknown.
0xc0e82c1ed4786f8b7f806d1b8a6335ec485266ff 0x55a37a2e5e5973510ac9d9c723aec213fa161919 Losses # $166,183 Timeline # January 27, 2023: Barter Solver enters the CoW Swap solver competition.
...
Summary # On February 2, 2023, Orion Protocol, a decentralized blockchain platform that aggregates liquidity across both centralized and decentralized exchanges, fell victim to a sophisticated smart contract exploit. The attacker manipulated a reentrancy vulnerability within the protocol’s core smart contracts, which enabled them to divert approximately $3 million in tokens across the Ethereum and Binance Smart Chain networks.
Attackers # The identity of the attacker is unknown. Two addresses were primarily involved in the attack:
...
Summary # In February 2023, BonqDAO, a lending platform hosted on the Polygon network, was hacked. The attacker exploited protocol’s price oracle weakness to manipulate the price of the $WALBT token. This allowed the attacker to borrow 100 million $BEUR, a stablecoin pegged to the euro, and liquidate other users’ collateral. The total loss from the hack was estimated to be around $120 million.
Attackers # The attackers are unidentified.
...
Summary # A hacker exploited a vulnerability in the LendHub protocol to steal approximately $6 million in digital assets. The vulnerability was caused by the existence of two IBSV tokens on the platform, one of which had been deprecated but not removed. The attacker was able to mint and redeem tokens in the old market while borrowing against them in the new market, ultimately making off with the majority of the assets on the platform.
...
Summary # CoinDeal is a defunt cryptocurrency exchange. In January 2023, the U.S. Securities and Exchange Commission (SEC) charged six individuals and two companies for their involvement in a fraudulent investment scheme called CoinDeal, which raised over $45 million from sales of unregistered securities to tens of thousands of investors worldwide. The defendants falsely claimed that investors could generate significant returns by investing in a blockchain technology called CoinDeal, which would be sold for trillions of dollars to a group of wealthy buyers.
...
Summary # On September 19, 2012, James Zhong exploited the Silk Road dark web marketplace and was convicted of committing wire fraud. The attacker managed to unlawfully obtain over 50,000 BTC by creating roughly nine accounts. Additionally, Zhong received 50,000 BitcoinCash(BCH) due to a hard fork coin split in August 2017, when every Bitcoin address also received an identical balance in BCH. Zhong managed to trigger over 140 transactions in rapid succession, fooling Silk Road’s withdrawal-processing system.
...
Summary # On November 1, 2022, Deribit, a cryptocurrency derivatives exchange, was hacked for $28 million. The attacker gained access to the exchange’s hot wallet, which contains a small portion of the exchange’s user funds that are kept online for fast withdrawals.
Attackers # The identity of the attacker(s) is unknown.
BTC
Deribit hacker 1: bc1q2dequzmk5vk8nmmrata8nq4y0zgqn4vc0n2h8y Deribit hacker 2: bc1qw5g8lw4kzltpdcraehy2dt6dqda8080xd6vhl4kg4wwsypwerg9s3x6pvk ETH and USDC
Deribit hacker 1: 0xb0606f433496bf66338b8ad6b6d51fc4d84a44cd Deribit hacker 2: 0x8d08aad4b2bac2bb761ac4781cf62468c9ec47b4 Losses # The attackers managed to steal ~691 Bitcoin (BTC) and ~6,947 Ether (ETH) and ~$3,394,823 USDC from the hot wallet, worth approximately $28 million at the time of the attack.
...
Summary # Team Finance experienced a significant breach on the Ethereum blockchain during a migration process from Uniswap v2 to v3, resulting in the theft of approximately $14.5 million. The exploit was executed through vulnerabilities in the smart contract, facilitating unauthorized token transfers and manipulations of the Initialize price within the V3 liquidity pool.
Attackers # The identity of the hackers who attacked Team Finance is unknown.
Hacker Ethereum Wallets:
...
Summary # On October 11th, 2022, Mango Markets, a decentralized exchange on Solana, was exploited. The hacker manipulated the price oracle for the protocol’s MNGO token by first taking out a long MNGO position on Mango. Then the attacker artificially raised the price of the MNGO token by taking advantage of low liquidity on secondary markets. The exploiter then used the temporary high price of MNGO to take out loans of USDC, various other stable coins, and SOL against unrealized profit on the long MNGO position.
...
Summary # On October 6, 2022, BSC Token Hub, a bridge between BNB Beacon Chain (BEP2) and Binance Smart Chain (BEP20) was exploited. The native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20), also known as BNB Token Hub was exploited. The hacker used a low-level proof vulnerability and 2,000,000 $BNB were drained out of thin air. Consequently, the hacker began bridging the funds to Fantom and Ethereum chains.
...