Summary # On January 8, 2023, cryptocurrency exchange LCX was hacked, resulting in the theft of cryptocurrencies $8 million. Hackers gained access to the exchange’s hot wallets and stole various cryptocurrencies, including ETH, USDC, SAND, LINK, QNT, ENJ, and MKR.
Attackers # The identity of the hackers who attacked LCX is unknown.
Hacker ETH Wallets:
0x165402279F2C081C54B00f0E08812F3fd4560A05 0x29875bd49350aC3f2Ca5ceEB1c1701708c795FF3 Losses # LCX estimated the losses from the hack to be $8 million.
...
Summary # In December 2021, Vulcan Forged, a well-known play-to-earn cryptocurrency operating on the Polygon Network, faced a devastating exploit involving the theft of $140 million. As outlined in the post-mortem report released by the developers, the attacker managed to employ social engineering tactics to compromise the credentials of user wallets, thereby gaining access to private keys. Consequently, the hacker succeeded in withdrawing 4.5 million Vulcan Forged tokens (PYR), which, at that time, held a value exceeding $140,000,000.
...
Summary # On December 11, 2021, AscendEX, a cryptocurrency exchange, was the victim of a hot wallet breach that resulted in the loss of $77 million. The attacker gained access to one of the exchange’s hot wallets, used to store user funds available for withdrawal.
Attackers # The identity of the attacker(s) remains unknown.
Wallet addresses to which assets were transferred:
ERC20: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55 Polygon: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55 BSC: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55 LTC: LSvQWLf2kGm7UdXtwKvNj4GU1B4xKWUQXR BCH: qp2x5rnn2fkraxcp4hr6suqmnpdehfaaaqn3tv6jke Losses # The attackers managed to steal approximately $77 million worth of assets from the AscendEX network.
...
Summary # In early December 2021, Polygon, an Ethereum-based network has “silently fixed” a vulnerability that had put its native MATIC tokens worth $24 billion at risk. The issue came to light after a group of ethical hackers informed Immunefi, a bug bounty platform associated with decentralised finance (DeFi). Immunefi hosts the bug bounty for the Polygon network. Both white hat hackers who helped discover the bug were compensated a combined total of $3.
...
Summary # On December 4, 2021, BitMart Exchange, a global cryptocurrency platform operating in 180+ countries, fell victim to a significant security breach. The attacker extracted approximately $196 million worth of various digital assets from the hot wallets of the exchange across two networks: Binance Smart Chain (BSC) - $96 million, and Ethereum - $100 million. The primary targets were meme-based tokens, such as SHIB and SAFEMOON. The attacker converted the stolen tokens into ETH and BNB via 1inch and laundered these assets using TornadoCash.
...
Summary # On October 27, 2021, Cream Finance, a decentralized finance (DeFi) platform, fell victim to a sophisticated attack resulting in the theft of $130 million worth of cryptocurrency. The attacker exploited vulnerabilities in Cream Finance’s lending pool contract and manipulated the price oracle, allowing them to carry out a series of orchestrated transactions that ultimately drained the protocol of its liquidity.
Attackers # The attackers remain unidentified.
0x24354d31bc9d90f62fe5f2454709c32049cf866b Losses # $130M USD
...
Summary # On August 28, 2021, Bilaxy, a Seychelles-based centralized exchange, experienced a security breach, resulting in a loss of approximately $21 million. The attacker compromised Bilaxy’s hot wallet and transferred roughly 300 tokens, including notable cryptocurrencies such as USDT, USDC, UNI, and Bilaxy Token(BIA), among others. As of August 16, 2023, the attacker still controls various tokens worth roughly $3,628,005.
Attackers # The identity of the attackers remains unknown.
...
Summary # On August 18, 2021, Liquid, a Japanese cryptocurrency exchange, was hacked for $97 million. The attacker gained access to one of the exchange’s hot wallets, which are used to store user funds that are available for withdrawal.
Attackers # The identity of the attacker(s) is unknown.
BTC:
1Fx1bhbCwp5LU2gHxfRNiSHi1QSHwZLf7q ETH:
0x5578840aae68682a9779623fa9e8714802b59946 0xefb33ccafc98d5fdb27a6f5ff17350ca76bf3b53 XRP:
rfapBqj7rUkGju7oHTwBwhEyXgwkEM4yby TRX:
TSpcue3bDfZNTP1CutrRrDxRPeEvWhuXbp Losses # The attackers managed to steal a total of $97 million worth of cryptocurrency from the Liquid hot wallet.
...
Summary # On August 10, 2021, Poly Network, a cross-chain decentralized finance (DeFi) platform, was hacked for over $610 million in digital assets. The attackers exploited a vulnerability in Poly Network’s code to transfer the funds to their own wallets.
Attackers # Attackers’ identities have not been publicly disclosed. The hacker used the following addresses to transfer the funds:
Ethereum: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71 Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214 Losses # The total amount of losses resulting from the Poly Network hack was over $610 million.
...
Summary # On May 19, 2021 PancakeBunny, a yield farming aggregator built on Binance Smart Chain, suffered a flash loan attack.
Exploit was possible because of how the protocol uses PancakeSwap AMM for its asset price calculation. In bugs like this, flashloans are the go-to way to manipulate the price of AMM pools which affects the price oracle
– Adrian Hetman Source
The hacker exploited a vulnerability related to reward minting to mint 6,972,455 BUNNY tokens, after which the flash loan was paid back, dumping the huge number of newly minted BUNNY in the market caused the token’s price to plummet, the attacker ran off with 114k BNB and 697k BUNNY.
...