unique_key,DeFi actor involved,Aggregators,REKT URL,SlowMist URL,ChainSec URL,Aggregator sources URL,Additional sources,Aggregator Summary,Event date,Event year,Stolen amount USD,General tactic,Specific tactic,Strategy,Implication of actor,Paper category,Stack category
584,ExtremeLoto,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/83611.htm,,The attacker co****op launched continuous attacks on the EOS quiz game contract lo*****io and has already profited hundreds of EOS. After preliminary analysis the attacker used the logic defect of the game contract by directly invoking the transfer method and multiple accounts coordinated to carry out the attack.,2019-03-06 0:00,2019,158.34,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Dapp,P
540,TRON Wheel Of Fortune DApp,SlowMist,,https://hacked.slowmist.io/search/,,https://www.tuoniao.com/newsflash/p/345662.html,, The TRON Wheel Of Fortune DApp is being attacked by a transaction rollback  with a total loss of 7 856 TR  and the attack is still ongoing. Previously  security personnel found that the hacker continued to conduct transaction Contract vulnerabilitys on multiple DAPP contract addresses through the same method.,2019-05-02 0:00,2019,186.54,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
591,EOS Cube,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/85405.htm,,The attacker justjiezhan1 launched an attack on the EOS game &quot cubecontract&quot and has already made a profit. Prior to this the attacker justjiezhan1 started deploying the attack contract at around 12:00:41 on the same day. The analysts preliminary analyzed that the attacker was still the same as the previous attack mean transaction congestion attack.,2019-03-18 0:00,2019,186.87,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
1076,Jin Finance,REKT,https://de.fi/rekt-database/jin_finance,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $ https://t.co/2u13E6Nm0X $JIN 0x704d4bdca652a85bfd7b56049df57bbbc0b5fdec CAN NOT SELL"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer removed initial liquidity at:  https://etherscan.io/tx/0x55a99c66939687dd030bc5787f93ff6e375db043a76a4612bbddf1b087c60e2a,2020-12-07 0:00,2020,277,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
814,Dswap,REKT,https://de.fi/rekt-database/dswap,,,"#WARONRUGS? on Twitter: ""We would like to apologize for those who bought $MANTLE. especially because of us. We have found that the developer behind “Joe” is a serial scammer. While the code was fine. he bought instantly after listing and dumped on everyone at the top then played the dead. See below.… https://t.co/3W2Q4GY3Ma"" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/07d31eaea94ba9944409158bbea32910c4eab0e5a7a796690dce59900c46f769d  Project tokens were sold by the contract deployer at:  https://etherscan.io/t/00a151e34411c5d00f641d292f420429fbe731b5b1f09e0dc885e6aad145bc690  https://etherscan.io/t/01ae854ebbfe9009a2f8970d566dd2ccd7922bb8958cf915e45175ffcf65d98db  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0775274b8965238cf25b11896873d3fd3cfbc471e1b506d1d51a8f8503933cd65,2020-11-10 0:00,2020,330,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1062,BOMBHEAD token,REKT,https://de.fi/rekt-database/bombhead_token,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""#BOMBHEAD token ($BOMBHEAD) Contract quick peek AI Review: ERC-20 compliant. no major issues Manual look: withdrawUnclaimedTokens - allows owner to withdraw other token that the BOMBHEAD owns. Not sure why? Is there any other contracts? DEV dm me for full review. Community ask!… https://t.co/gmFsC7UhHo"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x70e567dd9c66aa3699ea34fb170979efd9ead33d0ac8c7b0597a873e37578373  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0xfb81b150a910c81648828a8f020ae0a39f8b4ba1c92cb9e994703e400e0c4594,2020-10-24 0:00,2020,342,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
858,GoldenFarm,REKT,https://de.fi/rekt-database/goldenfarm,,,x,,The contract deployer added initial liquidity multiple times. the eample transactions:  https://www.bscscan.com/t/06f07974c41628829951980839cbff463a539ab8b18c6ff72b0543097c133536c  https://www.bscscan.com/t/0f179f346185bb8f659c53406a2d1abd8043f5f8165eee7e2964922016bd6400a  https://www.bscscan.com/t/0ef73a1d940419e2511e0ca7fb0cf96fb83bad84a510f45bec67e2fb62e294b5b  Tokens were sold multiple times by the contract deployer:  https://www.bscscan.com/address/0ac6f6ca3f431e42472d6e0e483c5f35e0be1b83e  The liquidity was removed multiple times as well. the eample transaction:  https://www.bscscan.com/t/0e0d3a678621df8d75e381c1d39393fc6129e547ee5ff699e2816e23df200ddf1  https://www.bscscan.com/t/0f06b9d42e8f03af524ddcd7f5d9eab35e85db460496bc67713d8783fdadfc57e  The stolen funds were bridged to the Binance Chain via BSC: Token Hub by the contract deployer at:  https://www.bscscan.com/t/0d3be69e42d1b8710ead66167a6bbb6c219554fa879055d41650636eadf716b72  https://www.bscscan.com/t/0d37703dcccfe242476770aeaf9f05222c593a34ac8260cc1c41cde285d6e9561  https://www.bscscan.com/t/0aa159255355cd32fdd86a6b2b93520ca26d608b0062c345ea95f9485e3022fc4,2020-12-07 0:00,2020,396,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
589,YUM.games,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/85098.htm,,The attacker justjiezhan1 launched an attack on the EOS game &quot YUM.games&quot and has already made a profit. After analysis it is suspected that the attacker calls &quot gamestart&quot and draws the prize directly without betting the game.,2019-03-15 0:00,2019,414.71,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Dapp,P
982,SAILSAN,REKT,https://de.fi/rekt-database/sailsan,,,https://archive.ph/RaGhK,,The contract deployer added initial liquidity at:  https://etherscan.io/t/095674038c7119a9b55574113361b6afae1ba8672101032d254edc2a92306dbfe  The contract deployer transferred part of the tokens to some External address:  https://etherscan.io/t/09c95b164587a4b479f24542e46b306daad9bc67e28cf4cd56fa6e381b31069d5  The recipient sold them at:  https://etherscan.io/t/01054d3a1e8ca70d6a025b953fc2e3542df930917c97afbe6e95714244d923343  https://etherscan.io/t/073863e7d8ea1d0db21968a7d3bf5acda35cb958d89664c27d62a9cefa470c086  The contract deployer removed liquidity at:  https://etherscan.io/t/0334accd3db203b91d98672f251fcac4b05f4abbde9430e351f5d60ebd9048c4b,2020-11-10 0:00,2020,426,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1066,DAOstreetbets,REKT,https://de.fi/rekt-database/daostreetbets,,,REKT,,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://bscscan.com/tx/0xcc5d2a04cd0d64939626e06226cf20874cae4c46035caba2dd646bcc0e2129f3  The liquidity was removed by the contract deployer:  https://bscscan.com/tx/0x81f380efd9170d9c24a013dbfc5ef8efabbb1ab2393216c626104b666c3d31f3,2021-10-04 0:00,2021,548,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1042,Waronrug degen token,REKT,https://de.fi/rekt-database/waronrug_degen_token,,,https://twitter.com/Crypto_225/status/1390293811620769792,,The contract deployer added initial liquidity at: https://etherscan.io/t/07a30f424087524e16138ff434c81b145716b03582b0fb98b87a9a9ef4b582c2c The liquidity was removed by the contract deployer at: https://etherscan.io/t/0fd42c4003811b759d49fc6248a6c1192ab2b2d1a1e5961c95cdbb46c1ba05b21,2020-12-05 0:00,2020,555,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
952,Potatos Finance,REKT,https://de.fi/rekt-database/potatos_finance,,,x,,The contract deployer added liquidity multiple times:  https://www.bscscan.com/t/0c6bf5b30f6dd23691fe7f7f38467c02a62546b8a1e9d90502fd47f47e4202fa1  https://www.bscscan.com/t/0a7ec7b90d7c7894789edea66657ea331e3666cc17c339d330a160119a30a9dcd  https://www.bscscan.com/t/067a2b842cc693ffc5d2300b8abdeda42dc0d4d9ba14b033002fcbfbd0eca8ced  https://www.bscscan.com/t/016b4703203073313f10402150d350b0d3ad4eee05777efe0fc44b989845b58a0  https://www.bscscan.com/t/055dcb0733a8ea743aecbb2bc80e4b65d11163d63e4417ccca68c43b23e150cdd  https://www.bscscan.com/t/0659368cbe75f6d8ea327e48bcec0d5affafff1ffd2d0046af82fb2d96d5cfc1c  https://www.bscscan.com/t/05a1418087f361e367cdc9f508f8048c40d9ab0624138edfd7693b1432ef502bb  https://www.bscscan.com/t/079b9b0a1a89a037152969dbbbed0b985b166337d3f5829dc98483414f7e0525c  The liquidity was removed by the contract deployer at:  https://www.bscscan.com/t/0d2926281f370b4b9332a2407a3425afef161d62265589680b035ea5170858117  https://www.bscscan.com/t/049278de1d7f04860ba3bd82d27d35367cef447b9ae6f4036455b08815a70fa80  https://www.bscscan.com/t/0be5a19368fac05bde87c176dc81f2063d5b342559cdc1f51e4267a2beec3716a  https://www.bscscan.com/t/0ef2c259ca345f082a8c90033e21efd03ee7532dec7abd60be94c2a4435df45c0  The contract deployer sold tokens multiple times. the eample transactions:  https://www.bscscan.com/t/0a51c11f0f7be8c13c3f4b670306761bbe0b9b29cb5f91b883f5f964c07cb8967  https://www.bscscan.com/t/0c1e2a5d2e95aca0735dbc4218ea085651b77238357c9dcd3381919b773362bc0,2020-12-17 0:00,2020,569,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
847,Gaia protocol,REKT,https://de.fi/rekt-database/gaia_protocol,,,"(1) OverDose sur Twitter : ""AI found another big scam! Scam name is GAIA protocol They use Fake twitters. fake followers. bots and fake telegram users. Full AI report can be found here:. https://t.co/t6N0NtSbpY https://t.co/Qbu2FDsPu2"" / Twitter. (2) https://t.me/overdose_gems_calls/152",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0ae211e0324e8444b927f223b7888723c5841f9f0ee68871539b0687bfc51cfa1  The initial liquidity was removed by the contract deployer at:  https://etherscan.io/t/0c2190d38705b1cf52f614924a21423eb573da385866874b58fd1979bf1b6db48,2020-12-07 0:00,2020,598,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
578,WinDice,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/79342.htm,,The attacker deploys the attack contract rep******net to attack the project party contract windiceadmin.,2019-02-04 0:00,2019,717.75,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
588,LuckyGo,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/84915.htm,,The attacker launched continuously attacks on the LuckyGo profiting hundreds of EOS.,2019-03-14 0:00,2019,722.5,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
824,Enjo,REKT,https://de.fi/rekt-database/enjo,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $ENJO (https://t.co/MLieyXwfvm) 0x116d52abf976e6c9f70c79988d79e0938f4304a2"" / Twitter",,The contract deployer added initial liquidity at:  https://etherscan.io/t/04d304bdbd16bee08ffe4765048e58553618761c54627428d3e82f0eb7c9fe6b8  Liquidity was removed by the contract deployer at:  https://etherscan.io/t/09136e01bec806ed7d69261a82ce7b88edc411ca13da1725d33a1280219469f70,2020-11-28 0:00,2020,762,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1097,Trump Swap,REKT,https://de.fi/rekt-database/trump_swap,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""TrumpSwap ($TrumpSwap) Warning !!!! Function burnFrom can be executed by the owner. It takes balance from the specified address and moves it to the contract OWNER balance. BE CAREFUL !!! BTW. That could have saved you ETH. Support our work !!!… https://t.co/l8AXQYRSUz"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xa6352c883336fc259bd93356de6e15f44ccc9ac7710f8a05cb24fcdfb94dc044  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0xcff98fc457772672c34226383cb7c48ca5820e3d0cf886202fa75f1083dda048,2020-10-24 0:00,2020,795,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
498,Tron Lounge,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/135913.htm,,The hacker at the beginning of the TFNsSk address initiated a transaction Contract vulnerabilityon the Tron Lounge DApp contract beginning with TRON TR3n2D through a self/created contract and has made a profit of 54 653 TR so far.,2019-12-05 0:00,2019,796.3,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
1001,Sonic Swap,REKT,https://de.fi/rekt-database/sonic_swap,,,https://archive.ph/qkUL6,,The contract deployer invoked <u>mint</u>() to generate 100.000 tokens onto his wallet:  https://etherscan.io/t/07d8c79bb95d76a1738b7c7fafbdb4daa4e30460f84ee352b227662bcd3eda13a  The contract deployer added initial liquidity at:  https://etherscan.io/t/05f168df68d307c5a180d9352c6f5bb37693f29731c859ebddc4f527dd12c5626  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0cab94141109d8bdffb52730c7ac8080ad4f98d73cca23c456c4a6a9fc9f2f693,2020-12-21 0:00,2020,824,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
832,Farmland Network,REKT,https://de.fi/rekt-database/farmland_network,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $FRMN (https://t.co/jZStLKdBdW) 0x131468ddbcadd86ae6a03a91d56ffe613078be0b DEV WILL CALL THIS FUNCTION TO MINT RUG ! https://t.co/IfiEmbXzvv"" / Twitter",,The hidden minting functionality was used to perform the eit scam.  The contract deployer added initial liquidity at:  https://etherscan.io/t/0932dab5bed3813997ecebe84dd5112ef0ef0202296b0091dd3b40df84e304afd  The contract deployer increased the tokenstotal supply by invoking <u>initialSupply</u>() function and minting 99.999.999.9 tokens:  https://etherscan.io/t/0c7c01bd03ce963d4e4eb7bd48d364555bda9fc9b89a4d009cc9f6d28bb5e501c  The contract deployer removed liquidity at:  https://etherscan.io/t/02f44fb035a02b74655a35bec6e3b6a5ecf602aecc9340555d127d6b252a7baa3,2020-12-07 0:00,2020,892,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
913,Maxliq.ml,REKT,https://de.fi/rekt-database/maxliq,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: https://t.co/EQIoNiIC7H $MLQ 0x06ee5730c9ff0c76f86fffe958a1ce435ce2cc62 ONLY LOCK 16% LIQUID?"" / Twitter",,Tokens were sold by the contract deployer in multiple transactions:  https://etherscan.io/tokentns?a=0dde258c5834250cf17da9522c1ab88cf818d7b16,2020-11-25 0:00,2020,898,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1074,Horus Finance,REKT,https://de.fi/rekt-database/horus_finance,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""#CryptoRedFlag https://t.co/LKf5EnCVxo ( $HRS ) Manipulate transfer function to be able to whitelist/blacklist addresses then can transfer Calibrating our bots to spot that ... Stay Vigilant !!!!… https://t.co/JISmTSoxGC"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x61d5d6559a77715110eff5c903af89378f69a65708577ff3b231db9b666a01a4  The contract deployer used hidden minting functionality under the addWork() function to generate new tokens onto his wallet:  https://etherscan.io/tx/0x9cfdfc0b3f0adde2242fb1b4517a15e16aeeff56421fc47fbc4fefb19385bb2f  The minted tokens were sold by the contract deployer at:  https://etherscan.io/tx/0x39dcc40ae57b78774c6b1e83a44a5e2781030c066b122c7ad3fd381894482215,2020-10-31 0:00,2020,991,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
745,Ba5ic finance,REKT,https://de.fi/rekt-database/ba5ic_finance,,,"CaptainJackCryptoAPE sur Twitter : ""1.75 ETH RUG https://t.co/srd8t86Zpx"" / Twitter",,The hidden minting functionality was used under the <u>setFeeTransfer</u>() at: https://etherscan.io/t/0beeb09665b20a9fe2aa7980168bc0786cce169a14651b9741e1d4212121855c1 The contract deployer added initial liquidity at: https://etherscan.io/t/0789fa9d71f6fedf6980dd80bfb0072b229cf14eb3445430052b9ca823d90cdbb The contract deployer sold minted tokens at: https://etherscan.io/t/007f1a03e74a423ea27840b9cf8a3e34a290f4fdf16e7d5a2a148587423ab94b0,2020-12-02 0:00,2020,1055,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
651,kittyfishing,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/70394.htm,,The attacker helookitiqas launched attacks on the EOS game kittyfishing which launched a total of 91 attacks in two hours.,2018-12-12 0:00,2018,1077.18,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
757,Bloody Finance,REKT,https://de.fi/rekt-database/bloody_finance,,,"0xdeadf4ce sur Twitter : ""$BLD https://t.co/6sfselfKy9 - don't get rugged. Token contract contains hidden burn function with the only purpose to enable authorization for the token deployer. with no way to change or use the hard coded ""governance"" address for anything else. @VidarTheAuditor #WarOnRugs https://t.co/W7uJdJCx9S"" / Twitter",,The contract deployer added initial liquidity at: https://etherscan.io/t/0f0c3c266f9bd618226955c16c591e855bb10f366ab5db64adb4d097c24b39693 The contract deployer used hidden minting functionality under the <u>delegateFromAndCall</u>() function to generate new tokens onto his wallet: https://etherscan.io/t/071dd67aaf118e9511c346caa59543dfc6e9d03a36b8484c121514cf7c0ea3e5a The minted tokens were sold by the contract deployer at: https://etherscan.io/t/087aa46dcf1304275365b4a70b5676c7b046948c8ac23d6fdccd0563da87f0540,2020-11-05 0:00,2020,1289,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
896,L4CK,REKT,https://de.fi/rekt-database/l4ck,,,"#WARONRUGS? on Twitter: ""We would like to apologize for those who bought $MANTLE. especially because of us. We have found that the developer behind “Joe” is a serial scammer. While the code was fine. he bought instantly after listing and dumped on everyone at the top then played the dead. See below.… https://t.co/3W2Q4GY3Ma"" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0d65aa703a9218b99af6aa0d355a578684fd0b5eeacd57dfacec0eee6b1e7522e  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/08596de39c0251371cf38caa30d5cda52ef06a43e722af010f7a628cbc9ecf5d4,2020-12-26 0:00,2020,1321,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
927,Mother of All Ponzis,REKT,https://de.fi/rekt-database/mother_of_all_ponzis,,,"RD Labs (Previously Rug Detectives) sur Twitter : ""Scam Project / Mother of all Ponzis $MOAP Update: Based on my previous tweet https://t.co/HUjPdYF6WZ the locked funds in @UNCX_token expired days ago. Now @JordanCrypto69 is trying to find a new way of not refunding the money back to investors. #RUGDETECTIVES https://t.co/czw98PWCXF"" / Twitter",,The contract deployer added liquidity at:  https://etherscan.io/t/01eacfa0f78a04e9e7f9b302def998f589e447f8b6c0ac71d76796d0a7ed2a246  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0bb5e794211e5e4201c1a805403bb476d39fb443b77c5eff32cfdf2d620f60e09,2020-12-23 0:00,2020,1336,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
583,Happy Valley,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/83229.htm,,Hackers launched continuous attacks on the EOS quiz game EOS Happy Valley and they have profited hundreds of EOS. The game party has transferred the account balance away. Attackers still use transaction crowding out attacks. To completely fi this vulnerability DApp developers should remove controllable variables such as account balance or time factors to participate in random number generation.,2019-03-04 0:00,2019,1425.65,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
523,Tron contract TLGUt5,SlowMist,,https://hacked.slowmist.io/search/,,(1) Jul 2019 / TLGUt5 Tron Contract Hacked / $2k (Global) (quadrigainitiative.com). (2) https://bitcoinexchangeguide.com/a/day/of/the/hacks/7710/tr/stolen/of/trons/game/of/dice/attack/using/a/reversal/of/transactions/,,The attacker launched multiple roll back attacks on the DApp contract address beginning with TLGUt5. So far it has gained 45 200 TR and the contract balance of the attacked contract is almost zero.,2019-07-02 0:00,2019,1443.91,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
518,TronChip,SlowMist,,https://hacked.slowmist.io/search/,,PeckShield: TRON Guessing Game TronChip Hacked by Random Numbers_Blockchain News_Gyro Technology (tuoluo.cn),,Hackers launched a series of attacks on TronChip earning a total of 61 867 TR.,2019-07-23 0:00,2019,1471.67,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
525,SPOKpark,SlowMist,,https://hacked.slowmist.io/search/,,CoinNess Daily Briefing June 28: MoneyTap. A South East Asia Success For Ripple. Seven More Banks Join (rspread.net),, Hackers have made a profit of 50 845 TR by creating multiple contracts to launch a trade Contract vulnerabilityon SPOKpark  a Tron DApp game. The SPOKpark website is no longer accessible.,2019-06-27 0:00,2019,1729.37,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
890,Keep3rX.finance,REKT,https://de.fi/rekt-database/keep3rx.finance,,,x,,The contract deployer added initial liquidity at:  https://etherscan.io/t/068aa572489dcbf8f5f1ea69db05d9ee6739c08bc9311ef459d527b0f8a210eab  The contract deployer used hidden minting functionality under the <u>upgrade</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/03083ae1eb3fc73d46f7e50e57e16f197c00bbdde38aa4de0abbfeea3bf752520  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/080e4a0412f27ed2f7e435e96353c699cd7989865aa2538963b4147c4ee5e9a5a,2020-11-05 0:00,2020,1813,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
1091,Sauron,REKT,https://de.fi/rekt-database/sauron,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $SRN (Sauron) 0xf803479d0b762e67add90ad9b8e4ace54191875b CAN NOT SELL"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The smart contract was backdoored with a minting function. The contract deployer has sold minted tokens at:  https://etherscan.io/tx/0xab2c318bf45b3ccd644107a4015b3d100e0ede5931d73ede6be42b1af0b414b2,2020-12-09 0:00,2020,2003,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
854,Gh1z.finance,REKT,https://de.fi/rekt-database/gh1z.finance,,,"CaptainJackCryptoAPE sur Twitter : ""Was this mother fucker following me? So he mint to rug as soon as I make the SCAM ALERT? https://t.co/OQ44Gxdz6d"" / Twitter",,The contract deployer added initial liquidity to the pair using funds from KuCoin exchange. Funds from KuCoin received at:  https://etherscan.io/t/0b021a6e5ed11bcc2c85a8fb6ff742aebf2417b3b6d7614434ada7da94aa5828f  Initial liquidity added at:  https://etherscan.io/t/061c5730942710e6417eb5dad3fb381a9785535c9c25c5d0227cd8959f90d197b  The contract deployer invoked hidden minting under setFeeDistributor() function at:  https://etherscan.io/t/06552ac529bd11a4a8d889e59752cfd3b0f28ce761368068d90d7763b24401162  The contract deployer has sold tokens at:  https://etherscan.io/t/052cb39ceeac782b46215c7ca84ce5a929cc67a94cd0e3b3e1932eb8a1a58dd39,2020-11-24 0:00,2020,2137,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
40,Bifrost,SlowMist,,https://hacked.slowmist.io/search/,,https://bifrost.medium.com/post/mortem/bifi/btc/illegal/address/registration/c21ce3ba9fc8,,BIFROST officially released a report saying that the BTC address registration server of the BiFi service was attacked. According to the analysis. the attack was limited to the BTC address registration server. and neither the smart contract nor the BiFi protocol detected the vulnerability. BiFi issues and uses an address for each user who deposits BTC. The deposit addresses are signed and delivered to the address issuing server and the addresses are reflected on BiFi only in the case when the signature is verified. In the attack. the server key of the address issuing server was exposed and the attacker was able to self-sign their own deposit address. Since the attacker could generate a valid signature on the deposit address. BiFi mistakenly recognized the attacker’s BTC transfer as a BTC deposit into BiFi. As a result. the attacker was able to borrow 1.852 ETH with fake deposit.,2022-07-08 0:00,2022,2258.25,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Blockchain,DLT
800,Devilishburning Farm,REKT,https://de.fi/rekt-database/devilishburning_farm,,,"#WARONRUGS? on Twitter: ""We would like to apologize for those who bought $MANTLE. especially because of us. We have found that the developer behind “Joe” is a serial scammer. While the code was fine. he bought instantly after listing and dumped on everyone at the top then played the dead. See below.… https://t.co/3W2Q4GY3Ma"" (archive.ph)",,"The contract deployer added initial liquidity at:
https://etherscan.io/t/05d32efcf7bec2e256ccc24722ee44c86603b4c1bd7dd320db6f02ba3e1f0da67

The contract deployer sold the part of tokens at:
https://etherscan.io/t/070168b613b64df7061ad88111961eafac2afafea3fec53d44d637ca968912a5d
https://etherscan.io/t/0960ba8e1ef0d64f40192a8255cf6ec1d95f21d2d5e725c65b2cd1174073e05ec

The liquidity was removed by the contract deployer at:
https://etherscan.io/t/0e6f12bcc105752797b940c2441e8293d64b877013cc89c20cd86d36b735c0a23",2020-11-06 0:00,2020,2329,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1075,House of paper,REKT,https://de.fi/rekt-database/house_of_paper,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""https://t.co/b9Gjx2LwvP $H3OF Contract Sneak Peek https://t.co/vXdactvw4j The admin (they use roles in the contract). can pause transfers. When paused the specific addresses can still sell/buy Be vigilant !!! #CryptoRedFlag… https://t.co/RVQE9rU8N8"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xe07ecf7294e327869d949fb4c0d6ca144f9152ee43863c425a1e30a7c37b04ce  The contract deployer used hidden minting functionality under the <u>stakingTransfer</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/tx/0x57fc84ab60e7e3ac20efd83f3cf615e55080d8e53b5d3a452a554bbe09624fcb  The minted tokens were sold by the contract deployer at:  https://etherscan.io/tx/0x4ef7dcf6a7f4381ad583fe1fe8a79391c56686311a8825c0b36ae6876e70a5b7,2020-11-12 0:00,2020,2338,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1077,Keep3r.info,REKT,https://de.fi/rekt-database/keep3r.info,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: https://t.co/5OfCfrfXFx $KP3RI 0x0ba3742ef37a008ff9cefc189f65a03d41725a16 CAN NOT SELL"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xc9f0c6b0c1b8190fa06e698a1f766bc53d3867f101638c45ba75a42324bd7bdd  Liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0x19dceefc2c54c92850da4f16e79ee7cc0e9b0ed394cd1c64de2d789220a25033,2020-12-08 0:00,2020,2457,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1047,20 finance,REKT,https://de.fi/rekt-database/20_finance,,,https://twitter.com/CaptainJackAPE/status/1328302322011652098,,The contract deployer invoked mint transaction and generated 50 thousand 20 tokens onto his wallet: https://etherscan.io/t/0e622293195c11ee0c68f05c148a6b0e315f1698084ca5a7dc3cb794b64d1d855 Most of them were added into liquidity at: https://etherscan.io/t/0ff2d791a394e0f566b8a5baa815437b42954e50f88db2e798a8fd868c193a0a6 Part of them was sold in the following transactions: https://etherscan.io/t/07917b57c87b102efc7a7eea2f1bb52ab1add03097a81cb05cd794ab0110a6682 https://etherscan.io/t/091ea88c9f52d03b18328bea9e04b4135c2a3d2a09d0d136aca24aa9ee1f02075 https://etherscan.io/t/0ae127f553f5b2dcd0e67a182169b3442dff95ae859dd4fd786d155b1d919984a https://etherscan.io/t/0c260eb01a766042a9071c6a07353b1701280f7fb1d037b1a5b0335f17563a18a 1 day after. the liquidity was deleted: https://etherscan.io/t/0e558685b303030bbd21c22276ab0b67483d5ea093a67b272f9fefe66014c92b6,2020-11-17 0:00,2020,2501,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,Staking,CP
889,K3psav.Finance,REKT,https://de.fi/rekt-database/k3psav.finance,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""https://t.co/nwpa7FdQX0 $K3PV Contract Sneak Peek Hidden mint as a burn function. Unfortunately was already called adding DEV 9000000 tokens Stay vigilant !! #CryptoRedFlag… https://t.co/w1c559Hwuw"" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0a571e758abe079c01ab0747fc599c75dac613492f1cb5bf975f9260d2be7f176  The contract deployer used hidden minting functionality under the <u>burn</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/04da1b53ea24cd99cf51af1668ba069d12bb6d7a618c2d083b6b7e65306d6b602  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/07c78ac94ee7feb5474d75d22c5950d663ad7bd5ad393c972f40a3e9386244fb7,2020-12-19 0:00,2020,2512,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
1089,Q DAO Governance token v2.0,REKT,https://de.fi/rekt-database/q_dao_governance_token_v2.0,,,BSC-SCAM: Stealthy Liquidity Pool Block on PancakeSwap :: Blockchain Security Stories (cryptot3ddybear.gitlab.io),,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://bscscan.com/tx/0x31fa716c3176789cccd6977221ba9c2b711bf29317ef8b46a14842943dc54e14  The liquidity was removed by the contract deployer:  https://bscscan.com/tx/0x3ae83336123d4cc30dcbb89e9f323b892aad455fbc10cc764a877fbb54b0c2ea,2021-03-26 0:00,2021,2544,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1037,Vegetables Finance,REKT,https://de.fi/rekt-database/vegetables_finance,,,https://archive.ph/gpZds,,The contract deployer added initial liquidity at: https://etherscan.io/t/035f450fcc64da52fa829067bd86fe1edc61089db62a2ad5b892beb615dfb3e83 The contract deployer added his address as a minter at: https://etherscan.io/t/02f6fcef63fbe0db54bfa3ccea2b811aaacb2410725ce5d07ea8e6a4f6ffedad0 The contract deployer has minted new tokens at: https://etherscan.io/t/0d1e7efa2fe970eec68bb8fed015c33fbef1a1f31e447f0dfabf46237c58d2e87 The tokens were sold by the contract deployer at: https://etherscan.io/t/098fed3dde31de01d70ea0327847ad2e7ce9b63fbf3cfae7f5d922e77eb3bb1b0,2020-10-05 0:00,2020,2652,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
1069,EASYPump,REKT,https://de.fi/rekt-database/easypump,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $EPUMP 0xa434cd109542267279bb761271f793e3701441f9 -Dev can choose people to disable the trade"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer airdropped tokens to some external wallets before adding liquidity at:  https://etherscan.io/tx/0x8434567b6b63abe48bfa4d56439879e539a8e8063d9049d6bbc5a8c7ccfd568c  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xbbe2f8bf10e97b0b1346a49bfd84f8891ef860d74eb05fa63b6b3ff94508bade  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0xd3dde2801db450055ac84b665ffeae581784c577444aa276c037535c48bfa687,2021-01-11 0:00,2021,2720,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1079,Lootx Finance,REKT,https://de.fi/rekt-database/lootx_finance,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""https://t.co/RJfmQBUzMS $loot Contract Sneak peek No issues in the ERC-20. transfer incurs fee but there is list of feeException addresses that contract owner can set. Contract owner holds 6000 tokens as of right now. Just sneak peek. if you want full review get devs DM me… https://t.co/WJKHIskh85"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xa6f4cc42def945c35e8662783fe933006d421790d7ea1c727704b17651cb2cf3  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0x5c976ea30b5915d7fcb4a9d6f2f0d8c056ed53dd38f02a972a4600b8aeba7b73,2020-10-25 0:00,2020,2845,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
114,Medamon,SlowMist,,https://hacked.slowmist.io/search/,,Hacker combo: Wiener DOGE. Last Kilometer. Medamon. and PIDAO Project Attack Incident Analysis (qq.com),, The Medamon project was exploited in a flash loan attack  resulting in a loss of $3 159.,2022-04-24 0:00,2022,3159,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
1022,TRBAS3,REKT,https://de.fi/rekt-database/trbas3,,,https://twitter.com/CaptainJackAPE/status/1338479100294402050,,The contract deployer invoked the minting function and <u>DistributeAirdrop</u>() to generate new tokens onto his wallet:  https://etherscan.io/t/0d1a72cc4d68bdc849769a6ba64baf73a604e837689a6ce4d614ff342e45351a7  https://etherscan.io/t/09cd32b80ffbe08745f81c6b80b4a2821db54dfba40391a7200baa04dc43dc1f2  https://etherscan.io/t/0d2acd26e2b53b61ebaec684fbefe4122313563ab57a01f29be64476951057e1c  Tokens have been sold by the contract deployer in multiple transactions:  https://bloy.info/ts/calls_from/0be9230888a7f842628b3475a430f7cadf1461734?signature_id=1102188&amp;smart_contract_address_bin=07a250d5630b4cf539739df2c5dacb4c659f2488d,2020-12-14 0:00,2020,3176,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
799,Deriswap,REKT,https://de.fi/rekt-database/deriswap,,,"Teebaum on Twitter: ""Scam Alert! $deri #Deriswap $deriswap 03e0493b7e29a2079B7BA630ccb278005C8A068Eb Impersonating as ""official deriswap"". no mentioning of andre. github looks sus too. #Scam #Crypto @AndreCronjeTech Alert everyone!"" (archive.ph)",,The team merely had a Github profile and a Telegram group. without a full/fledged website and documentation. They posted a bogus Quantstamp audit on Github to confuse the community. The project team pointed to an official report by Andre Cronje about a December conversation between Yearn and Sushi to show even more legit intentions. It's a second time. where anon dev teams use bogus Deriswap contracts to replicate Andre Cronje's work.,2020-12-17 0:00,2020,3262,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
508,SKR EOS,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/117430.html,,skreosladder  has been attacked again by hackers  who have earned thousands of EOS. The hacker has attacked the game several times and has been blacklisted by the project side  but the hacker still used the trumpet to circumvent the restrictions.,2019-09-02 0:00,2019,3292.5,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
970,Reflect3 Finance,REKT,https://de.fi/rekt-database/reflect3_finance,,,https://twitter.com/CaptainJackAPE/status/1336522875197538312,,The contract deployer transferred tokens to some External address at:  https://etherscan.io/t/01c30d40e7d560cb241387293d6530b669b933072be590b9e3017f50dfdb29299  Tokens have been sold by the recipient at:  https://etherscan.io/t/029848cd4835594fed12aad59f18b79476676965b31764c1d6785443badab38cc  Liquidity was removed.,2021-01-28 0:00,2021,3294,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
549,HotDice,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/74290.htm,,Developers have not been able to effectively detect block and isolate accounts which is contract high risk or marked as blacklisted.,2019-01-04 0:00,2019,3415.71,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
879,iBLUE,REKT,https://de.fi/rekt-database/iblue,,,"#WARONRUGS? on Twitter: ""We would like to apologize for those who bought $MANTLE. especially because of us. We have found that the developer behind “Joe” is a serial scammer. While the code was fine. he bought instantly after listing and dumped on everyone at the top then played the dead. See below.… https://t.co/3W2Q4GY3Ma"" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/00c98729b28e004880d1c2c1c9905a9986f06e5b2db5b5fa163439665c5ad19d6 The liquidity was removed by the contract deployer:  https://etherscan.io/t/0dae4fdd63ba1caa094178370202ab7ecc535bf9015b1ec47e2a95726aa5393e7,2021-01-06 0:00,2021,3470,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
646,nutsgambling,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/67268.htm,,Hacker ybdzmtgouwn launched an attack on nutsgambling an EOS quiz game. In less than an hour a total of 144 attacks were launched and a total of 1 141.71 EOS was obtained. In order to prevent the flow of funds from being tracked the hacker used multiple sub/accounts to sequentially transfer the acquired assets to the account kcbtvwteabc which has not been withdrawn to the exchange yet.,2018-11-26 0:00,2018,3716.27,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
795,Delicacy DeFi,REKT,https://de.fi/rekt-database/delicacy_defi,,,https://archive.ph/bjUbb,,"The contract deployer added initial liquidity at:
https://bscscan.com/t/06a2a3aa0e0b4ffa334e83d40cc5b71aa2ae1abdf6b753fcc2b99cdbcd4b292f4
https://bscscan.com/t/00256b9a5fa3cd5d4fa78783b1678277a0d5cdab8847076b7e9d3a1558b122cb1

The contract deployer locked the bigger part of LP tokens using CryptE at:
https://bscscan.com/t/05655c9a321277689fc09085c0f2acd2e85a12f19faf3880a3cc3b2b2a33adcbb

After the unlock. the liquidity was removed by the contract deployer at:
https://bscscan.com/t/0fe692790c5f5d07f7741efe752275b6d32788ef6c0f2def01e5bb243b3e72b51",2021-06-03 0:00,2021,3725,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
778,Contribute Protocol,REKT,https://de.fi/rekt-database/contribute_protocol,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #75 - Contribute.Protocol $CTB (0xF776e108e50560075f69b6754cAe708975E74a2c) Reason: This token is being run by serial scammer Joe (from W3RLD and MANTLE). Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/G8wdxFN17R"" (archive.ph)",,The contract deployer added initial liquidity at: https://etherscan.io/t/09b42811e717e843d3669bcd3c7fc36b01359c2d6fe2e3217b8b311977b523669 The liquidity was removed by the contract deployer at: https://etherscan.io/t/0b6e977b1f497d5e5b3c2b24417dace942727efbe7407355cd05f0134dc346d5c,2021-03-10 0:00,2021,3919,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
752,Binary Protocol,REKT,https://de.fi/rekt-database/binary_protocol,,,"CaptainJackCryptoAPE sur Twitter : ""Mint rug pool https://t.co/cnWynBZ24H"" / Twitter",,The contract deployer used a hidden minting functionality under the function <u>initialSupply</u>(). which was invoked by the contract deployer 3 times: https://etherscan.io/t/07467abb573c49a7f9afa29a0d086db87b05470132e5a3e4f1c32cee80293a521 https://etherscan.io/t/0f4b6c14069f1d9761c40c11f4132be2cc0361d86b2b069c551e51deadbc2293c https://etherscan.io/t/0672689de6495180d7301f9282dac828d6aad609d9a1fb7bb7f36b7a6623dc887 In the function input data. the recipient address of the minted tokens was this address: 0D97A750139bC69A8e206b67B54288463C634050C This External wallet added initial liquidity at: https://etherscan.io/t/01cdad510f30826e2d54b15a61942d9a33fdb0271a6d1b11c935a1f99ea825da5 The transaction. where the External wallet sold tokens: https://etherscan.io/t/00c02a010cf511dc7ef859e8f64daaa38ce4f1d0021523bfc5cc29a9feb41b083,2021-01-29 0:00,2021,3924,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,Exchange,P
1083,Monster Chain,REKT,https://de.fi/rekt-database/monster_chain,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""MONSTER CHAIN ($MONSC) Code Peek SCAM WARNING #scam #rugpull They added modifier to approve method (it is needed to approve tokens to be transferred) so only creator of the contract can sell ... be careful ... audit the code before going in . or push devs to get code review… https://t.co/zssYhNYDTd"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x7ecc57f57b7fa56179a7461a415b8b3945a75db18c4f8a21fcf0eb0db364d508  The contract deployer sold tokens at:  https://etherscan.io/tx/0xb130a570450d55b49e21fe12b72c3faf7a5b944a204fd298cd824c1f67b1019d  https://etherscan.io/tx/0x960f8b8d4118407c309e2bcb1ee43ed6350aa2505f5f25c065a1ee493cd9833c  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0x402e4c0cccd533d193ae455bb53e3faa4e118e5a3f08ba00975cb4f461307abd  The stolen ETH was transferred to the external wallet at:  https://etherscan.io/tx/0xbca7f22adeb65eca028e1c20c37b1a66436f5827258808a6daeb4209413e7dd2,2020-10-22 0:00,2020,4012,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
860,GrowBase Finance,REKT,https://de.fi/rekt-database/growbase_finance,,,"CaptainJackCryptoAPE sur Twitter : ""Last rug pool for 2020. scammer mint to rug 5.45 ETH in 5 minutes. I save a lot of people'ass. https://t.co/DLXFda9vik"" / Twitter",,The contract deployer minted 100.000 tokens onto his wallet:  https://etherscan.io/t/0dc33e55c43acab62ac30a1910a5c1c6a451dd1cd533a4f487d433499c035f233  The contract deployer added initial liquidity at:  https://etherscan.io/t/00280abeee46c7469336350a26ce94b283fbf1aad7295a32e16a397f1dec83886  The hidden minting functionality was used under the <u>claimRewards</u>() function by the contract deployer:  https://etherscan.io/t/00345fdc9f4f010c668ee8b3309afc7cdc6643fd948ac04c1128e033290dd385e  The contract deployer sold minted tokens at:  https://etherscan.io/t/0c3378386196fcf8735566bc73c328215ce0671f03ed97c8601a287e9e2841851,2020-12-31 0:00,2020,4025,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
859,Groot.finance,REKT,https://de.fi/rekt-database/groot.finance,,,"?????????? ???????????? sur Twitter : ""?https://t.co/0vI7q6fnYv is a scam! Do not trade!"" / Twitter",,The contract deployer added initial liquidity at:  https://etherscan.io/t/06c9e22b6b9093bfd44522c2308c9f4a73310e100e05638d1f56c0d6f68860390  The contract deployer used hidden minting functionality under the <u>addPhase</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/00625c4abe62b7132bd331e33ff0778cc5d475bc03f8d7de2d4b3a5d6fc82c8f4  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/0a669e7e6bf142f4d48a7ddbb2d946f5fe8e1d62401d12c1bf625ec95bfab2c70,2020-11-02 0:00,2020,4049,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
958,PUMP,REKT,https://de.fi/rekt-database/pump,,,"#WARONRUGS? on Twitter: ""We would like to apologize for those who bought $MANTLE. especially because of us. We have found that the developer behind “Joe” is a serial scammer. While the code was fine. he bought instantly after listing and dumped on everyone at the top then played the dead. See below.… https://t.co/3W2Q4GY3Ma"" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0cd623049f2deb01ae06ea8840dc7f2ba7ee927a6002e15c92311172bfd5e9884  The liquidity was removed by the contract deployer:  https://etherscan.io/t/039c882e8afa6a3b03a7a78f7e4c12e308c04cb5181e24e8d7552c2cdf47bcce6,2021-01-05 0:00,2020,4144,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
846,FutureBase.Finance,REKT,https://de.fi/rekt-database/futurebase.finance,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $FBASE 0x8a59500444d48041eb90f6fcbb5814a938d5a428 THEY hide mint function to mint rug They will mint 100000000 tokens. https://t.co/REWOviwn4G"" / Twitter",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0fd6d5756c49c0efd5c4e056a8416a523319540f92e994f6317a80debf6f72712  The contract deployer used hidden minting functionality under the <u>renounceOwnership</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/0df78757847953d4fd56d1137ec451e4e86024c74c45afd9a067c3a1a6d268902  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/08cce4238c214ac20da5de73d673818f88c8ff7659b469bc0352cfcae6773c223,2020-12-22 0:00,2020,4272,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
944,Overbase Finance,REKT,https://de.fi/rekt-database/overbase_finance,,,Tweet / Twitter,,The initial liquidity was added by the contract deployer at:  https://etherscan.io/t/0b3a52c455c5ad2448eec6ae013d7e0717a46825115b469a19bfdcb84d8704847  The hidden minting functionality was used under the <u>addTransaction</u>() function by the contract deployer at:  https://etherscan.io/t/037c4b1c5437413fb09a29afa6a0bcbf74dd7ccb87820982fcd229f9b736a9433  https://etherscan.io/t/01d4f1376f091aed4706167cfe4b62715c766b00038bb9a29d826d46d37489a66  The contract deployer sold minted tokens at:  https://etherscan.io/t/06baa10d2d11e36af7c6a42b8c4f20a177095d37960cab3f95e869df3eb48c953  https://etherscan.io/t/0a312f50054e4acfa299bdd3e411b94040d3aa09b3dc59bcc7afbcd06b48a2567,2020-12-18 0:00,2020,4275,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
987,ShabuVault,REKT,https://de.fi/rekt-database/shabuvault,,,https://archive.ph/Cff4B,,At first. the contract deployer removed himself from the list of minters. at this transaction:  https://etherscan.io/t/0497aa751563746ef288e18efad5a0c8ec5ecc04f8e7508d5ece3976d65ab7016  However. he left an opportunity in the token smart contract that would have allowed him to reinstate himself as a minter. He invoked <u>addMinter</u> function in the following transaction:  https://etherscan.io/t/058bcb174d2442878adad1bdaddb6ac98e7ce346b5cd9e9b8ed80c1cd06676b14 After doing this. the owner generated an additional 4K SHABU tokens and placed them in his wallet. The owner could increase the ta rate to 100% and put himself on the whitelist. The project eit scammed after the token contract owner drained liquidity. stealing 10 ETH. ShabuVaultswebsite and social media are inaccessible.,2020-11-04 0:00,2020,4357,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
885,Jointventure Finance,REKT,https://de.fi/rekt-database/jointventure_finance,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""Some recent rug /> https://t.co/DJnLTBO4TQ / they minted 1 mln tokens using hidden mint inside burnFrom function Bot is ready to catch that scam /> https://t.co/tbXpHLL5Oo… https://t.co/9nzNCtMq9q"" (archive.ph)",,The contract deployer has locked part of tokens at:  https://etherscan.io/t/06077ef8cd8587a0ddfd269e9798cc779fd4126961cab08f28de00e7cce3c4dbc  The contract deployer added initial liquidity at:  https://etherscan.io/t/0de4ad6af33aef90cc1325aa1b65c9133461731dfe2d627eab7fc573f25f4ed7e  The contract deployer used hidden minting functionality under the <u>burnFrom</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/0a9d1f67364becac80b60f8a149c2bce93e3e1307d3ce9aa7c123f20668f4415e  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/005e5b1fdc63207e498826fe437dd6939c0006c5ddb83a3a51da246fe9722439b,2021-01-13 0:00,2021,4443,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
649,Fastwin,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/68797.htm (2) https://peckshield.medium.com/fastwin/hack/eplained/block/one/releases/stealthy/patches/against/critical/flaws/78c599071f95,,The attacker ha4tsojigyge launched 124 attacks on the Fastwin game contract fastwindice3.,2018-12-05 0:00,2018,4485.32,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
574,Fastwin,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/78765.htm,,The attacker is the same batch of accounts that previously attacked BET.,2019-01-31 0:00,2019,4660,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
149,PulseDAO Finance,SlowMist,,https://hacked.slowmist.io/search/,,"Rugdoc.io sur Twitter : ""???? PulseDAO Finance RUGGED! (https://t.co/uM9i16E9) It appears 4243 FTM was removed by the contract owner here https://t.co/MKNZMhf5A Tomb forks have inherent governance risks. which is why it is critical to have renounced contracts and KYC in place before entering https://t.co/bdEGITH2wB"" / Twitter",, According to RugDoc on Twitter PulseDAO Finance has Rug pull scamed. Social and website are closed. 4342 FTM was removed by contract developer.,2022-03-14 0:00,2022,4732.78,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
978,Rotex,REKT,https://de.fi/rekt-database/rotex,,,https://twitter.com/CaptainJackAPE/status/1330174803307864072,,The contract deployer invoked the hidden minting function under <u>renounceRole()</u> at:  https://etherscan.io/t/023481a28e4091d8b189f71abcc3a2e72c0362e26c72947ba3590973159f03789  Tokens were sold at the following transactions:  https://etherscan.io/t/0f8b2ebe34ac9203be2572143d7a426aead6c6f62293dcdfcf23f78b2017e0da6  https://etherscan.io/t/070bcce36bc91b0bd121b6a9c54c779804146a76592479a0f88ebeb8efeb92f84  https://etherscan.io/t/0e970d6716362be70499013423d431652ca7e9889b3a799225e2d599d49e56546  https://etherscan.io/t/0759ae1661f766171b55a534b93b559a1c697c8acc1322cc8a3ea3ef1cb646c32  https://etherscan.io/t/0e5a998566f50c66957771ef1fc6e7446ce981cd884e36d1e90edd759c91c0452,2020-11-21 0:00,2020,4804,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
560,FarmEOS,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/76137.htm,,The attacker made a profit of nearly 2000 EOS through the Dice game by deploying the attack contract flo*****now in just a few minutes.,2019-01-15 0:00,2019,4870,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
273,Banksy,REKT and SlowMist,https://de.fi/rekt-database/banksy,https://hacked.slowmist.io/search/,,"Pranksy ?? sur Twitter : ""Is this... real? https://t.co/jzlAYs99T #Banksy #NFT on @opensea commentating on potential climate damage of PoW blockchains? https://t.co/GG8FkGr2k7"" / Twitter",, A user claimed on Twitter that he had mistakenly entered an NFT auction scam and was taken away by an art website worth 336 000 US dollars of Ethereum. However  the development of the story is somewhat unepected  because the other party returned 100 ETH in full. In this scam  the victim reported that he inquired about the NFT auction on Monday from a certain population on Discord  and then he thought he was lucky enough to win the bid for the first NFT on the website and paid 100 ETH (about 336 000 US dollars) for this. ). However  according to a BBC report on Tuesday  a hacker exploited a security hole in the artist Banksy  s website and set up a web page (banksy.co.uk/NFT) to sell so/called non/fungible tokens (NFT). In the end  although the hacker returned the money  the user still lost $5 000 in transaction fees. REKT: A user claimed on Twitter that he had mistakenly entered an NFT auction scam and was taken away by an art website worth $336K dollars in Ethereum.  The hacker returned 100 ETH in full. In this scam. the victim reported that he inquired about the NFT auction from a certain Discord chat. and then he thought he was lucky enough to win the bid for the first NFT on the website and paid 100 ETH (about $336K) for this.  According to a BBC report. a hacker exploited a security hole in the artist Banksyswebsite and set up a web page (banksy.co.uk/NFT) to sell NFT tokens. In the end. although the hacker returned the money. the user still lost $5.000 in transaction fees.,2021-09-04 0:00,2021,5000,Instant user deception,Evil twin site,Imitation,Intermediary,NFT,
815,dxHub,REKT,https://de.fi/rekt-database/dxhub,,,https://de.fi/rekt-database/dxhub,,On the Telegram announcement group. the project team invited people to join the dHub token sale event. The TG group has 34 thousand members. however. most of the accounts of community members looked like bots. The tokenomic of the project was devoid of logic. The funds from the fundraising event came directly to the teamsETH address. The teamsGitHub page lacks development history:  https://github.com/dHubCoin  Users have complained about not receiving the airdropped tokens. 8.4 ETH. gathered from the sale. were transferred and converted into USDT.Transfer transactions:  https://etherscan.io/t/0a786aafef6f1b03e689517e1def980bf46528827e89bbbfe13b16c841be3bd7a  https://etherscan.io/t/075e3fea35f208bf8bc10f8c9bdee471ea472c104c63d6d85d7b204cd3efe98a9,2020-12-13 0:00,2020,5150,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Exchange,P
563,playgames,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/76371.htm,,The game playgames has been continuously attacked by malicious user niyoubudou33. It has been attacked 295 times as of press time which is consistent with the previous attacks on EOS.Win FarmEOS idice LuckBet GameBet EOSDice STACK DICE and many other games.,2019-01-16 0:00,2019,5233.15,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
781,CREW,REKT,https://de.fi/rekt-database/crew,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #41 - CREW $CREW (0xf212F5f479801606E4EEE5ecb150D09CD16320F3 Reason: Owner can call the mint function. allowing him to rug pull. Origin for the contract creation come from the @TornadoCash mixer. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/0XD3pUQUmn"" (archive.ph)",,The project was holding a fundraising event: https://archive.is/8bDTt The presale contract: https://etherscan.io/address/0D5862D568fee62E746633b58C9eA07b4a0e4F586 Raised funds (10.8 ETH) were distributed to the External address at: https://bloy.info/ts/transfers_from/0d5862d568fee62e746633b58c9ea07b4a0e4f586?currency_id=1,2020-12-12 0:00,2020,6105,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
1073,Harvester Network,REKT,https://de.fi/rekt-database/harvester_network,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""https://t.co/xt2OWjBcjM $HARVESTER Sneak Peek Another one that blocks sales. Modifier placed on transferFrom function. allows only the owner to sale. Stay vigilant !!! #CryptoRedFlag… https://t.co/PWeczwTlTh"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x9b7ab0b3e62df7562c5df105831040b602cd459624d9dee52decd41101aab29b  The liquidity was removed by the contract deployer:  https://etherscan.io/tx/0x8648805c6babd8359971e359273a3c8019cd95dc76cc0f4999697293ba85a039,2020-12-23 0:00,2020,6152,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
843,Foxy.farm,REKT,https://de.fi/rekt-database/foxy.farm,,,x,,The contract deployer added initial liquidity at:  https://etherscan.io/t/0c92719075b98c7ae32e7d5a8e70d61573220f8a07dec9468ce897c144577f2fd  The contract deployer invoked <u>mint</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/01780a9285fe8c19630613922e96eff7058f1216a701e9679ea99c006043fd478  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/035cbcf78084775888d62a8094f28b3226cffe1e138536e494b9a12a4ea69e71b,2020-10-20 0:00,2020,6154,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,NFT,CA
1033,UnlimitedBase Finance,REKT,https://de.fi/rekt-database/unlimitedbase_finance,,,https://twitter.com/CaptainJackAPE/status/1338793705054998528,,The contract deployer added initial liquidity at: https://etherscan.io/t/02728c8260ab52626d5224f7e819dea30e0f1bf4d6c7be8e77b8f6144e6b4111e The hidden minting functionality was used under the <u>renounceOwnership</u>() function by the contract deployer: https://etherscan.io/t/016326c6efb7d2863c27812bc0b122faba67042535fdc6771d5dcfc5ea8cfb26a The contract deployer sold minted tokens at: https://etherscan.io/t/06188200af44104bde945ca0dcfaa260eee84c058896ff6df7f9e9e0aee86c31f,2020-12-15 0:00,2020,6283,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
1068,Douyea,REKT,https://de.fi/rekt-database/douyea,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $YEA (https://t.co/rlyj7NlLB4) 0x0acb685f4e214877b470a68bcb5f74b53a8981c6 CAN NOT SELL"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x2150c7329bc757ca1e7bd675c3a08583dace30cbdc222d4d0dcc9e6bc7316019  Liquidity was removed by the contract deployer:  https://etherscan.io/tx/0x90126a3f61124bba2cb5d393c5d85e359a1b161efb1b6bd0dd58cd7d8e0cb8b9,2020-12-13 0:00,2020,6426,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
115,PI/DAO,SlowMist,,https://hacked.slowmist.io/search/,,Hacker combo: Wiener DOGE. Last Kilometer. Medamon. and PIDAO Project Attack Incident Analysis (qq.com),,The PI/DAO project was exploited in a flash loan attack  resulting in a loss of $6 445.,2022-04-24 0:00,2022,6445,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Dapp,P
942,Ohohoh.io,REKT,https://de.fi/rekt-database/ohohoh.io,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $OHOHOH (https://t.co/WkJ2TnhzAo) 0x0ad7cc8e06951f538b9009c32e3ebdc924c9bcb8 The team makes a presale. some real buyer does get in. and some are “fake”. team presale most of the tokens to themself and dump to hell after the list."" / Twitter",,The contract deployer has minted tokens onto his wallet at:  https://etherscan.io/t/0f4d022e0ea78529c0ef6d8b55e53728ef9ada395542282959529a6c7ceeb4861  The contract deployer added initial liquidity at:  https://etherscan.io/t/0530ad85a3a87e5029955f4d0ffafb64329b9db633cd30666c3c0afee6253c4ad  The contract deployer transferred tokens to the External address:  https://etherscan.io/t/0c4eb2dc384e0c21f23398fb17341d84a2a2f299f5d74ed8d6d316c4bd25282f7  The recipient has sold tokens in multiple transactions:  https://bloy.info/ts/calls_from/022b3d80f93b1ed477e784cba93790584b5795ed8?signature_id=1102188&amp;smart_contract_address_bin=07a250d5630b4cf539739df2c5dacb4c659f2488d  The contract deployer removed liquidity at:  https://etherscan.io/t/07c553b24f5fee5035fa133b94b8cfb2469eba01f874dda201c4e0dda6bc497f8,2021-01-05 0:00,2020,6460,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
821,ELLA,REKT,https://de.fi/rekt-database/ella,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""$ELLA Sneak Peek https://t.co/JLba2i5alF Owner currently an ordinary address has minter role. owner can mint unlimited supply of new tokens. @ellafinance Can you explain why do you need that functionality?… https://t.co/uwSwuv0wVn"" (archive.ph)",,The contract deployer transferred minted tokens to the presale contract for the further distribution between early investors at:  https://etherscan.io/t/0fb2b7bf29c02faa792c924e48e6deac8bd39d15dc02404a4c0a7b456dcad772a  https://etherscan.io/t/01a7d139387c1b08af5adf3fa47378632137c36f08a66e0f763203ee933fcfa6e  ELLA_Presale smart contract:  https://etherscan.io/address/075f869f1cbf81f031e5623a7bb2712a901cba22b#code  The contract deployer invoked <u>withdrawAllEtherByOwner</u>() function to withdraw funds from the presale at:  https://etherscan.io/t/03aee7b2c78c2074a9c912fe2f5e39c86a0beeffce7da32611ec7016669960e3a,2020-11-24 0:00,2020,6497,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1065,CHERRY,REKT,https://de.fi/rekt-database/cherry,,,"CaptainJackCryptoAPE sur Twitter : ""I see SCAM ""CHEERY"". 3 out there. 2 of them CAN NOT SELL. 1 of them just remove liquid rug pool."" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xf68147ee944826d5d50323691004f59000e8f862a6fef28b3708eace3be2f7dd  The contract deployer removed liquidity at:  https://etherscan.io/tx/0x520e274156f39b04c96703b2f032bf2d2edf1cbbf3e39f572d17de46707fc80a  https://etherscan.io/tx/0x405a900a8d0551c58f24fa81dfba9a82ba86250440c6ee07ae3feee643955bb1,2020-11-28 0:00,2020,6593,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
837,FlippazOne,REKT,https://de.fi/rekt-database/flippazone,,,"@bertcmiller ???? is hiring (jobs.flashbots.net) on Twitter: ""Today an NFT started minting with a function which unfortunately which lets anyone drain all their ETH A few hours later there was an MEV bot skirmish over the ETH in this contract. here's a short thread with some details https://t.co/lUjHFiReyN"" / Twitter (archive.org)",,Quick SummaryThe creators of the FlippazOne project created a NFT smart contract. which is also an auction contract. The contract included a serious vulnerability in the <em>ownerWithdrawAllTo()&nbsp;</em>function. in which there is no verification of the owner. which allows anyone to take all the funds of the contract through calling this public function. Details of the exploitThe contract creator of FlippazOne created a contract with a vulnerability that enables anyone to withdraw all $ETH&nbsp;from the contract to any address. The vulnerability lies in the fact that this function does not have a check on the owner. which means anyone can pick up $ETH tokens to their address at any time. This account with address ( https://etherscan.io/address/0194a39f48f1d5e310d0e0cc25e727c7d2bff0b14) made a bid sending 1.5 $ETH to the FlippazOne contract that were successfully withdrawn by unverified contract ( https://etherscan.io/address/0b314fd4ac6e10a7e27929cbc8db96743739c82b6) in this transaction:  https://etherscan.io/t/0670da209fb1168941c4565a9a86f87d1011b24b857ea64f658b126a43f031fa0.Then another 4 $ETH were withdrawn by EOA address in this transaction:  https://etherscan.io/t/0f2cc19d4c8bfb04e35789e9b716c5f1ba8b893df3a821b104ed5f845230a3762<br\ >As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceVulnerable contract address:  https://etherscan.io/address/0E85A08Cf316F695eBE7c13736C8Cc38a7Cc3e944Contract owner and creator:  https://etherscan.io/address/07f377ee93b2c7856838c9fb7effe0ba34399d9d3,2022-07-05 0:00,2022,6828,Contract vulnerability,Access control flaw,Technical vulnerability,Target,NFT,CA
1121,Polynomial Protocol,REKT,https://de.fi/rekt-database/polynomial_protocol,,,(1) https://twitter.com/0xpoor4ever/status/1602156729105788929?s=46&t=tH0vMbOpNhvuOa-6q-f14g. (2) https://mobile.twitter.com/PolynomialFi/status/1602260142870896646?cxt=HHwWjICx2YvHr7wsAAAA,,"Quick Summary
The attacker could drain USDC balances of user addresses that approved their tokens to be spent by the PolynomialZap contract. 

Details of the Exploit
The swapAndDeposit() function of the PolynomialZap contract contains a bug: there are no limitations for two input parameters - swapTarget and swapData. This allows anyone to abuse the function and steal tokens approved to the contact. 
All tokens that are approved to the vulnerable contract are still in danger. 

Block Data Reference
The vulnerable contract: 
https://optimistic.etherscan.io/address/0xB162f01C5BDA7a68292410aaA059E7Ce28D77c82#code 
The attack contract:
https://optimistic.etherscan.io/address/0xf682e302f16c9509ffa133029ccf6de55f4e29a8#code",2022-11-18 0:00,2022,7000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Derivatives,P
974,Rfyield Finance,REKT,https://de.fi/rekt-database/rfyield_finance,,,https://twitter.com/DetectivesRug/status/1341827376104222721,,The contract deployer added initial liquidity at:  https://etherscan.io/t/09ecec12043a2d6e083e329c575a47b6f2965b4cb998197a9c0fdb6f45726428f  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0ce29086ae06a7ba048277b2802667ad7111de061a1045c74f0333ed2c74bd76d,2021-02-02 0:00,2021,7193,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
32,Impermax Finance,REKT and SlowMist,https://de.fi/rekt-database/impermax,https://hacked.slowmist.io/search/,,https://impermax.medium.com/imx-incident-post-mortem-and-recovery-plan-aeecd4e457ce,,An official incident report from Impermax Finance stated that a hacker was able to steal approimately 9M IM from several wallets controlled by the team. The IM was not sold immediately after the hackers stole the funds. So the official team decided to get a head start by dumping a lot of tokens on the market before the hackers did anything. The Impermax lending protocol is completely immune to this  as the attack is caused by stolen private keys  not a bug in the smart contract. REKT: Quick Summary The hacker managed to steal the private keys of the Impermax team. Despite the fact that the Impermax team took measures. the hacker still managed to escape with some of the money. Details of the exploit: Impermax is a DeFi platform for unlocking the value of LP tokens.. The hacker stole the funds. but did not sell them immediately. The stolen amount is enough to dump the token price to about 0. The team decided to make a frontrun attack by dumping a huge amount of tokens before the hacker does it.  The team plans to make a recovery process. during which a new $IM token will be made. which will be sent to all holders of the old token. Block Data ReferenceScammer addresses:ETH/ Scammer address (A):  https://etherscan.io/address/064e5ac2e59ccd85c02dede27d290f16d0ed5bf24Scammer address (B):  https://etherscan.io/address/01d2677ed1b0815fab22368347723551a9dd1fb1b Polygon:/ Scammer address (B):  https://polygonscan.com/address/08e430d8388d44e30f8e612708d59cf9d832daac2,2022-07-16 0:00,2022,7200,Undetermined,Accessing private keys/data,Undetermined,Target,Lending,P
636,FFgame,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/62867.htm,,By deploying the attack contract and using the same algorithm as FFgame to calculate the random number in the contract the attacker immediately uses the Contract vulnerabilitycontract in inline_action after generating the random number resulting in the winning result being &quot predicted&quot thus reaching the super high winning rate.,2018-11-09 0:00,2018,7247.3,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
1090,Ren Swap,REKT,https://de.fi/rekt-database/ren_swap,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $RSWAP 0x90f58bbdccfd41e294cc9cf8ea035d33f4693269 CAN NOT SELL"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x00ba4c81d028509aaf442bd5aaceeb9afa97f71453f73dcde0308f8f2be1bfe6  Liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0x1b076b17d73a9ff2209b600bb5c2014c47282f44b70662e03f454f9cc996d8df,2020-12-09 0:00,2020,7248,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
887,K.O.N.G Token,REKT,https://de.fi/rekt-database/k.o.n.g_token,,,"(1) Crypto94 / Owner of Infinity Gainz sur Twitter : ""New Scam: $KONG It is being heavily shilled by fake multiple accounts in many groups and some already said you cannot Sell once you bjy. i haven’t bought it myself. Stay Safe https://t.co/3PjS66xSlY"" / Twitter. (2) https://twitter.com/CaptainJackAPE/status/1333727225145815040",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0d20c10174c5b9d2c5ba4c7c15335bf3de4d7d1dbe74c4f76f413b566b23f0f00  The contract deployer invoked <u>mint</u>() function to generate 2.5 million tokens at:  https://etherscan.io/t/042cbf5eaedf465cdd5776d8d41eed62491d43cf9456bc8e844cf08395d149212  Minted tokens were sold by the contract deployer at:  https://etherscan.io/t/0f6cd379992ff141f0e4bd528edd87e2a679fa7a376bf414e338f75dece1b004c,2020-12-01 0:00,2020,7451,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
585,Gamble EOS,SlowMist,,https://hacked.slowmist.io/search/,,https://cloud.tencent.com/developer/article/1419237,,,2019-03-09 0:00,2019,7586.87,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
746,BabyDAO,REKT,https://de.fi/rekt-database/babydao,,,$BabyDAO on PancakeSwap Appeared Rug Pull | TokenInsight,,Quick SummaryThe $BabyDAO token has been Rug pull scamed by the token creator for $7.6k. Then funds where sent to another address from which they were laundered via Tornado.cash. Details of the exploitThe token creator deployed a BabyDAO contract. where 10T tokens were minted to his account ( https://bscscan.com/t/03af2f636d7b5b2965f818fd374b1c7b6cb9d0b697375b2e1c50a823043650e88).After the token deployment. the scammer address created a pair on PancakeSwap of $10 WBNB and $100M BabyDAO ( https://bscscan.com/t/08ad196e570fc4382c343c9fe0c706715ee94d362515bba83c4f663068f8f183b).After 14 days. 300 $BNB was sent to the deployer\saddress. of which 290 $BNB was used to increase the liquidity pool on PancakeSwap.Transfer transactions to deployer\saddress: https://bscscan.com/t/0166c1cedcbcfc9bafbd4c15ec55e633a4070167d4706eee0109c370061231429Adding liquidity to PancakeSwap: https://bscscan.com/t/067e83954bd116ff9145146d267e3722405671e66c5495dfea09581843bccec3cWhen the price of the token went up. the deployer removed liquidity and took a profit of 32.25 $WBNB. All the funds were transferred to another address where funds were laundered via Tornado.cash.Transferring funds to address from which funds were laundered via Tornado.cash: https://bscscan.com/t/040a34d6f65a8155e15d4b72955ced2ab1a8f3bff1d5d365072c7407d04a31ea3<br\ >As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceCreator address: https://bscscan.com/address/0e153c4b638d2c5db64adf804bd7410203e29c78aThe address to which the tokens were sent for laundering via Tornado.cash: https://bscscan.com/address/0d759da5909237b687fc53bab9dd92bfd8deb7f0aToken address: https://bscscan.com/address/0f2d5d38fa88f9e2be0830351275d0724f96b0f5f,2022-06-07 0:00,2022,7602,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
919,Metropolis.finance,REKT,https://de.fi/rekt-database/metropolis.finance,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $MTR(https://t.co/MeLyHYpeo5) 0x4bdf091405098ece89d97bc8a8e1ca52131286a4 THEY hide mint function to mint rug https://t.co/ehlD3J64HF"" / Twitter",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0975570ce53e0a534e3157e1f6e3aa5b5301e32cc6c2e74edd0e8f1cd484ce793  The contract deployer used hidden minting functionality under the burnFrom() function to generate new tokens onto his wallet at:  https://etherscan.io/t/02154b52edf55414bd2694f6087020a19c6688293cd90430497a49b83969f84f1  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/0fbc4caf5f59627d09c02cebbb1544c1488333391df73cc054bb2598cdcd0b3f3,2020-12-25 0:00,2020,7805,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
784,CYBER SOLIDITY,REKT,https://de.fi/rekt-database/cyber_solidity,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? MAYBE SCAM?: CYBER SOLIDITY $CYI 014f8d4ff4348fd42a976a67a017c86b434a63853 CAN NOT SELL"" / Twitter",,"An External address added 20.5 ETH to the CYI/ETH liquidity pair on the Uniswap:
https://etherscan.io/t/09fe148dcf5be457be8b032f109c99f3234689e5e3ce800fa8b7dc0d2985ce2ce
When the liquidity raised up. this address removed his LP token at this transaction:
https://etherscan.io/t/035f1cdac500102b376e938594c7198f434facb5c63d1b2edb4e39612a6c0ebbc
The difference between the initial and final liquidity is 19.9 ETH. Funds were moved to another address and deposited into the Binance exchange.",2020-11-14 0:00,2020,7823,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
971,Relay3rV1,REKT,https://de.fi/rekt-database/relay3rv1,,,https://archive.ph/BuSGX#selection-2997.91-2997.135,,The contract deployer added initial liquidity at:  https://etherscan.io/t/0e54c922ea70a2812b9306c29210249993b98100cc5468c928ddcc3844b1f5146  The liquidity was removed multiple times by the contract deployer:  https://bloy.info/ru/ts/references_address/0aa9e20bab58d013220d632874e9fe44f8f971e4d?argument=to&amp;signature_id=1111734,2020-11-11 0:00,2020,8222,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
996,Sloth Inu,REKT,https://de.fi/rekt-database/sloth_inu,,,http://web.archive.org/web/20211122065336/https://slothinu.com/,,The contract deployer added initial liquidity at:  https://etherscan.io/t/0e34fe75527bb9ba10eb440fca520542f110761bf0ac98ccb153b83dc335089af  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0d5174a5bf0b05d91d4f1f8ad378cf68585685d2ec42c9d083ddf48e9bcaa082d  https://etherscan.io/t/0092c83c7db95ef5be8b3f8268894ec18a1583aad4529f3817cf5199210bc9043,2021-11-25 0:00,2021,8228,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
586,Vegas Town,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://developer.aliyun.com/article/693323 (2) https://cloud.tencent.com/developer/article/1419237,,The attacker launched a continuous attack on the EOS quiz game Vegas Town profited thousands of EOS and has been transferred to the ZB exchange. Preliminary analysis found that hackers used the failed (hard_fail) transfer transaction to cheat the game server resulting in continued awards.,2019-03-10 0:00,2019,8315.71,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
1064,Brother finance,REKT,https://de.fi/rekt-database/brother_finance,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $BRO (https://t.co/OKOiUSjlJB) 0x5225741356d335663beec2c787db444cf714b329 CAN NOT SELL"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer removed initial liquidity at:  https://etherscan.io/tx/0x2f368491385104f7ae59a135b103fcf2bb436f7ac4906f186e9567d9b353135c,2020-12-08 0:00,2020,8327,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
924,Mocha Set Dollar,REKT,https://de.fi/rekt-database/mocha_set_dollar,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #64 / Mocha Set Dollar $MSD (0xE060eF66f0d429dCF123d82A8aB8E7718880182c) Reason: Staking contract (which have mint ability) is behind a proxy. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/ZSzyheOynw"" (archive.ph)",,The contract deployer increased liquidity by utilizing funds from his Binance wallet. When the liquidity of the protocol grew after two days. the owner removed liquidity and transferred funds to his regular wallet. The website is unavailable. and the contract deployer took away 8.9 ETH.   https://etherscan.io/t/070514480e3ac84d07a0f8b0868fe35aff13fe7ee0f96f80fe13abdfc8f9e8049,2021-01-03 0:00,2021,8780,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
969,Reflation,REKT,https://de.fi/rekt-database/reflation,,,https://archive.ph/N2HfF,,The contract deployer added initial liquidity at:  https://etherscan.io/t/0b52e11e11d6aa14ea261d5f59df962013879e40e2f1f2798b5e80942821f82af  The contract deployer used hidden minting functionality under the increaseAllowance() function to generate new tokens onto his wallet at:  https://etherscan.io/t/0aa141fae41b7f4dd0c2170741834a3a70562599a9c3490c3b6b272f8d903e3a0  The new tokens were exchanged for ETH 3 times at:  https://etherscan.io/t/06d54fe5eb4b8772b6a4cc361c82ef2a084f936dafd5a70ec28178785eaff39f0  https://etherscan.io/t/0ebffb4e0e3b812b3ca03b2a01a5c1507abc58a748863b636691c106beba3b0d5  https://etherscan.io/t/0d70328a748e0547f819affe889d42a939fa31d88387c1e61f834455012f64e69  Stolen funds were transferred to the External wallet at:  https://etherscan.io/t/0a8fb0d3048d89b0bb0c8561b96356552e4787aedeabc00e5f3c94bc04efcc00b,2020-12-14 0:00,2020,8987,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
1035,Vadia Finance,REKT,https://de.fi/rekt-database/vadia_finance,,,(1) https://archive.ph/g4Rk4 (2) https://archive.ph/3dw7H#selection-3007.2-3007.44,,The contract deployer added initial liquidity at: https://etherscan.io/t/0dbc4f7a5d62f32243055a26d9ee43c2cb2f3d25951340a31f0f74d58ab53f03c The External wallet used hidden minting functionality under the <u>approve</u>() function to generate new tokens onto his wallet at: https://etherscan.io/t/0ac95d899152692f7444ac79515dddd9f77d2dd4724eb021181084f3b1ec65a07 The minted tokens were sold by the External wallet at: https://etherscan.io/t/096dc3c17a809513d43699b5f709009f2da99c6d807916051e6ebcbcb0c6df1ac Stolen funds were transferred to the wallet. marked as Phishing4814 by the Etherscan: https://etherscan.io/t/0af4b3b5bb1b6593e060a347d524be7d41ff37c65d7e14a4ee2c6390b5e5e25be,2020-12-08 0:00,2020,8992,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,Lending,P
223,Definer,SlowMist,,https://hacked.slowmist.io/search/,,https://mp.weiin.qq.com/s/YokbbrGD/G_cbMKoMWyJtw,, On December 13  the DeFi platform Definer oracle was attacked. This incident was caused by the problem of Definer's implementation of the oracle in OEC. It used the token balance of a single liquidity pool at a point in time as the price source  which led to the accident. The implementation of Ethereum used ChainLink's The oracle does not have this problem.,2021-12-13 0:00,2021,9297.95,Interconnected actors flaw,Undetermined,Technical vulnerability,Target,Lending,P
647,Atidium,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/67820.htm,,EOS Atidium s official account wwwatidiumio was abnormal. A total of 6 tokens including ATD tokens 337 759 004 were transferred to account b4jmqvvktgj. The account then transferred 130 million ATD tokens to Newde exchange for cash a total of 3 183.8564 EOS were profitable. According to data from the PeckShield situational awareness platform on November 30: At 03:42 this morning. the official account wwwatidiumio of the EOS Atidium project party was abnormal. A total of 6 tokens. including 337.759.004 ATD tokens. were transferred to the account b4jmqvvktgjx. Subsequently. the account transferred 130 million ATD tokens to the Newdex exchange for cashing out. making a total profit of 3.183.8564 EOS. PeckShield security personnel initially analyzed that the ATD official private key was suspected to have been stolen. The official modified the active private key at 06:19 and notified the Newdex exchange to suspend trading and stop losses. PeckShield hereby reminds the majority of EOS account holders to be vigilant about the security risks of account private keys.,2018-11-30 0:00,2018,9381.89,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
910,Mantle,REKT,https://de.fi/rekt-database/mantle,,,"#WARONRUGS? on Twitter: ""We would like to apologize for those who bought $MANTLE. especially because of us. We have found that the developer behind “Joe” is a serial scammer. While the code was fine. he bought instantly after listing and dumped on everyone at the top then played the dead. See below.… https://t.co/3W2Q4GY3Ma"" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/00ed985541d9f2418a6c0ab6f70cffcd2c77e8abe417088d76501433f76025272  LP tokens were locked at:  https://etherscan.io/t/0ba8d2f0fb2b154762541f746bf01767738e0f1c0660812729733ecc81b06c38c  LP tokens were withdrawn by the contract deployer at:  https://etherscan.io/t/097497bcef1593d840e777656a5af375c4206cbaebeee77083545d9d3e8b03e64  Liquidity was removed multiple times by the contract deployer at:  https://bloy.info/ts/references_address/0816881a282a2644d7cfbe224db272f016359b05e?argument=to&amp;signature_id=1115283,2021-03-21 0:00,2020,9507,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
840,Focus,REKT,https://de.fi/rekt-database/focus,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #66 / FOCUS $FCS (0xe8B4D012605363E142Cb63355dbf67d6f795c65C) Reason: This token is being run by serial scammer Joe (from W3RLD and MANTLE). Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/TXiIycP9mq"" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/07a2a205e54483808a83d57a69ce3392bf194ee1da908d76349e85c28ef256347  The part of tokens was transferred to some External wallet by the contract deployer:  https://etherscan.io/t/0b0f55eaab14f27bd1ecae139b5cf2c54b346dc73efd801da475355e9940f0134  The tokens were sold by the recipient in the following transactions:  https://bloy.info/ts/transfers_from/02933df4f2ea6aaf8bb7f59617c4ac72806a41750?currency_id=643498  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0d0359495f7be6f492ef711980969e294175cade49b2b58f59db9be75202011a9,2021-02-28 0:00,2021,9555,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
546,DEOS Games,SlowMist,,https://hacked.slowmist.io/search/,,https://www.8btc.com/article/385671,,Attackers continue to make continuous profits by creating new accounts and calling the luckydraw method of the EOS quiz game DEOS Games contract. Currently  over 300 accounts have been created and thousands of EOS have been accumulated. Different from the known attack characteristics in the past  it is preliminarily judged that this attack is a new type of attack. The attacker creates new accounts in batches  and then places small bets in exchange for a larger return. The return rate of betting is abnormally high  resembling wool wool.,2019-04-02 0:00,2019,9650.58,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
1007,SuperMarioBros,REKT,https://de.fi/rekt-database/supermariobros,,,https://de.fi/rekt-database/supermariobros,,The contract deployer added initial liquidity at:  https://etherscan.io/t/0ba3a2fcad0760906e5b21c62038eddbac8f5a6cde212fe4cebd33eba1c653bc0  The contract deployer used hidden minting functionality under the <u>burn</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/03bb99fc6bec1d475c041eb10b693baf92467b02d3e20280138e5e94ed039b679  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/016125deb030cecb58407c44b06cb1bdd9d79eec69c3a658291017a44171931f7,2020-10-23 0:00,2020,9669,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
701,Gooniez Gang,REKT and SlowMist,https://de.fi/rekt-database/gooniez_gang,https://hacked.slowmist.io/search/,,"Moe sur Twitter : ""My discord is hacked DO NOT CLICK ANYTHING"" / Twitter",,Gooniez Gang discord has been hacked. 16 NFTs stolen with a total floor price of roughly 6.634 ETH. Hacker hacked discord of @MoonboyMoe ( https://twitter.com/MoonboyMoe/status/1535813390798663681). and sent a phishing link. Discord is not available for now. Contract address: https://etherscan.io/address/018cd9fda7d584401d04e30bf73fb0013efe65bb0,2022-11-06 0:00,2022,9700,Instant user deception,Social media compromission,Imitation,Intermediary,Dapp,
753,Bing Swap,REKT,https://de.fi/rekt-database/bing_swap,,,"Super Nagger sur Twitter : ""You know this is a scam before they even start. when the CEO of Bing Swap is none other than the former prime minister of Ukraine. Yulia Timoshenko ?? #Rugpull in the making. @WARONRUGS #cryptocurrencies #Defi #Scam https://t.co/ew203rhhci"" / Twitter",,The project was holding a fundraising event using Bounce: https://app.bounce.finance/fied/swap/4710 The project raised 30.93 BNB in total. Liquidity wasn\ tadded. We are in hacking attack and lost all of funds. so please be patient in the announcement message: https://archive.is/JnuJ In addition. the project CEO\sphoto is fake. They used a real photo of the former prime minister of Ukraine. Yulia Timoshenko: https://archive.is/1AWQP,2021-04-03 0:00,2021,10239,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
986,SAV3R,REKT,https://de.fi/rekt-database/sav3r,,,https://archive.ph/ZkDFl,,The contract deployer added initial liquidity at:  https://etherscan.io/t/0029913507efa3be8845488ec8b46b3642c543e74aaddf464fa4da0b61b581f6c  The contract deployer used hidden minting functionality under the <u>sav3rPools</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/0437a300a0867a686ec99a6c9820fdb8dae4e58026d74c822473068c2f465b419  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/01ed734e145f91faca598fdace43e576dc6df3bd3b757bab0b5a6369e81d7260c,2020-11-17 0:00,2020,10423,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
1088,PulldogSwap,REKT,https://de.fi/rekt-database/pulldogswap,,,"Rugdoc.io sur Twitter : ""We saw @PulldogSwap today and decided to do some digging. It does not look good but because they refuse to provide a MasterChef we cant verify for sure this is a scam. Use EXTREME caution with this one. Im avoiding. https://t.co/nFOqEJbjiO"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer transferred part of the tokens to some external wallets at:  https://bscscan.com/tx/0x89e44f27e7acf32a1db574f58f26363f39a47b33bfd2e78a0c94555a130b5f2a  https://bscscan.com/tx/0x4795f3ea32916389b56c0251ccdbba5d574b4059dbc636d949a828044d63af3c  https://bscscan.com/tx/0x602b25292f506163edbbc3230a4773a9f18bf5036103c7c1f6fcee3b8f97c371  One of these wallets added initial liquidity at:  https://bscscan.com/tx/0x9622893cc7f20cec85310f3f7f540aeff0866bd80d762f82fefeec977b6d508f  The liquidity was removed by the external wallet at:  https://bscscan.com/tx/0x12446a0d979475f1e2501bb079f729cd8d0afcfeba3e6bd6cf89bdb27a2a2a32,2021-03-16 0:00,2021,10531,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
640,AurumCoin,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://nullt.com/aurumcoin/claims/cryptopia/refutes/a/51/attack/resulting/in/lost/funds/ (2) https://www.cryptoglobe.com/latest/2018/11/aurumcoin/claims/crypto/exchange/cryptopia/was/hacked/but/doesn/t/admit/it/#!,,According to a report by Finder on November 12 AurumCoin (AU) a new digital currency based on the monetary gold standard system (the US dollar operation method) has recently suffered a Governance issue and lost 15 752.26 Australian dollars (approimately 11 362 US dollars).,2018-11-11 0:00,2018,11362,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
785,D4ppdao,REKT,https://de.fi/rekt-database/d4ppdao,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $D4PP 0d7309454792e5e1acbea93e1f5d5ec4e8c5c8b33 This shitty token pay for Detool to promote. that was very tricky. Don't ever buy it guys."" / Twitter",,,2021-01-06 0:00,2021,11621,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
844,Fractal Defi,REKT,https://de.fi/rekt-database/fractal_defi,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $FRCTL 0x19beb45e21e0a2327e5bb33553fe6b58a650797b Fucking team makes the game to buying under 30X price themself. blocked people out. then ""unlimited"" the transfer amount to dump on new buyers. fucking scam. don't buy it."" / Twitter",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0eb074eb3eeba066a858f2532ea134b1ccb4609cfdf493e73c6974058c6192f5a  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0c26213cc0b760539cf991eb2ee137859b5256ae4068226e3586b61126db604da,2021-01-16 0:00,2020,11678,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
857,GMT,REKT,https://de.fi/rekt-database/gmt,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing a #rugpull on project $GMT which has dropped more than 87% in price. The deployer minted 1.3billion GMT to an EOA which is linked to the selling wallet. BSC: 0x59375348e069Fa7E0eb58B98F72d2dEE078259c9 Stay vigilant! https://t.co/zrVJkJkeYN"" / Twitter (archive.org)",,Quick SummaryA rug pull has been identified in connection with the $GMT project. The team made away with a profit of $11.8k. Details of the exploitThe token creator minted 1.3B $GMT to scammer address (B): https://bscscan.com/t/093a168c918048b9bfaf946a888d885fafc5baa97efc3ef914bfcff8d4ec6ba79  data/v/51e0c2ec=  >The scammer address (C) made a liquidity pool using 500k $GMT tokens and 209 $BNB. Then the tokens were dumped by the scammer address (B). taking a profit of $11.8k:  https://bscscan.com/t/0e5fca6c213e5a6aa88b213b90a77089b7206fafd1f91221485371e8d23a703f9 Block Data ReferenceInvolved addresses:/ Scammer address (A). token deployer:  https://bscscan.com/address/0e581611d043562b5490a62e0fc218998c443dbb5/ Scammer address (B):  https://bscscan.com/address/0732fa16943350358a27d014554c4151afad3624a/ Scammer address (C):  https://bscscan.com/address/021075b8d5180a67b00a09d81a3bab24c5b264eac Transactions:/ Creating lp:  https://bscscan.com/t/0ac3b8a94e386398ec65d207faa013d68bc9eab8c262ab6b2514aa3048dcbe408/ Removing lp:  https://bscscan.com/t/0e5fca6c213e5a6aa88b213b90a77089b7206fafd1f91221485371e8d23a703f9<span style=,2022-08-26 0:00,2022,11825,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
973,RFbtc,REKT,https://de.fi/rekt-database/rfbtc,,,https://twitter.com/CaptainJackAPE/status/1347768208757981189,,The contract deployer added liquidity at:  https://etherscan.io/t/0e8924d297663b6f83a49e3fffa94c8ae99ece407ce252efee69f53c5662f026d  The liquidity was removed by the contract deployer multiple times at:  https://bloy.info/ts/transfers_to/0ecf3d312af872b36e4bae9d0fc4f90bbf29002b9?currency_id=1,2021-04-11 0:00,2021,11874,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
556,FarmEOS,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/75739.htm,,After the attack contract sil******day places a bet on FarmEOS and when the attack contract receives a transfer notification it initiates a large number of defer transactions which delays the subsequent lottery draw of FarmEOS. The SlowMist security team first two days (1 November 11) disclosed EOS.WIN was attacked in the same way,2019-01-12 0:00,2019,12135.5,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
52,whaleswap.finance,REKT and SlowMist,https://de.fi/rekt-database/whaleswap.finance,https://hacked.slowmist.io/search/,,https://www.panewslab.com/zh/sqarticledetails/a9zc04d.html,,The whaleswap.finance project was attacked  and at least 5946 BUSD and 5964 USDT were lost. The reason may be that there is a problem with the K value verification of the whaleswap.finance Pair contract. Whenever the user exchanges  there is a problem with the parameter magnitude passed in the K value verification  which causes the K value verification to fail. The attacker first borrows a BSC/USD through a flash loan  and then returns the flash loan when the K value verification parameter is on the order of 10000^4. The parameter verification level used in the K value verification is 10000^2  which causes the K verification to fail. REKT: Whale Loans was exploited due to K/check of the WhaleSwap Finance Pair contract. When a user swaps. there is an issue with the magnitude of the parameters passed in.&nbsp;The attacker flashloaned <a data/original/title=View Token Tracker Page BSC/USD and then returns flashloan with a K/check parameter in function <em>swap()</em> contract WhaleswapPair.sol of magnitude 10000^4. However. the K/check takes a parameter of magnitude 10000^2. which causes the K/check to fail. Exploiter address:  https://bscscan.com/address/0d793ff8d744828c25da7f80123b88dd5c2bf7a50Attack transaction:  https://bscscan.com/t/09f5b02cb1ce2d75ba457a2d152d89b6d3932ff057c03739a0071fb816e0ebab3Attacker contract:  https://bscscan.com/address/0f95536755732544e41baad22f1c79d1ee529385fVictim address:  https://bscscan.com/address/08bfee2caff6b5d4ac9f438f4b1f36feeb5e76794,2022-06-21 0:00,2022,12374,Contract vulnerability,K value verification vulnerability,Technical vulnerability,Target,Staking,CP
504,BitDice,SlowMist,,https://hacked.slowmist.io/search/,,https://blocking.net/21087/security/monthly/10/security/incidents/occurred/in/october/defi/lending/platform/into/a/new/choice/for/hacker/money/laundering/,,Hackers launched a fake EOS  attack on BitDice  a guessing game  earning more than 4 000 EOS and transferring it to EMO  ChangeNOW and other exchanges.,2019-10-12 0:00,2019,12490,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
773,Chaddy.Finance,REKT,https://de.fi/rekt-database/chaddy.finance,,,"Rugdoc.io sur Twitter : ""We sniffed out @ChaddyFInance to @WARONRUGS first last night! Code can transfer all the tokens to a wallet (feeAddress) of the Dev's choice https://t.co/6T2Rt0Grnf"" / Twitter",,The contract deployer added initial liquidity at: https://bscscan.com/t/0ebea55705b50553a58a8d4b9888821571c1129b3a9466cfb11c9ba917fdde537 The contract deployer removed liquidity at: https://bscscan.com/t/05bc3700295df312c491cd3e3368e9fb63e0a752c4e6d67d0ad18b199f0c1eb0d In addition. the project was holding a fundraising event using a Proy smart contract: https://bscscan.com/address/091889f13844b819251a88bb493fcffd640def1a9#internalt The final token recipient was EOA. which then transferred raised presale funds into the contract deployersaddress: https://bscscan.com/t/03fee8442247685b3aa49ab5a97d9658e6d2362cfdb2fa64294424d16c29e816f https://bscscan.com/t/0015617cb876f5cdf394a8d39bd1510c11ed4792f2982361bf6523704f02bc3a7 https://bscscan.com/t/09eb3ba01eca0735e616010b241df2f0f530f06842121833a75db04d4d62e4500 https://bscscan.com/t/0dd3b416cc52cd44bc31d6e93d4444ff72d22327c81868491a5bc538fa360336b Finally. stolen BNB tokens were bridged to the Binance Chain: https://bscscan.com/t/0f3d7f902c5832a1034e842fa3366530491afb7fa97009e6d8651dc12c6ffe595 https://bscscan.com/t/0d932e3b02eb3d0bde85f0bb41c99efc24612873514d2503d4766854a29636ca7 https://bscscan.com/t/04bba48ca7b363133acec8f7e8d85a8f71a468aad5e9d9fb2d7c37189f12402c1 https://bscscan.com/t/09ab59e08c4d1536fa93295fe83ea800ae191a10b726cf72317c69ccece777b67,2021-03-07 0:00,2021,12524,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1021,Tranquility Defi,REKT,https://de.fi/rekt-database/tranquility_defi,,,https://twitter.com/CaptainJackAPE/status/1344308837755408385,,The contract deployer added initial liquidity at  https://etherscan.io/t/0ef3e733b7305057688bd87041c4e4b082f417dbab0cb1b17b447929202c01da9  The liquidity was removed multiple times by the contract deployer:  https://bloy.info/ts/calls_from/0cf4c4d29932cae67ae1cbc9cca653d023a8406fa?signature_id=1137786&amp;smart_contract_address_bin=07a250d5630b4cf539739df2c5dacb4c659f2488d,2021-02-08 0:00,2021,12702,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
878,Hypechill fund,REKT,https://de.fi/rekt-database/hypechill_fund,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $CHILL (https://t.co/JNR7uO78Xd) 0x0fe5fdf01b48008dc68fc32e8fb7e0d93ca99bc5 CAN NOT SELL"" / Twitter",,The contract deployer minted tokens onto his wallet:  https://etherscan.io/t/06a1a0926701bf72f268e23e7735ad088cce5bf05851da9f286476ba87b58bf57  The initial liquidity was added at:  https://etherscan.io/t/0cb4070e43b592671a8b0b33208af7543fcd81be07a4e57f226101044ee8f189e  The contract deployer removed liquidity at:  https://etherscan.io/t/06dcf0a6fc7d2b3180bd2f176ededda084505ad6e42c912e9505dca117e9e1067,2020-11-27 0:00,2020,12910,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1024,Twerk Finance,REKT,https://de.fi/rekt-database/twerk_finance,,,https://archive.ph/QoRU1,,,2020-12-03 0:00,2020,13140,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
634,EOSDice,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/62050.htm,,Random number was cracked by attacker.,2018-11-03 0:00,2018,13564.85,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
641,HireVibes,SlowMist,,https://hacked.slowmist.io/search/,,https://hirevibes.medium.com/hirevibes/statement/regarding/recent/exploit/1c72d6279512,https://www.quadrigainitiative.com/hackfraudscam/airdropsdachirevibesairdropprivatekeyleak.php,A large number of HVTs in the AirDropsDAC contract account were transferred to the sym111111add account under abnormal operation the account was then exchanged for 2 514 EOS at Newde which was subsequently transferred to the gizdkmjvhege account.,2018-11-12 0:00,2018,13619.6,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
1118,Numbers Protocol,REKT,https://de.fi/rekt-database/numbers_protocol,,,(1) https://medium.com/numbers-protocol/investigation-report-of-multi-chain-bridge-incident-d4773cb3e87b. (2) https://neptunemutual.com/blog/taking-a-closer-look-at-the-numbers-protocol-hack/,,"Quick Summary
On the 23rd Of Nov. 2022. the Numbers Protocol was exploited. resulting in the loss of approximately 13.836 $USD.

Details of the Exploit
On November 23. 2022. an attack occurred on the Numbers Protocol ($NUM token) on the Ethereum chain. resulting in a loss of approximately $13.836. The root cause of the vulnerability was because the NUM token was incompatible with the Multichain. a cross-chain router protocol. The NUM token lacked a permit function required by the Router protocol. but it did have a default callback function which allowed forged signature to be passed in to trick the cross-chain bridge into transferring the user's assets. The attacker created a fake token using the attack contract which used $NUM as its underlying token. then called the anySwapOutUnderlyingWithPermit function of the Multi-Chain Router contract to drain 557.754.45000198 $NUM tokens from one of the victim users. This function should generally pass in token. and call the permit function of the underlying token for signature approval. before exchanging the token of the authorized user to the specified address. In this case. since the $NUM token contract didn’t have a permit function. but it did have a callback function. which means that when an attacker sent in a fake signature. the callback function would return normally. so the transaction wouldn't fail. Eventually. this allowed the $NUM token at the victim address to be transferred to the specified attack contract. The attacker then used Uniswap to convert the stolen $NUM tokens into $USDC and then into WETH. The attack was front-run by a bot. which paid the builder approximately 10 ETH out of the entire profit.

Block Data Reference
Attacker TX:
https://etherscan.io/tx/0x8a8145ab28b5d2a2e61d74c02c12350731f479b3175893de2014124f998bff32",2022-11-23 0:00,2022,13836,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
977,ROBOT SHIB,REKT,https://de.fi/rekt-database/robot_shib,,,https://twitter.com/CertiKAlert/status/1562692393698074624,,Quick SummaryThe $RSHIB token has been rug pulled by its team. The team made away with $14k in profits. Details of the exploitThe team added liquidity for RSHIB/WBNB. then removed liquidity transferring $BNB 47 to scammer address (C). Block Data ReferenceInvolved addresses:- Scammer address (A):  https://bscscan.com/address/0ee89c2e6462141356c580f97be3d5a35abc3b27e- Scammer address (B):  https://bscscan.com/address/028804ddd4bd2e468db3dfbfb6e50b2155a5dc3fa-Scammer address (C):  https://bscscan.com/address/0da9565e39769daf130997ae4bb2c69ec9f204fe0 Involved contracts:- Contract that deployed the token:  https://bscscan.com/address/0f74a3016e6cb9c0f112f6f6acf5e9a5dcfb13c66,2022-08-25 0:00,2022,14100,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
995,Slicer Finance,REKT,https://de.fi/rekt-database/slicer_finance,,,https://twitter.com/DetectivesRug/status/1345026148623937536,,A fair launch without adding initial liquidity from the contract deployer side.  However. the contract deployer invoked the <u>mint</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/0cb78fcc59303212b3b7e285aa5eab7b240694b134d8ab249667a6dfabee02cf6  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/0c43131391acbf68e40252ddc3b1e92b85ed4b6daa95d6f64a9b7d9480a800185,2021-01-01 0:00,2021,14346,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
762,Bored Ape Europe Club,REKT,https://de.fi/rekt-database/bored_ape_europe_club,,,(1) https://twitter.com/CertiKAlert/status/1535323838900277248. (2) https://twitter.com/Crypto4me2/status/1535291364044201989,,0BAEC has been rugged for ~12ETH. The attacker deleted itsTwitter account ( https://twitter.com/BoredApesEC). Attacker wallet (ETH):1) https://etherscan.io/address/0F41cBA3718a736310E80cc18e18bb8F62C545B362) https://etherscan.io/address/06f495c3b5b47399074075270834f9f5bdcd74a48 Attacker wallet (BSC): https://bscscan.com/address/06f495C3B5B47399074075270834f9F5BdcD74a48&nbsp;Stolen money are currently at this address: https://etherscan.io/address/0d100957B0D9771CBeEeEE836Ff948e780A29E09CFunds are also sent to this wallet: https://etherscan.io/address/06f495c3b5b47399074075270834f9f5bdcd74a48 Collection at the OpenSea: https://opensea.io/collection/0baecs,2022-06-10 0:00,2022,14400,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,NFT,CA
415,SushiSwap,SlowMist,,https://hacked.slowmist.io/search/,,https://www.btcfans.com/en/us/flash/id/43549,,The liquidity mining project SushiSwap (SUSHI) community governor 0Maki announced in the Discord group that the SushiSwap vulnerability has been fied and the lost funds (approimately US$10 000) will be compensated from the SUSHI asset library. Previously SushiSwap was attacked by a liquidity provider. The attacker obtained between 10 000 and 15 000 US dollars in a transaction. However after this operation was discovered by 0Maki 0Maki sent a transaction to the attacker with a message saying I found you and we are working hard to fi it. Contact me on Discord to get bug bounty/0Maki. According to analysis the attacker uses SLP and WETH to create a new token pool uses SLP1 of the new token pool to convert in Sushi Maker and uses a small amount of SLP to transfer all SLPs in the Sushi Maker contract to the tokens they created. In the pool all the handling fees of the corresponding transaction pair within a period of time will be collected into the bag. Repeat this process for other trading pairs and continue to make profits.,2020-11-30 0:00,2020,15000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
432,Coindaq.io,SlowMist,,https://hacked.slowmist.io/search/,,https://beincrypto.com/user/claims/to/lose/15k/in/alleged/crypto/scam/promoted/on/google/ads/,,A user named Kazuo Kusunose posted on Google forums that he had lost $15 000 due to an encryption scam discovered in Google ads. Allegedly the suspicious website named Coindaq.io tried to use the digital renminbi that China is studying claiming that users can deposit funds on the platform to participate in the sale of digital renminbi. The victim epressed the hope that Google can investigate the matter and establish a webpage targeted at the alleged fraud.,2020-10-05 0:00,2020,15000,Instant user deception,Fake ads/pop ups,Imitation,Intermediary,Other systems,
740,ArcadeEarn,REKT,https://de.fi/rekt-database/arcadeearn,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing a #rugpull on project ArcadeEarn which has dropped more than 59% in price. The deployer sent 40.000 ArcadeEarn tokens to an EOA which has sold for approximately ~$15.3K. BSC:0x9D848ca913eEfb0730F54a117370f929573cdD0a Stay vigilant! https://t.co/woIMYfqR0a"" / Twitter (archive.org)",,"Quick Summary

A soft rug pull has been identified in connection with the ArcadeEarn project. The team made away with a profit of $15k.


Details of the Exploit

The token creator made a liquidity pool using 16M $ArcadeEarn tokens and 20k $USDT. Then the tokens were dumped by the scammer address (B). taking a profit of $15k: https://bscscan.com/tx/0x33fca69b5117e6e699b8963ee15f1fc9667d87263827938fdbc6a52cc2387450


Block Data Reference
Involved addresses:
- Scammer address (A). token deployer: https://bscscan.com/address/0x82519bb5fae83a50319e9922945ffaa0a9f963f0
- Scammer address (B): https://bscscan.com/address/0x204ef28cd4f0bc1d467d59aa0eae5ae37fc8dc47

Transactions:
- Creating lp: https://bscscan.com/tx/0x71cc9e9e540fa188ec15653c37cac04e428e833ec1055e771829bba2a42e74da
0x81d3ec77438b4e99aa99ba25b1dbc3fea317fe3b0x81d3ec77438b4e99aa99ba25b1dbc3fea317fe3b",2022-08-26 0:00,2022,15368,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
842,Foxi.finance,REKT,https://de.fi/rekt-database/foxi.finance,,,"CaptainJackCryptoAPE sur Twitter : ""Cross markSCAM ALERTCross mark SCAM ALERT: https://t.co/WFOCVG4FL0 $FOXI 0x24673e71c9be517d3fa2ff6eef421f7bc0e23b38 DEV CAN CHOOSE ADDRESS TO ENABLE OR DISABLE SELL!"" / Twitter",, The contract owner (an EOA) could call the addPhase  designed to mint tokens without any limitations  The owner minted 500Q tokens to his address and swapped 500B of them for 32.1 ETH on Uniswap>The contract owner (an EOA) was endowed with unlimited minting. He called the <u>addPhase</u> function. which has generated 500 quintillions FOI tokens and sent them to the contract owner wallet: <span data/sheets/userformat  The contract owner (an EOA) could call the addPhase function. designed to mint tokens. without any limitations\\n/ The owner minted 500Q tokens to his address and swapped 500B of them for 32.1 ETH on Uniswap> https://etherscan.io/t/01218cd9a53c9e5f75f395c4ffbc0a0e3a521f74b733ad17f531ee7e7db19209d  <span data/sheets/userformat=\/ The contract owner (an EOA) could call the addPhase function. designed to mint tokens. without any limitations\\n/ The owner minted 500Q tokens to his address and swapped 500B of them for 32.1 ETH on Uniswap>500 billion tokens were exchanged for ETH at this transaction: <span data/sheets/userformat=\/ The contract owner (an EOA) could call the addPhase function. designed to mint tokens. without any limitations\\n/ The owner minted 500Q tokens to his address and swapped 500B of them for 32.1 ETH on Uniswap> https://etherscan.io/t/082f7533ac653b894a9918b4825a05d95761ae6ae5256446d7a753e64360335c2,2020-11-17 0:00,2020,15513,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
606,Verge,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.freebuf.com/column/169210.html,,The Verge network was attacked by 51% for the first time. According to Bitcointalk forum user ocminer a malicious miner can use forged timestamps to mine blocks thereby tricking the network into thinking that the new block was mined one hour ago so that when the net mined block is immediately added to the network it also added to the blockchain. This allowed the attacker to mine one block per second which is said to have mined 250 000 VG.,2018-04-04 0:00,2018,15919.38,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
282,Solend,REKT and SlowMist,https://de.fi/rekt-database/solend,https://hacked.slowmist.io/search/,,https://twitter.com/solendprotocol/status/1428611597941891082,,Solana Ecological Lending Agreement Solend tweeted that the agreement was hacked at 20:40 on August 19th  Beijing time. The attacker cracked the insecure identity check in the UpdateReserveConfig function  allowing it to liquidate all accounts. In addition  the hacker also set the APY of borrowed funds to 250%. During this period  the funds of 5 users were mistakenly liquidated  and the liquidator is currently refunding the losses of these 5 users totaling USD 16 000. Solend said that this attack did not result in the theft of funds  and that the scale of the bug bounty will be increased and a better monitoring and alarm system will be established. REKT: An attacker attempted to exploit the Solend smart contract. They subverted an insecure auth check on the <u>UpdateReserveConfig()</u> function to make accounts with borrows liquidatable and set the borrow APY to 250% for all markets. The attempt to steal funds was detected and stopped by the Solend team in time such that no funds were stolen. A handful of users (5) were liquidated by Solendsliquidator. but those users were refunded out of the liquidatorsundue earnings (~16K USD).  The attackersaddress:  https://eplorer.solana.com/address/5ELHytHM4cvKUPCW8HPwkwtw3J866Wtedpo8PPp2u  The attacker submitted a total of 10 ts: 9 of them to So1endDq2YkqhipRh3WViPa8hdiSpWy6z3Z6tMCpAo (the Solend program address) and one of them to Port7uDYB3wk6GJAw4KT1WpTeMtSu9bTcChBHk2LfR (the Port program address).  The attackerswallet was funded by 2ojv9BAiHUrvsm9gDe7fJSzbNZSJcZvf8dqmWGHG8S which appears to be an exchange wallet.,2021-08-20 0:00,2021,16000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Lending,P
510,SKR EOS,SlowMist,,https://hacked.slowmist.io/search/,,https://mp.weiin.qq.com/s/9UD5Rf1YVyS2imHb71_Tw,, SKR EOS games have again been attacked by hackers  who have now earned about 4 000 EOS. After analysis  hackers still use the transaction congestion attack  operating multiple trumpet attacks on the game in turn.,2019-08-12 0:00,2019,16610,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
368,TSD,REKT and SlowMist,https://de.fi/rekt-database/tsd,https://hacked.slowmist.io/search/,,https://tokenpost.com/Stablecoin/TSD/Comes/Under/Attack/With/118B/Coins/Minted/And/Sold/By/Hacker/7404,,A cross/chain stablecoin (TSD) on ETH and BSC stated that malicious attackers used TSD DAO to mint 11.8 billion TSD tokens in their accounts and sold them all on Pancakeswap. The specific process is that True Seigniorage Dollar stated that the developer account only has 9% of the DAO and the malicious attacker has gradually controlled 33% of the DAO with the accumulation of low prices and then proposed an implementation plan and voted in favor. In the implementation the attacker added code to Mint and minted 11.8 billion TSDs for himself. REKT : From the project\sTwitter publication:   A malicious attacker has just utilized $TSD DAO to mint 11.8 billion tokens to his own account and sold all to Pancakeswap. Here is what happened:  1. Due to long Debt phase. people unbond from DAO because they no longer have rewards from epansion..  2. Dev account has only 9% of the DAO. We failed once when proposing the Implementation to enable the crosschain bridge. In this case. Dev account does not have enough stack to vote against the attacker.  3. What has been done by him? He gradually bought $TSD at low price to accumulate until he has more than 33% of the DAO. Then he proposed an Implementation and voted for it. Because he possess enough stack to finish the voting process. the Implementation went through successfully  In the Implementation. the attacker added code to mint for himself 11.8 billion $TSD. Then he sold all of the tokens to Pancakeswap. That\ssad. it is an attack but it is how a decentralized DAO works.  Actually. the attacker minted 11.5 quintillion $TSD. not 11.8 billion. He sold 11.8 billion $TSD to Pancakeswap though /&gt;  https://bscscan.com/t/0b50cd62cb3e09dc98fa63d7eb7a5f707292e8e1725829ff5512d8d476b278faa,2021-03-15 0:00,2021,16644,Decentralization issue,Vote manipulation,Technical vulnerability,Target,FT,CA
1100,Yearn Hold Finance,REKT,https://de.fi/rekt-database/yearn_hold_finance,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $YHFI (YEARN HOLD FINANCE) 0x192e77445244468d6385d2addd0a0ec00c567206 CAN NOT SELL"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xe7415dcb507a8985257b55d7ee870795aae21ccdeb082c0b57f1ce287d0b9337  Liquidity was removed by the contract deployer:  https://etherscan.io/tx/0xa48abc763b16cef87d2a2717401a1ec51a504209510ad9b244575d775f31db1e,2020-12-09 0:00,2021,16823,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
748,Bank Protocol,REKT,https://de.fi/rekt-database/bank_protocol,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #55 - Bank Protocol $BKP (presale) Reason: The contract is a generic ERC20. Team is fake. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/AWvp90LmcQ"" (archive.ph)",,The project was represented by a fake team. whose members impersonated other people. The project was holding a fundraising event. using BKP_Sales smart contract. 28.63 ETH was gathered from the investors at the following transactions: https://bloy.info/ts/transfers_to/0afde309b21922dc45f20adfb659ef36ac984a454?currency_id=1 The liquidity wasn tadded. The website and socials are down. Stolen funds were distributed between some regular wallets.,2020-12-23 0:00,2020,16867,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Lending,P
802,DipeX,REKT,https://de.fi/rekt-database/dipex,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $DP?https://t.co/KCW1MV5p6U? 0bce67604c08c4839980c32485657f63211c73e14 Can not sell"" / Twitter",,"The contract deployer added initial liquidity at:
https://etherscan.io/t/00277b502aa52ce719a8eb259b443d1118a492913025f3da125e5ce5d61b74edc

The contract deployer locked liquidity at:
https://etherscan.io/t/06eead116e0ceccea3f1cf2ccaf29bc0e15487d4fa8055dfb77415a6440365254

The contract deployer invoked approveAndCall() function. which included an External wallet and addedValue amount as the input data:
https://etherscan.io/t/05b6f330b2180b53cc6655babf018d8ddceba6b8fba81c6c6471ec60add2462ff

This External wallet got an increase in token balance. The External wallet has sold tokens at:
https://etherscan.io/t/0954e5fbc0fc96bd83773b11e4005761a4e347a4734a75467163d83f31ce0b4d4",2021-01-09 0:00,2021,16957,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
265,Bitcoin.org,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/CobraBitcoin/status/1440905892543832064,,The Bitcoin.org website has activities to give back to the community  and it is suspected that the website has been hacked. The homepage of the website shows a Bitcoin address and states that any first 10 000 users who pay to this address will receive double the amount in return. Cobra  the co/owner of the Bitcoin.org website  tweeted that Bitcoin.org has been hacked and is investigating how hackers set up fraud patterns on the website. It is epected that operations will be suspended for a few days. According to reports  the attackers stole more than 17 000 U.S. dollars.,2021-09-23 0:00,2021,17000,Instant user deception,DNS attack,Imitation,Intermediary,Other systems,
933,Neoteric Finance,REKT,https://de.fi/rekt-database/neoteric_finance,,,(1) https://web.archive.org/web/20220719225722/https://twitter.com/CertiKAlert/status/1549528647501025280. (2) https://web.archive.org/web/20220720215704/https://twitter.com/BSCGemsAlert/status/1549875950585880577,,Quick Summary The Neoteric Finance project was rug pulled by its team. The profit received from this project amounted to 67 $BNB.  Details of the exploitNeoteric is a mechanism for creating a meta/market with constant liquidity. which increases liquidity as more transactions are made.The Neoteric project created a Telegram group and a Twitter account to attract users. they also have a simple website in which information about the project and the purpose of the project are written on a page. A day after the creation of the NTRC/BNB pair on PancakeSwap. they posted a post on Twitter about the successful capitalization. which attracted the attention of users.Here is the pair creation transaction:  https://bscscan.com/t/0574679ed7d59255fc77db4abc6dccba00056c26f6ca85706fdc94921458fd93aThe token creator received 100 $BNB from the scammer address (B):  https://bscscan.com/t/0c965f8c014e8ea9c55a2af57909de61351a4452cf8f121a13a956f5e61dd176bThen. when the price appreciated. the token creator removed liquidity taking a profit of ~67 $WBNB in these two transactions:1)  https://bscscan.com/t/0f3a2bd56e27a23c388f83e75cff4a09812a37d8f5e9db6f732ae3b967b059c1d2)  https://bscscan.com/t/02add93773e60731e8b76ad2c9f0c5fc4ad79108fd3c4d6ef51cc1b70481d0221The team conducted the same scheme with the $PEECAT token.  As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceInvolved addresses:Token creator. scammer address (A):  https://bscscan.com/address/08f0d9acb433ca1c0f214990c4c908f2aa12387e4Scammer address (B):  https://bscscan.com/address/06e9afd530416fc332d47939463c292d9062209b1 Transactions:Deployment transaction:  https://bscscan.com/t/08b26c3e80a5a6e4ab2243394d6701b9b00eaa0a7bf4e55127a09b664ea742c18,2022-07-16 0:00,2022,17304,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
920,MiniVault.Finance,REKT,https://de.fi/rekt-database/minivault.finance,,,"#WARONRUGS? on Twitter: ""Looks like #miniCore rugged. @WarOnRugs was the auditor that was asking the questions in the @CryptoExpert101 Infinity Gainz AMA with the miniCore developer. Looks like the developer exactly did what I was afraid of. he swapped the contract with a ruggeable one that can mint.… https://t.co/D1dDZF2pjs"" (archive.ph)",,The primary reason for this projectsrug pulling was its proy contract. The development team declined to destroy the contractsadmin keys. They made the decision to replace the proy contract with a new unverified contract that enabled the mint function. One trillion miniCORE tokens were minted onto the EOA wallet. They were exchanged into ETH by the contract deployer.  Mint transaction:  https://etherscan.io/t/0eaa1d313b6be3a1f0608cc11524d7337dbdafe7b6a4d16a8fe169e8ee439ef23  Swap transaction:  https://etherscan.io/t/0ee0312389f56ba0802b997cc0d62f85d3f6814e269e7200b49c4179f546147a8,2020-11-26 0:00,2020,17372,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
89,SpiritSwap,REKT and SlowMist,https://de.fi/rekt-database/spiritswap,https://hacked.slowmist.io/search/,,(1) https://twitter.com/Spirit_Swap/status/1525216379041116160. (2) https://quickswap/layer2.medium.com/quickswaps/godaddy/domain/hijack/how/it/happened/our/proposal/to/restore/the/community/35be9ddbb19a,,postmortem analysis  the attackers contacted GoDaddy and began a social engineering attack on one of its employees. After gaining access to the account  the attackers proceeded to modify DNS settings and change all credentials  effectively hijacking access and Take ownership for yourself. After securing access to the SpiritSwap domain  the attackers then proceeded to deploy a phishing site tricked into appearing to be SpiritSwap. The attacker then uses the &quot send to&quot  function in the exchange contract to reroute any funds exchanged by the user to the attacker  s address. REKT : Quick SummaryHacker exploited SpiritSwap\sdomain and gain assets about 18.000 $USD,2022-05-13 0:00,2022,18000,Instant user deception,DNS attack,Imitation,Intermediary,Exchange,
948,Peace doge X,REKT,https://de.fi/rekt-database/peace_doge_x,,,Tweet / Twitter,,The project was holding a presale on PinkSale:  https://www.pinksale.finance/#/launchpad/01b3206aF7834c7A4cB1301CAC1CEB2834543992f?chain=BSC  The contract deployer withdrew liquidity at:  https://bscscan.com/t/00ccef5b68196bfb74f73363a1a91c3bb720ad1278bcbe431ac115a536f3fc140  Stolen funds were transferred our to the External address and deposited into Tornado Cash mier:  https://bscscan.com/t/0ef589ed5aef92e4e20c22be683d1e07d6badf9048517c583207144fa11f45d8d,2022-03-06 0:00,2022,18144,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1111,BlackGold,REKT,https://de.fi/rekt-database/blackgold,,,"BlockSec sur Twitter : "". $BGLD was exploited. The root cause is that $BGLD charges an extra fee on transferring. The exploiter reduces the $BGLD reserve in the pair to a deficient level and then swaps out another token (WBNB). Exploitation tx: https://t.co/5yABSnwTZC https://t.co/6MyhkGSe1K"" / Twitter",,"Quick Summary
 $BGLD was exploited while the token migration process.

Details of the Exploit
The attack was possible in the reason of the price difference between the two versions of the BGLD token while the migration process.
The attacker took a 125 BNB flashloan and bought almost all the balance of the WBNB/BGLD pair in BGLD token. Then complete the migrating process via migratory contract and swapped out the new version on BGLD to DEBT and then to WBNB token.

Block Data Reference
Attacker address:
https://bscscan.com/address/0xf4fd2ebe7196c8e99e88bcc4aef69dda0e493b8f

Exploit tx:
https://bscscan.com/tx/0xea108fe94bfc9a71bb3e4dee4a1b0fd47572e6ad6aba8b2155ac44861be628ae


",2022-12-12 0:00,2022,18476,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,FT,CA
1016,Thunder Finance,REKT,https://de.fi/rekt-database/thunder_finance,,,https://de.fi/rekt-database/thunder_finance,,The contract deployer added initial liquidity at:  https://bscscan.com/t/001c0187ff78abbaa8badca00e265e1c39edd6fcf7e03893a1e6e6146cf5fd19a  Liquidity was removed by the contract deployer at:  https://bscscan.com/t/0368154f84c7e9c1937642971dcd4cf06f22ff9a608c697e7910c46792699c21c,2021-03-04 0:00,2021,18558,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
96,Ownly,REKT and SlowMist,https://de.fi/rekt-database/ownly,https://hacked.slowmist.io/search/,,(1) https://twitter.com/ownlyio/status/1524149988837580800. (2) https://archive.is/7xaJz,,"The ownlyio project's NFTStaking contract was attacked  with a total of 115 BNB stolen and a loss of about $36 418. The reason for this attack is that the unstake function of the pledge contract of the ownio project does not check the user's claim status  so the attacker can use the unstake function to receive the own tokens in the contract infinitely  thereby etracting all the own tokens in the pledge contract  and finally the attacker The acquired owned tokens are exchanged for 115 BNB through the pair transaction. REKT: Quick Summary

Hacker used smart contract vulnerability on OWN Platform Staking to drain all $OWN tokens
Details of the Exploit
Ownly is a NFT platform providing staking opportunity to users. The hacker was able to unstake unlimited times due to a staking contract vulnerability. He created a smart contract which repetitively staked and unstaked. so all remaining $OWN tokens were drained and swapped on SparkSwap and PancakeSwap for the total amount of 19.219 $BUSD.  
Block Data Reference
0x81d3ec77438b4e99aa99ba25b1dbc3fea317fe3b0x81d3ec77438b4e99aa99ba25b1dbc3fea317fe3b
Drainer transaction:
https://bscscan.com/tx/0x2cbe47edb040c710b7f139cbea7a4bced4d6a0d6c5aa4380f445880437ea072f
Affected contract address: 
https://bscscan.com/address/0x421f30419d6c1d7573c1f57546a631f2f89d7e92
Adress of attacker:
https://bscscan.com/address/0xba31058357ea2f474a2ed0d1b3f9183904ebd38a
Address of attackers smart contract:
https://bscscan.com/address/0xa81ea095e0c3708e4236c71146748fa15b620386",2022-05-10 0:00,2022,19219,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Staking,CP
893,KoiSwap,REKT,https://de.fi/rekt-database/koiswap,,,x,,The contract deployer added the initial liquidity at:  https://bscscan.com/t/0a5bad7abc32f5d50a965ee258a11c7ef8196681cb941a7051363551d4e85c812  The liquidity was removed by the contract deployer at:  https://bscscan.com/t/00c1e68fb68dad08e3b45a2be7b17513d8107809e6939da84847e97f4f0d6cfe3  In addition. the contract deployer sold tokens multiple time at:  https://eplorer.bitquery.io/bsc/ts/calls?caller=0c0acd947e60cb9bd31fd9a6146842d4596a5d6c6&amp;contract=005ff2b0db69458a0750badebc4f9e13add608c7f,2021-03-09 0:00,2021,19950,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
624,DEOSBET,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/51212.htm (2) https://coincode.com/article/2323/a/bug/in/eos/smart/contract/enables/hacker/to/win/jackpot/24/times/in/a/row/,,The law of the random number generated by DEOSBET was cracked by hackers.,2018-09-10 0:00,2018,20060,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
770,CatDog,REKT,https://de.fi/rekt-database/catdog,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $CTDG 0x161cddfb1fb7921a01d45c147f44670bb060ace5 -team remove 50% pool and dump all tokens -team still have 50% LP left to rug pool -Even the team later fcking lock the half left liquid. still not change its rug pool action"" / Twitter",,The contract deployer added initial liquidity twice: https://etherscan.io/t/0054f3b58000e77309b2679735dc71b43e26e331b288cba4638dbd17d08ca92c6 https://etherscan.io/t/0b2723d0d4f9975822b774bbdbe97ff6dc55f42c747c52fb67f3f66898484c531 The contract deployer started to sell tokens multiple times: https://etherscan.io/t/0a2d4771bfebbaf21aa2a5410f9e6b3352dc8abb46d356d0aed806317eebe3628 The liquidity was removed by the contract deployer: https://etherscan.io/t/08d6ae8a6733ddec62f14111c435cc7fc9e001f4c9ef487ac89c22f4b8ab9c4e5,2021-02-01 0:00,2021,20225,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
980,Rubick Finance,REKT,https://de.fi/rekt-database/rubick_finance,,,https://twitter.com/CaptainJackAPE/status/1328532776673366019,,The token contract owner minted 1 million RBK tokens to his EOA wallet and exchanged them for 40.57 ETH on the Uniswap. The contract owner gained 10.57 ETH since he earlier added 30 ETH liquidity to the RBK-ETH pair on the Uniswap. Users. who remained with RBK tokens were unable to sell their tokens since all liquidity has been depleted.  Swap transaction:  https://etherscan.io/t/0620e0b9bf77dc062d106465180f9b5d18a2a879a69eed582c9844f1d2cb8869d,2020-11-20 0:00,2020,20685,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
654,Big.game,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/71765.htm,,Big.game is suspected of being attacked by hacker eykkszdrnnc. Big.game officially stated that the actual loss was about 8 000 EOS and the balance of the dice prize pool has been transferred to a secure account.,2018-12-19 0:00,2018,20880,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
776,CoinSWOP,REKT,https://de.fi/rekt-database/coinswop,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $cSWOP (CoinSWOP) 0x191bafe4e3888ec289753c7d592634e3abe1ee14 1: MINT ABLE 2: DEV can set as much a high burn rate as he wants to burn you out."" / Twitter",,The contract owner invoked <u>setMigrator</u>() function at: https://etherscan.io/t/0f73a10ee956a010b5b1f3174f60ca02a5dce171808ad76f1ae9bc131259007f1 CoinSWOPMaster smart contract was set as migrator. The smart contract owner called <u>migrate</u>() functions 11 times to withdraw the usersLP tokens with the help of infinite approval. LP tokens were migrated to an unverified smart contract that received real LP tokens and returned fake ones. Then real LP tokens went to the contract deployer as the final recipient. Migrate transaction eample: https://etherscan.io/t/05b19f1e334697646c855a17d909f141f2a64ded4f2db4944a0aa8fcae848c592 The final recipient is getting LP tokens: https://etherscan.io/t/0e6543f5b2725354ead24844f941e53cc8324903caf418450b4cb6765e03c5aea LP tokens were exchanged for ETH and deposited to the Tornado Cash mier at these transactions: https://etherscan.io/t/0d6584b95f0192ab01717a092dc80fbe1afaef38bc46b9bc96626736a15f8578c https://etherscan.io/t/090bd78b453ed65f02f5299211808947d864e9669c0ea9d00828ed5c83005b47c https://etherscan.io/t/05d530f23b669fb363fd8035b76d723373282c0accb2cc560447636183208667d 6.8 ETH were transferred to some External wallet: https://etherscan.io/t/0f875951759eb516db585b08191d5eb6b973b5892d86bd6a85e1c1063e3b48867,2020-12-04 0:00,2020,21049,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
643,EOS Lelego,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/65284.htm,,The attacker malisringho continually initiated 35 game requests to the EOS Lelego contract llgcontract1. eventually guessing 27 times making a total profit of 6 282.5 EOS and then successfully transferring 6 500 EOS to the Binance exchange.,2018-11-19 0:00,2018,21171.81,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
698,Fortunas Finance,REKT,https://de.fi/rekt-database/fortunas_finance,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a suspicious flashloan which has caused a #slippage on project @FortunasFinance (FRTNA) Contract 0x3949d773d188bb53e67cae443aa8e741878b5216 Which has dropped more than &gt;99% Stay vigilant! https://t.co/fcQ9oBcbeB"" / Twitter",,Quick SummaryFortunas Finance was exploited using smart contract vulnerability. The hacker minted $FRTNA tokens and sold them on PancakeSwap and KnightSwap which dumped the token price by more than 99% on both pools. Details of the exploitFortunas Finance is a gamified crypto project. The projectstoken $FRTNA was hacked using a vulnerability in the liquidity poolssmart contracts. The hacker used mint() function to mint tokens without $BUSD. and profit for the total amount of 21.672 $BUSD. Several smart contracts with unverified source code were used to perform an attack. The stolen funds were transferred to another contract. Block Data ReferenceAttacker address: https://bscscan.com/address/08dd7c524eaac1ab194afe0d6395282fb7987c08dMalicious contracts: https://bscscan.com/address/03cd84851bc50be00642be846c34b35ed58715f79 https://bscscan.com/address/00dbb3f6e8ee4c9823c2b8d38d72b82ef3c11f369 PancakeSwap pool: https://bscscan.com/address/0379cBeC604015B70B0aabF6c5B7Ad568975e94EDKnightSwap pool: https://bscscan.com/address/04Afb4997026465a2346f62893fcF81334C9CfFA8 exploit transaction eample: https://bscscan.com/t/068d11391d11994d161e20e6449ae3ba2fe9b44cff0bb3328297c76252eb4c9b4,2022-09-22 0:00,2022,21672,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
1057,Zap Finance,REKT,https://de.fi/rekt-database/zap_finance,,,https://www.bsc.news/post/liquidity-siphon-Rug pull scams-on-the-binance-smart-chain,,The contract deployer migrated the usersLP tokens by invoking <u>depositReward</u>() function at: https://bscscan.com/t/0ad5c9ab2d67fe09046a30e0f53dc628c75506734d4ac96dc5290d9fb60e6dde4 https://bscscan.com/t/082189550cf2160e1c6e2fc00b5f60a403c4ed362734ea4090f369bcad644a605 The liquidity was removed by the contract deployer at: https://bscscan.com/t/050bfb24461dfb27e750f0ba4fa0f7754ec3a5d657c41cf9f41dbc7aead3a6b99 https://bscscan.com/t/0c00da145ac76c16eda42c7945c78b8dc8a9a509a9583a8d0a2b6931632ef3b48 https://bscscan.com/t/02c5f46d7018a21a1e5fe70c6dc4db5c406b9d603bb6f9239f632a0071a3354b9 Stolen funds were transferred to the External wallet at: https://bscscan.com/t/0887fd639537c4c41daef40c749eab913e233329204b44158b4f84ce6e5594eb5 https://bscscan.com/t/00fabdcb1b8d108fd3013a4f4e1b379b1cb98219db029e4e60840f6ee80450ff1 The recipient deposited funds into Binance Hot Wallet at: https://bscscan.com/t/01e9cac7e4ffff84a7612431c96b21cb8a4a8a3f7a5b2c6db6ba2769e35cea409 https://bscscan.com/t/008f6fbb2aefeb76a75569cfcae1467ea414dfdbfadaf0f5997810f248279e7a6,2021-01-30 0:00,2021,22461,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
245,Chivo,SlowMist,,https://hacked.slowmist.io/search/,,https://www.bbc.com/zhongwen/trad/business/58656282,, Chivo Wallet is a national digital wallet issued by the government of El Salvador on September 7 for the implementation of the Bitcoin Act. To this end  El Salvador promised that users who download and authenticate the Chivo Wallet will receive a $30 bitcoin reward. This move allowed the official wallet of El Salvador to eceed 2 million users in one month. Between October 9th and October 14th  Cristosal  a human rights organization in El Salvador received 755 notices about Salvadorans reporting that their Chivo wallet identity was stolen.,2021-10-09 0:00,2021,22650,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
761,Boost,REKT,https://de.fi/rekt-database/boost,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #58 - BOOST $BOOST (0x65D14e3E5Ea1e0b752783837ff1136BFe0A5dD34) Reason: Liquidity can be pulled by the owner in 1 hour. Boost is connected to $MAGX Magix. Likeliness of losing all funds: High DYOR. #WARONRUGS?… https://t.co/zPZXAgMiyS"" (archive.ph)",,The project was holding a fundraising event using BoostCrowdsale smart contract: https://etherscan.io/address/0b7e6db6869bE55189279034F65eBe9D341467703#code They have collected 35.46 ETH in total. The gathered funds were transferred to the Proy smart contract at: https://etherscan.io/t/0ee145c440f3df7d185688837df5708cd0f38865ca80dd9fdb3fa064137786efc https://etherscan.io/t/07e8e6bc3c5a5ecf82dc7eb4320532f1ae779c1c00a9a81f03356232d6d75bb55 The initial liquidity. using 17.2 ETH was added through the Proy contract at: https://etherscan.io/t/0095fc65314707f06d399424adae4f54bc783e9d44a9a3633534f08000caac606 The contract deployer added liquidity as well at: https://etherscan.io/t/049137d8bcc0e1b97560c219fbabf5beaaa8bcdecd570decb00114417254aad70 The contract deployer received LP tokens from the Proy contract at: https://etherscan.io/t/05075c55e824554dfcc8937f7cac4bbba37c487cd7a1a1b9e91e15710f4a36d55 The contract deployer locked liquidity at: https://etherscan.io/t/0fab8aaca2efedc1558f953d4ee1147d6006274fac170bb9a750de2c5ef3d4706 The contract deployer received back LP tokens: https://etherscan.io/t/090fe5580b9df8daa2d1a81ec2a8a7e4676014de8fd57221125713b0fe023af90 The liquidity was removed by the contract deployer: https://etherscan.io/t/0a1b3a0058888d09730f615da32f1f396d56424ae9f141b676888db1ede20e2f6,2020-12-25 0:00,2020,22680,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
850,Game Swap Exchange,REKT,https://de.fi/rekt-database/game_swap_exchange,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #84/ GAME SWAP $GAME (0x681B24478e9F7e31eE3B5b7F807c9151e46aa165) Reason: Unable to sell. Owner backdoored the contract so he can mint tokens through the approveAndCall function. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/mC2U31tMoy"" (archive.ph)",,Quick SummaryThe Game Swap exchange project exploited its investors through minting and dumping the $GAME token for $ETH. netting the scammer $ETH 16 in the process. Details of the exploitThe Game Swap exchange project eisted for 1 day after launching. The contract deployer added initial liquidity at:  https://etherscan.io/t/067abd476012f072f521301fc4e55c11006c96001e3c452bcb283d768bb202758 The contract deployer then used a hidden backdoor mechanism by using the minting functionality under the <u>approveAndCall</u>() function to generate new tokens onto this External address at:  https://etherscan.io/t/0179c0c4146440e71cbf353353c664e7b4730475ddf91b0b02d61a56e31a099c8At this point it is important to state that investors without technical knowledge could have spotted a massive centralization risk with the External wallet holding +99% of the token supply: https://etherscan.io/token/0681b24478e9f7e31ee3b5b7f807c9151e46aa165#balances  The token recipient sold the minted tokens for $ETH 28.4. which meant the end for the project:  https://etherscan.io/t/02bc2c0d42bb22c36c70123179b2be5da9c4ef2653347183a5a396a431655c56f Block Data ReferenceProject Deployer Address (Scammer): https://etherscan.io/address/08c848be2790a535c5770af217f1e1b7739e4897b Scammer Address that received the minted tokens: https://etherscan.io/address/00659f3520590a4d39546975b8e56b2ef164c194d,2021-01-24 0:00,2021,22796,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
930,NanoCore,REKT,https://de.fi/rekt-database/nanocore,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""NanoCore ($NANOCORE) Contract Sneak peek Part 1 Transfer function need to calculate calculateAmountsAfterFee. the calculation is done by FeeApprover contract. It needs proper tokenUniswapPair to get calculate it. The pair is taken from UniswapFacotry which is set to 0x0 (sic!)"" (archive.ph)",,Custom ERC20 Standard with malicious logic which allows blocking token transferring.  ETH for the initial liquidity was received from <u>addLiquidity</u>() function in the token contract. which probably was running from the front/end interface.   Initial liquidity 60ETH ($22.924.06) was added at:  https://etherscan.io/t/0731ae8f63a694f8c9ca698eb96d18bdc4f0ad0c21cb75a5e74ffc9c39bbd97c8  62.48 ETH is still in the Uniswap pair:  https://etherscan.io/address/00f347b63747a0842abd5e74810311fd3b093bc51  Project abandoned. LP tokens can&amp;#39;t be used for removing liquidity by users.,2020-10-30 0:00,2020,22924,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
945,Pacific Protocol,REKT,https://de.fi/rekt-database/pacific_protocol,,,"RD Labs (Previously Rug Detectives) sur Twitter : ""Warning / @PacificProtocol $PCF (0x8a46eb6c42d206d129d7a9a3e0ed4198345c70ed) Concerns: Only tokens (not a dollar amount) are locked with @UNCX_token for another 6 days. Very short sighted and no real risk for the dev. DYOR #RUGDETECTIVES https://t.co/bUvkLpsijO"" / Twitter",,The project was holding a fundraising event using Presale smart contract. Funds were gathered and transferred directly to the contract deployersaddress:  https://bloy.info/ts/transfers_from/025c00eeb754a5f1b9f8e85a0e2deebd0a64cc489?currency_id=1  The contract deployer added initial liquidity using presale funds at:  https://etherscan.io/t/037b163636d3cf047f525963847b886837c31b0a0f084e64d6a2642a522f38e2a  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/05569f1c64637b29432a1ac394350e76a77e0863ce2f41d484e23e07d5dc2473e  The difference between the initial liquidity and the final liquidity is negative. The contract deployer stole part of the funds raised on the presale event.,2021-01-01 0:00,2020,23531,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
1006,Static,REKT,https://de.fi/rekt-database/static,,,https://archive.ph/bhYzh,,The contract deployer added initial liquidity at:  https://etherscan.io/t/034d65e026056cc5b74fc5c74f8806cff429e431eb25ad1a4757daa01085ecc95  The liquidity was locked by the contract deployer at:  https://etherscan.io/t/06315496970d0e751109c7fd56c6af1c0ea78aea5b94aea167da2e7883d873f68  LP tokens were transferred back to the contract deployersaddress by calling <u>withdraw</u>() function at:  https://etherscan.io/t/04376c8f9200c84384a8a868f67e23976dfdb8aa8aaf294c9d8b8d84699949c52  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/070ca09fd6fde7de568a3ad085b1677d45a09ba23f7fee7d895a771a4476067dc  The tokens were sold by the contract deployer multiple times:  https://bloy.info/ts/references_address/0f443d4df8bc1361ec1f37dd34fd1debe10f3e345?argument=to&amp;signature_id=1137755  https://bloy.info/ts/references_address/0f443d4df8bc1361ec1f37dd34fd1debe10f3e345?argument=to&amp;signature_id=1102188,2021-04-30 0:00,2021,24143,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
693,DefiBo,REKT and SlowMist,https://de.fi/rekt-database/defibo,https://hacked.slowmist.io/search/,,Sep 2021 / Defibo Hack Despite Double Audit / $24k (Global) / Quadriga Initiative,,Defibo discovered an abnormal exchange situation of the EOS/EMOON trading pair on September 16th. After an emergency investigation. the swap contract was suspended on September 17th. and it was reopened on the morning of September 17th after auditing and multiple signings were completed. This exchange abnormality is caused by the incompatibility between the Defibo Swap contract and the EMOON contract. Before the event. the number of pots was 482636464535179.88 EMOON/4866.1494 EOS. When the contract was suspended. the EMOON pot was 5790970803030.11 EMOON/3.4553EOS. resulting in about 4863 EOS loss. The Defibo team has eliminated this type of risk caused by other burning tokens and has upgraded the Swap contract to further improve the security of the contract.,2021-09-16 0:00,2021,24412,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
931,NarutoSwap,REKT,https://de.fi/rekt-database/narutoswap,,,None,,The contract deployer minted tokens onto his wallet at:  https://www.bscscan.com/t/08309aa5d5a36dc0e95d7a2675c0bbb186feffa61a9d6905c3ddb3d3601ec664d  The contract deployer transferred tokens to some External wallet at:  https://www.bscscan.com/t/025897a59a0a35dcbaa4733fa21ddf632386757689623c1ac152c8049a04c46f7  The recipient added initial liquidity at:  https://www.bscscan.com/t/086a373f78d7c0de2b04309d206d33b64807779cebd05038626779049c38b172a  The liquidity was removed by the External wallet at:  https://www.bscscan.com/t/08bb87537a6f0c55aa2a6d88277401803418faeacdbe10cce91c87de605fc73b8,2021-03-19 0:00,2021,24424,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
949,PlantWorld,REKT,https://de.fi/rekt-database/plantworld,,,Tweet / Twitter,,Quick SummaryPlantWorld was exploited by a flash loan attack. The hacker profited for 24483 $USD. Details of the ExploitPlantWorld is BEP20 token trading on PancakeSwap and can tbe confused with other tokens with the same PLTD symbol. The attacker took 666.000 $BUSD as a flash loan and bought 1.570.000 $PLTD tokens using a smart contract with an unverified source code. Consequently. $PLTD tokens were used to manipulate inner variables and a large amount of additional $PLTD was used to drain the liquidity from the Pancake pool. The attacker was able to withdraw 690.000 $BUSD and profited for 24.483 $BUSD. Block Data ReferenceAttacker address: https://bscscan.com/address/06ded5927f2408a8d115da389b3fe538990e93c5b Malicious contract: https://bscscan.com/address/083797825f6020a443b95fa3932ab13dd61d48b49 Malicious transaction: https://bscscan.com/t/08385625e9d8011f4ad5d023d64dc7985f0315b6a4be37424c7212fe4c10dafe0,2022-10-17 0:00,2022,24483,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
1145,PLTD,SlowMist,,https://hacked.slowmist.io/search/,,Security team: The PLTD project was hacked. and the attackers profited a total of 24497.<> BUSDs - PANews (panewslab.com),,The PLTD project was attacked by hackers. all BUSD in its trading pool was sold out. and the attackers gained a total of 24.497 BUSD. This attack mainly exploits the code loopholes in the PLTD contract. reduces the PLTD token balance in Cake-LP (0x4397c7) to 1 through a flash loan attack. and then uses the PLTD in hand to exchange all BUSD into the attack contract .,2022-10-18 0:00,2022,24500.68,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
981,RUL3R Token,REKT,https://de.fi/rekt-database/rul3r_token,,,https://twitter.com/CaptainJackAPE/status/1332322291556839426,,The contract deployer generated new tokens by invoking <u>mint</u>() function in the following transactions:  https://etherscan.io/t/0aca0d6b40fc0f70174ed25589f5bfc011db5dc960ed85db9ce0243ac49c4bcfb  https://etherscan.io/t/08907c650920f6ca26d1d8fb91cd1e01dbe638508afde0c8d9e2e726c495f81c9  After. tokens were dumped by the contract deployer on the Uniswap exchange:  https://etherscan.io/t/0da5a1f59685df4fd9f433952e1a3ea739ae703644ceec59aef5c3aba05b0ddd0  https://etherscan.io/t/033ee696d5ec48f8bb271d49e045cfb45476ed5d8d3529fa93672af063bb948ff,2020-11-27 0:00,2020,24792,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
1038,Verify,REKT,https://de.fi/rekt-database/verify,,,https://twitter.com/CertiKAlert/status/1534573742235521025,,Verify token has been rugged. all social networks down. Totally 90 BNB were stolen. Address https://bscscan.com/address/02a9cfe450be293997f3f65e76e67b8c93b8ff034 received about 2.8B VRFY tokens from RD address and charity address. 0bb04e84bc92f31b23dcdc1a58f477468aba22e14 and 06ca72c73228e2015c127e6b37ade4aeb3205f80e respectively. The attacker swapped all VRFY to 90BNB: https://bscscan.com/token/03f52ff3137b52fca2f96f41656632ee8d5e79401?a=02a9cfe450be293997f3f65e76e67b8c93b8ff034,2022-06-08 0:00,2022,25000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
638,EOSDice,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/63312.htm,, The well/known DApp EOSDice was hacked again due to random number issues. The attacker was a hacker who previously attacked EOSDice and FFGame DApp. The project side wrongly add a controlled seed in random algorithm which lead the attack.,2018-11-10 0:00,2018,25041.37,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
947,PDR,REKT,https://de.fi/rekt-database/pdr,,,"CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing a #rugpull on $PDR after the price dropped over 93%. The rugpuller. with connections to the deployer. sold 208 PDR tokens for 85.4 BNB (approximately ~$24K) in the Pancake Pool. BSC:0x11fcB937052c7cdfeAC85887a6e71510fc486CFd Stay vigilant! https://t.co/ueSkbfYrUP"" / Twitter",,Quick SummaryThe $PDR token has been rug pulled by its team. The team made away with 85.4 $BNB &nbsp;in profits. Details of the exploitThe team sold 208 $PDR tokens in the initial distribution. earning $25k on this. Block Data ReferenceInvolved addresses:/ Scammer address (A). token deployer:  https://bscscan.com/address/0ebc350747c3f9ba4e37022039c321a2cad2d7e7a/ Scammer address (B):  https://bscscan.com/address/03cc779301cd988539164119acd73920795518037,2022-08-21 0:00,2022,25278,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
870,Horizon Finance,REKT,https://de.fi/rekt-database/horizon_finance,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #104 / Horizon Finance $HRZN (0xa0a81b5a8cAEDddb0E6C81d3E07aaa4eA5314452) Reason: Unable to sell. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS? #BSC… https://t.co/702Apk3pDU"" (archive.ph)",,The contract deployer added initial liquidity at:  https://bscscan.com/t/08ff11f8a139ef17970861fa5a49ff85d645ef0a63412cbb2a026f7d08541322c  Liquidity was removed by the contract deployer at:  https://bscscan.com/t/0ec15f76fef1be7c7426827e608b22137024e0e0e0f3706d847e6cb4b889b6746,2021-03-18 0:00,2021,25287,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1018,TIM3,REKT,https://de.fi/rekt-database/tim3,,,https://de.fi/rekt-database/tim3,,The deployer of this unverified contract https://etherscan.io/address/08d1fdf87de243ee9abcfa643e2428e49012758f3#code invoked <u>swap()</u> function at the following transaction: https://etherscan.io/t/04a380439ef6f45a7ce0c58d646617b66a2b57c0695e81fde56ac919d0297c0e0 The mentioned above caused the liquidity drain from the contract to the contract deployer address. Eample transaction: https://etherscan.io/t/0f685c3ff9b8d9c8a2c49912fb436fc27247a691227913b5e64764ba004f41854,2020-11-23 0:00,2020,25300,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
18,Saxon James Musk,REKT and SlowMist,https://de.fi/rekt-database/saxon_james_musk,https://hacked.slowmist.io/search/,,https://twitter.com/CertiKAlert/status/1556151766076497921,, Saxon James Musk has Rug Pull. Project developers suddenly sold their token share for around 1355 WBNB (~$442 000)  causing the token price to plummet by over 68%. REKT : Quick Summary The $SJMUSK token was rugpulled by its team. The team created an SJMUSK/WBNB pair to make their token tradable and dumped the $SJMUSK token for a profit of $25.5k.,2022-08-07 0:00,2022,25500,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1129,SCAT,REKT,https://de.fi/rekt-database/scat,,,https://twitter.com/CertiKAlert/status/1590856313138839552,,"Quick Summary
SCAT copycat project was rugpulled. An EOA address received $SCAT tokens from the token deployer and drained liquidity for 26.081 $USD .
Details of the Exploit
SCAT is a copycat BEP20 token and can't be confused with other tokens with the same name and symbol. The token was rugpulled by the EOA address which received 100.000.000.000 $SCAT tokens from the token deployer. 26.081 $USD was stolen from the PancakeSwap liquidity pool and transferred through TransitSwap.

Block Data Reference
Scammer addresses:
https://bscscan.com/address/0xc96d3505203641749ade6a2e62ce21d4ff43e8f6
https://bscscan.com/address/0xb0f6da6732a5f2dcd8fee016f2554b4a3670b4a4

Funds transfer transaction:
https://bscscan.com/tx/0x6e7888d9a3ed8a18a1e1f1b892cc13f776573e6108b7ca3b7601b77e79da1af1

Token transfer transactions:
https://bscscan.com/tx/0x95ce806fa05334b53174a130b8492e8236f7177993c93b20995f332ac027bf4b
https://bscscan.com/tx/0x932f66e7eeaaecf78566e2584827716814e1190a607f2fd5feb692d516e2c68d",2022-11-10 0:00,2022,26081,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
35,SpaceGodzilla,REKT and SlowMist,https://de.fi/rekt-database/spacegodzilla,https://hacked.slowmist.io/search/,,"BlockSec sur Twitter : ""1/ Our monitoring system reported that @SpaceGodzilla_c was attacked (https://t.co/1cvw954Y7S). and the loss is around 25.379 USDT. This is a typical price manipulation attack."" / Twitter. https://www.panewslab.com/zh/articledetails/u25j5p3kdvu9.html",,"SpaceGodzilla  a project on the BSC chain  was attacked by hackers with a flash loan. Hackers used flash loans to borrow large amounts of money  manipulated the price of SpaceGodzilla in the trading pool on PancakeSwap  and exploited vulnerabilities in the project for arbitrage. At present  the hacker has exchanged the 25 378.78 BUSD profited from this attack to BNB and transferred it through Tornado.Cash. REKT : Quick Summary
The $SpaceGodzilla token has been subjected to a Flash Loan Attack. During this attack. the attacker made a profit of more than $26K.",2022-07-14 0:00,2022,26153,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,FT,CA
659,FastWin,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/72989.htm,,The hacker mastered and modified FAST s token contract deliberately created a vulnerability that can be used for multiple &quot additional&quot tokens for free.,2018-12-25 0:00,2018,26250,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
1058,Zenith Finance,REKT,https://de.fi/rekt-database/zenith_finance,,,https://archive.is/1c587,,The project was holding the fundraising event. as stated in their Telegram community: https://archive.is/1c587 The address. mentioned in the Telegram post gathered ETH from the investors. Transaction list: https://bloy.info/ts/transfers_to/0dc553e9b6e4b771ab53aac159318dfd6693d3822?currency_id=1 The initial liquidity wasn tadded. Stolen funds were distributed between some External wallets: https://bloy.info/ts/transfers_from/0dc553e9b6e4b771ab53aac159318dfd6693d3822?currency_id=1,2020-11-28 0:00,2020,26354,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Dapp,P
1063,Bondly Finance (FAKE),REKT,https://de.fi/rekt-database/bondly_finance_(fake),,,"#WARONRUGS? on Twitter: ""? Scam Advisory #39 - (FAKE) https://t.co/NSACIrIEnt $BONDLY (0xBf52b5Ea58076dcD19A17892BB9a7B46EBa8f770) Reason: Nobody other than the owner can sell. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/krAR6xjAQP"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added liquidity at:  https://etherscan.io/tx/0x582035d27524d1884df13571df08d5f0f232d680fc08f7463852d4dd56ec6af4  https://etherscan.io/tx/0x457123ae3c5979c47c818494020df8a0bb8ef909a91ca4d4402690a0528d033f  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0x8b8fbf1fb6d296aa070280eb2fa5040e35aad2ff62108896ec449d99635b55b6,2020-12-08 0:00,2020,26471,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
113,Last Kilometer,SlowMist,,https://hacked.slowmist.io/search/,,https://mp.weiin.qq.com/s/l6ES9gtYlclw59AF1whdg,,The Last Kilometer project was exploited in a flash loan attack  resulting in a loss of $26 495.,2022-04-24 0:00,2022,26495,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Dapp,P
1067,DARK DEFI,REKT,https://de.fi/rekt-database/dark_defi,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #98 - DARK DEFI $DARK (0x2D98C5e92DA2204bc2e9142373ED209a7cA9850A) Reason: Unable to sell. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/I9qDGoPXSB"" (archive.ph)",,Quick SummaryInvestors of the DARK DEFI project essentially got rekt by two mechanisms the contract deployer introduced which resulted in a centralization issue where one independent wallet was holding more than 5% of the total $DARK token supply.&nbsp; Details of the ExploitA look at &nbsp;DARK DEFIssource code would have pointed investors directly to the fact that the contract owner could disable the transfer function. which restricted users in selling their tokens. This fact also became known to the community later on when alerts surfaced that users were not able to sell their token. In short. the contract deployer added initial liquidity at:  https://etherscan.io/tx/0xc4bc0b94d780f5c33feef9d6adf0f2d77130d9a374987fe106431343564c29ea The LP tokens were locked and transferred to the vesting smart contract:  https://etherscan.io/tx/0x69a6c3d991e8ce3e05097b4855d8f0673ed58f283101066b7e80ea829b3f5693 The contract deployer als used a hidden minting functionality under the <u>approveAndCall</u>() function to generate new tokens onto this external wallet at:  https://etherscan.io/tx/0x32243fbbece007f7d9a10f13ee2c47d5ddd1876781535af6de8fbb5b6df6fe47  https://etherscan.io/tx/0x7d6ccdbabe7f5a04998b20d10054658392d8dd8f09064b0c355275a6b6625b8eThrough this excessive minting. this external wallet became the top holder of the $DARK token and proceeded to dump the token in several transactions on the Uniswap exchange:  https://etherscan.io/tx/0x3e7fb02a83a7de08c0ba90500506c1689a3efb0300806738143deb018203d9a6  https://etherscan.io/tx/0x63987426312764999e209308e1c9881482ba60dfdf7248350f4ee7a77096139f  https://etherscan.io/tx/0xddb8bc288dc0704dca9897b446098d5f6e94511cf774303261d8889c55fa3d9c Block Data ReferenceDARK DEFI token deployer (scammer): https://etherscan.io/address/0xfa5a97ce3badaeb5f7ca6e406e42e70319a67b4a Scammer Address B: https://etherscan.io/address/0x93ec7f43330585bb3c81f3cce2b7a9f3e6bad66f More example Transaction:  https://etherscan.io/tx/0xef5c9b6d155193549fb417a4dc35f2d364501d91bfa0523d23e7b1017651e76f  https://etherscan.io/tx/0xc63eeb6f792e732e248ba0ba747956d485ae5bca6f89f70068b4615f3bbbfaa2,2021-02-20 0:00,2021,26543,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
569,LocalBitcoins,REKT and SlowMist,https://de.fi/rekt-database/localbitcoins,https://hacked.slowmist.io/search/,,(1) https://www.reddit.com/r/localbitcoins/comments/ak1u8m/localbitcoins_report_on_the_security/?ref=share&ref_source=twitter (2) https://cryptonews.com/news/localbitcoins/hacked/8/bitcoins/stolen/3273.htm,,LocalBitcoins has detected a security vulnerability / an unauthorised source was able to access and send transactions from a number of affected accounts.It was related to a feature powered by a third party software and stop the attack. At the moment we are determining the correct number of users affected / so far si cases have been confirmed. REKT: A security vulnerability occurred at the prominent over/the/counter Bitcoin exchange LocalBitcoins. Attackers were able to replace the official URL to the exchangesforum with a false link that took visitors to a phony website that looked like the discussion board but gathered information from users who tried to join in.  The attackers utilized the information they gathered to steal 7.9 Bitcoin (about $27.000 at the time) from at least si user accounts.,2019-01-26 0:00,2019,27000,Instant user deception,Social media compromission,Imitation,Intermediary,CeFi,
962,QWCF,REKT,https://de.fi/rekt-database/qwcf,,,https://web.archive.org/web/20220901131314/https://twitter.com/CertiKAlert/status/1564252227597996032,,Quick SummaryQWCF token project has been Rug pull scamed by its team. Team made a profit of $27k. Details of the exploitThe creator of the token deployed a $QWCF contract. releasing 100 million tokens to the BSC network. Then the scammer transferred tokens to different addresses:1)  https://bscscan.com/t/0e9bbe09f4df77a3ac2cd70378417c440ce65906237c3e0943a2f9ef41181aa602)  https://bscscan.com/t/05e1d56746776c6738cd8ff67663bddadb27be90dfdc969847962e76bddf131ed3)  https://bscscan.com/t/04a3434de6ad593872010b4ba06e54b6ff670c51800b5cb3e071af8f35c90ad254)  https://bscscan.com/t/0c0cb7fe8b0fbf365a53b36446c49647627af5e63d851a433c54ca2aaac671977Scammer address (B) then created pair QWCF/USDT investing 50k $USDT.When the community invested in this project the scammer addresses (E. F. G) dumped the token price. swapping $QWCF to $USDT. Eample transactions:1)  https://bscscan.com/t/0baf9a5fb5207fb9bc544371dc171255cf45db1bec849f38ae9e2ba71f0db87ef2)  https://bscscan.com/t/00e17a0a9fbb0da8f078724250e0e6b2861820bd4521ad976f6626a9c96939b813)  https://bscscan.com/t/011063b75751c9191f401b14738ff25a2b167f54bd6c6d00a9cfe893122d9137e Block Data ReferenceInvolved address:- Scammer address (A):  https://bscscan.com/address/0b3f0c93a589a808901705e2e222b01a28a7e505f- Scammer address (B). pair creator:  https://bscscan.com/address/014065880fed5d61ed1895ba829c543ebb571f347- Scammer address (C):  https://bscscan.com/address/079f6f2210ce5e21edc3526b33aaa82547b53ac58- Scammer address (E):  https://bscscan.com/address/075581496d2c0f2f27d13d4ea6d54f4f76d448bab- Scammer address (F):  https://bscscan.com/address/0e0bc795f5022673b807ecb42b086825e1605cc4e- Scammer address (G):  https://bscscan.com/address/0e3ec3aa20d863e0d523f4bb8ba00d5305f1c6709081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b,2022-08-29 0:00,2022,27000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1043,Web3Memes,REKT,https://de.fi/rekt-database/web3memes,,,(1) https://www.coindesk.com/tech/2022/02/23/web3memes-rugs-235k-from-investors-five-hours-after-issuance-peckshield/ (2) https://twitter.com/PeckShieldAlert/status/1496346288002334720?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1496346288002334720%7Ctwgr%5E1048d61cfd6cf16b75c98de18ff2aee536897765%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.coindesk.com%2Ftech%2F2022%2F02%2F23%2Fweb3memes-rugs-235k-from-investors-five-hours-after-issuance-peckshield%2F,,The contract deployer added liquidity at: https://bscscan.com/t/0ea56cfd5a3dca95c2204bc91be315f1e5a9d6cd465152220ffea8873c1f00b58 The liquidity was removed by the contract deployer: https://bscscan.com/t/05dce841c49d2ae1e7baf4534022f9cbc76d2fed2f1e36ecb6ed693f3198e6de0,2022-02-23 0:00,2022,27699,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
956,ProjectX,REKT,https://de.fi/rekt-database/projectx,,,PXT $0.03836 / Project X Token / WAVAX on Avalanche / Trader Joe / DEX Screener,,Quick SummaryProject has been Rug pull scamed by the token creator. The token creator minted 1M $PT tokens which were distributed among several addresses that dumped the token price taking profits of ~$28K. Details of the exploitProject was a nodes as a service project promising passive income to its holders.&nbsp;The creator of the contract. deployed the token contract into the network and minted himself 1M $PT ( https://snowtrace.io/t/0f9cb648f4243b2796f77be3deae5c692e1f1f27c848ed759e7c186573a299dd5).&nbsp;Then. 1M$PT tokens were sent to the scam address (B) in this transaction ( https://snowtrace.io/t/007ca84475a6d999128625c5fa102e084cbb961d543b5182e7ebeb0bae047ea97)The team opened a liquidity pool on Trader Joe. where the liquidity with a profit of 584 $WAVA was ultimately removed&nbsp;( https://snowtrace.io/t/0c674da82fc0814a8209448404d3757897837ba688e56b1e2a3d433b93248d4b9).At the time of this writing funds are partly located at this address > https://snowtrace.io/address/09c02ac147096ed92a53d9dca3fd04b4b001151fa). &nbsp;The scammer address (D) received 500K $PT tokens from scammer address (C). and swapped the tokens to 911.21 $WAVA in these two transactions:1)  https://snowtrace.io/t/0177a8060163f2b6021cef2c17baf5fe42fe995e26b38d6d4ab012576517568262)  https://snowtrace.io/t/0283d99a5f9d6a46629467900886a92cd291c03987b091dbe852b9640e79e7e3a Block Data ReferenceToken contract address:  https://snowtrace.io/address/09adcbba4b79ee5285e891512b44706f41f14cafdToken creator address:  https://snowtrace.io/address/09dc72782deac4cf25e8319b9ffc1f689f5bf67fd Scammer addresses:1)  https://snowtrace.io/address/09dc72782deac4cf25e8319b9ffc1f689f5bf67fd2)  https://snowtrace.io/address/019c7798a756e353f6585302b8cb71fd31dea83af3) &nbsp; https://snowtrace.io/address/0adbf6ee98f86d5c234d60662639d0c067818294e4)  https://snowtrace.io/address/09c02ac147096ed92a53d9dca3fd04b4b001151fa Involved address:  https://snowtrace.io/address/ 0FbB3A79B276fE81719f24E96b78DfcEa7DCA3987,2022-07-07 0:00,2022,28247,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Dapp,P
813,Dragonswap,REKT,https://de.fi/rekt-database/dragonswap,,,Telegram: Contact @rugsteemer,,The exit scam was performed during the pre/sale event. The project announced the pre/sale in this post:  https://archive.ph/z57Ow  In total. the address 0c35feddc3d5005d16fa0b081e381bb21c8c30683 has raised 176 BNB tokens. 35 BNB tokens were added to the initial liquidity at:  https://bscscan.com/t/0b60da2e0a474f990c0ae8180af5c8671a042531c85c397e13e3753e1a8cba9e1  The rest was distributed between unknown External wallets. which can be verified with the following token flow:  https://eplorer.bitquery.io/bsc/address/0c35feddc3d5005d16fa0b081e381bb21c8c30683/graph  LP tokens and the project tokens were burnt in order to destruct the liquidity:  https://bscscan.com/t/075b09ef6530a6b81ca345bf714e719d97e92103a799d82faf5bdf171ee5a90fa  https://bscscan.com/t/066392a85d74752ebdd20e956de81d618640198d931061518cf966ca7e2deae7d,2021-03-16 0:00,2021,28710,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Exchange,P
972,RETAWATCH,REKT,https://de.fi/rekt-database/retawatch,,,https://web.archive.org/web/20220714102847/https://twitter.com/PeckShieldAlert/status/1547436415738609664,,Quick Summary The $RTW token has been Rug pull scamed by the contract creator. The contract creator sent 15M $RTW to the scammer address (B) who created a liquidity pool between $BNB and $BUSD. When the price of the token appreciated. the scammer took profits.  Details of the exploitThe contract creator deployed the contract to the network and verified its source code. Then he sent 15M $RTW tokens to scammer address (B). which created a liquidity pool between tokens such as $BNB and $BUSD. In total. the value of the pool was approimately $16.8K.&nbsp;Liquidity creation with $BUSD:  https://bscscan.com/t/01b7df8869b89ca56a2d8099e9571b49b0ff9365f2d6d170de0290adfe5d351b9Liquidity creations with $BNB:  https://bscscan.com/t/0ab1311a612f6db0802f707847970f7a010a217b8d5e3926483fc9ced514c516bAfter the pool was created. the deployer began distributing tokens between accounts artificially created by the team that took up this project to create a fake distribution of tokens between accounts. here is an eample addresses:1)  https://bscscan.com/address/0f04fc8f792c4fb57d838e3f356a500bafb0007c42)  https://bscscan.com/address/01232ca2ec69288b1c1e0496a3c3022ca6ef9929e3)  https://bscscan.com/address/0fccd8eff2e66010796b63ca77ddf42c74bb95dfe Scammer address (B) removed the liquidity several times. taking profit. of $3.7K.Remove liquidity transactions:1)  https://bscscan.com/t/0219bae11a712ba8a6f31022c47dc55d9c10b9d9e613ee9c3e077f751be6935432)  https://bscscan.com/t/09c0b9854cd54cee54128be8ed64a7ab22c577e045c933535f0ef244f6f9700df3)  https://bscscan.com/t/01132159cdf4ae2ec1af006985bf3a173d6d63151df2d0889e29ad2da16b2edadThe contract creator then sent 20M tokens to &nbsp;scammer address (C) in this transaction: https://bscscan.com/t/01f61d9216cb7bb94f36dc756e2f638c1c80c78d4540b0e540b6dff9cf420bb76The tokens received by scammer address(C) were exchanged for 96.5 $BNB via PancakeSwap:&nbsp; https://bscscan.com/address/0d18e87e3d37d291b861193b280085c5f6638322aThen 25 $BNB was sent to scammer address (D) in this transaction:&nbsp; https://bscscan.com/t/07bdcb62bfb7b2cf8447cc6a5dca8f9328ecf3ee1a282e587ce4576fae2291711Scammer addresses (E) and (F) swapped tokens for BUSD:Scammer address (E) transaction:  https://bscscan.com/t/078f785033f5f0f05acf9b8d59c0f29e040905b8f20dc93366a653e41e8893fd9Scammer address (F) transaction:  https://bscscan.com/t/0f7b329e7c02946256d2c8b62d92ba6529525422b26eff83e28c71cea1fd68337 Block Data ReferenceScammer account addresses:&nbsp;1)  https://bscscan.com/address/094ba905729b3f1e776f4183766341fc78a3f5a5a2)  https://bscscan.com/address/0d18e87e3d37d291b861193b280085c5f6638322a3)  https://bscscan.com/address/0c39e6417f10a8d365d59ea2148c15712b2120d754)  https://bscscan.com/address/0f5d2e7d1a9d86069eb5635db516782f57ea653ef5)  https://bscscan.com/address/0bf0b5accfac2cdcf2a41f010edda9b5c2a395dcb6)  https://bscscan.com/address/0829d223530b91095caf4ebf2382eaefff3be5f1f Contract creation transaction:  https://bscscan.com/t/084abb3f01790a2cd2f899aca5699d573381d6b3d80e172c64e00dee98c969709,2022-07-13 0:00,2022,29069,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
482,Cocos-BCX,SlowMist,,https://hacked.slowmist.io/search/,,https://cocosbcx.medium.com/announcement-of-the-cocos-buyback-272be617ae57,https://cryptobriefing.com/bsc-ethereum-defi-projects-hit-14-4m-hack/, Cocos/BC has verified with the exchange conducted internal investigations and concluded that asset loss and malicious selling that occurred are due to the malicious theft of the mapping wallet information. After verifying and confirming with the exchange  the total amount of stolen tokens this time was 1 087 522 819.2 COCOS  and the exchange confirmed that this total amount has been sold.,2020-04-03 0:00,2020,29384.87,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
801,DiceSwap,REKT,https://de.fi/rekt-database/diceswap,,,https://de.fi/rekt-database/diceswap,,"The Master Chef contract contains hidden functionality under the set() function. which was invoked multiple times by the contract deployer at:
https://eplorer.bitquery.io/bsc/ts/calls?internal=false&contract=008eee9c8d38804dcba77e66aab0deb5064c21370&method=d9638422

Calling set() function led to the LP tokens and native tokens transfer onto the External wallet. eample transaction:
https://bscscan.com/t/06a16dd9fcc7c6ec3d563096269f9f70eac5edd7d4b1a5ec1509fac62de3ecbf6

The liquidity was removed by the External wallet multiple times",2021-03-10 0:00,2021,29780,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1029,Unidark,REKT,https://de.fi/rekt-database/unidark,,,https://de.fi/rekt-database/unidark,,The project team announced an airdrop as well as a token sale. ,2020-10-08 0:00,2020,29887,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
656,TRUSTBET,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/71724.htm,,The attacker (panming12345) launched an attack on the EOS quiz game TRUSTBET game contract (trustbetgame) profiting a total of 11 501 EOS and then transferred the EOS obtained from the attack to the Huobideposit account in two times. The attacker took advantage of the replay attack vulnerability. This is a form of attack that first appeared in the early days of the EOS DApp ecosystem. Due to the serious flaws in the random lottery algorithm designed by the developer the attacker can use the contract vulnerabilities to draw the lottery repeatedly. Lower/level errors.,2018-12-19 0:00,2018,29988.85,Transaction attack,Replay attack,Technical vulnerability,Target,Dapp,P
112,Wiener DOGE,SlowMist,,https://hacked.slowmist.io/search/,,https://mp.weiin.qq.com/s/l6ES9gtYlclw59AF1whdg,, The Wiener DOGE project was exploited maliciously  causing $30 000 in damages. Attackers exploited the inconsistency between WDODGE's charging mechanism and swap pools to launch the attack. The root cause of the incident is that the sender's LP pair is not excluded from the transfer fee through the tightened token contract. As a result  the attacker is able to drain the deflationary tokens in the LP pair  which in turn causes the pair price to become unbalanced.,2022-04-24 0:00,2022,30000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
811,Doodled Dragons,REKT,https://de.fi/rekt-database/doodled_dragons,,,"(1) Doodled Dragons takes at least $30.000 after tweeting ""our charity will instead now be... my bank account"" (web3isgoinggreat.com). (2) https://twitter.com/gt3_btc/status/1479124552479346690?s=21",,NFT project Doodled Dragons after their fundraising event stated that they will donate $30.000 to WWF. After a few minutes. the person in charge of Doodled Dragons stated that their charity will instead be their personal bank account and deleted their Twitter account:  https://web.archive.org/web/20220106161228/ https://twitter.com/DoodledDragons_/status/1479123223543521282,2022-01-06 0:00,2022,30000,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,NFT,CA
1045,WOLF Protocol,REKT,https://de.fi/rekt-database/wolf_protocol,,,https://twitter.com/CaptainJackAPE/status/1352985427259473920,,Quick SummaryThe deployer of the WOLF Protocol exploited users by trapping liquidity providers through locking funds and minting $WFLP token to an EOA that was not blacklisted. This exploit netted the deployer appro. $30k in ill-gotten funds. Details of the exploitThe Wolf protocol promised to be a DeFi revolution offering staking and yield solutions on three different blockchains. The website boasted a fake team and a fake roadmap. The smart contract contained malicious rights that could only be invoked by the token deployer and enabled a centralized token balance modification. In simple terms. the token deployer could change the balance of any holder.The contract deployer added initial liquidity at: https://etherscan.io/t/028d4d2d427c2c18295bcdc92f95af81f1e5ba9de78072d0d08cf647625800bb1This made the token tradable. Within 11 days. the community noticed that the $WLFP could not be sold or withdrawn. The root of this can be found in this transaction. where the contract deployer locked liquidity: https://etherscan.io/t/04b4c05789728e2f0a1652e992c81af6b2b1a03685731b1b9f5cea41845872912 After users were trapped the contract deployer proceeded to invoke the <u>approveAndCall</u>() function. which included an External wallet and <u>addedValue&nbsp;</u>amount as the input data: https://etherscan.io/t/0a0dcdb89aefaf04ab17bf00ba028d5dc0ef763c61143eea137cd69eaff964401 After the External wallet received the enhancement in its token balance. the External wallet dumped $WLFP for $ETH34t: https://etherscan.io/t/054e39afc20e9884205e77a9bf81296f41ec3ad21815e449693834045f6b88593 Block Data ReferenceProject deployer https://etherscan.io/address/0871f91e2d25edcec66a5c03fe82178d55c1bbd34,2021-01-23 0:00,2021,30022,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,Yield,CP
938,NONAME,REKT,https://de.fi/rekt-database/noname,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #33 / NONAME $NONAME (0x09Ff2267EDA5F1e99db5b0dDd85555a7B46C76BB) Reason: Owner can mint unlimited tokens. Owner can set fees up to 100%. Likeliness of losing all funds: Very High DYOR. #WARONRUGS? #CryptoRedFlag #Presale… https://t.co/H54u7vn5fk"" (archive.ph)",,The contract deployer used the proy contract to mint tokens and send them onto his wallet at:  https://etherscan.io/t/0da6f43aff59f62d52aa620d61b5c0e401047fe8ac1adb7b361026957b30096d4  The contract deployer added initial liquidity at:  https://etherscan.io/t/003b4dcfa2fc4b002ecac89e3a50b60abd2e7205d07fd26f93201b170315c4c20  The contract deployer removed liquidity at:  https://etherscan.io/t/0fce75c9002848049fd486f00a133646a5f36889241fa2c667a63bbb908168715  The contract deployer has sold tokens at:  https://etherscan.io/t/004d42088d5e6fb33aa323d8dcdcef95162cdd427e06eded6d93f69445db9fe17  In addition. the project was holding a fundraising event. using NonameCrowdsale smart contract. The list of transactions. where the sale contract gathered ETH from investors:  https://bloy.info/ts/transfers_to/01a9f9c405574f0bde6f3c75651e6771a75a02f40?currency_id=1  The raised funds had the final recipient / the proy contract. which received ETH from the sale contract:  https://bloy.info/ts/transfers_from/01a9f9c405574f0bde6f3c75651e6771a75a02f40?currency_id=1  After. the proy contract distributed ETH into 2 External wallets at:  https://etherscan.io/t/057cf87452ed3bfa091ba9329df610b71cf62dc42334d2c707f82899385a31bdd  https://etherscan.io/t/0d494ea267e8fa433657672fe8c4b3273427e3095c64686da1fe2ac95b9f25bc1,2021-02-15 0:00,2021,30120,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
648,Dice3D,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/68308.htm,,Similar to the previous attack on EOS.WIN on November 11 multiple contract accounts were used to send transaction requests at the same time and the front feint account was used to implement small bets. After ensuring a higher probability for the main attack account increase the betting amount. And then get high bonuses.,2018-12-01 0:00,2018,30967.17,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
1059,Apollo Swap,REKT,https://de.fi/rekt-database/apollo_swap,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $APOLLO (ApolloSwap) 0xaae57e4d862b10b3037b67ffc28cbf1083a08db7 CAN NOT SELL"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer removed initial liquidity at:  https://etherscan.io/tx/0x0278983fcc2302722708ff25a99e891bd215bd3277db59fa530c0d880cd5559b,2020-12-06 0:00,2020,31056,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
929,n00dleswap,REKT,https://de.fi/rekt-database/n00dleswap,,,"BlockSec sur Twitter : ""Looks @n00dleSwap has an ERC777/based reentrancy issue and is being attacked. causing a loss of $29K. https://t.co/sV7U5ZNC8g https://t.co/ANQhOyUeek"" / Twitter",,Quick Summaryn00dleswap was exploited via a reentrancy attack. The attacker took 20 $ETH using a malicious smart contract. Details of the exploitn00dleswap is an NFT DE on the Ethereum chain. The projectsERC777/based smart contract was hacked via a reentrancy attack. The hacker stole 31.096 $USD worth of $ETH. All the stolen amount remains at the attackersoriginal address at the moment. Block Data ReferenceAttacker address: https://etherscan.io/address/08ca72f46056d85db271dd305f6944f32a9870ff0 Malicious contract: https://etherscan.io/address/09c5a2a6431523fbbc648fb83137a20a2c1789c56 Malicious transaction: https://etherscan.io/t/08037b3dc0bf9d5d396c10506824096afb8125ea96ada011d35faa89fa3893aea,2022-10-25 0:00,2022,31096,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Exchange,P
968,Reaper Finance,REKT,https://de.fi/rekt-database/reaper_finance,,,https://twitter.com/CaptainJackAPE/status/1336096356465692672,,The contract deployer minted tokens onto his wallet:  https://etherscan.io/t/00a159a37c2e72014209033496cca2ed7ac43e486bdded4ba98ae8c5e3f1e81f1  Project tokens were distributed between different External wallets in the following transactions:  https://etherscan.io/t/062257b4152a800543c26eebd7be4cd8bc4b509d887915ec0f9bae448c5111efe  https://etherscan.io/t/00b169173716247129ab7f25e1859957f51c36c75d4191087df01ed2259199b98  https://etherscan.io/t/07a0a0a61b54ca8fff839588a51a19f819e3eac61e6e419c49068aad6d614987c  https://etherscan.io/t/06a8e9df1d3b193719fc5bf757fc7778ff006029f4a1dd12bc5fb7e24c2b06910  https://etherscan.io/t/0d068f9dcf5bca56d72017bd168648d41f4d6d774b520466ea604600a261967c9  https://etherscan.io/t/06312dc7420d05f07a0c46377982fc5306e10dd0eeca14f23f71047fe9be8cfde  Second minting invoked by the contract deployer:  https://etherscan.io/t/0bb0973ad03bffb5432b32861ebc5470f2c6fa30b2d499c0579019b5aa337b5e2  Addresses. which received tokens. started to sell them after the initial liquidity was added:  https://etherscan.io/address/07b8c48a2bc40ce9818366c9387e52809abd16575#tokentns  https://etherscan.io/address/034e11efcda6e1b700cbb262a1b26df6dc69c92f7#tokentns  https://etherscan.io/address/0f466c2b2d9a06a618ddcb3b628fb4caf360c0447#tokentns,2020-12-07 0:00,2020,31237,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
259,My Farm Pet,REKT and SlowMist,https://de.fi/rekt-database/my_farm_pet,https://hacked.slowmist.io/search/,,(1) https://www.tuoniao.com/news/p/517619.html. (2) https://www.certik.com/resources/blog/5MitXi5L6hexTouIjOkHRH/revisiting/the/my/farm/pet/flashloan,," My Farm Pet was suspected of being attacked by lightning loans and today fell 79.86%. REKT: Quick Summary
A flashloan attack was made on the My Farm Pet project with a profit of $31k gained by the attacker

Details of the Exploit
My farm pet is a blockchain farming game. where anyone can buy and own virtual farms.
The attacker created a contract in which there was a flashloan function to perform arbitration on the marketplace between versions V2 and V3. The attacker used 340k $BUSD to exchange for 22k $MYFARMPET. of which 1k were used to buy 70k $ChickenFood on My Farm Pets Marketplace V2. The contract then exchanged 21k $MYFARMPET tokens for 337k$BUSD. thereby increasing the pool on PancakeSwap. and exchanged 70k $ChickenFood on the V3 market for 34k $BUSD. Then. when the deposit of 340k was repaid. the attacker received a net profit of 31k $BUSD.
",2021-10-06 0:00,2021,31410,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Dapp,P
1060,AutoTrade Finance,REKT,https://de.fi/rekt-database/autotrade_finance,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""https://t.co/BuOJkvEGHJ $ATFi Contract Sneak Peek Transfer function: transfer has following modifiers added: ['onlyNotBanned'] It may mean the transfers/sells are restricted.Owner (0x911530C670aff10A2cF887a9665086C9d358cE91) is ordinary ethereum address. Devs please explain?… https://t.co/IV7Qrqj9EU"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xf1ff8ff954e134f87f372e1928d68b4efb795efaebbebddc30fd6e00c8ea7097  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0xf14a3c326b7bd11f405451e66a7d0f893676013e58d58d6f94ca1895e958d0fa,2020-12-10 0:00,2020,31797,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1084,Nemo Finance,REKT,https://de.fi/rekt-database/nemo_finance,,,"bLd v7.59 sur Twitter : ""??Scam https://t.co/rWiWGFJkkt Contract has unlimited mint function. total supply already overrided by 300%. don’t buy this shit https://t.co/RNOt5oJk1f https://t.co/AKF2HTTMuP"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xda2135fc0ef6e4155ee8d530adef4da575669b5a14644b49567a4b939c7fc09a  The contract deployer used hidden minting functionality under the <u>addWork</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/tx/0xfb01497702289fb12f0c3439683380962f57b918a65620bcf42ee8cc919bacba  The minted tokens were sold by the contract deployer:  https://etherscan.io/tx/0x74f351d33e676312cfe7724e21d75e6f4ed1020363ea4ae24c9e4ffb5e690dd0  https://etherscan.io/tx/0x579aacf1b5acc4aeaf61dc78a1ab3a0954ba6523b6d46ec6b573525f37e533ea  https://etherscan.io/tx/0x230f8d19f82d377c410ee747f9f10b2fe38ecfdb29a944a36b1aa0c47ce12178  https://etherscan.io/tx/0x95fb7e014729bcc34de6941ad45761a371ee3ef140a078b3f5f45139f45df5bc  The stolen funds were transferred to the external wallet:  https://etherscan.io/tx/0x6989211cdd75fd794a12cc7349626ee956b10ea6fbee3737dc5227d2cd862122,2020-10-26 0:00,2020,31797,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
928,MTI Finance,REKT,https://de.fi/rekt-database/mti_finance,,,"#WARONRUGS? on Twitter: ""#AnotherOne $MTI Finance where the contract was clearly mintable and the scammer minted today a huge amount of tokens to drain the liquidity. We unfortunately didn't know about this token. Feel free to jump in our group and tell us about your token. we might not know about it!… https://t.co/q5ZLAGdB1s"" (archive.ph)",,The contract deployer invoked <u>mint</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/048d8abe1c4334d918b832551ee5255e30da8caeb3fe18294dbfc9f41aa511d7e  The contract deployer started echanging minted tokens on ETH:  https://bloy.info/ts/references_address/098367e3a97dc712375db09f909c123bf5b8ea42f?argument=to&amp;signature_id=1117797  Following that. he transferred 66 ETH to the External wallet:  https://etherscan.io/t/0afdc724954a194172a34b9e89ef657ca5c7b9d189fbfa45424943f90267d38d9  The External wallet deposited funds to the KuCoin exchange wallet:  https://etherscan.io/t/05b4798e8157581d311076987216866464f7b8492c1f35f23e953e7c9fbb7906d,2020-11-19 0:00,2020,32065,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
891,KHABY Fan Token,REKT,https://de.fi/rekt-database/khaby_fan_token,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a price #slippage on a copycat KHABY Fan Token (KFT). Contract bsc: 0xe1e17b24f32Cfe85a3C1aB63f14082D70592f6eE which has dropped 100 %. Not to be confused with other projects of a similar name! Stay vigilant! https://t.co/IfAAae57ac"" / Twitter",,Quick SummaryKHABY Fan Token was Rug pull scamed for 32.814 $USD. Liquidity was removed by the token deployer. Details of the exploitKHABY Fan Token is BEP20 token trading on PancakeSwap and can tbe confused with other tokens with the same name and symbol. The token deployer added liquidity for 250 $WBNB and after some period removed 373 $WBNB from the pool. which caused the $KFT token price to drop by 100%. The stolen funds were transferred to another EOA address. Block Data ReferenceScammer address: https://bscscan.com/address/0acc1e2d394c0f599b7bab0077733c90cc02f832c Liquidity removal transaction: https://bscscan.com/t/0b1f52dc5410536cf84eb99998abfa50890e0d2718dde621432eeded1ba9b484a,2022-10-12 0:00,2022,32814,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
921,MinterPro,REKT,https://de.fi/rekt-database/minterpro,,,x,,The contract deployer added initial liquidity multiple times. the eample transactions:  https://www.bscscan.com/t/054a8d82b0eb00460a3117a866c08eb222d18e84ee393f7c20a8e9204bf16bc8c  https://www.bscscan.com/t/0c80a76fae45c00c6f25a436ed7a215a8268e12447d3e6e5b4b72394b2d9aa0fe  The contract deployer invoked <u>mint</u>() function to generate new tokens onto his wallet multiple times. the eample transactions:  https://www.bscscan.com/t/0c6e84deda1ae852a952d9405bacb2cf4fe5a4eccb4b8c5c19af82cbf559f1685  https://www.bscscan.com/t/0f893cc5bfa4680b3e4732ede4146ad77e56df1db7138f1096ff3551322ff93df  https://www.bscscan.com/t/05468bd8ccb0176b812d8654091333475def3607379182f3b32d0b619599af91f  The minted tokens were sold multiple times by the contract deployer:  https://www.bscscan.com/tokentns?a=07f659509897bb7b3cefada050bbe6ffb50a3c981&amp;p=2  The liquidity was removed multiple times as well. the eample transaction:  https://www.bscscan.com/t/035ce29dc40d89b64a005f7fd1f97af24de52faeaeb67920ad8488d32e24ba660  The stolen funds were bridged to the Binance Chain via BSC: Token Hub by the contract deployer at:  https://www.bscscan.com/t/065b0f544716da8772f0afba7675d462c46fd3384ca40dbee96ec22319f71ecf4  https://www.bscscan.com/t/01dc038a8f26e653b402530da31b46cbd34a4bda7a23164cd36d2131be04c86e3  https://www.bscscan.com/t/00d6dbde0f5a682de2fda82da66767a81bc52f8fcdafb8adba18f3df0a30a370a  https://www.bscscan.com/t/0d88dcf0cc50544929090044e11d62019a7b61cba4e09e2a45a1bec8c41071d97  https://www.bscscan.com/t/04b9e5893c5745ecfcf83bcd87953f13b00adaa97479e77570503e58d59f0c76c  https://www.bscscan.com/t/083d2edfb13019db7f7b9088cea30ff26fed38023e3209e67a65d6566ce092d06  https://www.bscscan.com/t/0f2e467f2823d1432c76129a873835a0f50f6173709ae8e903d08f56ad578e955  https://www.bscscan.com/t/07e25ad9dbf1bdc3a5972faf440300a28e4a20a8e9aa4d9bed87a64c3eaa10de0  https://www.bscscan.com/t/0b3676b600415aa90977197e3f61a7a8343e0a87e8315064188646d73d5f552fd  https://www.bscscan.com/t/02c578e1060d07ca72226216682289a7b75c8ab1fbe4b762d988ebff4d2bf3eca  https://www.bscscan.com/t/02255b828daaf83b4c0d7b786cea2c44137966a9bca676184927e6d2178a1f800,2021-01-09 0:00,2021,33821,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
905,Loop X  Network,REKT,https://de.fi/rekt-database/loop_x__network,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing a rug pull on @LoopXnetwork which has dropped >80% BSC: 0xB3b361Ba28b1058f2dBDfBbB5Bb3B98cf46b4540 Stay vigilant https://t.co/3NV0JU1Ni0"" / Twitter (archive.org)",,Quick Summary The $LOOP token has been Rug pull scamed by the token creator for a profit of roughly $33k.<a data/boundary=>100 $BNB were invested; https://bscscan.com/t/09ab5eeedf4b5a4df3c3785de2fa8af82a9d70cd7f59eb8b138c1cb0f49a42378Immediately after the pair was created. the token creator sent $LOOP to other addresses that interacted with the pair by trading $LOOP on PancakeSwap. Eample transfer transactions:1)  https://bscscan.com/t/0b78c933205aeddae90fc35eb0a7f94d1915699a55ea4d90bb84a48235d72ecf32)  https://bscscan.com/t/045021f967a8635d0ca72bb42e9d43e862e5ad20ede80834eea123f651c1a8daf3)  https://bscscan.com/t/04bee5c96e463e7ffe6f0d63fa5a2bab6b92a5b232e1ca3f358c3214594251afcThe addresses that received the tokens. after they made a profit from the exchanges. sent the tokens to the scammer address (B):1)  https://bscscan.com/t/016642cf5c77c033d616f78ee429e362b8dca9ba751fe7bf564bd254b57bbcb912)  https://bscscan.com/t/04a885d158940cee2620ed6a610d00fa01af83728ebbadcacb6efdf1efb96ffd03)  https://bscscan.com/t/0b363e7ae71dc87d9628c459efc9b8ebf4ae071d031cd6ec0a67f20da8fe7cd184)  https://bscscan.com/t/02286ec7c3e3aafa7c43de6730fa518cc44cb30a82ea63d3d2c6f1b4a221ede5e As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceInvolved addresses:Token creator. scammer address(A):  https://bscscan.com/address/026c7e7ecc550ea0a9f189e53a4328eda68d032edScammer address (B):  https://bscscan.com/address/026c7e7ecc550ea0a9f189e53a4328eda68d032ed Transactions:Withdrawing transaction through the BSC: Token Hub:  https://bscscan.com/t/02286ec7c3e3aafa7c43de6730fa518cc44cb30a82ea63d3d2c6f1b4a221ede5e Cross chain package link:  https://eplorer.bnbchain.org/t/52491A8ADE2F9FCD6D4B28726F041A9B3AFBCE99D45AB8B0DF2B3E765180CDEE,2022-07-19 0:00,2022,33902,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1052,Yearnspace,REKT,https://de.fi/rekt-database/yearnspace,,,https://archive.ph/wJdWM,,The contract deployer had permission to mint tokens as he added himself to the list of minters by invoking <u>addMinter</u> function: https://etherscan.io/t/0b3b881552cbf8c89e7b04bf3aea30a6a6cb1f1af284e11aab57c8e7ec8e4583f The owner called the mint function twice at the following transactions: https://etherscan.io/t/0aa5b1712a1ac562b0f240caf744f4c04909de295e40c8affca108a1079d29eeb https://etherscan.io/t/095aac0cc7bf28a33dcdc9cd4cbbbe761e946cbff3fb241ab2aedcd5fe8b34183 The total supply was increased by 15.000 YFS tokens. The owner obtained the YFS tokens and started echanging them for ETH. having conducted a total of 38 transactions. The contract deployer stole 58 ETH and split this amount among some External wallets. The website is down and the Twitter account is deleted.,2020-12-01 0:00,2020,33988,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,Yield,CP
868,Holy Trinity,REKT,https://de.fi/rekt-database/holy_trinity,,,"RD Labs (Previously Rug Detectives) sur Twitter : ""Warning / Holy Trinity $HOLY (0xC606B9Ac3DC335aBA427011547a4211c298cA5E4) Concerns: Only tokens (not a dollar amount) are locked with @UNCX_token for another 25 days. Very short sighted and no real risk for the dev. #RUGDETECTIVES https://t.co/idXVwfXExt"" / Twitter",,The project was holding a presale event using a separate smart contract.The gathered funds were transferred to the contract deployersaddress:  https://etherscan.io/t/07ca1d8080d93e2edd1dd1babe0adcdd89dd1e0d32d569c6c4721e6a8aa86d9cf  The contract deployer added initial liquidity using funds from the presale at:  https://etherscan.io/t/0afffdf48bf3fb1a5df7907af0c4a2e76adb235fe813e7f2f1b7c5f5e986c28a8  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/09678b04e36388e9937f2145dc78e8431aeebdf9d72f9b56b41d3fc319e0d1e5b  https://etherscan.io/t/06803017709a7e38b215deffd9e60d09707b7275a080324b5313b23a5daad4bcc,2020-01-17 0:00,2020,34122,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
1085,OKO TOKEN,REKT,https://de.fi/rekt-database/oko_token,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $OKO (OKO TOKEN) 0x03f3acb1193f1b7fa6a0a0192c45ac82f667499c CAN NOT SELL"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer removed initial liquidity at:  https://etherscan.io/tx/0x62cfe1921204c19f3370262efb6b348f6dca72b1742b7ab1cf77064ac5dd63a7,2020-12-07 0:00,2020,34283,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
876,Hype Bet,REKT,https://de.fi/rekt-database/hype_bet,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $Hype.Bet. real one still presale 0xf6bcf98ebe20ab7b68b3d703652e0029115b4a7a"" / Twitter",,The contract deployer added initial liquidity at:  https://etherscan.io/t/00010c4e051c9f0d29e4cb9a3da608c26c02cd0cc7a2084910675f407ab2124bf  Liquidity was removed at:  https://etherscan.io/t/0d2492fe524213eb095b91c89d7230a448e3a7dc2ff1722b24105a1ad2b08a76d,2020-11-29 0:00,2020,34703,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
993,Skate Metaverse,REKT,https://de.fi/rekt-database/skate_metaverse,,,https://web.archive.org/web/20220701134634/https://twitter.com/PeckShieldAlert/status/1542038360243707904,,Quick Summary The $SMC token has been rugpulled by the token creator. The creator of the token exchanged 10m of $SMC tokens for $BNB via PancakeSwap and  then proceeded to launder  ~530 $BNB through the Tornado.cash of which ~158 $BNB were identified as stolen.,2022-06-29 0:00,2022,34721,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
900,LGT,REKT,https://de.fi/rekt-database/lgt,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an #exitscam on copycat project LGT (LGT). Approx. ~35k was lost &amp; &gt;95% slippage. The funds are in 0x1ed5... bsc:0xd21d53fa113dd5769aa1b603c296d6ae15d0044a Disclaimer: Not to be confused with other projects with the same name. Stay safe! https://t.co/yVZuIZJTl5"" / Twitter",,Quick SummaryLGT project was Rug pull scamed for 35.320 $USD. An EOA address drained liquidity from the pool using $LGT tokens received from the initial token holder. Details of the exploitLGT is a BEP20 token trading on PancakeSwap. The initial token holder sent 500.000.000 $LGT tokens to an EOA address. which drained liquidity from the Pancake pool for 35.320 $USD. The funds were transferred to another EOA address after an incident. Block Data ReferenceScammer address: https://bscscan.com/address/0e36f1501aef1de01655775b99bc2fa39babe2ef9 Token holder: https://bscscan.com/address/0f975b22de5b2ee27043729f3cdd35fbb51eede0d Transfer token transaction: https://bscscan.com/t/063bb6386d928c42bda87e3b4e97d0f691511ef0e7eec01b899133c6a7f2cf3d5 Liquidity drain transactions: https://bscscan.com/token/055d398326f99059ff775485246999027b3197955?a=0e36f1501aef1de01655775b99bc2fa39babe2ef9,2022-10-12 0:00,2022,35230,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1000,Solv3 network,REKT,https://de.fi/rekt-database/solv3_network,,,(1) https://twitter.com/CaptainJackAPE/status/1333763421003608064 (2) https://twitter.com/CryptoEpert101/status/1333128228383436805,,The contract deployer minted tokens onto his wallet:  https://etherscan.io/t/0b5fd23d5ddfa8e4d7464482d6fd289fea505da628c2ac9458a2ffd89e97a0f9c  The initial liquidity was added by the contract deployed at:  https://etherscan.io/t/0542e51040d162293034ab2856e99dbe62cb686d9f26b31504759a5725976fcaf  The contract deployer removed liquidity at:  https://etherscan.io/t/0365322fa50acc5a891134d90e96971b8a55f211e1d0d8f6ff8396a187f633c84,2020-12-02 0:00,2020,35643,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
17,EGD Finance,SlowMist,,https://hacked.slowmist.io/search/,,https://www.panewslab.com/zh/articledetails/t3k6b3m6.html,, According to SlowMist  the EGD Finance project on BSC was attacked by hackers  resulting in the unxepected withdrawal of funds from its pool. The SlowMist security team analyzed this and said that this incident was because the price/feeding mechanism for calculating rewards when EGD Finance's contracts obtained rewards was too simple  resulting in the token price being manipulated by flash loans for profit.,2022-08-08 0:00,2022,36002.7,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
122,Metaconz,SlowMist,,https://hacked.slowmist.io/search/,,Security Incidents in April / InsurAce.io Blog,, The developer of Klaytn/based NFT project Metaconz tweeted that a malicious bot was installed on the administrator account of Metaconz's Discord overseas team on Saturday  causing 79 users to lose 11.9 ETH (about $36 000)  the team said. It promised to compensate all losses  and 53 users have so far been compensated. In addition  the developer reminded that if the user eecutes the setApprovalForAll function in Etherscan  please transfer the wallet unconditionally. Therefore  in this attack  the hacker used this function to deprive the victim of the wallet permission.,2022-04-16 0:00,2022,36279.35,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
943,Orbit Swap,REKT,https://de.fi/rekt-database/orbit_swap,,,"Cryptocrat / (Telegram Moderator par excellence) sur Twitter : ""Rugs this week on #BSC network: HYFT Finance Orbitswap Poz Finance Waffle (Dev dump) #BNB #pancakeswap #auto #busd"" / Twitter",,The contract deployer minted tokens onto his wallet:  https://bscscan.com/t/026313743e6f49cb2b4b7e15b22770aec0d9886cd85ff0b7e27e86e670f59d30d  The initial liquidity was added by the contract deployer at:  https://bscscan.com/t/0e57802a363b94375d9f1f0baad663ac853bf695309ccbeae5742c43a8db4ba9c  The contract deployer has sold tokens in multiple transactions:  https://bscscan.com/tokentns?a=0dd313329d0238325b96cf1b2e06efcb1fb1c77bf  Liquidity was removed by the contract deployer at:  https://bscscan.com/t/032b63293ea0a32895ade98e16a1bf12d8e313c8357464218b534c4130af1d229,2021-02-08 0:00,2021,36441,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
902,LiveArtX,REKT,https://de.fi/rekt-database/liveartx,,,(1) https://archive.ph/JbSQd. (2) https://archive.ph/RxaVL. (3) https://archive.ph/mnOoA,https://www.coindesk.com/tech/2022/10/17/liveartxs-seven-treasuries-nft-collection-stolen-exploiter-breaks-floor-price/. https://nftplazas.com/liveartx-wallet-compromised/,Quick Summary LiveArt NFT projectswallet was compromised. The value of the Seven Treasures NFT dropped by more than 80%. Details of the exploitLiveArt is an NFT marketplace. The project experienced a private key compromise on one of the project wallets. The price of the Seven Treasures NFT collection dropped by more than 80% in 24 hours. 36.743 $USD worth of assets were stolen from the victimswallet.,2022-10-17 0:00,2022,36743,Undetermined,Accessing private keys/data,Undetermined,Target,NFT,CA
911,Mars Farm,REKT,https://de.fi/rekt-database/mars_farm,,,x,,The contract deployer minted tokens onto his wallet at:  https://bscscan.com/t/0152671f89b7d42fe59b52bd602f757bc55c36d749bb22dec9bcb8503909b1c7b  The contract deployer added initial liquidity at:  https://bscscan.com/t/052037a40a612d1fd259daa937d0f260ee7f37d21410aefdee48c889c71d4b475  Liquidity was removed by the contract deployer at:  https://bscscan.com/t/0b74338b1d2e30a40a80748c6a9e4249c13082b5ba8ae6aea4a439801844ad986,2021-03-04 0:00,2021,37645,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Lending,P
628,SpankChain,SlowMist,,https://hacked.slowmist.io/search/,,(1) http://dy.163.com/v2/article/detail/DTN9R2MA0519U3I5.html (2)  https://medium.com/spankchain/we-got-spanked-what-we-know-so-far-d5ed3a0f38fe,,The attacker created a malicious contract masquerading as an ERC20 token and the &quot transfer&quot function re/invokes the payment channel contract repeatedly each time ehausting some ETH.,2018-10-08 0:00,2018,37668.6,Contract vulnerability,Reentrancy,Technical vulnerability,Target,FT,CA
1072,Galaxy DeFi,REKT,https://de.fi/rekt-database/galaxy_defi,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #100 - Cake Lock $LOCK (0x5f3bb338aE09a5A15CEB3D0E9E5194B404b95A1b) Reason: This project is being run by serial scammer @Techwithyani. Likeliness of losing all funds: 50% of the presale is already gone. we recommend you to move out. DYOR. #WARONRUGS?… https://t.co/QABACS6yRe"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x4bb442addcdf8b0dde549461afc2dc364fdc230b41212d600a3210f8df0eee36  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0xac70e946c5a2d688ff8e2c66d5033cbe6956b6b9ea3774409343e1aeaa5c7725,2021-01-12 0:00,2021,38798,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
311,DAO ventures,REKT and SlowMist,https://de.fi/rekt-database/dao_ventures,https://hacked.slowmist.io/search/,,(1) https://twitter.com/VenturesDao/status/1414536764941914119. (2) https://daoventuresco.medium.com/the/day/after/chainswap/exploit/our/action/plan/4a53a75a0c26,, According to official sources  the DeFi asset management platform DAO ventures was stolen 300 000 DVG tokens due to a loophole in the ChainSwap contract of the cross/chain asset bridge. DAOventures stated that it has taken snapshots of DVG holders and LPs before the attack  and stated that it will compensate the affected token holders. The DAOventures team stated that the user  s assets in DAOventures are safe. Before the compensation plan is announced  DAOventures reminds users not to purchase the DVG of the transaction for the time being and pay attention to the latest developments of the team. REKT: DAOventures has been using ChainSwap to move $DVG between Ethereum and Binance Smart Chain.  ChainSwap was exploited and a number of projects that partnered with them got affected. On DAOventures’ side. the hacker removed 300k $DVG worth $40k from ChainSwap and sold them on Uniswap.  The transactions the hackers have made:  https://etherscan.io/t/0348cfdb0817c0a7a6d3b17d0250ef2b72f24b2b7375e76a26f220910f3a1086c,2021-11-07 0:00,2021,39443,Contract vulnerability,Undetermined,Technical vulnerability,Target,Other systems,
1014,TheCatWorld,REKT,https://de.fi/rekt-database/thecatworld,,,(1) https://www.pinksale.finance/launchpad/0C2A65ef69Ae72BD2c66A4158516A61E3f1EF3cfd?chain=BSC (2) https://twitter.com/ThecatWorld,,The project was holding presale on the PinkSale platform:  https://www.pinksale.finance/#/launchpad/0C2A65ef69Ae72BD2c66A4158516A61E3f1EF3cfd?chain=BSC  The contract deployer withdrew liquidity from the sale contract:  https://bscscan.com/t/0be7eb82b44b5356d094fea2764f976cd550a6e72e1c14818b25d248a30c7e3d4,2022-03-03 0:00,2022,39471,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Dapp,P
471,DMM,SlowMist,,https://hacked.slowmist.io/search/,,"DMM DAO sur Twitter : ""During the $DMG public sale today. our telegram was unfortunately brigaded by malicious actors who impersonated the DMM Foundation with sole the intent of stealing funds We sent everyone who was scammed during the token sale the respective amount of DMG they should have gotten"" / Twitter",, The official DeFi money market agreement DMM Twitter said that during $DMG public sale today  its telegram was unfortunately brigaded by malicious actors who impersonated the DMM Foundation with sole the intent of stealing funds. After digging through the on/chain transactions to find those affected  the official sent a total of $40k worth of DMG to those affected at an exchange rate of $0.40 per DMG  hoping to make sure everyone who lost funds were made whole.,2020-06-22 0:00,2020,40000,Instant user deception,Social media compromission,Imitation,Intermediary,Dapp,
1136,Lottery Swap,REKT,https://de.fi/rekt-database/lottery_swap,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an #exitscam on project Lottery Swap (LOTTO) Bsc:0x605cfb514a2845902e17ed3c9416bd461e3f2e1b Which has dropped more than &gt;90%. Approx. ~$100K was taken. Disclaimer: Not to be confused with tokens &amp; symbols of similar name! Stay vigilant! https://t.co/oAAWupPoqW"" / Twitter",,"Quick Summary
Lottery Swap was rugpulled by the initial token holder. The scammer drained 82.646 $USD from the liquidity pool.

Details of the Exploit
Lottery Swap is a BEP20 token trading on PancakeSwap. The token deployer sent $LOTTO token to the multiple EOA addresses in the single transaction. Then one of the receivers drained the liquidity from PancakePool and gained 82.646 $USD. 40.000 $USD from the stolen funds were transferred to another EOA address. and the rest was used to add liquidity to the pool again. 

Block Data Reference
Scammer address:
https://bscscan.com/address/0x0812f45267784e74e87d5006e192f0942fd248a4

Token distribution transaction:
https://bscscan.com/tx/0x94432e289ecb202d942e9578f3d547eb42d4b7de8299b7a418e736ce1fccb4fc

Token transfer transaction:
https://bscscan.com/tx/0xc31da3121ea5172fbf8c28e15ee6736acc678906d42f9448a2a7d5044d3a794a",2022-11-07 0:00,2022,40000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1141,BXH,SlowMist,,https://hacked.slowmist.io/search/,,BXH suffered another flash loan attack. and the attackers profited 31794 USDT-News-ODAILY,,The TokenStakingPoolDelegate contract updated by BXH after the last attack suffered another flash loan attack. The contract lost 40.085 USDT. and the attacker made a profit of 31.794 USDT after paying off the flash loan fee. After analysis. this attack is caused by the use of getReserves() in the contract's getITokenBonusAmount function to obtain the instantaneous quotation. so that the attacker can make a profit by manipulating the quotation.,2022-09-28 0:00,2022,40082.99,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
1005,StarFinancial,REKT,https://de.fi/rekt-database/starfinancial,,,https://de.fi/rekt-database/starfinancial,,StarFinancial swapped contracts to a contract containing hard rug code. Changes are in function governanceRecoverUnsuported(). New contract address:  https://snowtrace.io/address/0e09e8c839e89deef3046a77fc9611f502e555788 Total rugged: $40.264,2022-05-31 0:00,2022,40264,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
909,Mango Inu,REKT,https://de.fi/rekt-database/mango_inu,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a #exitscam on project Mango INU (MNGO) ETH:0x335e14d18d8a903b782a39059dc35d61b94e1c1b Which has experienced #slippage of more than &gt;80%. The token was deployed by the Mango Market exploiter with ~$48.5K being taken. Stay vigilant! https://t.co/DCySTsoOE0"" / Twitter",,Quick SummaryMango Inu project was eit scammed which caused slippage of more than 80%. The scammer profited 40.388 $USD. Details of the exploitMango Inu is ERC20 token trading on UniSwap. $MNGO token dropped by more than 80% after Rug pull scam. The token deployer drained liquidity for 40.388 $DAI. There are multiple pools of the token which has more than 1 million $USD in liquidity.&nbsp; Block Data ReferenceScammer address: https://etherscan.io/address/0adbab4f38ff9dcd71886f43b148bcad4a3081fb9 Liquidity drain transaction: https://etherscan.io/t/0f7129622e7ebede9fb876e0a392aaf0b1a3f4831adca6afc093519f8d65f5384,2022-10-20 0:00,2022,40384,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
690,CryptoBatz,REKT,https://de.fi/rekt-database/cryptobatz,,,(1) Discord scammers go CryptoBatz phishing (malwarebytes.com). (2) https://www.theverge.com/2022/1/21/22895126/ozzy/osbourne/nft/scam/cryptobatz/hack/ethereum,,The discord server was breached by hackers who used a sophisticated webhook exploit to circumvent security. allowing them to post a fake minting link on the announcement channel.,2022-01-20 0:00,2022,40895,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
997,SLS,REKT,https://de.fi/rekt-database/sls,,,https://twitter.com/CertiKAlert/status/1576794058202271745,,SLS project's token GSLS lost the price by more than 85% after the token deployer-related EOA address drained liquidity. The scammer made a profit of 41.122 $USD.,2022-10-03 0:00,2022,41112,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
884,iProtocol,REKT,https://de.fi/rekt-database/iprotocol,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #51 / iProtocol $IYP (0xef7b1745C55D66a3941aD2a45329c5B2C0486e40) Reason: Contract has been backdoored to allow minting. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/XEDg7T0l2b"" (archive.ph)",,The contract deployer transferred tokens to the iProtocolPreSale smart contract. which gathered funds from the fundraising event and added initial liquidity at:  https://etherscan.io/t/0a109005b96aefb0229c1ff65abaf8403da48b91c6a466d939ed68c362122e893  The contract deployer used hidden minting functionality under the <u>increaseAllowance</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/00b5944f6ca0c3dda02295400bff665e322f7b0711f32e065891ff3c2f651ffba  The minted tokens were sold by the contract deployer in the following transactions:  https://etherscan.io/t/0cca01f5d4bd608e1be9a725431da3dc6dc18be99cd0ca5c89901c6b3c47e1018  https://etherscan.io/t/00403198fef64e9d1139f3480304dc8ddca72a81f3d011f55587c061a1a0cfffa  https://etherscan.io/t/0aeac86a70a2862030f63e2c5217337cbe2e02bb0cad5c48aad0a51d3cacc66e4,2020-12-21 0:00,2020,41930,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
430,WLEO,REKT and SlowMist,https://de.fi/rekt-database/wleo,https://hacked.slowmist.io/search/,,https://decrypt.co/44645/ethereum-project-wleo-hacked-for-42000-on-uniswap,,The WLEO contract of the Ethereum project was hacked resulting in the theft of $42 000 worth of funds. The hackers stole Ethereum from the pool of the decentralized exchange Uniswap by casting WLEO to themselves and replacing it with Ethereum.,2020-10-11 0:00,2020,42000,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
493,Leo Finance (Wrapped Leo (WLEO),REKT and ChainSec,https://de.fi/rekt-database/leo_finance_(wrapped_leo_(wleo),,https://chainsec.io/defi-hacks/,(1) https://www.cryptopolitan.com/wleo/defi/project/hacked/again/ (2) https://decrypt.co/44645/ethereum/project/wleo/hacked/for/42000/on/uniswap,,“Wrapped Leo (WLEO) and its investors have been named recent victims of hackers after the team confirmed in a blog post earlier today that about $42000 was drained from the DeFi project.” — Cryptopolitan. REKT: Quick SummaryA hacker successfully gained access to the token issuing contract and minted a significant amount of $WLEO token which were subsequently dumped in the Uniswap $WLEO/$ETH liquidity pool. netting the attacker $ 42.000 in ill/gotten funds. Details of the exploitLeoFinance is a &nbsp;Web3 social platform that leverages blockchain database technology to store content and transactions. LeoFinance enables remuneration possibilities for users that create content or interact with the finance content on the platform. For undisclosed reasons the token issuing contract of LeoFinance was eposed. This means that attackers could mint theirselves token. hereby completely changing the supply side of the tokenomics and dump the price of the $WLEO token.Eventually an attacker used the access to the <u>mint</u>() function. which was successfully invoked at the following eample transactions:  https://etherscan.io/t/00e8621db8bd6c42d559e24274c02c837964041890dcc357031b495160d5c05c8  https://etherscan.io/t/09c0abb76e5924623def3f000c3df6da9b100c90be279f63b24b22c842444f66eThe attack could have yielded more returns for the hacker if the community had not taken notice and withdrawn liquidity from the pool almost instantly as the hack was taking place. The prices of the $WLEO token took an initial hit of 60% but the price recovered later on. Block Data ReferenceThe attackersaddress:  https://etherscan.io/address/08c9a02c89c96940e377052a9be0c7326f89a2495Minted tokens were sold on Uniswap in a bunch of transactions:  https://bloy.info/ts/references_address/08c9a02c89c96940e377052a9be0c7326f89a2495?argument=to&amp;signature_id=1102188  ,2020-10-11 0:00,2020,42000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
901,Liquid Core,REKT,https://de.fi/rekt-database/liquid_core,,,"Uniswap De?ec?ive (?.?)??? sur Twitter : ""I wasn't missing anything. $LCORE rugged just like $LSD. The entire thing made no sense. $CORE metrics but having a pre sale with no liquidity locked??? No. just no."" / Twitter",,The project was holding a fundraising event using LcoreSale smart contract:  https://etherscan.io/address/06da39a2b145aea0c66fecb15f19b14930fba1a0c  Funds. gathered from the event were transferred to the contract deployersaddress:  https://etherscan.io/t/0f5e6477b385f234c124bcabf9cfc3b1e1a93ae2f0e223265627c2af4c7460847  The contract deployer added initial liquidity at:  https://etherscan.io/t/083a09929acaebcd0614598d563e34ba5efbc6e35d3ff9d1524d0401310de095c  The liquidity was removed by the contract deployer:  https://etherscan.io/t/00261b0e10dd6f25ede287e8ca89c4cdf105dc55687273e640887f1e79dcbfc08,2020-10-29 0:00,2020,42099,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
313,Dora Factory,REKT and SlowMist,https://de.fi/rekt-database/dora_factory,https://hacked.slowmist.io/search/,,https://twitter.com/DoraFactory/status/1414158149615964160,,According to official sources  Dora Factory  a multi/chain service infrastructure based on Polkadot  suffered a contract vulnerability in the cross/chain asset bridge ChainSwap. The 7 872 DORA locked in the ChainSwap cross/chain bridge contract was taken out by hackers and sold through Uniswap. REKT: ChainSwap was cracked by the hacker. DORA tokens on ChainSwap bridges were affected. 7872 DORA tokens were stolen from the ChainSwap bridge smart contract and they were immediately sold on Uniswap.  Most of the tokens were assets owned by the Foundation. and they were used to create cross/chain liquidities. ,2021-07-11 0:00,2021,42373,Contract vulnerability,Undetermined,Technical vulnerability,Target,Bridge,INT
19,GenomesDAO,REKT and SlowMist,https://de.fi/rekt-database/genomesdao,https://hacked.slowmist.io/search/,,https://panewslab.com/zh/articledetails/5rit2a09.html et https://twitter.com/SlowMist_Team/status/1558449671604936705,, According to SlowMist  the GenomesDAO project on MATIC was attacked by hackers  resulting in the unepected withdrawal of funds in its LPSTAKING contract. This incident is because the LPSTAKING contract of GenomesDAO can be arbitrarily repeatedly initialized and set key parameters  resulting in the malicious ehaustion of the collateral in the contract. REKT: Quick SummaryGenomesDao was attacked. Three smart contracts were attacked and the amount that was stolen by the hacker is approimately $43k. Details of the exploit  data/v/51e0c2ec=  >GenomesDAO is a DAO focused on secure. private and verifiable monetization of genomic data using DeFi.&nbsp;There was a vulnerability in the contract due to which an hacker can repeatedly invoke victim contracts. The hacker first created fake LP tokens and using the initialization function. he was able to install a real LP contract token on a fake one. The hacker then supplied a fake token using the shake function to get the LP tokens of the contract. Then the hacker uses the initialization function to return to the original LP/token and revokes the real LP of the contract using the output function. Thus. the hacker was able to take a profit of about $43k. Block Data ReferenceVictim addresses:1)  https://polygonscan.com/address/03606cFa43f53098BC00b3FCFF3A333F6947F3c922)  https://polygonscan.com/address/028fc73E9D9f158E7DC57A4E81aa0175d6847f7143)  https://polygonscan.com/address/048D1CcB09f771788F59c8aAAB613936eDfA267b7 Attacker address:  https://polygonscan.com/address/043ec1d163cc4c15b574f86d8203c3b0f3ebed7a3 Attacker smart contract addresses:1)  https://polygonscan.com/address/08e10c9493501a828304d77630b6f862bbf50c0522) (Token)  https://polygonscan.com/address/09aa63491bb927f024d37b0e6017137f7f03da3c6 Transactions:Swap $AnyMATIC to blockchain $MATIC:  https://polygonscan.com/t/0074f3076ea2c16ef34b15114e751dcdc044ee2e9a26d762a2e96bf97a4509311,2022-08-06 0:00,2022,43269,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Dapp,P
935,NFT Cross Chain,REKT,https://de.fi/rekt-database/nft_cross_chain,,,"CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing a #rugpull on project @NFTCrossChain / symbol $CRC which has dropped more than &gt;99%. As of right now approximately ~$44.052 has been taken. https://t.co/2bwjTi2hK0 Stay vigilant! https://t.co/P2nqNpGGEW"" / Twitter",,Quick SummaryThe NFT Cross Chain project has been rug pulled by its team. The team made away with $44k in profits. Details of the exploitThe team created the project promising simultaneous cross/chain NFT trades. then they dumped the token price taking profit of $44k without ever delivering the promised use case.&nbsp; Block Data ReferenceInvolved addresses:/ Scammer address (A):  https://bscscan.com/address/0fc414331b2f5588b373f331a9e8bf4fd251c98a7/ Scammer address (B):  https://bscscan.com/token/00ed30fe8fd51c593b077315a6cb60a9fb9b15155/Scammer address (C):  https://bscscan.com/address/015b9340646bb84abb448723b028d0926ceda14c5 Involved contracts:/ Contract that deployed the token:  https://bscscan.com/address/0d1e78c9d59746c4f9673038b45faa999e586ab75,2022-08-25 0:00,2022,44052,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Exchange,P
57,ElonMVP,REKT and SlowMist,https://de.fi/rekt-database/elonmvp,https://hacked.slowmist.io/search/,,https://www.defidaonews.com/article/6757238,,"The ElonMVP token suffered a Rug Pull  the token price fell by 99%  and over 622 BNB were transferred to Tornado.Cash  with a loss of about $130 000. REKT: Quick Summary
The $ElonMVP token was rugpulled by its project deployer. The scammer received a profit of 170 $BNB. The scammers decided to launder the ill/gotten funds through tornado.cash's mixing service. 

Tornado.cash mixes various ERC/20 Token and ETH into a lockbox. Through ""zero knowledge proof"" a user that deposits funds into a lockbox is provided with a unique key. Once the user decides to withdraw the funds. a proof of possession of the key in a hashed form is required. This process enables the transfer of funds without the disclosure of the users identity.

Details of the Exploit

The $ElonMVP project deployers wallet should have raised alert amongst the community from its inception. Reason was that the project deployer's address was funded from an address which was initially funded through tornado.cash. which can be seen in this transaction: https://bscscan.com/address/0xbf66c21fb8e3fb0796ba519d88daf8a5bd44ee37#internaltx.

EOA wallet 0xbf66c funded a number of wallets and amongst it 0xbf66c funded the wallet of $ELONMVP's project deployer with $BNB 12 as can be seen  in the example transaction: https://bscscan.com/tx/0xad1d3a7869374200408d104999aade47c1b8637eae8cec527d398bf635fbc2f6.

The creator of the token created a liquidity pool between ElonMVP/BNB tokens. where $300 BNB was invested in these transactions:

1) https://bscscan.com/tx/0x403ee1817a0a8f8852fd53a7faede27b1271c414e7de72d2daead1091cd8b928

2) https://bscscan.com/tx/0x1973aa35cbe0c5230c479b4aabdf34872bef3576860c066ad7d12cc31b4c7272.

Again the funds used to bootstrap the liquidity stemmed from Tornado.Cash;

https://bscscan.com/address/0xdd65cb765accd9c818c5a7ebd508702fd793bdf6#internaltx.

Once the project gained traction. the project deployer removed the liquidity by taking a profit of ~$170 BNB: https://bscscan.com/tx/0x67f92de2e07c5c94a84c3fb3175f2415ce8cdf9d6ca42ab60a59a9a09a53b128

All the tokens were transferred to the scammer address (C) in this transaction: https://bscscan.com/tx/0xe1513999f6e37ca14de794574371c9bba59727d22d045100f002aa56916b82bf

Subsequently. all the funds were laundered via Tornado.Cash.",2022-06-13 0:00,2022,44371,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
992,Sirius Token,REKT,https://de.fi/rekt-database/sirius_token,,,https://twitter.com/CertiKAlert/status/1572792819798118400,,Sirius Token was rugpulled by contract deployer-related addresses for the total amount of 44.963 $USD,2022-09-21 0:00,2022,44963,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
377,Cryptopia,REKT and SlowMist,https://de.fi/rekt-database/cryptopia,https://hacked.slowmist.io/search/,,https://news.bitcoin.com/troubled/nz/crypto/exchange/cryptopia/suffers/another/hack/in/the/midst/of/liquidation/process/,,According to Stuff.co.nz  hackers took approimately 62 000 New Zealand dollars (45 000 USD) worth of cryptocurrency from the troubled exchange. The investigation revealed that the hacker accessed a dormant wallet that belongs to the US/based blockchain company Stakenet and is controlled by Grant Thornton  the liquidator of Cryptopia. According to the survey results  the dormant wallet holds SN worth approimately US$1.96 million  which is the native token of Stakenet. REKT: The Cryptopia exchange has reportedly been hacked again. even as it is being liquidated following a previous breach that stole NZ$24 million (US$15.5 million). According to a Stuff report Thursday. a creditor. U.S. firm Stakenet. has been told that about NZ$62.000 (US$45.000) in the SN cryptocurrency had been transferred out of its cold wallet on Feb. 1.,2021-02-20 0:00,2021,45000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
963,Ragnarok Online Invasion,REKT,https://de.fi/rekt-database/ragnarok_online_invasion,,,https://archive.is/lBEHm,,Quick SummaryRagnarok Online Invasion was exploited due to ownership issues of the token contract ,2022-09-08 0:00,2022,45262,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
28,Tableland,REKT and SlowMist ,https://de.fi/rekt-database/tableland,https://hacked.slowmist.io/search/,,Anatomy of a fakemint (tableland.yz) et https://docs.tableland.yz/security/day/one/post/mortem/to/the/attack,,The Tableland Discord server was compromised by malicious actors  successfully impersonating moderators on the channel and leading community members to a fake Tableland domain that funneled targeted assets from member ETH wallets. The perpetrators utilized a fakemint scheme  which lured community members using a pretense of an eclusive  limited mint. Instead  target victims were taken to a malicious website that tricked some of them into granting specific wallet permissions. Once granted  the perpetrators were able to siphon away Tableland Rigs and other NFTs REKT : The Tableland Discord was compromised by a hacker posing as a moderator on the channel. The hacker published a link to the fake Tableland website inside Tableland's Discord group. During any interaction with the website. the assets of the users were withdrawn from their wallets to the addresses of the scammer.,2022-07-21 0:00,2022,45819,Instant user deception,Social media compromission,Imitation,Intermediary,Other systems,
873,Hunter Doge,REKT,https://de.fi/rekt-database/hunter_doge,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a possible exploit on BSC 0x1D7F3Bcd965bfd03Eec6942f283516708bB448a9 which has dropped 100%. BNB has been drained from the liquidity pool and sent to 0x72283 This token should not be confused with other projects with a similar name. https://t.co/ZrxkLu0NQd"" / Twitter",,Quick SummaryHunterDoge copycat token was rug pulled by EOA address related to the token deployer. The scammer profited by <span style=\>$&nbsp;45.978. Details of the exploitHunterDoge is a copycat BEP20 token trading on PancakeSwap. it should not be confused with other tokens with the same name. The attacker dropped the token price by 100% and removed 172 $WBNB from liquidity in two transactions. Stolen funds remain in the attacker\saddress at the moment. The relation between the attacker and the token deployer is proven below. Block Data ReferenceAttacker address: https://bscscan.com/address/0566a786977ac51eaf5f15605b5e08f3fbe051532Deployer address: https://bscscan.com/address/014e7e0c8dae4697df28fe58c513dca5f366784d4Relation transaction: https://bscscan.com/t/0429cb5284fe0b602d72b7ca8142dff26f13b796a01563c5ab1af76b2c5ee78e0Draining transactions: https://bscscan.com/t/06f9e8689806e9a054dd46f6ce6eade5da8378dc0c6a66cf6f4819f3c74587379 https://bscscan.com/t/083485ad10b29f49052f295cb15eec3fdd15a348d7115a0ed6059da5715ac2b7aLiquidity Pool: https://bscscan.com/address/0f81cf10d08b79ba13ee8108d4870ebafd606feb5 ,2022-09-17 0:00,2022,45978,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
864,HashFree,REKT,https://de.fi/rekt-database/hashfree,,,HashFree $0.00000000000001685 / HashFree / WBNB on BSC / PancakeSwap / DEX Screener,,Quick SummaryThe HashFree project has been rug pulled by its project deployer. The team made away with $BNB 140.5 in profits. Details of the exploitThe project deployer created contract minting to himself 10B $HashFree tokens:&nbsp; https://bscscan.com/t/00134e5133aaa5d74324c0b7319bd159521ead4ff297d7d7bc2a160c0219f573aAfter the project deployer deployed the contract to the BSC. a few hours later scammer created a pair between HashFree/BNB: https://bscscan.com/t/0557d1a1c6d34250e4d9209b70098cdf181a114c9c94374c2813f0941cdb4857fSince the community invested in this project quite quickly. in just 3 hours the scammer made a swap taking a profit of 140.5 $BNB: https://bscscan.com/t/096af45e702f632d72565b94a25ee9d66fa583b46249e44d330084abd6411a8d2 Block Data ReferenceProject Deployer https://bscscan.com/address/0b4e31c7741fa60b0b7f129c700444cf93089be05,2022-08-13 0:00,2022,46000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
957,Prophet Project,REKT,https://de.fi/rekt-database/prophet_project,,,"(1) Prophecy sur Twitter : ""?????? DO NOT FALL FOR SCAM/ COPYCAT TOKENS ?????? We’ve been made aware of a token imitating us. using our OLD domain (before we rebranded) to back it up The scam contract: 0xd7d84e9df527882149d9c5908a3937107724b325 OUR official contract: https://t.co/wBzGJWnNJS NOT OUR $PRY"" / Twitter. (2) https://twitter.com/CaptainJackAPE/status/1339851764175052802",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0107819b9e3060395e5bd4f45fd58e2491957c492370a8ad309bb6016bff87d8d  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0f634b34feddbc2deca1a2b8018b6bc30e6b62398f09d3cc1001511ee2a7e0750,2020-12-18 0:00,2020,46356,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
205,Bistroo,REKT and SlowMist,https://de.fi/rekt-database/bistroo,https://hacked.slowmist.io/search/,,"(1) Bistroo sur Twitter : ""Last Saturday night. May 7th. an attack took place on our BSC staking contract. The other staking contracts are not affected and are not at risk. Affected users will be fully reimbursed. https://t.co/iec8jkIM7r"" / Twitter. (2) https://bistroo.medium.com/post/incident/review/bist/single/asset/staking/binancesmartchain/security/breach/5194590605f",,On May 7th. was attacked one of the staking contract of Bistroo on BSC. Attack transaction on BSC: 08c96b3314e30cf62bdfd4f94df38a2f040e171e849208b328dcd4ac2cdbcb748 Then funds were bridged on ETH and swapped on UniswapV2 to wETH. Bridge transaction on BSC:  https://bscscan.com/t/001beb9667d3b91d201d6a9e2e9c0bdbf481dfd34a2314d96a2431a1886308632Swap transaction:  https://etherscan.io/t/0b6994245bc1a0121b89cf3ec0ce7cf0b0e55b70302acc9272d5af5d1150e99f2 Attacker address (BSC):  https://bscscan.com/address/0ba31058357ea2f474a2ed0d1b3f9183904ebd38aAttacker address (ETH):  https://etherscan.io/address/06ea72d536c8842646daa95d14a2fd622c258b610,2022-05-07 0:00,2022,47000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Dapp,P
907,Magic,REKT,https://de.fi/rekt-database/magic,,,"CertiK Alert sur Twitter : ""The tokens were minted to 0xfae915e700847328e33af8f6921bec93ce06f995. That address then transferred the tokens to 0xcb49a3935f2a7d4f2d1f1e41475ac98fcf00cd0b which transferred them to 0x377636ccf72d89bf974269097952445989b9f310 and then to 0x739e6290301ff4423ba711bee18e0caecc51fac7"" / Twitter",,Rug pull scam on project Magic. Approimately $47.315 was taken. Token address: &nbsp; https://bscscan.com/address/037760475953a7b37fdcee8d6c7506d9624565c84Tokens were swapped for <span data/original/title= Current Price : $1.00 / BSC/USD  data/toggle=tooltip >8.485.69$:  https://bscscan.com/t/0cd2e66b83eb069a0424c8038eac96e68d9aef63ba38b5cf96b6bfb9acba1c502Tokens were minted to:  https://bscscan.com/address/0fae915e700847328e33af8f6921bec93ce06f995.Then were transferred to:  https://bscscan.com/address/0cb49a3935f2a7d4f2d1f1e41475ac98fcf00cd0bWhich transferred to:  https://bscscan.com/address/0377636ccf72d89bf974269097952445989b9f310. and then to  https://bscscan.com/address/0739e6290301ff4423ba711bee18e0caecc51fac7,2022-05-26 0:00,2022,47315,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
964,Rapid Set Dollar,REKT,https://de.fi/rekt-database/rapid_set_dollar,,,https://twitter.com/CaptainJackAPE/status/1342772372756021249,,The contract deployer invoked new implementation to the token contract that caused mint onto 5 separate addresses at:  https://etherscan.io/t/04a437898c476f8a2b7f0e499e05136753c6f779707cb5348412cd8cabb2326f0  Token recipients: 1. 0e11b473534a14716957FE1B8B8ae3e1899fE3Dd5 (contract deployer himself) 2. 03d107BEd3CAd678650915103B5C29b79C2452263 3. 0Bb43A07316158799176C3ed54610942DbcaA8369 4. 0F2EE8af24B05b84980B5E8Fc889C20Cc0Fcc5349 5. 0228552b03bC47B7fF215BB00C74E6E321E6F51b3  1: - sold tokens at ($6.133):  https://etherscan.io/t/0ec5689a9661690e97b1d5499dfcb620421e38da89f2b679b2d25f7fd8557ac77  - distributed tokens between other External wallets. which sold them on $40.440  2: - added liquidity at:  https://etherscan.io/t/0178d5ceeae5970d47d89ac68c5a2f1c2d328987604d011462b999cb744e635e2  - removed liquidity with $932 profit:  https://etherscan.io/t/0536e814ad48110ec10c0d3007566acd24aa9735987fc14cec906de2bb7fcd055  3: - transferred tokens to the token smart contract:  https://etherscan.io/address/0bb43a07316158799176c3ed54610942dbcaa8369#tokentns  4: - transferred tokens to the token smart contract:  https://etherscan.io/t/0dafa5031ba64df254320f115841bc4ee1d2733672e3ef06165fe114c364ea9eb  5: - transferred tokens to the token smart contract:  https://etherscan.io/t/0c0b59e27850c1a35b94c10d71eb426f2fb5e4d0a18d08ab1614ae9b7d4ea90a9,2020-12-26 0:00,2022,47505,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
478,Hegic,REKT and SlowMist,https://de.fi/rekt-database/hegic,https://hacked.slowmist.io/search/,,https://twitter.com/HegicOptions/status/1253937104666742787,,Hegic: There are 152.2 ETH (about 28 537 USD) permanently locked in the contract pool of uneercised put / call options.  Out of the 19 contracts  16 are put options (DAI is locked) and 3 are call options (ETH is locked).  Hegic said it will process a 100% refund for all involved users. REKT: The platform discovered a mistake in one of its smart contracts: �options.lengthrather than �optionIDs.length.This resulted in no liquidity for epiring contracts since user assets were locked whenever they did not utilize their options. Hegic spent $48K to fi the problem and reimburse impacted users.,2020-04-25 0:00,2020,47765,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Derivatives,P
579,EOSPlaystation,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/79416.htm,,The attacker launched an attack on the EOS game EOSPlaystation.,2019-02-05 0:00,2019,47850,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
825,e/STD,REKT,https://de.fi/rekt-database/e/std,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an #exitscam on project e/STD (e/STD) Contract bsc:0x7aA4B6937DE7118bf4C8e56F9df3a99ceFB64C1a Which has dropped more than &gt;76 %. It appears that approximately ~$49K has been taken as of right now. Stay Safe! https://t.co/sYT7ZbrWPF"" / Twitter",,Quick SummaryEit scam detected on e/STD token. Deployer and other team/related addresses dropped the token price and drained 49.000 $USD. Details of the exploite/STD is BEP20 token trading on PancakeSwap. The token deployer sent $e/STD tokens to 2 EOA addresses. Three scammer addresses sold a huge amount of $e/STD tokens and made a profit of 49.000 $USD. Block Data ReferenceScammer addresses: https://bscscan.com/address/0e5f616a54c132a03278584b14ce93a56f5f6b8d1 https://bscscan.com/address/07f37e0615198bad94b2add4fcfc03e4f38ebce39 https://bscscan.com/address/0168ec8648e7411e00534d7304109bbca59832caa Transfer transactions: https://bscscan.com/t/0f963f5f913111021e1b644b1ffa3347541477daff3541b7360525128cdf75dd2 https://bscscan.com/t/0f067769d0142296c66d059099449ef7c97e7113e8671e41f3c5d5f639246888c,2022-09-27 0:00,2022,49000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
906,LV Metaverse,REKT,https://de.fi/rekt-database/lv_metaverse,,,"(1) CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing a 2nd #rugpull within a week on project @LV__Metaverse (LV PLUS) / $LVP. which has dropped more than >98%. ~$50K USD was taken. Address: BSC / https://t.co/R9uyNtZLlt Stay vigilant! https://t.co/QQVWkdk7q0"" / Twitter (archive.org). (2) https://web.archive.org/web/20220701113916/https://twitter.com/safetin/status/1542189538902171648",,Quick Summary<span data/complaint/target=>As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceScammer address A:  https://bscscan.com/address/0190d744ba9d3a0ca9d86b47064182b5954c1001eScammer address B:  https://bscscan.com/address/0ff869ecd6dcef75a59dd76cbb2469309666e39e6Scammer address C:  https://bscscan.com/address/01f47353f9930ce18657fa4498e0d9c417b5873fe#tokentns,2022-06-28 0:00,2022,50625,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Exchange,P
1026,ULME Token,REKT,https://de.fi/rekt-database/ulme_token,,,(1) https://twitter.com/BlockSecTeam/status/1584839309781135361 (2) https://twitter.com/BeosinAlert/status/1584888021299916801,,ULME Token was exploited using a flash loan attack. The attacker profited for 50.646 $USD by price manipulation.,2022-10-25 0:00,2022,50646,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
1098,ValentineFloki,REKT,https://de.fi/rekt-database/valentinefloki,,,REKT,,Quick SummaryThe ValentineFloki project blacklisted its users from selling the $ValentineFloki token and then proceeded to drain the project. netting the deployer $50k in ill/gotten profits.Details of the ExploitThe project deleted all of its online presence and the token is not trading anymore. This project shall not be confused with eponymous and still active projects.The contract deployer added initial liquidity. pairing the $ValentineFloki with $BNB 97<span style=\>&nbsp;at this transaction:  https://bscscan.com/tx/0x3df36656ef008d5c8358f93c5894a6e6fa80eaec2896c043690ff655a0b795fe The contract deployer blocked token transfers by blacklisting users as can be seen in these transactions:  https://bscscan.com/txs?a=0x3e92eb09fff03fbae0f4204987342eb5734e5c70Through the blacklisting. the users were not able to sell the token anymore. Finally. the liquidity was removed by the contract deployer:  https://bscscan.com/tx/0xf87d78d8498aca6140e5c2a2a15e238ecc3f863305d1aafd1d40d12faf93d88fBlock Data ReferenceContract Deployer (Scammer): https://bscscan.com/address/0x3e92eb09fff03fbae0f4204987342eb5734e5c70,2022-02-14 0:00,2022,50830,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
779,Cornerchain,REKT,https://de.fi/rekt-database/cornerchain,,,(1) Another Rug Pull? Cornerchain (CNR) Tanks to Nearly Zero Hours After Rallying 149.000%. (2) https://twitter.com/PeckShieldAlert/status/1567145660000108544?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1567145660000108544%7Ctwgr%5E298a6e36fd141c4475dc3f1ac3985dde8e67cf28%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fu.today%2Fanother/rug/pull/cornerchain/cnr/tanks/to/nearly/zero/hours/after/rallying/149000,,Quick SummaryThe Cornerchain project has been rug pulled by the NeoFinance team. The team made profit of 196 $BNB. Details of the exploit data/v/51e0c2ec= >The scammer deployed the token to the BSC network minting to his/her account 10M $CNR tokens and pair on PancakeSwap was created: data/v/51e0c2ec= > https://bscscan.com/t/076b97203b3b85982596bf9f045d56e4e6bafe6da87b6a5b223052bb2e799a9b1 data/v/51e0c2ec= >Scammer then added liquidity by depositing 300 $BNB: data/v/51e0c2ec= > https://bscscan.com/t/02f8637644d32c7afc84e9099a58321185d1e867b43d490808fddf16d56fb5e8b data/v/51e0c2ec= >When people started investing their funds in the token. scammers removed the liquidity taking profit of 196 $BNB: data/v/51e0c2ec= > https://bscscan.com/t/0b17ce0d9b978069beebff22b151e02da6a5837ba61dd07e1786c6c3b0956ceaf data/v/51e0c2ec= > Block Data Reference data/v/51e0c2ec= >Scammer address: https://bscscan.com/address/08f0d9acb433ca1c0f214990c4c908f2aa12387e4,2022-06-09 0:00,2022,51411,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
63,BabyElon,REKT and SlowMist,https://de.fi/rekt-database/babyelon,https://hacked.slowmist.io/search/,,(1) https://twitter.com/PeckShieldAlert/status/1534398198957088775. (2) https://alert.peckshield.com/detail?id=4092088f/6891/e241/c6a4/506334101e63,,The Baby Elon project on BNBChain had a rug pull on June 8  and they took 623 BNB (~$179 000) and quickly moved the funds to Tornado Cash. REKT: BabyElon token has been rugged by contract creator for 183.35BNB(~$52.852). Then all tokens were laundered via Tornado Cash. Token address:  https://bscscan.com/address/0292e89d5d5bdab3af2f5838c194c1983f0140b43Contract creator:  https://bscscan.com/address/0999fae849a580f1675aee294ab099542b532a7c1 Attacker created LP pair between 100M BabyElon and 10BNB:  https://bscscan.com/t/01d07387aa63322c58d571f0ffcf7a88379e927b40bfba283070d2118eb6acc80.Then he/she increased the LP pool by adding 290BNB and 2.9B BabyElon thereby artificially provoke a sharp rise in prices:  https://bscscan.com/t/0fac7fa93839eca8cc3b87fe2e7d899c332d0b499dc1f869bb5fdd481732bc03eAfter part of BabyElon was bought. attacker removed LP having received 484.35BNB of which the profit was 183.35BNB:  https://bscscan.com/t/0a39747091c546826a68d5a05f0c6817d7be979cf221db6396e237c2f6bd4feffThen tokens were transferred to  https://bscscan.com/t/0d25a56eae2df3a4b2990a0e88c50648f6b96dbe5ffef25b8cd9ca2d6769fb821 All tokens were laundered via TornadoCache.,2022-06-08 0:00,2022,52852,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
853,GEMDAO,REKT,https://de.fi/rekt-database/gemdao,,,GemDAO $0.00000000000004086 / GEMDAO / WBNB on BSC / PancakeSwap / DEX Screener,,Quick SummaryThe GEMDAO project has been rug pulled by its project deployer. The team made away with $BNB 162 in profits. Block Data ReferenceProject Deployer https://www.bscscan.com/address/04b2f9fa2758590242a002beb2bb4e17bbfd82294,2022-08-14 0:00,2022,53000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
71,StarMan,REKT and SlowMist,https://de.fi/rekt-database/starman,https://hacked.slowmist.io/search/,,(1) https://v2.tokeninsight.com/en/news/starman/on/bnb/chain/appeared/rug/pull. (2) https://twitter.com/PeckShieldAlert/status/1532238908716593153. (3) https://alert.peckshield.com/detail?id=5c7caa4f/99eb/be26/e73d/5d48ffc2f45c,, A Rug Pull occurred in StarMan  the coin price fell 99.5%  and the scammers have transferred about 640.4 BNB to Tornado Cash. Losses were valued at approimately $196 000. REKT : The $StarMan token was Rug pull scamed by its team. The team created an StarMan/WBNB pair to make their token tradable and dumped the $StarMan token for a profit of 173.39 $BNB.,2022-06-02 0:00,2022,53460,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
41,Shade Inu Token,REKT and SlowMist,https://de.fi/rekt-database/shade_inu_token,https://hacked.slowmist.io/search/,,https://mp.weiin.qq.com/s/tFTNY5700G/QrrRQT7O6A,,A fake Shade Inu Token project deployer removed approimately $101 000 (424 BNB) of liquidity from the liquidity pool. After investigation  this Shade Inu Token was identified as a scam  the project launched a fake Shade Inu Token  created a WBNB/SadeIT pool with the initial 200 BNB and provided liquidity to it  so the deployer made a total profit of about $53 000 ( 224 BNB). REKT : The $SadeIT token has been rugpulled by the token creator. The token creator deployed $SadeIT token and when the price increased the scammer exchanged tokens for $BNB dumping the price of $SadeIT.,2022-07-06 0:00,2022,53761,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
637,MyEosVegas,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/63359.htm,,The hacker has launched a total of 700 attacks on the MyEosVegas game contract eosvegasjack.,2018-11-10 0:00,2018,54100,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
937,Nody,REKT,https://de.fi/rekt-database/nody,,,"PeckShieldAlert on Twitter: ""#PeckShieldAlert #rugpull PeckShield has detected @Nody_ai rugged. $NODY drops /93%. https://t.co/ZIQmVG2HcB https://t.co/qy82vXPOjX"" / Twitter (archive.org)",,Quick SummaryThe $NODY token has been Rug pull scamed by the token creator. The token creator transferred 950M $NODY tokens to a second &nbsp;address (B) under his control. When the price of the token increased. the attacker started selling them. which is why the token began to depreciate. At the moment of writing ~$104k are on scammer\saddress (B) of which ~55k are identified as stolen. Details of the exploitThe scammer created $NODY token at this transaction:  https://bscscan.com/t/0de9f9d0842b5c21a52455594d8e1361ca2e5835f529c48d9ab0b5021d0b17998.After 14 days. 950M $NODY token were sent to intermediary addresses in order to create a fake distribution between token holders and 100M $NODY tokens to the scammer address (C) which created a liquidity pool on PancakeSwap with 50k $BUSD and 50M $NODY. ( https://bscscan.com/t/0e7e6d52318fcbf08ef93bd9e6aafb87facc6752f96a3293c1e8c43aee2345b81).&nbsp;When the people invested their money and the price of the token became acceptable for the scammer. all the intermediary addresses sent tokens to the address of the scammer (B) where. in turn. he began to dump the price by selling assets. Here are the transactions of transferring from intermediary addresses to scammer address (B):1)  https://bscscan.com/t/0c4e3335823bccd1e846a2419c83652603e8686260c941d3abcc367c68d1947b82)  https://bscscan.com/t/0898e0dade51cc9a5432dff59de95f9959533ae86f5ade0bc166d8067052811253)  https://bscscan.com/t/0cafab31af828888ffc459e063a537b0eb7db98eaec7435b86852c837be848cc54)  https://bscscan.com/t/01945b09cc38c029a608b40867a55da1ed5c177d099c965f74d50fd2c31034693Then scammer address (B) swapped $NODY tokens for $BUSD through the 1inch.Here are eample transactions of swap:1)  https://bscscan.com/t/061473eef0a78736c1a3c06b04eaf70fcac6865c43b832fdb91cd8cd958f37e492)  https://bscscan.com/t/011dae52a29282aa139b37e60243d449110b940fa6d7b25e32a9da1808e1d49c03)  https://bscscan.com/t/0ce754bb12b4872aff50b3898c5eedfaf992b7afba3b0db7ea92fa77877cf49f5<br\ >As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceScammer addresses:1)  https://bscscan.com/address/0ba3e8569d406a6e549fa2607632a5205111aff402)  https://bscscan.com/address/0de512ea6cb8329ed5c49d769ea2d4ab2363735d23)  https://bscscan.com/address/0c45c80c984d3694a994213bdb652e9f5f809c22f Intermediary addresses:1)  https://bscscan.com/address/01bd55d3c10779106b9afbd49cbc52d7a0de95dab2)  https://bscscan.com/address/0e001a4708d06ca74f160d020f33e93792845185e3)  https://bscscan.com/address/05414414832b3055510a98b7edc216ed49728987b4)  https://bscscan.com/address/0893a49263bae3dfee4aef69243804b9617ba3105,2022-07-02 0:00,2022,54559,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
455,Ledger,SlowMist,,https://hacked.slowmist.io/search/,,https://www.blockglobe24.com/news/flash/17597.html,,A cryptocurrency trader tweeted that a hacker hacked into his Ledger crypto wallet and stole more than 100 000 ERC/20 tokens. In addition  the trader said his account was safe because he had just reset his password last week.,2020-08-14 0:00,2020,54852.5,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
954,Poz finance,REKT,https://de.fi/rekt-database/poz_finance,,,"Cryptocrat / (Telegram Moderator par excellence) sur Twitter : ""Rugs this week on #BSC network: HYFT Finance Orbitswap Poz Finance Waffle (Dev dump) #BNB #pancakeswap #auto #busd"" / Twitter",,According to the pinned message in the projectsannouncement channel on Telegram. the project team was holding a pre/sale event at that moment:  https://archive.is/BTpkP. where funds receiver was this Presale smart contract:  https://bscscan.com/address/0354f675d445c34d396e3bbfbbe15c714296b4d92  Presale smart contract transferred raised funds to the final recipient / the contract deployer wallet. This fact can be verified by the transaction list from 21.01.2021 (start of the presale event):  https://eplorer.bitquery.io/bsc/ts/transfers?currency=BNB&amp;receiver=08375f77ec5cd6720132ff117bc70f3639d4c2073  The contract deployer distributed stolen funds between some External wallets at the following transactions:  https://bscscan.com/t/037788e98e62578a430377d0e5d628c30fa4622b040347245f272cdefe1bbb213  https://bscscan.com/t/0464dadcdb4b9078f31a5d2ea3ab886f291a60d1921af25894186d9393c607044  https://bscscan.com/t/029165ba9c2e7ef51e9d04e925a3444cc6712fe492a98c401afa319bbfa3abc47  https://bscscan.com/t/0e01f160d7f9fd76aa3642c89c25e19afde44cd9019ffc18e4e85df8b656a4453  https://bscscan.com/t/0f77e1e606d642f2a0f2290ddc46740eb57a6f9feb13e6ff7c1fb043ed6917896  https://bscscan.com/t/094f971124bbb4903375c6a3615d4f845d0fde31487842a94743e0b20106a14e3  https://bscscan.com/t/0a0ae88a0f0178201e5fe004214f4b0746b7a5fbb08d85a7c8045488a5b3f4716  https://bscscan.com/t/08721007c10ffd9c276fb9fccc0b966469f419aaa91beeb902fe16d04428fb22f,2021-01-22 0:00,2021,56292,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Yield,CP
1003,SSPF,REKT,https://de.fi/rekt-database/sspf,,,https://twitter.com/CertiKAlert/status/1573438798838497280,,Quick Summary SSPF token was rug pulled and a total amount of 208 $BNB was drained from the liquidity pool using two EOA addresses.,2022-09-24 0:00,2022,58448,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
730,Victor the Fortune,REKT,https://de.fi/rekt-database/victor_the_fortune,,,"Beosin Alert sur Twitter : ""$VTF on BNB chain was attacked. The attacker 0x57c112cf4f1E4e381158735B12aaf8384B60E1cE profited 58.000 $BUSD. There is a bug in VTF's contract to receive holding rewards. Under normal circumstances. users can claim $VTF token holding rewards via the updateUserBalance function. https://t.co/DCd4yPUGgB"" / Twitter",,Quick SummaryVictor the Fortune was exploited using smart contract vulnerability. The hacker was able to mint $VTF tokens and made a profit of 58.450 $USD by selling them. Details of the exploitVictor the Fortune is a BEP20 token trading on P2ESwap. The project was exploited via minting vulnerability. The hacker deployed a malicious smart contract with unverified source code to take a 100.000 $BUSD flash loan and bought $VTF tokens. Consequently. the malicious smart contract minted $VTF tokens to multiple newly deployed contracts and sold the tokens on P2ESwap. In the same transaction flash loan was paid back leaving a profit of 58.450 $BUSD to the attacker. The price of the $VTF token dropped by more than 98% at the moment. Block Data ReferenceAttacker address: https://bscscan.com/address/057c112cf4f1e4e381158735b12aaf8384b60e1ce Malicious contract: https://bscscan.com/address/0450595e4a42cc08c14091b08dbab654a68b0a877 Malicious transaction: https://bscscan.com/t/0eeaf7e9662a7488ea724223c5156e209b630cdc21c961b85868fe45b64d9b086,2022-10-27 0:00,2022,58450,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
653,ToBet,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/71877.htm,,The attacker rolls back the transaction when placing a bet. From the time the bet is placed until the transaction is rolled back the betting data will temporarily eist in the database of the current node and Tobet queries the betting by polling the node database outside the contract. The lottery will be drawn outside the contract and the result will be passed to the lottery action when the attacker keeps betting and rolls back the transaction because the betting and Tobet polling use the same node the Tobet lottery polling can query the database betting information for a short time and draw the lottery. . However the attacker s bet was not successful and the contract would continue to draw prizes for him resulting in no capital arbitrage.,2018-12-19 0:00,2018,58473.63,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
79,Llamascape,SlowMist,,https://hacked.slowmist.io/search/,,https://nftevening.com/llamascape/nft/collection/have/their/discord/hacked/by/scammers/,,The project behind the Llamaverse  the Llamascape NFT series  was hacked. Hackers targeted their Discord server and scammers took around 30/40 ETH.,2022-05-20 0:00,2022,58989,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
975,RIFT Token,REKT,https://de.fi/rekt-database/rift_token,,,https://archive.ph/XqElU,,The project was holding a presale event just by depositing Ether into the EOA wallet at:  https://etherscan.io/address/05b2d21c435552e944ccdbef1cd0e608e72388925  The gathered funds were transferred to the RIFT token deployer at:  https://etherscan.io/t/0a9ae2f1d5ee5cebe78e3ff448442fd89a1695ceaf5c58089842809c5bca3c966  The contract deployer added initial liquidity at:  https://etherscan.io/t/0037b41bc6ffb1ac93448230f95522ac977ed5351a33e1e5b75a7c8ba2f0a498d  The liquidity was locked till 31.12.2021:  https://etherscan.io/t/06d077135005b47e839fadd13066d04001299f9eeab37249d505f83a7482a3f73  However. the rest funds (80.09 ETH) were deposited into the Tornado Cash mier together with other Ether. taken from another scam:  https://bloy.info/ts/calls_from/071323ce9372381e33524ccd5b9ede10e7414725d?signature_id=994162&amp;smart_contract_address_bin=0905b63fff465b9ffbf41dea908ceb12478ec7601,2020-12-31 0:00,2020,59040,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
627,Newdex,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/53145.htm (2) https://medium.com/orbs/network/hea/labs/a/security/analysis/for/blockchain/september/octob/2018/86f26f949dd4,,After EOSBet broke the security vulnerability of hackers using counterfeit currency bets to win real coins at 2 o clock in the afternoon EOS contract account oo1122334455 issued a token named &quot EOS&quot and allocated one billion fake EOS tokens to EOS accounts in full dapphub12345 and then transfer the fake tokens to the account iambillgates (the account that carried out the attack) from this account. After the attacking account used a small fake EOS to verify the attack a large/scale attack was carried out from 14:31:34 to 14:45:41. There were 11 800 fake EOS listing orders to buy BLACK IQ and ADD and all of them were traded.,2018-09-18 0:00,2018,59074.02,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
836,FIO Protocol,REKT,https://de.fi/rekt-database/fio_protocol,,,FIO $0.0001032 / FIO Protocol / USDT on Polygon / QuickSwap / DEX Screener,,Quick SummaryThe $FIO token has been rug pulled by its team. The team made away with &nbsp;$57k in profits. Details of the exploitThe token deployer added the liquidity pair USDT/FIO in this transaction:  https://polygonscan.com/t/0c97c548bef521f880973fee4e24aec3fb291e6d63aa3cd19771d7dd5dcd4ddd1Then the token deployer removed liquidity taking profit ~$60k:  https://polygonscan.com/t/04493eb21447584de3fa57a37dabbab9dff68d7805fbbe4e864da0936cbbb0a5e Block Data ReferenceInvolved addresses:/ Scammer address. token deployer:  https://polygonscan.com/address/07bf7d0cf594f9628d4c09290675bc66137583ebc,2022-08-14 0:00,2022,59082,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
631,EosRoyale,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/61280.htm (2) https://mobile.twitter.com/go_eos/status/1057343120680148999,,Vulnerability of the random number generator the attacker can try to calculate the future number of random number generator algorithms by using the information of the previous block and stolen $60 000 from the EosRoyale wallet.,2018-10-26 0:00,2018,59125,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
976,Rise Protocol,REKT,https://de.fi/rekt-database/rise_protocol,,,https://archive.ph/B9895,,The contract deployer added initial liquidity at:  https://etherscan.io/t/0ab9d2e399558ca7000f520586427cf15f8d93355540a6926c9b516460f2d293a  https://etherscan.io/t/02d49344f24fbba0609c55f5d426a9ac1c5a5ae6d9d1f463165d287ad7b82cd35  The liquidity was locked till February 12. When the liquidity was unlocked. the contract deployer removed it at:  https://etherscan.io/t/03697937bf8b399e98c219f3279b028c864197ed65529f6a28d8d77cdf5d60602  The part of tokens was sold by the contract deployer at:  https://etherscan.io/t/07bb3e71f16bca5ac3de805d3d97eab0b83ec743524b5358e318a508a2827246f,2021-02-11 0:00,2021,59164,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
769,Carillonium (CAROM),REKT,https://de.fi/rekt-database/carillonium_(carom),,,"(1) PeckShieldAlert sur Twitter : ""#PeckShieldAlert PeckShield has detected Carillonium finance $CAROM has dropped 98%. The contract is created by @neotericfinance Rug pull scamer. https://t.co/wYBd4RUUn https://t.co/bGWOhlQ9J"" / Twitter. (2) https://alert.peckshield.com/detail?id=43ec5945/7d7f/53b0/2e29/14176a6d3ab0",,Quick SummaryThe $CAROM project has been rug pulled by the token creator who previously created the rug pull project NeotericFinance. Details of the exploit data/v/51e0c2ec= >The scammer deployed a token where 10^15 tokens were minted to his/her address. then scammer created a liquidity pair between CAROM/BNB: data/v/51e0c2ec= > https://bscscan.com/t/0d9c9e6a3570c44d91368695cb502405b2ad9b150f8be5ad5fb93c991c84d6272 data/v/51e0c2ec= >After a short period of time. scammer removed some of the liquidity. made swap and then removed the liquidity again. gaining a profit of 213.27 $BNB: data/v/51e0c2ec= > https://bscscan.com/token/02d1e3be4dfd27d8d6c8f9568af27e3d8ec44d4a1?a=08f0d9acb433ca1c0f214990c4c908f2aa12387e4 data/v/51e0c2ec= > Block Data Reference data/v/51e0c2ec= >Scammer address: https://bscscan.com/address/08f0d9acb433ca1c0f214990c4c908f2aa12387e4 data/v/51e0c2ec= >Dumping transaction: https://bscscan.com/t/0f56fd7fefdc0007720b1040b104859b0f5247aa2e73c9cd8e0e2450b2392a969,2022-01-09 0:00,2022,59172,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
685,Cheebs,REKT and SlowMist,https://de.fi/rekt-database/cheebs,https://hacked.slowmist.io/search/,,(1) ZachBT's report on Chainabuse: Phishing Scam. (2) https://twitter.com/zachbt/status/1569323644140003329,,Cheebs NFT discord has been hacked. It is recommended not to click on any links in the discord. as they may be phishing. 82 NFTs have been taken with a total price floor 29.4ETH. Cheebs NFT address: https://etherscan.io/address/0415F77738147a65A9d76BB0407AF206a921ceE0fPhishing wallet: https://etherscan.io/address/08d61fdd326439412149dfe3d42078e5321303cb7ERC721 transfers: https://etherscan.io/tokentns/nft?a=08d61fdd326439412149dfe3d42078e5321303cb7,2022-11-06 0:00,2022,59260.03,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
867,HLG,REKT,https://de.fi/rekt-database/hlg,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a #slippage on project HLG (HLG) bsc:0x10f9Ccb9CfCa4ad48BC9256c22ade8303cf5E95E Which has dropped &gt;90% due to 0x5F48C3... adding and removing liquidity using initialization tokens for a profit of approximately $13.1K. Stay vigilant! https://t.co/8nM0QD6jGA"" / Twitter",,Quick SummaryHLG token was Rug pull scamed. The initial token holder removed liquidity and made a profit of 60.785 $USD.&nbsp; Details of the exploitHLD is a BEP20 token trading on PancakeSwap. The initial token holder removed liquidity for 60.785 $USD. The funds were transferred to several EOA addresses. Block Data ReferenceScammer address: https://bscscan.com/address/05f48c32c3b8e8e9a9ed3435a37622861df6c9e3f Liquidity removal transaction: https://bscscan.com/t/0a8cf30a19bd7b112a9420eeed3cd9587f59d2d04ce784ee9a3001805d1e16534,2022-10-28 0:00,2022,60785,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
733,A6 Token,REKT,https://de.fi/rekt-database/a6_token,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert We are seeing a #eitscam on project A6 (A6) BSC:0E77D77309027c71F006DfF5d2F1b76060F4F5F13 Which has eperienced #slippage of 91.38%. Appro. $56K was taken. Disclaimer: Not to be confused with other projects of similar name &amp; symbol Stay vigilant! https://t.co/FSEKCWkJa2"" / Twitter",,Quick SummaryA6 Token was Rug pull scamed by the token deployer. The total scammed amount reached 60.852 $USD. Details of the ExploitA6 is a BEP20 token trading on PancakeSwap. The token deployer started selling $A6 tokens aggressively and drained liquidity for 60.852 $USD. The token price dropped by more than 90%. Block Data ReferenceScammer address: https://bscscan.com/address/04ecb196c6bf588f20330eb6fbe1d8e15e5f383ad,2022-10-23 0:00,2022,60852,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
888,K33pr,REKT,https://de.fi/rekt-database/k33pr,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""https://t.co/1KrKGSNuBU ($K33PR) Contract Sneak Peek Not verified ... STAY AWAY !!!!!… "" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0abe77352ab9774516e265bd17fef498573af942188b33bdf22d57a20b8ede72e  The LP tokens were deposited to the Master Chef contract by the contract deployer:  https://etherscan.io/t/00a2d508277649140f0e180742e36d0ecba8441641b7a290842e112c6426a8090  The contract deployer added more liquidity at:  https://etherscan.io/t/02997bcfd9af3da235c1b55f88a84b46869387b4bfc88ff870f40d77d92961de2  The LP tokens were deposited to the Master Chef contract by the contract deployer:  https://etherscan.io/t/05be48f4a60025599f294661ffd308e725baf789a356f04fd6fb4399cf2e0f568  The LP tokens were withdrawn from the Master Chef contract by the contract deployer:  https://etherscan.io/t/04cc27d7e31720ee3aca51053e451122702c25f4a3e2251f796a5b7cc23b21858  https://etherscan.io/t/02f09d76162e212b628b8f1b7a4916db5d9e612faa43bd0e13a9bf017f07bdd5e  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0f55fab0a602a2c58cb07c656fabae4bc7da179de8c75928bf6b84bcec68a95b0  https://etherscan.io/t/002b796b665cd919d74b5de70db7e1a45126c942cfd79eda3e92b0cff9352c0df,2020-11-30 0:00,2020,60858,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1053,YFDash,REKT,https://de.fi/rekt-database/yfdash,,,https://twitter.com/UniswapD/status/1339220026704924672,,On the main website. there was false information concerning collaboration with Lloyds Bank. The YFDash project used the same token ticker as the legitimate YfDFI Finance to confuse the audience. The project team promised that it would be listed on Uniswap immediately following the token sale event. The token contract deployer created 20K tokens. of which 4K were transferred to an EOA wallet and 2318 were exchanged for 103 ETH: https://etherscan.io/t/01158acdb34543b6c864f47ea91a52ce1591660aeb7855e4541979562097c3ca6 The projectswebsite is no longer operational. and its Twitter account has been deactivated.,2020-12-14 0:00,2020,61000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
915,Meta Magic Coin,REKT,https://de.fi/rekt-database/meta_magic_coin,,,"CertiK Alert on Twitter: ""#CertiKSkynetAlert ?? We are seeing a #slippage on contract: BSC 0xe62935529B59c1C9a3f5D01323F791E309B007c3 @MetaMagicCoin / $MMC for over 96%. The creator removed liquidity and wallet 0x387 sold tokens worth ~$53k. $121k was aggregated in 0x387. Stay Vigilant! https://t.co/B7Fkd6gr63"" / Twitter (archive.is)",,Quick SummaryMeta Magic Coin was rug pulled for the total amount of 62.224 $USD. Details of the exploit<span lang=>Meta Magic Coin is a BEP20 token trading on PancakeSwap. The token price dumped &gt;90% after liquidity was removed by the token owner. Consequently. the Rug pull scamed amount of 62.224 $BUSD were transferred to another EOA address. Block Data ReferenceAddress of owner: https://bscscan.com/address/01849226164f4214e789f28b613cd500184aca7deLiquidity remove transaction: https://bscscan.com/t/0ea98ea53c7f66b5d6ba3c4ac625765b5aad9d96a3d94157facd1f85592fdf434Address that holds stolen funds: https://bscscan.com/address/0387a6a929e7a8174ca0e97f5d86ac79d70337b26 ,2022-09-02 0:00,2022,62224,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
831,Fantom,REKT,https://de.fi/rekt-database/fantom,,,"nevermind on Twitter: ""Our team's fantom validator wallet was drained for 250k FTM (~75k USD) by an attacker during the node setup process. That happened due to the go/opera code bug that allows the user to unlock the local account with http/ws enabled. This gives anyone access to that wallet. 1/8"" / Twitter (archive.org)",,Quick Summary A validator wallet was drained for 250k FTM by an attacker during the node setup process on Fantom network. The problem is a go/opera code bug. allowing users to unlock the local account with http/ws enabled. Details of the exploit: The attacker tracked the transfers to the node accounts. so he could know when and how much a validator account would receive. and taking advantage of the vulnerability. was able to steal money from the node validator. The vulnerability is in the <em>UnlockAccount()&nbsp;</em>function. in which the <em>EtRPCEnabled()</em> flag does not work correctly. which makes the entire security check useless.<br\>As the time of this writing information on this case is scarce. More sources will be added if the case should develop.,2022-07-01 0:00,2022,62500,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Dapp,P
1070,Echelon DAO,REKT,https://de.fi/rekt-database/echelon_dao,,,REKT,,The contract owner could disable the transfer function. which restricted users in selling their tokens:  https://honeypot.is/index.html?address=0x087cf908a2c87c9bfc8135db5f08ab5db00cfa8a  The project was holding a fundraising event. After its end. the contract deployer withdrew raised BNB at:  https://bscscan.com/tx/0x030d5f533c86162d2ca8c01baeac98de33bf17a8743fb51d1f233d26908fb156  https://bscscan.com/tx/0xcbc9ba78289762f8bf21dbe442b08e2e2b320d851e1c198e8bb60163c88b920e  https://bscscan.com/tx/0x1ced363afde47ee9870aea144d8e5bb664931f026575597bb0d36d7bdae0809b,2021-04-10 0:00,2021,63188,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
894,Kosta Finance,REKT,https://de.fi/rekt-database/kosta_finance,,,x,,The contract owner minted tokens during the project deployment stage. After the liquidity raised up. appropriated tokens were sold at these transactions:   https://etherscan.io/t/0442df167f9debabaf70908fa2db754b9d5d6911f0e0f9cf91775718774db548a  https://etherscan.io/t/0fc920909a46714edbdbfbf42a28703be4a143f1fd07757b7082c2934c4ca01de  https://etherscan.io/t/04ad6eaea62154317f60f1621bd8549c1b3f6000ee38794857b8e57e159e8891c  https://etherscan.io/t/0eadb0bd0e1d46b9ed8a742b68cb9da9677ce2519ee9c461c0d6b6169c99c4f79  https://etherscan.io/t/003a756b79a056ba5990acf9663f06bccb831e0bb04936b9b48cb0018e90c43d1  https://etherscan.io/t/0eeafcf2fc68930f49232673b0e1a18720116e47f2e6512c28b35c5bb23336888  https://etherscan.io/t/0d8cdc0c525786738cf327ddfbb4fc9e56dd0d53e3e91e9677dbd8218ba96a20e,2020-11-24 0:00,2020,63376,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Lending,P
1093,SLM Token,REKT,https://de.fi/rekt-database/slm_token,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""SLM Token $SLM AI Bot Sneak Peek https://t.co/wW66v5Bp2Q It looks like only team can sell that token. Stay vigillant by using https://t.co/tbXpHLL5Oo #CryptoRedFlag… https://t.co/iI4QXw8vK9"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xa7e773fe90352f218f32a80e4d61649d628b523f1c6d55a64a9b167973020617  The contract deployer sold tokens multiple time at:  https://bloxy.info/txs/references_address/0xa0640b821e5ba41ea8e2e75894241b6d23f1e929?argument=to&amp;signature_id=1102188  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0xe7603e8c3fe0e812ec5e6757f1da2d46970ca52f1d9c93cd6d61f4aa4f6e172d,2021-01-17 0:00,2021,64891,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
807,Dogioh,REKT,https://de.fi/rekt-database/dogioh,,,"CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing a rug pull on @dogioh which has dropped &gt;99% Tokens were minted in 2 transactions and sold for 65K $USDC. The funds have been transferred to EOA 0x345C... ETH: 0x790540Ff6117205ac6eF132A5782bA4f4A611355 Stay vigilant! https://t.co/KhiFiLySsu"" / Twitter",,Quick SummaryThe Dogioh project has been rug pulled by its team. The team made away with $65k in profits. Block Data ReferenceInvolved addresses:/ Scammer address. token deployer:  https://etherscan.io/address/081bd8c2fc5143be71eef1e8785f4f174f28dbfdf,2022-08-22 0:00,2022,65000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Dapp,P
862,Hackerdao,REKT,https://de.fi/rekt-database/hackerdao,,,x,,On May 24th. Hackerdao token contract was attacked for 200BNB. The WBNB/Hackerdao pair has been drained in this transaction 004673c950.... Attacker transaction:  https://bscscan.com/t/004673c95054247588bb8380dbc7d361f08f8f0baa319366f48ad46e51d08422dBlocksec transaction:  https://versatile.blocksecteam.com/t/bsc/004673c95054247588bb8380dbc7d361f08f8f0baa319366f48ad46e51d08422dAttacker address:  https://bscscan.com/address/0cFc591dB031B760961Fe8943a183741ED7Cd1f82Attacker contract:  https://bscscan.com/address/024cb6980995aeb7d5a9204e04b17dcd1e99a4694Victim contract:  https://bscscan.com/address/094e06c77b02Ade8341489Ab9A23451F68c13eC1C Attack step by step:1) The attacker used the logic of the Hackerdao contract vulnerability. in which the _transfer function incorrectly processes the uniswapV2 pair.2) Then. if the recipientsaddress is the specified Uniswap pair (BSCUSD/Hackerdao pair. 0bdb426a2fc2584c2d43dba5a7ab11763dfae0225). the additional commission amount will be further reduced from the sender. This leads to a typical pattern of token attacks: if the balance of a Uniswap pair can be reduced without any swap (i.e. the difference between the recorded reserves and the actual token balances). there is a possibility of price manipulation.3) The attack is carried out by switching from a pair of WBNB/Hackerdao to a pair of BSCUSD/Hackerdao. which leads to an unbalanced price.,2022-05-24 0:00,2022,65155,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
544,TronWow,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/89296.htm,,The hacker launched 1 203 attacks on the TronWow made a total of 2 167 377 TR profits.,2019-04-10 0:00,2019,65460.2,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
1071,Force Dao,REKT,https://de.fi/rekt-database/force_dao,,,Honeypot Detector for ETH,,The contract owner could disable the transfer function. which restricted users in selling their tokens:  https://honeypot.is/ethereum.html?address=0xce7d413fd2dae179938d7408d66b737666bdcd5e  The contract added initial liquidity at:  https://etherscan.io/tx/0x97cf3ef86392b48d04f8266dc06c9e5da4485b847a613d3d4ec6fbf540a4808d  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0x2fa8e3c096606ef064944cd49974a112c576534f389e2617c3e4dd1acc51e985,2021-03-28 0:00,2021,65806,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
489,Altsbit,REKT and SlowMist,https://de.fi/rekt-database/altsbit,https://hacked.slowmist.io/search/,,https://www.coindesk.com/markets/2020/02/10/new/crypto/exchange/altsbit/says/it/will/close/following/hack/,, The Italian cryptocurrency exchange Altsbit was hacked. As of now  the value of stolen Bitcoin and Ether is about 70 000 U.S. dollars. The website stated that it will be closed after partial refund of client funds.,2020-02-05 0:00,2020,70000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
1094,Snowflake Floki,REKT,https://de.fi/rekt-database/snowflake_floki,,,"PeckShieldAlert sur Twitter : ""#SCAM PeckShield has detected that @snowflakefloki is a #honeypot! Sell is disabled. People are constantly being trapped into buying. Stay *AWAY* from it! https://t.co/6sd6K4hm2x"" / Twitter",,Quick SummaryThe Snowflake Floki smart contract contained a transfer tax component that allowed the project deployer to ramp up the transfer fee of each transaction up to 100%. netting the deployer approx. $ 70k in ill/gotten funds.  Details of the ExploitThe Snowflake Floki project was practically an imitation of the meme coin Floki Inu but promised to develop a metaverse casino. The $SFF token would have played the role of the in/game currency used for bets in Poker. Blackjack and Roulette. In order to make the $SFF token tradable. the contract deployer added initial liquidity in the below transaction:  https://bscscan.com/tx/0x371a142d01aff8414cda58baf96cc36fcee29b16f34c4990b83f6022ed02fd57A closer look at the $SFF smart contract should have alerted investors since the transfer taxes were adjustable by the contract deployer. This empowered the contract deployer to set fees up to 100% for each transaction. sending the tokens to his address:  https://bscscan.com/address/0x78cd0ea1108a146dc493b086170e2d9771b67570#code#L1092 The deployer took advantage of the changeable transfer fee set it to 95% for selling SFF token:  https://bscscan.com/tx/0xe8e6680e9ed778c6bc9f01e86986b54fdb8462df43bc628b193cdca46ef678e5In order to squeeze as much as possible out of the project. the deployer also removed liquidity several times :  https://bscscan.com/tx/0x18168c04bacaea98fea69d9c8b87fe9ab1dcd2313fb507ab240e4d63b0f73957  https://bscscan.com/tx/0xd9018a15ab1bd566f030d3b0ca7ece1bc5985156ccebb947d32d6bebba1cee15  https://bscscan.com/tx/0xd3ddc09b48ee87f402aebb9757b39a4e8d9f4ae5c996372d930439ddba126e04  https://bscscan.com/tx/0x3cbb6a948ba7f4fc31e9e36541d74fc2b3343a36de0dbef09929108da506144a  https://bscscan.com/tx/0x555b73292e889211214a164b402f09b884a6dce9316fdba40420cc311446f65b  The website and social media have been taken down.  data/v/51e0c2ec=  >  Block Data ReferenceContract Deployer Address: https://bscscan.com/address/0x731e5bb934128bcf787c49f0dfcf7432e6fbf44c,2021-12-28 0:00,2021,70375,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1031,UniTarget,REKT,https://de.fi/rekt-database/unitarget,,,https://twitter.com/DetectivesRug/status/1341747678598860800,,The project was holding a presale event. The fund's recipient was the contract deployer,2020-12-25 0:00,2020,70732,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
1023,TSUKA,REKT,https://de.fi/rekt-database/tsuka,,,https://twitter.com/CertiKAlert/status/1570622611331112960,,TSUKA token was rug pulled by the token deployer. The total profit of the scammer is 70.755 $USD,2022-09-15 0:00,2022,70755,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
991,SHOK,REKT,https://de.fi/rekt-database/shok,,,https://twitter.com/CertiKAlert/status/1581696148196073472,,Quick SummarySHOK token was Rug pull scamed for 71.488 $USD. The token price dropped by more than 83%. ,2022-10-16 0:00,2022,71488,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
999,Solid Protocol,REKT,https://de.fi/rekt-database/solid_protocol,,,https://twitter.com/CaptainJackAPE/status/1340321995834052609,,On LinkedIn. the project team created accounts with fictitious images and identities.  The contract deployer distributed tokens in big amounts between External wallets at:  https://etherscan.io/t/083dfa98a895d73f057c09642cc5fa214c8c05abec4fc9f3b0d9268fcd40dd868  https://etherscan.io/t/064797cdc25feabc92af7cbf4a0644b80552fb5ccd1160d1b7df0474aa7e548a4  https://etherscan.io/t/0b8fa1eff25dd74c0ee5a2db5686f46df56f1e4214706c3dd396a360b311212b0  https://etherscan.io/t/0a20c511b169a385b0c58f908c014f3d2e550694e39dc49e14f09b48bd7e7eb52  https://etherscan.io/t/0af70f4b329d98576a1d853ff5481cfedbf9129b9b90148daf6439db33fedafe2  One from the recipients added initial liquidity at:  https://etherscan.io/t/0b875065e3b2c7d9addc97f1ede7dfd0df69eb854e9328f518591cfa7e97e2452  The other addresses started selling tokens in multiple transactions. for eample:  https://etherscan.io/t/0c5e5f42d08848f5bf81de732c358ba929948bd0b25df046514ceba5e2f6db17d  https://etherscan.io/t/0923bb84b69028040c043e0ec84566a32e7e85700596158a3599d34f3746ed103  https://etherscan.io/t/0494cf90d1da9dbe8fe6c5c86f0582edddcc23be82fd515a4b21ccc5e922d263e  https://etherscan.io/t/0040b78ab10f4f7c8b7a056e788ac7ebbfdd98675ae0da2ac10fef8553718a1cf  The liquidity was removed by the External address at:  https://etherscan.io/t/025c58351dc6c02ba26f758b22f53c2dd72967c4ec4ee97ab18aa2130ce4094b7  https://etherscan.io/t/0eb822c02ef322f64185c3765891c06f96642060385186827dba293a44b7daccb,2020-12-19 0:00,2020,71555,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
64,Equalizer Finance,REKT and SlowMist,https://de.fi/rekt-database/equalizer_finance,https://hacked.slowmist.io/search/,,(1) https://equalizer/finance.medium.com/exploit/report/78bfd6b36689. (2) https://twitter.com/EqualizerFlash/status/1536313088277872640?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1536313088277872640%7Ctwgr%5Ee6b5b85d02a993cc36f8357fc01477faa1574883%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Ftype%3Dtet2Fhtmlkey%3Da19fcc184b9711e1b4764040d3dc5c07schema%3Dtwitterurl%3Dhttps3A%2F%2Ftwitter.com%2Fequalizerflash%2Fstatus%2F1536313088277872640image%3Dhttps3A%2F%2Fi.embed.ly%2F1%2Fimage3Furl3Dhttps253A252F252Fabs.twimg.com252Ferrors252Flogo4638.png26key3Da19fcc184b9711e1b4764040d3dc5c07,, Equalizer Finance suffered flash loan attacks on four chains: Ethereum  BSC  Polygon and Optimism. The main reason for this attack is that the FlashLoanProvider contract of the Equalizer Finance protocol is not compatible with the Vault contract. According to officials  funds on Ethereum and BSC have been recovered  but funds on Optimism and Polygon remain unaccounted for. REKT: On June 7/th Equalizer Finance suffered from a flash loan attack. The EqualizerFinance has FlashLoanProvider contract that providers flash loans. and the Vault contract used for borrowing funds by calling <em>flashLoan()&nbsp;</em>function. Flash loan attack explanation:The attacker first borrows 165.3 WBNB from PancakeSwap using flash loan.&nbsp;Event 15:  https://bscscan.com/tx/0xdc4ea764632bb264bf820e1942c20cda4c9564c1255f78a6b8aa62c31d5035f0#eventlogThe FlashLoanProvider provider first transfers the WBNB liquidity to the attacker in the WBNB storage contract. which is then followed by the flash loan callback. The attacker then provides liquidity to the WBNB repository in a second instant callback. The attacker then returns the secondary flash loan and removes the liquidity from the WBNB vault. By targeting the storage contracts in each chain. the attacker was able to withdraw liquidity from Equalizer Finance. Attack transactions:ETH /  https://etherscan.io/tx/0x9b17f61d2c7fc4463ff94c5edfea6695d131584a6e07fed5b9ed298c16c17f41BSC /  https://bscscan.com/tx/0xdc4ea764632bb264bf820e1942c20cda4c9564c1255f78a6b8aa62c31d5035f0 Attacker address:&nbsp;BSC /  https://bscscan.com/address/0x0000003502aa61a5f1b1fdadff2cf947dfda526eETH /  https://etherscan.io/address/0x0000003502aa61a5f1b1fdadff2cf947dfda526e Attacker contract address:ETH /  https://etherscan.io/address/0xf667e04a8d5910328ae92750c0459d2e9e29a67fBSC /  https://bscscan.com/address/0xf667e04a8d5910328ae92750c0459d2e9e29a67f,2022-06-07 0:00,2022,72000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Lending,P
1054,YFFC,REKT,https://de.fi/rekt-database/yffc,,,https://web.archive.org/web/20201108000455/https://twitter.com/ForesightDeFi/status/1325227720717053955,,Quick SummaryInvestors of the YFFC project lost appro. $72k collectively due to the project deployers right Details of the exploitYFFC was supposed to be a platform that unites a variety of DeFi platforms. ensuring an easier navigation through the crypto space for users. However. the smart contract contained a function that allowed contract deployer to mint as many $YFFC token as desired.&nbsp;The contract deployer added initial liquidity at: https://etherscan.io/t/002cf382c2ccf626aa2b5b5b347ad966b036ceeb1fcc809d5be4b554c60355d94 Almost 2 months after adding liquidity and once the $YFFC token was trading at an acceptable price for the contract deployer. the exploit started. The contract deployer invoked the <u>mint</u>() function to generate new tokens onto the External wallet at: https://etherscan.io/t/039cecb2fc17908fae64c7c6fce23b7d742cd68f2a1d25b0111cbeb0b6ad99064 The External wallet sold newly minted tokens almost immediately at: https://etherscan.io/t/0c3d42e649704d99253c63a46b3900d4537e68c139fcdd9eef25dac5fe3c88c5f Block Data ReferenceContract Deployer: https://etherscan.io/address/0e28db60e21ce63d159da8365dc65c52daac99ec4Scammer Address B: https://etherscan.io/address/0a360d8e3b152b3b32504045431f64356cb330a9a,2020-11-06 0:00,2020,72446,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,Yield,CP
828,Exvault Finance,REKT,https://de.fi/rekt-database/exvault_finance,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""$ExCore Contract Review / by our friendly bots Part 4 Verdict / Caution/Rugpull Disclaimer: to 100% verify that it requires more auditing/debugging… https://t.co/bFPVoynhLk"" (archive.ph)",,The project team disappeared according to the pinned message in the Telegram group:  https://archive.is/OdohK  The project was holding a public sale event on the Bounce Finance platform:  https://v1.app.bounce.finance/fied/swap/3859  180.21 ETH were gathered in total. The liquidity wasn tadded. The website is down.,2020-10-25 0:00,2020,73167,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
754,Bio Farm,REKT,https://de.fi/rekt-database/bio_farm,,,"RD Labs (Previously Rug Detectives) sur Twitter : ""Scam Project @biofarm_ $bio (0xae8f1356ec073accdd4bf5914d37a44dfd954a0d) New scams are the ´Stealth Launches´ where the owner dumps tokens using different wallets. Rug just happened with this project. as I was typing this tweet. https://t.co/b2wWxOKBcr"" / Twitter",,The contract deployer added initial liquidity at: https://etherscan.io/t/0b3796704bae8992ce88484d4bcf083197d6b13b0501cd1082b78e6a18f200ff0 The contract deployer sent minted tokens to the External address at: https://etherscan.io/t/0bdae09f00f78e3cc3520c5cb473e95c7d0b95201450c932b794965c48bd7d3c9 The External address added liquidity using received tokens at: https://etherscan.io/t/0507d8fcceddedb8a8b6152a780f03680b283231dd6f03ba5ed71666fdf52aef6 The liquidity was removed by the External address at: https://etherscan.io/t/053141b88d9be5229ff7e0efd9019ac3f26405073af31515e7a2c10fd1d080f7c The contract deployer removed the liquidity as well at: https://etherscan.io/t/0279a1fbbb12e84b2b2d933cb84467d1e2f5022325cb51bcf40187a5323df2912,2021-01-13 0:00,2021,73244,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
477,EOS gambling DApp (Feli DApp),SlowMist,,https://hacked.slowmist.io/search/,,https://mobile.twitter.com/chiachih_wu/status/1258250199459221504,,EOS gambling DApp suffered fake EOS attack,2020-04-30 0:00,2020,74468.12,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
810,Doodle Monkey,REKT,https://de.fi/rekt-database/doodle_monkey,,,Telegram: Contact @CryptoVigilanteANN,,The NFT project Doodle Monkey was holding a minting event.  After the event was closed. the contract deployer withdrew all ETH deposited by participants:  https://etherscan.io/t/010ac978721758b63c2281c1f2c80c20a31340c542db7009a1363965d6edb7a07  The part of stolen funds was distributed between External wallets:  https://etherscan.io/t/059fd806aa044435f1c0979c16cb48762299c82c0a83a0e0e7bb4ebb086db438d  https://etherscan.io/t/01654c33a2efabd67e24dc080d7a516404e5a1e0555a009d9a59dfddf05954c31  https://etherscan.io/t/08dcce79879ec713f51f3e4cb37d431a408fd488ff4ff8a211383375eea7746e0,2022-03-23 0:00,2022,75555,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,NFT,CA
296,THORChain,SlowMist,,https://hacked.slowmist.io/search/,,Hackers airdrop UniH tokens to Ethereum addresses as bait to steal RUNE tokens | of the THORChain protocol CoinVoice,,THORChain (RUNE) a decentralized cross/chain transaction protocol claims that hackers airdrop UniH tokens to Ethereum addresses as bait to steal RUNE tokens in users wallets. Hackers have airdropped UniH tokens with malicious contracts to at least 76 000 Ethereum addresses. Once receiving users sell their newly received UniH tokens (or even just approve the sale) on decentralized trading platforms such as Uniswap the hackers will They can steal any RUNE tokens they have in their wallets. This is because the RUNE token uses a non/standard token contract called t.origin. According to Thorchain's RUNE token contract code Beware of phishing contracts that may steal tokens by intercepting t.origin it knows that this type of attack may occur. In just a few hours hackers have stolen USD 76 000 worth of tokens. currency.,2021-07-24 0:00,2021,76000,Instant user deception,Scam airdrops,Imitation,Intermediary,Exchange,
1109,Nimbus DAO,REKT,https://de.fi/rekt-database/nimbus_dao,,,(1) https://twitter.com/BeosinAlert/status/1602907558532231169,,"Quick Summary
Nimbus DAO protocol was exploited via FlashLoan attack. The attacker stole worth around $76.000 USD. 

Details of the Exploit
The flashloan was used for the price oracle manipulation and the NIMB/NBU_WBNB pool was affected. Exploit led to the unfair reward distribution in getReward() function.
In case. of computation of the token reward is proportional to the ratio of $NIMB and $GNIMB in the pool. the ratio of Nimbus Utility tokens to Nimbus Governance tokens was broken. To repay the flash loan. the exploiter exchanged $GNIMB for $BNB.

Block Data Reference
Attacker address:
https://bscscan.com/address/0x86aa1c46f2ae35ba1b228dc69fb726813d95b597

Malicious transactions:
https://bscscan.com/tx/0x42f56d3e86fb47e1edffa59222b33b73e7407d4b5bb05e23b83cb1771790f6c1
https://phalcon.blocksec.com/tx/bsc/0x42f56d3e86fb47e1edffa59222b33b73e7407d4b5bb05e23b83cb1771790f6c1",2022-12-14 0:00,2022,76000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Dapp,P
983,Sakura DeFi,REKT,https://de.fi/rekt-database/sakura_defi,,,https://archive.ph/tlmKF,,The contract deployer created a presale and transferred tokens to the presale smart contract at:  https://etherscan.io/t/00998d9c8fec27d29df3e0a12a25f4594d6612cded1c4eb90ecc90b4b757070f5  103.11 ETH were added to the initial liquidity while 44.19 ETH were transferred to the contract deployersaddress:  https://etherscan.io/t/07ce4b606cd53a8a5d269a4d296f6bd6a337baa1355a9d7b21eaaa3be320ed3a1  The stolen funds were transferred through different External wallets and finally deposited to Binance exchange:  https://bloy.info/ru/graphs/0bc971cea7b82b9c09a9c78a9084a2eada5e7a5d6  39.96 ETH still remains on the liquidity pair at the moment:  https://etherscan.io/address/0bc365f6c554a8f412acb75aa71265ba9278977fb  450 SKRG tokens are locked till 13.01.2022 and belong to the contract deployer:  https://etherscan.io/t/0002bd17c38bb0d58f28a7f8041a199a9bd9bb1e6a0430f6f11eb7ae0abaef7b0,2021-02-14 0:00,2021,76480,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
1004,Star Swap,REKT,https://de.fi/rekt-database/star_swap,,,https://archive.ph/uhjqP#selection-2969.129-2969.183,,The contract deployer added initial liquidity at:  https://etherscan.io/t/0062cb2e577769ddf531e60d660dbc87bd8ec7201811b73312310ab6e0bebec1c  The contract deployer used hidden minting functionality under the <u>starCheck</u>() function to generate new tokens onto his wallet:  https://etherscan.io/t/0786c863757c156fe689d9d134063353e6c18bf5387c7fa4b51830264eb932dbc  The minted tokens were sold by the contract deployer at:  https://etherscan.io/t/0e621d4aa21f10df1df33ef269643c4765b652770012f07f8c3a99a1fa5078c47,2020-11-06 0:00,2020,76654,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,Exchange,P
513,Royale,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/111995.htm,,EOS Royale has been attacked by hackers  who have gained around 18 000 EOS.,2019-08-04 0:00,2019,76815,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
1086,OracleSwapToken,REKT,https://de.fi/rekt-database/oracleswaptoken,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #90 - OracleSwapToken $OSW (0x952E72DbfA10C7De115dD8A82817c885633044c6) Reason: Vault is backdoored to allow owner minting. stealing its tokens and stealing wallets approved tokens. Similar to Nifity. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/uPnyt44Nqt"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xc8c68c423b1ff3d37cdb393c3f68b294c3c322b3a1acb06f48936900c464bce0  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0xff05093ed4d39213795c3d2cec18e7509556b4c85f29d037a47feef10f053626,2021-02-08 0:00,2021,77328,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
6,CUPID,REKT and SlowMist,https://de.fi/rekt-database/cupid,https://hacked.slowmist.io/search/,,"BlockSec sur Twitter : ""DeFi Attack | Our monitoring system reported that 040c994299fb4449ddf471d0634738ea79c734919 was attacked (https://t.co/uOosfAuZoq). and the attack profit is around 78.623 USDT. #DeFi #BSC #CryptoSecurity"" / Twitter",, The attacker made a profit of $78 622 through a flash loan on BNB Chain  causing the token CUPID to plummet by more than 90%  and the token VENUS to rise by more than 300% and then fall back. REKT: A flash loan attack was carried out on the Cupid/Venus liquidity pair. The attacker profited $78.6k.,2022-08-31 0:00,2022,78623,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
979,Rubic,REKT,https://de.fi/rekt-database/rubic,,,https://twitter.com/CryptoRubic/status/1587704890800889858,https://www.coindesk.com/tech/2022/11/02/cross-chain-dex-rubic-loses-over-1m-in-funds-after-hackers-gain-access-to-private-keys/. https://en.cryptonomist.ch/2022/11/03/dex-rubic-loses-1-million-crypto/,Quick Summary: Rubic platform was exploited for 79.670 $USD. The attacker compromised private keys and transferred funds to an EOA address. Details of the exploitRubic is a DE aggregator and multichain bridge. The projectswallet on the Binance Chain was exploited via access control. The attacker took 79.670 $USD worth of assets including $BRBC. $BNB. and several stablecoins. All the stolen funds remain on the attackersEOA address. Block Data ReferenceAttacker address: https://bscscan.com/address/0d2d113d7b5c4f8fb4a68ceda26f894f0fe25f24a,2022-11-02 0:00,2022,79670,Undetermined,Accessing private keys/data,Undetermined,Target,Bridge,INT
932,NeedForSpeed Finance,REKT,https://de.fi/rekt-database/needforspeed_finance,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #45 / NeedForSpeed $RFINFS (0x77B97372D1FEB50f79a9212FeD50E3Daf0EB44dB) Reason: NFS is a copy of @prophet_finance without the max sell/buy limitation. Owner can disable transfers except for himself. Likeliness of losing all funds: Very High DYOR. #WARONRUGS?… https://t.co/RmxL11Y1dL"" (archive.ph)",,Custom ERC20 Standard with malicious logic which allows blocking token transferring.  The project was holding a fundraising event using Token Sale smart contract:  https://etherscan.io/address/021c76e2a1c12ff97fa28ec3c0113233fee18d0b0#code  The funds gathered from the token sale were transferred to the contract deployer:  https://etherscan.io/t/04f71d08fe123d6587ba51f4f5bfc7c8410adf207fbc14fb97614d36c2d1f8d0a  &nbsp;All 125 ETH was used to add the initial liquidity at:  https://etherscan.io/t/01286d6c624335b8beaed99677306338e73f989eeb7047a5d79646283392fc01a  https://etherscan.io/t/0fbe5865278c0e55f89c1dc911c9ee300367bb307746113238866b689339c472e  https://etherscan.io/t/02f5a1600881e23e8f42eb7612ebeb5228dd1326127938d1005b61e85c214ea6f  The liquidity was removed by the contract deployer:  https://etherscan.io/t/08ecb6bd2d6fba50055891114aa4dfdd52085af67a3f239ff9d726b6cf509de99  https://etherscan.io/t/0874091d6ba4c6dcb3645fb8e39bbac8bb7904c60cdf57be11612722876d34124  https://etherscan.io/t/02775cd7ffe4a868bb880abdc2d43de1d8d762feceda00bf242f909696d9cb262,2021-04-27 0:00,2020,82091,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
437,Bantiample,SlowMist,,https://hacked.slowmist.io/search/,,https://www.quadrigainitiative.com/casestudy/bantiampleeitscam.php,,The Bantiample team  a project on the Binance Smart Chain  has cashed out 3000 BNB to run away. At present  the main developer of the team has deleted the Telegram account  and the project token BMAP has fallen by more than 90% in a single day. According to the project  s description  BMAP is a kind of AMPL/like imitation. Every time a user participates in a transaction  the total amount is reduced by 1%. However  it is actually just a common token  and it does not have the functions described by the project party. It just uses the AMPL project hotspot to commit fraud.,2020-09-19 0:00,2020,82132.5,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
154,Pirate X,SlowMist,,https://hacked.slowmist.io/search/,,"BlockSec sur Twitter : ""5/5) The attacker dumped these tokens into the market. got a profit of about 212 BNB."" / Twitter",, The pledge contract (06912B19401913F1bd5020b3f59EE986c5792DA54) of the NFT adventure game Pirate  was attacked. When users deposit their PP tokens into this contract  their tokens will be transferred to an EOA account (03b74a9cb5f1399b4a5a02559e67da37d450067b7). When the user withdraws the tokens  the contract will call Transferfrom  to transfer these funds back. The attackers put these tokens on the market and made a profit of about 212 BNB.,2022-03-09 0:00,2022,82651.91,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Dapp,P
772,CBDAO,REKT,https://de.fi/rekt-database/cbdao,,,Investors Count Losses: DeFi Project CBDAO (BREE) Pulls The Rug for Over $1 Million in ETH (coinfomania.com),,The contract deployer took advantage of a hidden minting backdoor in the SBREE smart contract. SBREE tokens were minted in the amount of 50K tokens and converted to BREE tokens. Mint transaction: https://etherscan.io/t/03bf7b06d6737e6d222234acc58dea634c7ff75e6cc447bece6cc264f2e1db9d2 Migration: https://etherscan.io/t/0d592c3de3ee1542902ccbfb17c3d3922168568076f8afd7db1f48be3e4fa4677 The address which received new tokens started to dump them in multiple transactions: https://etherscan.io/token/04639cd8cd52ec1cf2e496a606ce28d8afb1c792f?a=085c90f369676789d3234ecf07adb5262df1bcf15,2020-09-10 0:00,2020,83884,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
965,Raptor2,REKT,https://de.fi/rekt-database/raptor2,,,https://twitter.com/PeckShieldAlert/status/1495638264253984768,,The contract deployer added initial liquidity at:  https://bscscan.com/t/078e7b5eb4d40ede331f2393db773ab62bbde2d936785c3eec77f0453232af9d4  The liquidity was removed and tokens were sold by the contract deployer:  https://bscscan.com/t/0fbceeb8cb13a87e20ae0a1df2b8be0ff8f284f733ebacf4bd5c106f8b8c585f7  Stolen funds were transferred to the External address:  https://bscscan.com/t/0ef06c291b5f527d76643d9eb815dadff55b9ebf5b5320dd8faebc2684386bd5d  The fundsrecipient deposited stolen funds into Tornado Cash Mier:  https://bscscan.com/address/0daa5e5692f24b0284cbd9fb6fbe2ddc78bf4d34a,2022-02-21 0:00,2022,83960,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
848,Galaxy Coin,REKT,https://de.fi/rekt-database/galaxy_coin,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We can confirm that $GXY is a #rugpull. Not to be confused with other Galaxy Coin tokens. 0xBf43... began to remove liquidity yesterday and continued to sell tokens. ~$79k has been transferred to EOA 0x1064... BSC: 0x2629C46C0700222A18194B5eDE91752FaB626631 https://t.co/QlnmWKVvtV"" / Twitter (archive.is)",,Quick SummaryGalay Coin was rug pulled for the total amount of 84.535 $BUSD.&nbsp; Details of the exploit  data/v/51e0c2ec=  ><span lang=>Galay Coin is BEP20 token trading on PancakeSwap. The token price dumped and liquidity was removed by an EOA address. Consequently. all the drained amount were transferred to another address.  data/v/51e0c2ec=  > Block Data ReferenceAddress of dumper: https://bscscan.com/address/0bf43ea6ae146f2b4a403886c026f2599e1007fa2Address funds was transferred to: https://bscscan.com/address/010647499a50320ad42fbbe0d75aec387bd72422fTransactions where funds was transferred: https://bscscan.com/t/01577b5aacf3e73a9399f98d26c6aa5351770cb0f0917b0fe3e8b8feb748b6e7d https://bscscan.com/t/00a736576876c10c45922a7bc636a0fad3c6f98f5eddf8aa841e2f49ad2229a6b<span style=>081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b<span style=>081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b,2022-08-29 0:00,2022,84535,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
738,Animoca Brands,REKT,https://de.fi/rekt-database/animoca_brands,,,Animoca Brands warns that “Animoca Brands Metaverse” token is not associated with the company,,Animoca Brands issued a scam alert about a new ERC/20 token “Animoca Brands Metaverse” on Uniswap V2 that fraudulently claims to be associated with Animoca Brands and uses the symbol “Animoca” The contract deployer added initial liquidity at: https://etherscan.io/t/001eed379470a32acdb899b71fa5a3c6437f165c78032270c5a9fccab334f8289 The contract deployer used his funds to buy fake Animoca tokens at multiple transactions. Finally. the liquidity was removed by the contract deployer at: https://etherscan.io/t/01a7590ffc33c4149bdef3aa073ae1d33436dd546b068aaa64758942335affa83,2022-02-17 0:00,2022,84631,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
74,Novo,REKT and SlowMist,https://de.fi/rekt-database/novo,https://hacked.slowmist.io/search/,,(1) https://www.panewslab.com/zh/sqarticledetails/y3y02hy.html. (2) https://web.archive.org/web/20220529164050/https://twitter.com/CertiKAlert/status/1530952268035538944,,"DeFi project Novo is suspected of being attacked  and hackers have transferred 280 BNB (about $89 600) to Tornado.cash. REKT: Quick Summary

A flashloan attack was carried out on the Nova project during which the attacker managed to withdraw 278 $BNB from the protocol.
Details of the Exploit
Novo is decentralized and deflationary volume/based cryptocurrency protocol available on the Binance Smart Chain based on the $NOVO token.
The attacker created a one/time wallet (attacker address (A)) that was used to attack $NOVO. Using this wallet. attacker created a smart contract. which was not verified. in order to make an attack on the token:
1) https://bscscan.com/tx/0xc346adf14e5082e6df5aeae650f3d7f606d7e08247c2b856510766b4dfcdc57f
2) https://bscscan.com/tx/0x23fd14a46b539c81ca4491a577de118925d9339a63fcf4c8a3ff36c14d6cec35
In the same transactions. the profit received was sent to the scammer address (B). Then all the remaining profits were sent directly to the scammer address (B):
https://bscscan.com/tx/0x21bbfa5c0748fb015d95848cf0a0244c3b36e3e8c24e2b0193b4a053fda0867d
All the profit was laundered via Tornado.Cash.",2022-05-30 0:00,2022,85604,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,FT,CA
737,AI DAY,REKT,https://de.fi/rekt-database/ai_day,,,"PeckShieldAlert on Twitter: ""#PeckShieldAlert #slippage PeckShield has detected $AI has dropped -98% within an hour AI DAY: PART II https://t.co/G3a582DxgU https://t.co/pudmr7GFeN"" / Twitter (archive.org)",,Quick SummaryThe $AI token was Rug pull scamed by its team. The team created an AI/WBNB pair to make their token tradable and dumped the $AI token for a profit of $88k. Scam AlertProjects $SJMUSK and $<span data/sheets/userformat=\AI DAY: Part 2>AI DAY: Part 2 are related. The scammer addresses involved in this Rug pull scams:1) https://bscscan.com/address/053acdc0ac1206002d3e60facd7cf957359e1287f2) https://bscscan.com/address/0c37f9554d26c76cbeff796fb9595b8d469177f03This team has many other projects on which they scam people. Stay safe out there! Details of the exploit data/v/51e0c2ec= >The creator of the token deployed the contract to the network. where 70M tokens were sent to the contract that created a pair of liquidity on PancakeSwap: data/v/51e0c2ec= > https://bscscan.com/t/095bfd70e5ec9367c387dbe65d43bc939eac70efbffd0cb4147116425de38a848 data/v/51e0c2ec= >Then a BNB/AI pair was created through the contract. 70M $AI and 100 $BNB: data/v/51e0c2ec= > https://bscscan.com/t/0f3490bdeda658bf9aa468ea7d0800e4a01d1f112b9acc9d72e3551caf91cf0a0 data/v/51e0c2ec= >After the community invested enough funds into the token. the team exchanged &gt;361k $AI for 373 $BNB. taking a profit of 273 $BNB: data/v/51e0c2ec= > https://bscscan.com/t/03e6b1dba3a40350dbe449bf2cd788bb0be7e4aa2d95e6a9f2e96b104fd11cc74 data/v/51e0c2ec= >The funds were then sent further to other addresses in order to continue scamming people. Block Data ReferenceScammer addresses:&nbsp;/ Scammer address. token creator: https://bscscan.com/address/0c37f9554d26c76cbeff796fb9595b8d469177f03 Transactions:/ Creating lp: https://bscscan.com/t/0f3490bdeda658bf9aa468ea7d0800e4a01d1f112b9acc9d72e3551caf91cf0a0/ Swapping $AI to $BNB taking profit. and destructing contracts: https://bscscan.com/t/03e6b1dba3a40350dbe449bf2cd788bb0be7e4aa2d95e6a9f2e96b104fd11cc74 Contracts:Liquidity creator: https://bscscan.com/address/08e0f791089854681f742f8d1484640cedff312bbToken contract: https://bscscan.com/address/0bdeb6D82aB45c3d61d7ec5F7cF090EC63Df3577CContract 3: https://bscscan.com/address/0f084b554bf38218193fce53257129f5473107fc2 Smart/Contract Abilities+ It is possible to send $BNB to the address of the token. which will be sent to the address of the token deployer.,2022-08-08 0:00,2022,88736,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1135,Brahma Finance,REKT,https://de.fi/rekt-database/brahma_finance,,,(1) https://archive.ph/oiIjv. (2) https://archive.ph/P1mKf,,,2022-11-09 0:00,2022,89522,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
892,Klein Bottle,REKT,https://de.fi/rekt-database/klein_bottle,,,x,,Quick SummaryThe $KLB token has been Rug pull scamed by the token creator. The token creator deployed $KLB token and when the price of it went up the scammer exchanged tokens for $BNB dumping the price of $KLB. Details of the exploit<em>Klein Bottle\ssmart contract had never been published by the project deployer.  https://bscscan.com/address/060930de2669670d1768108a77244f8ef56b4c544#code. This implicates that any investors intending to conduct due diligence and research on the source code would not have encountered any useful information. In simple terms. the project stood only on the grounds of promises made by the team. which could not be checked by investors since the source of code was not available to them</em>. The creator of the $KLB token minted 100B $KLB tokens. ( https://bscscan.com/t/06d022790ad69a30e3f44022f5ca8da4583052dd541de4d41e0a41f814688d319).After the creation of the price asset. 70% of the total supply was sent to this address ( https://bscscan.com/token/060930de2669670d1768108a77244f8ef56b4c544?a=0486844e15606aa9e4eb9b66fccf038404d7ec91b). where the tokens are located at the time of this writing. 13.8% were distributed among various scammer addresses. Perhaps an attempt to make the token distribution appear more normal. The below transactions show where funds have been sent:Transfer transaction to address (A):  https://bscscan.com/t/02d97020d6751d01b7367c3266313642ae83e0054bca21a47833a9c9d4501a421 Transfer transaction to address (B):  https://bscscan.com/t/06c26372cdbc781e09966b34a9242ec93d526a2b0f8d975ba0f3b3c607d654fea Transfer transaction to address (C):  https://bscscan.com/t/04f08766c87dcfa9ade917a5e097b89542c0e262069f52db6187da820442ca448The address (A) created a liquidity pool between $BNB and $KLB. They waited until the token price became acceptable. then they started dumping the token price. Stolen funds are currently located at these addresses:1)  https://bscscan.com/address/067074b65c6ce584692d85e1568c32f8139c962b6 / ~ $87k2)  https://bscscan.com/address/0c42d3f5d4af4557fbc678929fabc5d9531192300 / ~ $2k<br\>As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceToken contract address:  https://bscscan.com/address/060930de2669670d1768108a77244f8ef56b4c544 Scammer addresses:&nbsp;1)  https://bscscan.com/address/013cdf67b7dff09b0efc234fb88570b05a89e30f82)  https://bscscan.com/address/067074b65c6ce584692d85e1568c32f8139c962b63)  https://bscscan.com/address/0c42d3f5d4af4557fbc678929fabc5d9531192300,2022-07-06 0:00,2022,89747,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
99,Cashera,REKT and SlowMist,https://de.fi/rekt-database/cashera,https://hacked.slowmist.io/search/,,https://twitter.com/CertiKAlert/status/1523379700860473344,, Cashera is a project that claims to offer a ''banking revolution''  through its CSR crypto token. The project does a number of things to try to appear legitimate  including linking to government records showing a company named after it is registered in the UK and conducting a smart contract audit courtesy of AuditRateTech. Their website boasts partners including VISA PayPal Netfli and Spotify. Still project deployers suddenly minted 23 million CSR tokens  which they exchanged for nearly $90 000 in other assets plummeting the token value by about 70% in the process. The development team also took the project website offline. REKT: Quick SummaryCashera was rug pulled by token deployer for the total amount of nearly $USD 90.000. Details of the exploit  data/v/51e0c2ec=  >Cashera is BEP20 standard token. The Rug pull &nbsp;occurred after the token deployer minted 23.000.000 $CSR tokens and swapped them. It caused the token price drop by more than 70%. Incident happened due to centralization and privileged issues of the token contract. Block Data ReferenceAddress of scammer:  https://bscscan.com/address/0baa0c3523877c68d26b88930aee3fc1c44801344Affected contract: https://bscscan.com/address/07ee058420e5937496f5a2096f04caa7721cf70ccMint transactions: https://bscscan.com/t/0e7e568a8989ac15f3e190352086fd5b96d5fae0007739dd343dd8a3a788c1867  https://bscscan.com/t/05dbc20509f6c38113c8e09367b2734cf88293ffd558a979419dded6845a38560<br,2022-05-08 0:00,2022,90000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Staking,CP
490,Bitcoin Gold,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/bitcoin/gold/blockchain/hit/by/51/attack/leading/to/70k/double/spend,, Last week  BTG encountered two 51% computing power attacks  and both recharge transactions to exchanges were cancelled  involving about 1 900 BTG and 5267 BTG  which was close to 90 000 US dollars.,2020-01-23 0:00,2020,90000,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
612,Monacoin,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.reddit.com/r/monacoin/comments/8k7640/51_attack_on_monacoin/ (2) https://www.crowdfundinsider.com/2018/05/133936/verge/bitcoin/gold/and/monacoin/hacked/,,On May 18 a Reddit netizen posted that Monacoin suffered a 51% computing power attack a selfish mining attack and a time stamp attack. The eact time occurred from May 13 to May 15. Some exchanges that support Monacoin trading such as Bittre Livecoin have closed Monacoin recharge.,2018-05-13 0:00,2018,90000,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
852,GDAO,REKT,https://de.fi/rekt-database/gdao,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a #exitscam on project GDAO (GDAO) BSC:0xeB0dafA840Df31F5Ae18d54d96Bf9c7760fDb904 Which has experienced #slippage of 96%. ~$90K was taken Disclaimer: not to be confused with ~30 other tokens w/ GDAO symbol. pls check address Stay vigilant! https://t.co/K8GNHkEpX4"" / Twitter",,Quick SummaryGDAO token was Rug pull scamed. The token deployer/related EOA address drained liquidity for 90.302 $USD. Details of the exploitGDAO is a copycat BEP20 token trading on PancakeSwap. and can tbe confused with other tokens with the same symbol. The token deployer sent 1.000.000 $GDAO tokens to an EOA address. which drained the liquidity and transferred the stolen funds through TransitSwap. The scammer made a profit of 90.302 $USD. Block Data ReferenceScammer addresses: https://bscscan.com/address/07f12728d771a916d5d0e3f860c7266b56c6d5d71 https://bscscan.com/address/0b67b4aa8b785ed87569f0362490cbd54d2878c77 Token transfer transaction: https://bscscan.com/t/0b0ed3561b698b363ea375f60cb395ef22fb1ce43017fa8e88281a7cb5185dbf3,2022-10-28 0:00,2022,90302,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
720,RedRubyDAO,REKT and SlowMist,https://de.fi/rekt-database/redrubydao,https://hacked.slowmist.io/search/,,"(1) CertiK Alert sur Twitter : ""@TornadoCash @RedrubyDao 1/ RedRubyDAO was exploited due to a lack of input validation. See our analysis for more details ?? https://t.co/HsjtZRLhF"" / Twitter. (2) https://www.certik.com/resources/blog/5bgwNCkNoiRAGZUtfibmE/redruby/dao/exploit/incident/analysis",,Quick SummaryRedRubyDAO project was exploited. the attacker used a smart contract deployment to receive 85.000.000 tokens and sold them in the same transaction. Details of the exploitRRD is a BEP20 token of the RedRubyDAO project. The liquidity pool of the token is located on the W3Swap. The hacker deployed a malicious smart contract and transferred 85.000.000 $RRD tokens to the contract balance. Consequently. the hacker swapped 83.300.000 $RRD on W3swap and received 91.000 $BUSD in the same transaction. The remaining $RRD tokens were transferred to two EOA addresses. The stolen funds stay in the hackersaddress at the moment. Block Data ReferenceAttacker address: https://bscscan.com/address/09a52daeb40b898b1af30c5c428243d4c827b18ad Malicious contract: https://bscscan.com/address/0771f25e77d78be8f1a4f01efa43bae9ca559d9a8 Malicious transaction: https://bscscan.com/t/00bb6b1e49ed057f087dd31873c86b2d04316c91f51124f5bb17139d929bea209 Liquidity pool:  https://bscscan.com/address/0d577a5c16b08695230512d178855d0a9982c8864,2022-04-10 0:00,2022,91000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Dapp,P
782,Cryptos Tribe,REKT,https://de.fi/rekt-database/cryptos_tribe,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing a #Rug pull scam on @CryptosTribe / $CSTC. As of now 017f… holds $37.263.41 in BNB and 07aE… holds $183.194.52 in BNB. A total of about 460.031.104 CSTC tokens. Bsc:078f1a611cceba2ff17ea53570dbee7d43629e8bc Be careful out there! https://t.co/8pL4BW4avW"" / Twitter (archive.org)",,The $CSTC token has been Rug pull scamed by it's team. Scammers took a profit of $91k.,2022-07-27 0:00,2022,91023,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1124,Sheep Farm,REKT,https://de.fi/rekt-database/sheep_farm,,,https://neptunemutual.com/blog/decoding-sheep-farm-smart-contract-hack/,,"Quick Summary
Sheep Farm on-chain gaming dapp was exploited due to smart contract vulnerability. 91.320 $USD worth of $BNB was stolen from the project.

Details of the Blockchain
Sheep Farm is a GameFi dapp on the Binance chain. The project was exploited due to smart contract vulnerability. which allowed the attacker to register multiple times and increase the amount of owned gems using a deployed smart contract with unverified source code. 309 $BNB was stolen from the project's smart contract. which is valued at 91.320 $USD at the moment. All the stolen funds were transferred through TornadoCash.

Block Data Reference
Attacker address:
https://bscscan.com/address/0x2131c67ed7b6aa01b7aa308c71991ef5baedd049
Malicious contract:
https://bscscan.com/address/0xf2db8665d82e1a23895ed78b213d36d62eec6bbc
Malicious transaction example:
https://bscscan.com/tx/0x8b3e0e3ea04829f941ca24c85032c3b4aeb1f8b1b278262901c2c5847dc72f1c",2022-11-15 0:00,2022,91320,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
804,Dividend Token,REKT,https://de.fi/rekt-database/dividend_token,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $DIV (Dividend Token) 0c84ed03607dbb3c0280f2691f8b361f08b7a1e94 DEV IS HACK AND DUMPING https://t.co/6G2odO6mR2 https://t.co/ab7Urss8In"" / Twitter",,"The token contract owner was setted to 038f614ddd1b2127619be43fa6f596704c688459e address. according to the contract overview:
https://etherscan.io/token/0c84ed03607dbb3c0280f2691f8b361f08b7a1e94#readContract

The transaction below shows that he was able to generate 1.8 trillion DIV tokens onto his wallet:
https://etherscan.io/t/05776d1e8dbd9ea7a8cf608c1c2bb8ce55ce5fa9ee9bbb4b1100cc9c701c67c82

Subsequently. these tokens were sold. of which he received ~137.2 ETH. Transaction list:
https://bloy.info/ts/calls_from/038f614ddd1b2127619be43fa6f596704c688459e?signature_id=1102188&smart_contract_address_bin=07a250d5630b4cf539739df2c5dacb4c659f2488d

Another wallet. which participated in this event. used a smart contract backdoor and was able to eecute mint and sell tokens in the same transaction. additionally gaining 17.6 ETH:
https://etherscan.io/t/0619ecf493c8b3cea7769e37267c5f7bf0ea867782d1b87f5c742372d9fea1b9a",2020-11-24 0:00,2020,92360,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
936,Nifity,REKT,https://de.fi/rekt-database/nifity,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #78 / https://t.co/3tvoT0cRNQ $NIFITY (0x44436DAD31d1aD018312a3Eb7586103ac638E1e7) Reason: Vault has been backdoored to allow owner minting. stealing its tokens and stealing wallets approved tokens. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/s2Dy13NWdL"" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/086d2f28d5ea4cc683a21ef11d6dd980a8bfa6d9197a15c84ca35c9ebf70e0c6b  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/0d7f6999930eb7e5f1bf73e8bb121d98e0e0f130833d7892999f391d6f873170d,2021-01-22 0:00,2021,93410,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
912,Marvel Metauniverse,REKT,https://de.fi/rekt-database/marvel_metauniverse,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing a #rugpull on project Marvel Metauniverse. symbol $MRV which has dropped &gt;92% in price. The deployer minted 96 million MRV to an EOA which is linked to the selling wallet. BSC: 0x706BABd2a336fD61653cF8D13DdEefF66CF624BF Stay vigilant! https://t.co/Pb0GioMtZD"" / Twitter (archive.is)",,Quick SummaryMarvel Metauniverse was rug pulled for 93.746 $USD. The $MRV token price dumped &gt;92% after the owner/related address sold them aggressively.&nbsp; Details of the exploit  data/v/51e0c2ec  >Marvel Metauniverse is a BEP/20 token on the Binance Smart Chain. The token price dropped &gt;92% on PancakeSwap and 93.746 $USD were drained. The Rug pull happened after the owner transferred already minted tokens to an EOA address and started to sell tokens.&nbsp; Block Data ReferenceAddress of dumper: https://bscscan.com/address/06e75090281fdfdc010d174c4fcf2edc6f3a22764Address of owner: https://bscscan.com/address/0b76f7e4a4aba77c6d1032d060e1cf077f923a752Transactions between dumper and owner: https://bscscan.com/t/07fd0c90d1af549f06910e9688a4cb42371cc08caeec4edc80ca0f50e48ee4a96 https://bscscan.com/t/0cd8e6176439f4149ae63eaaa221f07609ac84084fdfb24fbf54955c8c225e496 https://bscscan.com/t/0641a6a31931ff4b804dcb855ab7d83ee282ef89c3a0030b784f4beb8b769049b <br,2022-08-28 0:00,2022,93746,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
37,Citizen Finance,REKT and SlowMist,https://de.fi/rekt-database/citizen_finance,https://hacked.slowmist.io/search/,,(1) https://twitter.com/citizen_finance/status/1546665208495673349. https://twitter.com/PeckShieldAlert/status/1546685214830694405 (2) https://web3isgoinggreat.com/single/citizen/finance/claims/to/have/been/hacked/for/around/100000,https://www.htx.com/feed/news/207819/,Multi/chain NFT protocol Citizen Finance claims to have been attacked by an outside party that gained access to the private keys of BNB and the Polygon chain. The attackers used their access to transfer 244 BNB (~$55 000)  57 637 MATIC (~$32 300)  and 7 000 USDC  for a total of about $94 300. REKT: Quick Summary The Citizen Finance platform suffered from an attack by a hacker who managed to obtain the private key of one of the Citizen Finance wallets and proceeded to steal $94k.  Details of the exploit: Citizen Finance is a platform where players are the true owners of their in/game assets. Players can stake. resell. gift them or use assets as a collateral.Citizen Finance was attacked by a hacker who obtained a private key with access to the BSC and Polygon chains. The attacker used their access to transfer 244 $BNB. 57k $MATIC and 7k $USDC that attacker withdrew in these transactions: 1)  https://bscscan.com/t/0cf24e27679c25e1454a2532811c871ec0618660ee84c21cdec2c815966403ab02)  https://polygonscan.com/t/03fe2204878587a18dcfd6001429f92282ad5960cb87fa54f6d429920b288e4f7The theft caused a price drop of the $CIFI token by more than 50%. As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceAccount addresses where stolen funds are currently located:(BSC)  https://bscscan.com/address/0ac3dc7bb5f09871ee2cbf0f9d20911c960f6ac2b(Polygon)  https://polygonscan.com/address/0ac3dc7bb5f09871ee2cbf0f9d20911c960f6ac2b,2022-07-11 0:00,2022,94336,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
185,CityDAO,REKT and SlowMist,https://de.fi/rekt-database/citydao,https://hacked.slowmist.io/search/,,https://twitter.com/CityDAO/status/1480421505385197575,, CityDAO  an Ethereum/based community blockchain city project  has posted that the CityDAO Discord administrator account has been hacked. 29.67 ETH ($95 000) funds were stolen by hackers using stolen admin accounts to post fake land airdrop messages. The attacked administrator Lyons800  tweeted that the attack was a ridiculous security breach from Discord. REKT: CityDAO. an Ethereum/based community blockchain city project. has posted that the CityDAO Discord administrator account has been hacked. 29.67 ETH ($95.000) funds were stolen by hackers using stolen admin accounts to post fake land airdrop messages. The attacked administrator. ,2022-01-10 0:00,2022,95000,Instant user deception,Social media compromission,Imitation,Intermediary,Dapp,
721,Safe Dollar,REKT,https://de.fi/rekt-database/safe_dollar,,,(1) https://safedollar.medium.com/safedollar-postmortem-analysis-96c8cfb4c2a3. (2) https://polydex.medium.com/plx-locker-smart-contract-incident-post-mortem-75342124a3e8,,The attackersaddress: https://polygonscan.com/address/08a0a1eb0bae23e4e95608e3aad7fa25b0d907c6c The attack transaction: https://polygonscan.com/t/076c722c7bd90f6db0ad28692f86336007626e938ba7b1fcae98e9b404e66b210 The re/entrance attack on the Token Locker smart contract was performed. Safe Dollar share tokens were affected. The contract itself does not have an issue with standard ERC20. but since the PL token is ERC777 standard. there will be <u>tokenReceived</u>() callback event every time method <u>transfer</u>() triggered. The attacking smart contract deployed by the hacker has included the <u>unlockAll</u>() trigger repeatedly (40 times) in the event. so he was able to unlock more than the amount he locked in before. The attacker withdrew 9.959.26 SDS. then sold for 95.392 USDC after bridging all to Ethereum.,2021-06-20 0:00,2021,95392,Contract vulnerability,Reentrancy,Technical vulnerability,Target,FT,CA
739,Aphrodite Protocol,REKT,https://de.fi/rekt-database/aphrodite_protocol,,,"RD Labs (Previously Rug Detectives) sur Twitter : ""Scam Project: $APHR @AphroditeDefi (0xe25da3cbec06652d31b376c18b68a16dbfe081f4) I detailed in my previous tweet https://t.co/iKaKzaYRqP that @PacificProtocol $PCF is a scam. and unfortunately proved right again. #RUGDETECTIVES"" / Twitter",,"The project was holding a fundraising event. it was stated in their Telegram announcement:
https://archive.is/lrWVR

Funds were deposited directly to the contract deployer's address:
https://bloxy.info/txs/transfers_to/0x0217f93565ede01fa65450281631a67808d2eedc?currency_id=1

The contract deployer added initial liquidity at:
https://etherscan.io/tx/0xf0cc8a577b231694f919513a850c1ee252992ab59ad04f5ec84616753b077bdb

The liquidity was removed by the contract deployer at:
https://etherscan.io/tx/0x932454372a960201ea6a452d090c354df892d60d2b8fbcda082f7e1b426d2f8d",2021-01-29 0:00,2021,97147,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
422,ElectrumSV,SlowMist,,https://hacked.slowmist.io/search/,,https://aaron67.cc/2020/11/08/lost/600/bsv/,,On November 9th  a user named aaron67  posted about his BSV theft eperience  saying that please stop using the multisig accumulator multi/signature solution implemented by ElectrumSV immediately. The locking script of this scheme had serious bugs  so that 600 BSV was stolen on November 6th. After the incident  the user had contacted Roger Taylor  the author of ElectrumSV  for the first time  and the serious bug was subsequently confirmed. At the same time  the Note.SV developers stated that they had done an analysis for the first time to find the source of the bug  and notified the wallet author and community users.,2020-11-06 0:00,2020,98200.5,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Other systems,
271,OpenSea,SlowMist,,https://hacked.slowmist.io/search/,,$100.000 Worth of Ethereum NFTs Destroyed by OpenSea Bug: ETH Dev / Decrypt,,A vulnerability in NFT marketplace OpenSea resulted in at least 42 NFTs being sent to a burn address  worth at least $100 000. The issue was first raised by Nick Johnson  lead developer of the Ethereum Name Service (ENS)  who noted that when he transferred an ENS domain name (in the form of an NFT)  it was transferred to a burn address. This means it was accidentally sent to an uncontrolled address and can no longer be moved. Regarding the destroyed ENS domain name  Johnson said it was the first registered ENS domain name  called rillir.eth  which was held by an ENS account when Johnson registered it with personal funds. In order to transfer the ENS domain name to his own account  he went to OpenSea to perform the transfer  only to find that it had been sent to a destruction address by mistake. Since Johnson is still the controller of the ENS domain name  he can still make changes  just cannot move the domain name. Johnson then received further reports from others who were similarly affected and compiled a list of 32 affected transactions involving 42 NFTs. Most NFTs use the ERC/721 standard  but a few use ERC/1155. He looked at the floor price of each NFT  which totaled about $100 000. Johnson claims that OpenSea has now fixed the vulnerability.,2021-09-08 0:00,2021,100000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,CeFi,
470,Web3 DeFi,SlowMist,,https://hacked.slowmist.io/search/,,Web3 Phishing Has Finally Arrived (phishfort.com),,The malicious Web3 applications phishing dapps were discovered in a recent study  they pretend to be legitimate applications or services to steal cryptocurrencies. For eample  since MakerDAO officially closed the single/mortgage Sai system  such phishing tools have begun to appear  and they pretended to need a new tool to help users migrate from SAI to DAI. For eample  a domain name provides a simple interface to start the migration from SAI to the new DAI at a 1:1 ratio  it seems like an official channel. However  the actual transaction to be signed simply sends the SAI to an address owned by the attacker. SAI  which has been traced to more than US$100 000  was transferred to the attacker's account.,2020-06-25 0:00,2020,100000,Instant user deception,Undetermined,Imitation,Intermediary,Other systems,
650,Vertcoin,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://medium.com/coinmonks/vertcoin-vtc-is-currently-being-51-attacked-53ab633c08a4 (2) https://www.coindesk.com/markets/2018/12/10/vertcoins-struggle-is-real-why-the-latest-crypto-51-attack-matters/,,Vertcoin suffered a major attack in which hackers stole funds worth $100 000.,2018-12-12 0:00,2018,100000,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
1123,Ranger,REKT,https://de.fi/rekt-database/ranger,,,https://quillaudits.medium.com/over-20-million-was-lost-to-rug-pull-scams-84ee86430970#:~:text=before%20withdrawing%20it.-. (2) ,,"Quick Summary
The Ranger project was rugged by the token deployer with a profit about 100.000 $USD.
Details of the Exploit
The Ranger project fell victim to a scam. The token deployer sent Ranger tokens to various addresses after the PancakeSwap Pool USDT/Ranger had been drained.
Block Data Reference
Deployer:
https://bscscan.com/address/0x888ec45f6e16334f8ecd691057f51722c85659ef

Drained LP:
https://bscscan.com/address/0x66af223259fd3887b408a1fda73657e4ed0a2c30#tokentxns
Sales:
https://explorer.bitquery.io/bsc/txs/transfers?from=2022-11-01&till=2022-11-30",2022-11-15 0:00,2022,100000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1051,Yearn Machine Learning,REKT,https://de.fi/rekt-database/yearn_machine_learning,,,(1) https://twitter.com/SolidityFinance/status/1351222770898788360 (2) https://archive.ph/ImpQ7,,The project was holding a presale event using proy: shorturl.at/nrtwT The liquidity wasn tadded. The stolen Ether (90.30 ETH) was deposited into the Binance exchange: https://bloy.info/ts/transfers_from/0432cab608c3f72814e303692da5310b21e887c69?currency_id=1,2021-01-21 0:00,2021,100367,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
833,FDB,REKT,https://de.fi/rekt-database/fdb,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a #exitscam on project FDB (FDB) bsc:0x18a2E0ba304112134bd407744Ff0b0a03aE77327 which has experienced #slippage of over 99%. Tokens sold can be traced to the original deployer for a profit of approx. ~102.8K total. Stay vigilant! https://t.co/hnWTeGeylc"" / Twitter",,Quick SummaryFDB token was Rug pull scamed by the deployer/related EOA address. The total profit of the scammer reached 103.540 $USD. Details of the exploitFDB is a BEP20 token trading on PancakeSwap. The deployer/related EOA address drained liquidity for the total amount of 103.540 $USD. The scammer transferred 30.000 $BUSD to other addresses. and the remaining 12.861 $BUSD and 221.7 $BNB stay at the original address. Block Data ReferenceScammer address: https://bscscan.com/address/0485ba16ca76d59b04895cbcf9775b01674abecb9 Liquidity drain transactions: https://bscscan.com/tsInternal?a=0485ba16ca76d59b04895cbcf9775b01674abecb9 https://bscscan.com/token/055d398326f99059ff775485246999027b3197955?a=0485ba16ca76d59b04895cbcf9775b01674abecb9 ,2022-10-15 0:00,2022,103540,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
691,DarkPool,REKT,https://de.fi/rekt-database/darkpool,,,"Beosin Alert sur Twitter : ""3/ Finally. the attacker called the claimDpcAirdrop function in the $DPC contract to claim the rewards and swapped them for $USDT. The stolen funds are still at the attacker's address 0xf211Fa86CBc60d693D687075B03dFF3c225b25C9."" / Twitter",,Quick SummaryDark Pool token was hacked and 103.859 $USD was stolen from the liquidity pool. The hacker used the vulnerability of the tokenssmart contract. Details of the exploitDark Pool is the BEP20 standard token trading on PancakeSwap. The smart contract of the $DPC token has a vulnerability. which allows users to accumulate a huge amount of rewards after staking LP tokens. The claimStakeLP() function was called multiple times by the attackersmalicious contracts and granted the attacker the opportunity to withdraw more than 20.000 $DPC tokens. Consequently. the attacker swapped $DPC tokens for $USDT and made a profit of 103.859 $USD. All stolen funds remain in the attackersaddress at the moment of writing. Block Data ReferenceAttacker address: https://bscscan.com/address/0f211Fa86CBc60d693D687075B03dFF3c225b25C9Attacker contract: https://bscscan.com/address/02109bbecb0a563e204985524dd3db2f6254ab419Draining transaction: https://bscscan.com/t/092cab23d536d2e13ecb7c473350121165de0ae6c6c81be94ba502ac7db72e86fLiquidity Pool: https://bscscan.com/address/079cd24ed4524373af6e047556018b1440cf04be3,2022-09-09 0:00,2022,103859,Contract vulnerability,Reentrancy,Technical vulnerability,Target,FT,CA
7,DDCX,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/BeosinAlert/status/1564240190851383302,,DDC was exploited and lost $104 600. The cause of the event is the problem of arbitrarily deducting pool fees.,2022-08-29 0:00,2022,104600,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
386,SushiSwap,SlowMist,,https://hacked.slowmist.io/search/,,https://beincrypto.com/sushiswap/suffers/another/attack/hacker/steals/81/eth/,,On January 27 2021 SushiSwap was attacked again. This attack took advantage of the fact that DIGG itself did not have a WETH trading pair and the attacker created this trading pair and manipulated the initial transaction price resulting in a huge slippage during the fee exchange process. The attacker only needs to use a small amount of DIGG and WETH provide initial liquidity to obtain huge profits.,2021-01-27 0:00,2021,105196.73,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
1096,TetherShiba,REKT,https://de.fi/rekt-database/tethershiba,,,"PeckShieldAlert sur Twitter : ""#rugpulls #Honeypot PeckShield has detected @TetherShiba https://t.co/S8xHJ8iKfP rugged. @TetherShiba already deleted its social accounts. Stay *AWAY* from it! @pinkecosystem https://t.co/jk3zKzNitT"" / Twitter",,The contract deployer enabled the blacklist for users that prevents selling the token:  https://bscscan.com/tx/0x46b8d20fe5bb08dc29bd9472330c00c744eb3f222a0e11b7a73cf0644b1e30d6  Tokens were sold by the contract deployer in multiple transactions:  https://bscscan.com/address/0x1dc2607e547e99d4de192c589a178c0c353f6b89#tokentxns  Stolen funds were deposited into Tornado Cash mixer:  https://explorer.bitquery.io/bsc/txs/transfers?sender=0x1dc2607e547e99d4de192c589a178c0c353f6b89&amp;currency=BNB  The token identifies as honeypot:  https://honeypot.is/?address=0xB463D04DA3CCb35093CCe292212638a16A1Cd934,2022-03-07 0:00,2022,105421,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1056,YZY DAO,REKT,https://de.fi/rekt-database/yzy_dao,,,https://archive.ph/5NmmH#selection-3007.55-3007.121,,The contract deployer transferred ownership of the vault smart contract to the External address: https://etherscan.io/t/05742ab0e29917b1078e64aa6ab1def4ae061e9f9dbd42a49b0afa83133a089cb The new owner was set as <u>_daoTreasury</u> in the vault smart contract: https://etherscan.io/address/00a5a0a14419f9db1da68cf2f550720e5df49d4fe#readContract The External wallet received tokens in the form of fees. In addition. he sold them in multiple transactions: https://etherscan.io/tsInternal?a=0f01a907407413f5168BFf558119606054C585302&amp;p=1 This address removed liquidity multiple times: https://etherscan.io/t/06d64293c7966da2fba71ffe12949953b72f3d185cd2cadcba31fa43519e7f9c9 https://etherscan.io/t/059f3ae38c301c29b3dc5be466f7a2097964e2839fff6482ec2912e86f10c319d https://etherscan.io/t/0e481e83b262764d0e19931bcda83d666ca9804e7d17f78d0dc6c0aa2394951c0,2021-04-23 0:00,2021,106315,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
90,Quickswap,REKT and SlowMist,https://de.fi/rekt-database/quickswap,https://hacked.slowmist.io/search/,,QuickSwap’s GoDaddy Domain Hijack: How it Happened & Our Proposal to Restore the Community | by QuickSwap Official | Medium,,Decentralized exchange Quickswap has come under attack for a vulnerability in its hosting provider GoDaddy. The hijackers gained access to QuickSwap  s DNS through a vulnerability in GoDaddy  where QuickSwap domains were hosted. Some DE users lost around $107 600 through platform swaps before QuickSwap was able to regain control of our domain. REKT: Quick SummaryVulnerability in the hosting service allowed the hacker to change the DNS settings in such a way that the original router address was replaced with a fake one. While the QuickSwap team discovered the problem. the hacker managed to get more than $100k. Details of the exploit  data/v/51e0c2ec=  ><span lang=   >QuickSwap is a decentralized exchange that runs on the Polygon Network in order to provide faster and cheaper transactions on Ethereum.  data/v/51e0c2ec=  >Using the security vulnerability in the hosting service GoDaddy. hacker gained control of the DeFi domain of the QuickSwap platform and modified the External interface to redirect funds traded on the platforms to a wallet controlled by the attacker.&nbsp;  data/v/51e0c2ec=  >When the community did the exchanges through the website. they noticed that the funds were not returned to their wallets and began actively writing about it in social networks. Team members noticed this and issued a warning post on Twitter. The QuickSwap team managed to restore the correct operation of their website. but they lost confidence in GoDaddy. Immediately after the problem was fied. the team turned to their community to find the best hosting service for QuickSwap.&nbsp;  data/v/51e0c2ec=  >At the moment. QuickSwap is functioning smoothly. on a new hosting server. Block Data ReferenceInvolved addresses:/ Hacker address:  https://polygonscan.com/address/083927acf1a3f69f9fd2ed055fff424a49cda0c5d<span style=,2022-05-14 0:00,2022,107600,Instant user deception,DNS attack,Imitation,Intermediary,Exchange,
639,EOS.WIN,SlowMist,,https://hacked.slowmist.io/search/,,https://www.cryptovibes.com/blog/2018/11/12/eos/hacked/,,The game contract was attacked by the attacker lockonthecha.,2018-11-12 0:00,2018,108400,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
881,INFI Governance and Utility Token,REKT,https://de.fi/rekt-database/infi_governance_and_utility_token,,,"RD Labs (Previously Rug Detectives) sur Twitter : ""Scam Project Update $INFI Governance and Utility Token (0x790b5C38dA815f0f47Ac8ACd148eB24A24c262a2) The developer was spooked by my previous warning and pulled liqiudity. making off with close to 300 eth. DYOR investors. @InsuredFin @dao_duck https://t.co/IjbwEViXnc"" / Twitter",,The contract deployer added initial liquidity at:  https://etherscan.io/t/09bd709d9bbe44ed118ed0286c9d957fcc3c6a11fc517b2d9476afc9b79a62c5f  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/09a99e14363f03d4bebce99a2e8ba7ba04d0faad5377fa3f3d428207a4af9aed0,2021-01-26 0:00,2021,109878,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
940,NWN,REKT,https://de.fi/rekt-database/nwn,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are receiving reports of a possible #exitscam on NWN (NWN). Contract BSC: 0x95e6823F1Fc728Fd34Cc79c36b69935acFc862e9 which has dropped &gt;89%. ? of the minted tokens are transferred to 0xbb30f. Scammer gained ~$110K. Stay Safe out there! https://t.co/VcphA6kSMR"" / Twitter",,Quick SummaryRug pull happened on NWN token. which lead to a dump of the token price by more than 89% Details of the exploitNWN is a BEP20 token. Rug pull happened after an EOA address sold 410.000 $NWN tokens on PancakeSwap and drained the huge amount of liquidity. The address received the tokens from 3 other addresses. The total profit of the scammer reached 110.00 $USD. More than half of the drained funds were sent to another EOA address and the remaining 50.000 $BUSD are at the original address. Block Data ReferenceScammer address: https://bscscan.com/address/0bb30f7705b65afb61a29294938146c1f9cd27281 Token receive transactions:  https://bscscan.com/t/0e2afc14da643f2868b0664260c533f58ee2dd046a332e98b839e8b7e21da6c8b https://bscscan.com/t/0ef7cdf81562eb9ffdc70506a7057b6e9ad239b073a1ee97554963885f3c1015a https://bscscan.com/t/0d6efd87004cd65e7713adf26d83b7173cda86068d16136a7e3fb9215fec8864a,2022-09-27 0:00,2022,110000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
130,BNB DEFI,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/PeckShieldAlert/status/1508626057913520128,, A Rug Pull occurred in BNB DEFI  and the DEFI token fell by 68% in a short time. At present  the project has closed the community  and DEFI tokens have been exchanged for about 255 BNB.,2022-03-28 0:00,2022,110302.8,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
829,F*ck The Merge,REKT,https://de.fi/rekt-database/f*ck_the_merge,,,REKT Database | De.Fi,,Quick SummaryF*ck The Merge token was rug pulled for the total amount of 110.383 $USD. Details of the exploitF*ck The Merge is a ERC20 token trading on UniSwap. On September 15th. the token deployer created F*CKMERGE/WETH pair and added 100 $WETH as initial liquidity. After users bought the token for big amounts. the token deployer drained the remaining 178 $WETH. The total profit of the scammer is 110.383 $USD at the moment.&nbsp; Block Data ReferenceAttacker address: https://etherscan.io/address/00c41d309e970b4f4dc368af5072c0251494ac32e Token pair: https://etherscan.io/address/076aaaa341fda1c0ea563c9b241002d7e2e623814 Drain transactions: https://etherscan.io/t/0364ad8124c24f96626fd69cda40a13bfc0367e9afb2645bb7f03bd168c062815 https://etherscan.io/t/0b7da9882dd895fd1c66b5e8bded3ab75820942caf3ea4dc1f3fdc23fb6cd9c22 https://etherscan.io/t/0f27aa3a02e15e88b140428a71dc25a6ec8ad9a203eab0b6fccb5c52a0c132342,2022-09-15 0:00,2022,110383,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1134,Abracadabra Money,REKT,https://de.fi/rekt-database/abracadabra_money,,,(1) https://archive.ph/CwD5h. (2) https://archive.ph/AUioY,,"Quick Summary
Abracadabra Money was exploited via the oracle issue. The attacker used temporarily $MIM depegging and profited for 110.911 $USD.

Details of the Exploit
Abracadabra.Money is a decentralized protocol providing staking. lending. and borrowing opportunities. The protocol's lending pool was exploited via the oracle issue. Temporarily depegging of $MIM stablecoin allowed the attacker to withdraw 110.911 $MIM tokens at nearly zero cost using a deployed smart contract with unverified source code. All the stolen funds were transferred through Tornado Cash.
Block Data Reference
Attacker address:
https://etherscan.io/address/0xb7ea0f0f8c6df7a61bf024db21bbe85ac5688005
Malicious transaction:
https://etherscan.io/tx/0x3d163bfbec5686d428a6d43e45e2626a220cc4fcfac7620c620b82c1f2537c78
Malicious contract:
https://etherscan.io/address/0x8c761066bc6c20e9c65ece9972a9eb6ed511fd4d",2022-11-08 0:00,2022,110911,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
838,FlokiChain,REKT,https://de.fi/rekt-database/flokichain,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a price #slippage on project @ChainFloki (FC) Contract bsc: 0xa48d94e1cca09c4867d710cd24f002cb6aa196d3 which has dropped more than &gt;99 %. The owner of the project removed liquidity for ~$110k causing the drop. Stay vigilant! https://t.co/bcCgTWtDD7"" / Twitter",,Quick SummaryFlokiChain token was Rug pull scamed by the initial token holder. The scammer profited 111.162 $USD in total. Details of the exploitFlokiChain is a BEP20 token trading on PancakeSwap. The initial token holder removed liquidity from the pool and gained funds for the total amount of 111.162 $USD. Consequently. the scammer swapped gained funds for 407 $BNB and sent to another EOA address. Block Data ReferenceScammer address: https://bscscan.com/address/019c943b6557a17176b4ed8c2d6081c7e71a5fd35 Liquidity removal transaction: https://bscscan.com/t/09df83e402552a70a6ce1ebba67bcd6defdf17b27ed7c0d31bab7a4e74263044a,2022-10-11 0:00,2022,111162,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
790,Dark Matter,REKT,https://de.fi/rekt-database/dark_matter,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #60 / Dark Matter $DARKM (09861D28B874c346D284De67158B879B5468abb6B. presale) Reason: The token is fake. The token is linked to the $RIFT. $BOOST and $MAG scam. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/0Y9ggiu4mu"" (archive.ph)",,The project was hilding a presale event. The final fund's recipient was the contract deployer:,2020-12-30 0:00,2020,111637,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
339,Pancake Hunny,REKT and SlowMist,https://de.fi/rekt-database/pancake_hunny,https://hacked.slowmist.io/search/,,https://watchpug.medium.com/pancakehunny/performance/fee/minting/attack/analysis/e347d12bfdde,,According to official sources PancakeHunny on BSC was attacked by hackers and the hackers made 43 ETH (a total of more than 100 000 US dollars). PancakeHunny forked from PancakeBunny and the attack suffered this time was similar to PancakeBunny. Hackers obtained a large amount of HUNNY tokens and threw them to the market causing the price of HUNNY tokens to plummet. REKT: The attackersaddress:  https://bscscan.com/address/00ef50be29c82ecf2158ec1886dc6692a2b0db411  The attacker: / WBNB was swapped to CAKE at PancakeSwap/ sent CAKE to the HUNNY Minter contract/ staked on CAKE/BNB Hive in PancakeHunny/ HUNNY Minter was “tricked” to mint more HUNNY tokens. namely: using all the wallet balance to make HUNNYBNB LP. and then uses it to calculate the profit hunnyBnbAmount. which can be easily tampered with by just sending the tokens to the minter contract  / the attacker then un/staked from CAKE/BNB Hive to receive the HUNNY tokens from the Minter  / the attacker then sold the HUNNY tokens on PancakeSwap  Stolen funds were transferred to the External address and deposited to the Binance exchange wallet at:  https://bscscan.com/t/0cc88d376224077f60ff7bcce62c6f077f14d0679d5fdd5bfde5934070a1b8324  https://bscscan.com/t/0ba23b86d685aa04e8bb949fd5dc56710e68660f277364e27e2e113ffae62a215  https://bscscan.com/t/04c93ae86c739cf76b7505846fb9c108d8852ccab94b26433f18f4fda5279dac8  https://bscscan.com/t/0e8f8d0e388bc099a9ccee842759c4fdb2cac2ea3142c28d29e65407678dc3fab,2021-06-03 0:00,2021,112187,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
67,Fomo DAO,REKT and SlowMist,https://de.fi/rekt-database/fomo_dao,https://hacked.slowmist.io/search/,,(1) https://www.defidaonews.com/article/6755292. (2) https://twitter.com/peckshield/status/1532916129789710336. (3) https://twitter.com/PeckShieldAlert/status/1532933406883184640,,The fomo/dao project is suspected of being attacked  and the attacker has made a profit of $110 000  which has been transferred to Tornado.cash. REKT:,2022-06-03 0:00,2022,114360,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
816,Easier,REKT,https://de.fi/rekt-database/easier,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an #exitscam on project Easier (EAI) Bsc:0x82b558c60fc4d1e12862b0d8fad693ae81aba48c Which has dropped &gt;66% Approx. ~$105k was taken. Disclaimer: This is not to be confused with ~26 other tokens w/EAI symbol. pls check address. Stay Safe! https://t.co/ICvOajUdx9"" / Twitter",,Quick SummaryEasier token price dropped by more than 60% due to a Rug pull scam. The deployer of the token is the same one involved in an exit scam on the macroeconomics &nbsp;($MOC) token. Details of the exploitEasier is the BEP20 token. and can tbe confused with many other tokens with the same $EAI symbol. $MOC tokens were minted to an EOA address. which swapped them for $BUSD and then for $EAI tokens in multiple transactions. The collected $EAI tokens were transferred to another EOA address. which sold all the amount for 165.549 $BUSD and distributed the amount between multiple addresses. The total profit of the scammer reached 115549 $BUSD. Block Data ReferenceScammer address: https://bscscan.com/address/0aeece9bc2f321e968cc9328fad5bf8f8a8e56fe7 Swap transactions: https://bscscan.com/token/082b558c60fc4d1e12862b0d8fad693ae81aba48c?a=0aeece9bc2f321e968cc9328fad5bf8f8a8e56fe7 ,2022-10-05 0:00,2022,115549,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
195,SNOOD contract,SlowMist,,https://hacked.slowmist.io/search/,,solidity / Attack on ERC/777 smart contract and UniswapV2Pair resulting in 104 ETH liquidity drain / Ethereum Stack exchange,,The SNOOD ERC/777 smart contract was attacked  causing the liquidity of the UniswapV2Pair token to be completely drained (104 ETH).,2022-06-20 0:00,2022,116516.4,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
10,Kaoyaswap,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/BlockSecTeam/status/1562286943957708800,,Kaoyaswap on BSC appears to have been attacked  with hackers making 37 294 BUSD and 271.2 WBNB  caused by faulty logic in the Swap function.,2022-08-23 0:00,2022,118000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
43,Quixotic,SlowMist,,https://hacked.slowmist.io/search/,,https://www.defidaonews.com/article/6762124,, Quiuiotic  the largest NFT platform in the Optimism ecosystem  has a serious vulnerability  and a large number of user assets have been stolen. Users who have traded on this market should cancel their authorization as soon as possible. According to SlowMist analysis  only the sell order is checked in the fillSellOrder function of the market contract  and the buyer  s buy order is not checked. Therefore  the attacker first creates an arbitrary NFT contract  calls the fillSellOrder function to generate a sell order  and passes the buyer parameter as the victim  s address and the paymentERC20 parameter as the token address to be stolen  then the user who is authorized to the market contract can be transferred. Tokens are transferred for profit.,2022-07-01 0:00,2022,118882.5,Contract vulnerability,Access control flaw,Technical vulnerability,Target,CeFi,
463,Twitter,REKT and SlowMist,https://de.fi/rekt-database/twitter,https://hacked.slowmist.io/search/,,Several celebrity Twitter accounts in the US were hacked to send bitcoin scam messages / BBC News Chinese,,In the early hours of this morning many celebrity politicians and some companies Twitter accounts were attacked by hackers and these Twitter accounts all published relevant digital currency phishing scam information. However the phishing information was deleted a few minutes after it was posted. As of now the scammers have received 12.86 bitcoins in total. REKT : The Twitter accounts of major companies and individuals were compromised in one of the most widespread and confounding breaches the platform has ever seen. all in service of promoting a bitcoin scam that earned its creators nearly $120.000. On Wednesday evening. the company revealed that its own internal employee tools were compromised and used in the hack. which may eplain why even accounts that claimed to have two/factor authentication were still attempting to fool followers with the bitcoin scam.,2020-07-16 0:00,2020,120000,Instant user deception,Social media compromission,Imitation,Intermediary,Other systems,
734,ACC TOKEN,REKT,https://de.fi/rekt-database/acc_token,,,"(1) CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing a price drop on project ACC Token - symbol $ACC which has dropped more than &gt;70% in the last couple of minutes. #slippage Address: bsc:0x5dc53496e8dd50887785d75d432cba6a86f82cad Be careful out there! https://t.co/xzgesm7QBE"" / Twitter. (2) https://twitter.com/CertiKAlert/status/1533533368301891584",,ACC Token was rugged for ~120$K. Token address: https://bscscan.com/address/05dc53496e8dd50887785d75d432cba6a86f82cadThe accounts that dumped token: https://bscscan.com/address/07ebBE0a15EA8DB71E69a10af30fEF5a9AD8E063D,2022-06-05 0:00,2022,120000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1120,Trust Bridge,REKT,https://de.fi/rekt-database/trust_bridge,,,https://twitter.com/CertiKAlert/status/1594409841396678659,,"Quick Summary
Trust Bridge token was rugpulled by the token deployer. Liquidity removal caused a loss of 120.083 $USD.
Details of the Exploit
Trust Bridge is a BEP20 token trading on PancakeSwap. The token deployer created a pool with 5.000.000 $TWB tokens and 20.009 $BUSD on 15 November. On 20 November all the provided liquidity was removed for 140.092 $BUSD. All the stolen funds were transferred through TornadoCash.

Block Data Reference
Scammer address:
https://bscscan.com/address/0x4f515c945216efe889fd29eb79d6136cc4c99b91
Liquidity removal transaction:
https://bscscan.com/tx/0xdfc47840433a1e44910b6898950baa252eab5d53bece1ab14c051b71f84fb7a8",2022-11-20 0:00,2022,120083,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
925,MoltenSwap,REKT,https://de.fi/rekt-database/moltenswap,,,x,,The Master Chef contract contains hidden functionality under the <u>set</u>() function. which was invoked multiple times by the contract deployer at:  https://eplorer.bitquery.io/bsc/ts/calls?internal=false&amp;contract=0b9c56744f90f3b8f6da2650485846650c33e7070&amp;method=d9638422  Calling <u>set</u>() function led to the LP tokens transfer onto the External wallet. eample transaction:  https://bscscan.com/t/03b8ed32a339123f0a7abf56abdfe32a86761c2bc2d00f1ebec6c472c4b53de91 (at the bottom of the list)  The liquidity was removed by the External wallet multiple times at:  https://bscscan.com/t/031c99d77dc9e501838f7586438e967d924989d040e552bb49773dda362e84d55  https://bscscan.com/t/0de655409ea12e50805e237bf2fcb177135c00d8e4e7eefb132471c55ee4887cc  https://bscscan.com/t/06c9d7e8bbc9dab21adb4ad69494686fc36671bcbb669c840597b476843e4de6b  https://bscscan.com/t/021d2c374ab9ddae760c409275a944bbe6abb0e4946b1bdcc8f569c1e92e69a10  https://bscscan.com/t/03a0c56b9c7ccffae75e2b9d9786abb723434ff6db5413e212d866f2fe08cb1bb  https://bscscan.com/t/0dcd892c22e23d93546e9955b1aabd0320fb3b6e96aae3353b47f5b323981b640  https://bscscan.com/t/09033ed6a75127ee2ab47ba57d89bbcc7fadbf58d4ad00bdeb5a8a69b599f1865  https://bscscan.com/t/00deb3c9747056218e448a364dd00f1bc63a7b5c2b08e61975d4d2cf0cdd73e5e  https://bscscan.com/t/053a1f15d43cb2d67614ec67e8d68bca33878497cbe8a1d1c173ade73967da8e0,2021-03-07 0:00,2021,121994,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
440,Emerald Mine,REKT and SlowMist,https://de.fi/rekt-database/emerald_mine,https://hacked.slowmist.io/search/,,(1) EOS Run Project EMD: 120.000 EOS can be returned. but the investigation activity needs to be stopped. otherwise the private key / MyToken will be destroyed. (2) https://www.coindesk.com/policy/2020/09/09/security/firms/warn/of/potential/defi/exit/scam/after/25m/in/locked/cryptos/moved/,,According to SlowMist Zone intelligence EOS project EMD is suspected to be on the run. To date EmeraldMine1 has transferred 780 000 USDT 490 000 EOS and 56 000 DFS to Account SJI111111111 and 121 000 EOS has been transferred to Changenow coin Laundering. Current lost MARKET value: US $2 468 838 =17 281 866 RMB. REKT: Large quantities of EMD funds were sent one after the other barely 13 hours after the official project launch. At that time. the SlowMist team. a Blockchain security company. issued a security warning. stating that EMD possibly ran away with the user's funds. EMD's EOS account. emeraldmine1. had already sent 787.000 USDT. 490.0000 EOS. and 56.000 DFS to the sji1111111 account at the time. According to the mainnet deployment record. the project has upgraded the contract after its release.,2020-09-09 0:00,2020,122000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
822,Elron Token,REKT,https://de.fi/rekt-database/elron_token,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing a potential rug pull on $ELR which dropped ~80%. The contract deployer transferred large amounts of $ELR to an EOA that then sold off all the tokens. Stay Vigilant! https://t.co/Xj9kyyVTGd"" / Twitter (archive.org)",,Quick Summary The Forest Elron Token project has been Rug pull scamed by its own team. They created a pair between ELR/USDT tokens. where the initial deposit was 300k $USDT and 300k $ELR. and after a while they dumped the token taking a profit of 122k.  Details of the exploit<a href= https://www.youtube.com/watch?v=U4Mcd_1mKY rel=noreferrer noopener target=_blank The token creator deployed the $ELR where the creator is given the minter role. and also transfers ownership to his address:  https://bscscan.com/t/01438a06f58cf1e1e19b5bac24f9dd540a914a8562985865b8248247e60b6fc19#eventlogAlso analyzing the code. it was noticed that total supply was minted to this address:  https://bscscan.com/address/0F0C13C7b330145c903cCB98F3ccd54D9C9D44708300k tokens were sent from mulitisig\swallet to another address. where 300k $USDT was also sent to create an ELR/USDT pair with a ratio of 1 to 1:1) The sending path of 300k $ELR from Multisig:&nbsp; &nbsp; 1.1)  https://bscscan.com/t/0e1c01d6403fb21990686a7abe686302b61ec2f4e949d8da95ebed21e2e95c936&nbsp; &nbsp; 1.2)  https://bscscan.com/t/001837b52e7ff69254c874c9531923b17a3a6bfa68827022da401316f178526782) Receiving 300k $USDT from Binance Hot Wallet 6:  https://bscscan.com/t/02864bc927bfe113643e5562fefc0d564effb738b330fbc6fef43d1d0e7972df93) Transferring 300k $USDT to lp creator:  https://bscscan.com/t/0c5b9b5a5f2c53355d4d1d9bfbc9e5935092516c6bce3e10681db8d0742de05df4) Add liquidity transaction:  https://bscscan.com/t/0efaed2cab8c814734e6cfbfafcc023f9c433b2d27f9fe021cdca804a525f5f5cMultisig wallet sent 1M $ELR tokens to the address of the token creator:  https://bscscan.com/t/0ecc3fbdfc214505555b7998d73bd17e26b88e9fcffc109450ddd63f8459774efAfter some time. unusual behavior was noticed from the address of the token creator. he started sending a bunch of transactions for 13.899 $ELR to the scammer address (B). here is an eample of transactions:1)  https://bscscan.com/t/05d05ae17a1e4e3a0b540de422f7cd269ca2d6894d6dc778830b8ee1eb8b9b1a72)  https://bscscan.com/t/0c2b840a031db580e6f16f281ff2bb277039923767031d5a59206379906bf018f3)  https://bscscan.com/t/0b86955fe35d44641e63c36a02bd52a6d1118e4edd10c8caf66af81c8efa8f1e2After scammer address (B) started dumping the token price by selling $ELR on PancakeSwap. eample transactions: 1)  https://bscscan.com/t/08e52247ecb967e0eb5186d50970cafaddc7be01c2e4eddd7a47d4bef7afb487e 2)  https://bscscan.com/t/0195b4b038fc68f2687be36a751647bb9770a66e2341001b10f70f462360dcd7d 3)  https://bscscan.com/t/0014dd513493ab8849a8540be783699a923a1ede16343f3fc56074a5e030042eafrom the moment the pool was created until July 15. 122k $BUSD was invested. ~$242k was taken from the pool and at the moment 180k $BUSD is still in the pool. As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceInvolved addresses:Token creator / scammer address (A):  https://bscscan.com/address/02cc11e2cade4f7a18f9607ef9b5352bfc6e5edaaScammer address (B):  https://bscscan.com/address/012b7ec933f4ad3f85d9ba0e29e64cc2ccd81d0f6Scammer address (C):  https://bscscan.com/address/0f2f78e289e5f64692b8e0de1e122f73488006d44Multisig wallet on which more than 90% of total supply is stored:  https://bscscan.com/address/0F0C13C7b330145c903cCB98F3ccd54D9C9D44708,2022-07-15 0:00,2022,122000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
45,MAD,REKT and SlowMist,https://de.fi/rekt-database/mad,https://hacked.slowmist.io/search/,,https://twitter.com/BeosinAlert/status/1542517440252624896,,$MAD was hacked  and the hacker transferred all $MAD in the contract by directly calling the transfer function of the contract holding the token  and finally made a profit of $556 BNB (worth about $115 681)  which was then transferred to Tornado.Cash. The reason is that the sensitive function was not checked in the contract that holding tokens  resulting in anyone can directly call the 09763a894 function to transfer out the tokens held in the contract. REKT: Quick Summary The $MAD token was stolen by a hacker who noticed a vulnerability in the contract that held most of the assets. The hacker withdrew the profit through Tornado.cash.  Details of the exploitToken $MAD had been stolen from the token storage due to the lack of specific verification. as a result. anyone could pick up tokens. knowing how to interact with the function. The contract is unverified. so the function looks like 09763a894 . The hacker stole the tokens. and called <em>selfdestruct</em> in this transaction:  https://bscscan.com/t/0baf42be5ad9a6b259fa7bf6219f3672e5afda267219dddabd82d31b82808ab59Then. using another contract. he took the tokens from all the addresses where the tokens from the previous transaction were sent and swapped them to $BSC/USD via PancakeSwap:  https://bscscan.com/t/0baf42be5ad9a6b259fa7bf6219f3672e5afda267219dddabd82d31b82808ab59.Which were subsequently sent to the main address from which the money was withdrawn via Tornado.cash: https://bscscan.com/t/039ddbe914af0abd9f4f1429f5aa47561e1da8223ada43100755c3ea6d6114def Block Data ReferenceToken creator address:  https://bscscan.com/address/0963fc5af34b5dfac05491620122ed12f3634a2ecToken contract:  https://bscscan.com/address/0525c8e9c8240a55014bc55cbe8908eadadb02094Vulnerable storage contract:  https://bscscan.com/address/019b9c6984a6B545407d83C8Ec421D7D00695BaD8 Attacker addresses:  https://bscscan.com/address/0957e949afa38011947a76d871c66f13af11eae93Attacker contract addresses:&nbsp;1)  https://bscscan.com/address/0e6016d18c0cf515f4cda8b38907617bd370e68192)  https://bscscan.com/address/02002c47eca93e3873ea1fa4f797bb6ca9c0d7f28,2022-06-29 0:00,2022,122354,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
926,MooCakeCTX,REKT,https://de.fi/rekt-database/moocakectx,,,"Beosin Alert sur Twitter : ""#Flashloan Beosin EagleEye monitored a flashloan attack on MooCakeCTX contract. The loss is ~$140K. There is no time restrictions on collateral and rewards. and the prevention of caller is not comprehensive enough. enabling the attacker to increase dividends via flashloan. https://t.co/aKhfsmLjjy"" / Twitter",,Quick SummaryMooCakeCT was exploited via a flash loan attack. The attackersprofit reached 122.960 $USD. Details of the ExploitMooCakeCT is a yield protocol on the Binance Chain. The protocol supports $CAKE deposits for $mooCakeCT. The attacker took 400.000 $BUSD as a flash loan and exploited the protocolssmart contract for 424 $BNB. The attackersmalicious smart contract bypassed isContract() function check by performing actions on the constructor and got rewards as $mooCakeCT tokens after depositing $CAKE tokens. The flash loan was paid back after repeating previous actions multiple times and the Exploiter took a profit of 424 $BNB. All the stolen funds were transferred to several EOA addresses in 4 transactions. Block Data ReferenceAttacker address: https://bscscan.com/address/035700c4a7bd65048f01d6675f09d15771c0facd5  Malicious contract: https://bscscan.com/address/071ac864f9388ebd8e55a3cdbc501d79c3810467c  Malicious transaction: https://bscscan.com/t/003d363462519029cf9a544d44046cad0c7e64c5fb1f2adf5dd5438a9a0d2ec8e  Funds transfer transactions: https://bscscan.com/t/0963d1ff2fbb277376fb8a878e0275b63d861c0479a83ed2a3cf57573439cad6a  https://bscscan.com/t/0602c2220e4fa84cae5db564e08569327eeeb5de46d51f8033d2315f62787ba45  https://bscscan.com/t/044922e9682f461cc669e3e72e4b9ff6202a49016920566625af15519f39ec913  https://bscscan.com/t/058096e41e89f795bb409eebf9c28a2ee8b7025b6f6823a448421bbab74cca119,2022-06-11 0:00,2022,122960,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
595,BiKi,REKT and SlowMist,https://de.fi/rekt-database/biki,https://hacked.slowmist.io/search/,,https://www.quadrigainitiative.com/casestudy/bikipasswordtampering.php,,BiKi.com announced that at 0:08:23 on March 26 the BiKi.com community received a user feedback that his password has been tampered with and need to bind the new Google verification code.At around 5 in the morning 28 users had the same problem and the risk control system received an alarm. After investigation it is because some users are not bound to Google verification code and third/party verification code service provider SMS is hijacked and caused. At present the number of of accounts that have been tampered with passwords is 37 and the account involved in asset transfer is 18 and the loss amount is 12.33 million USDT the BiKi.com will bear the full amount of the loss. REKT: Biki.com. a crypto asset exchange established in Singapore. stated in the announcement that the exchange underwent a Verification code attack between midnight and 7:30 on the 25th. and some user accounts and passwords were tampered with. The company has closed all withdrawals and OTC transactions.  Biki said they would offer a reasonable compensation plan as soon as the damage situation was confirmed.,2019-03-26 0:00,2019,123000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
704,Journey of Awakening,REKT,https://de.fi/rekt-database/journey_of_awakening,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a price #slippage on project Journey of awakening (ATK) bsc:0x9cB928Bf50ED220aC8f703bce35BE5ce7F56C99c which has dropped more than &gt;99%. The contract seems to have been exploited earning a total profit of $127.8K. Stay vigilant! https://t.co/jsoKJ8m1Yc"" / Twitter",,Quick SummaryJourney of Awakening project was exploited for the total amount of 127.000 $USD. The attacker exploited the vault contract of the project with unverified source code. Details of the exploitJourney of Awakening is BEP20 token trading on PancakeSwap. The project token $ATK price dropped by more than 99% after the attacker drained liquidity with stolen tokens. The Exploiter used deployed smart contract to withdraw $ATK tokens from the vault contract with an unverified source code and profited 127.000 $USD in total. Block Data ReferenceAttacker address: https://bscscan.com/address/03df6cd58716d22855afb3b828f82f10708afbb4f Malicious contract: https://bscscan.com/address/0d7ba198ce82f4c46ad8f6148ccfdb41866750231 Liquidity removal transaction: https://bscscan.com/t/0601b8ab0c1d51e71796a0df5453ca671ae23de3d5ec9ffd87b9c378504f99c32 Malicious transaction: https://bscscan.com/t/055983d8701e40353fee90803688170a16424ee702f6b21bb198bb8e7282112cd,2022-10-12 0:00,2022,127000,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
1133,DeFi Safe,REKT,https://de.fi/rekt-database/defi_safe,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an exit scam on project DeFi Safe (dSafe) Contract bsc: 0x761776f726168c9dF6dC63d5864880801E21F403 which has dropped more than &gt;99%. Contract creator blacklists holder EOAs then removes liquidity for ~$127k Stay vigilant! https://t.co/ZVtlq3HEIS"" / Twitter",,"Quick Summary
DeFi Safe token was rugpulled by the token owner a week after the deployment. The scammer removed 127.421 $BUSD from the liquidity pool. 
Details of the Exploit
DeFi Safe token is a BEP20 token trading on PancakeSwap. The token deployer removed liquidity in the single transaction and gained 127.421 $BUSD. The $dSafe token was created on November 1 and scammed after seven days. All the stolen funds were distributed among several EOA addresses. 

Block Data Reference
Scammer address:
https://bscscan.com/address/0xdd20cfffb480c9c3709fcce070ce8da6024645e1

Liquidity removal transaction:
https://bscscan.com/tx/0x7e2654c9424086f327fc6f6a90d1194cd3f14b5b7efb35e0450ef5ff206db17f",2022-11-07 0:00,2022,127426,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
50,PandorachainDAO,SlowMist,,https://hacked.slowmist.io/search/,,https://gostake.io/resource/news/7a9960908de49041e5e863fbb0b20463.html,,The pandorachainDAO project suffered a flash loan attack  resulting in a loss of assets worth about $128 000.,2022-06-22 0:00,2022,128000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,FT,CA
1080,MerchDAO,REKT,https://de.fi/rekt-database/merchdao,,,https://honeypot.is/ethereum?address=0xe053f7b5513acab661c50a279cc86dccd91b4b9e,,The contract owner could disable the transfer function. which restricted users in selling their tokens:  https://honeypot.is/ethereum.html?address=0xe053f7b5513acab661c50a279cc86dccd91b4b9e  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x285fd8845af87a0ba135e77f128ea3a4437919b21adbdd779180d966fda22823  The liquidity was removed by the contract deployer:  https://etherscan.io/tx/0xca2cdd5d9cdce28d7f1b04c0b70c9f9cc9e2ecd81224a75ee53973c78df5f515,2021-03-28 0:00,2021,128194,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
786,Daedalus DAO,REKT,https://de.fi/rekt-database/daedalus_dao,,,"Conjurer of Crypto sur Twitter : ""Scammers are the scum of the earth and need to die. This is a little thread about a recent scam going on @cronos_chain and an OHM fork project called @daedalusfinance https://t.co/Ecg6CNTvuw These are facts Discord ID 686891303229063169 Fake dev 834428147691945984 https://t.co/Y6D8gQZT7E"" / Twitter",,,2021-12-05 0:00,2021,128832,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
1050,Yearn,REKT,https://de.fi/rekt-database/yearn,,,(1) https://crypto-corner.com/2020/09/24/yfi-scam-project/,,The project was holding a fundraising event. The investorsfunds were deposited in the External wallet. transaction list: https://bloy.info/ts/transfers_to/08ebd07ad578c537a76efe8a21e02ef2ea909f031?currency_id=1 The collected funds from the fundraising event were distributed between other wallets. eample transaction: https://etherscan.io/t/077d8d0d525a031e468131c33e31b5ae413173b588007a5560d710d51ef23dcd9 In addition. this External wallet added a small amount into the liquidity at: https://etherscan.io/t/09cc7d5ce871704dd9c361eb6bb85051fa3b1282416f39ae6445adf51bf4be736 https://etherscan.io/t/099c58000545cc024305117137258e4b79bc3f4fff52b4f1f61d20a5614c36966 https://etherscan.io/t/0fc07e125a985d51910353601acfcf746fd4ae953fced3fc63029ab4853682576 https://etherscan.io/t/098156140aff3d130be7e87435a14204a6403669c56891d397d793f710c873a93 https://etherscan.io/t/0f4a807478a1250cbd2e63229b871c3b008404b25b20587aaca857dd0ba6dad43 The liquidity was removed by the same External wallet at: https://etherscan.io/t/056066e3ff5d879d1de962cf767ac9d2df35de55f17d84fd2b3c800bda2d21b94 https://etherscan.io/t/061a7b03126b34694e7d2cbad596226976a5faae30547aab4f7d4b003be6ca8a5 https://etherscan.io/t/0762e2b38f04db48b28e5610c2d0a501eee60aee4ca230a991727b21b397ee542,2020-10-19 0:00,2020,129526,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Dapp,P
44,Quint,REKT and SlowMist,https://de.fi/rekt-database/quint,https://hacked.slowmist.io/search/,,https://twitter.com/BeosinAlert/status/1542493260114931712,, Metaverse project Quint was hacked and lost $130 000. The root cause of the attack is that when the reStake function eecutes the reStake reward reStake  the reward amount of the LP token is not updated  so that the attacker can claim the issued reward multiple times. REKT: Quick Summary The Quint project was attacked by hackers in the amount of $130K. The attacker took advantage of the vulnerability. thanks to which he was able to withdraw his rewards again.  Details of the exploitQuint is a stacking and farming platform where users can stake $QUINT at low transaction fees while enjoying the rewards in the form of a variety of tokens.The attack occurred due to a vulnerability in the contract called by the <em>reStake()&nbsp;</em>function. When this function is performed. the reward time in LP tokens is not updated. as a result an attacker can claim the issued rewards several times. Block Data ReferenceAttacker account addresses:&nbsp;1)  https://bscscan.com/address/082f42c1172ff2dab3129045de05cde0ca8c87fca2)  https://bscscan.com/address/0cBd00C9A86f3BfD4441693E0D23F5026A648117F&nbsp;3)  https://bscscan.com/address/0a59D3d8911DbC3Ba7c56A2Bc35c22Cbef759992d&nbsp;,2022-06-30 0:00,2022,130000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Dapp,P
1055,YFFS Finance,REKT,https://de.fi/rekt-database/yffs_finance,,,https://cryptoslate.com/in-one-day-a-total-of-1-2-million-worth-of-ethereum-was-stolen-in-three-defi-rug-pulls/,,According to reports around 300 ETH (~$130.000) was raised in a private pre-sale that took place over the span of under a minute. The developer was aiming to deploy some of the ETH raised in the pre-sale into Uniswap. to allow speculators to bet on the coin. But when it came time to deploy these funds. the Telegram channel was deleted.,2020-11-12 0:00,2020,130000,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
861,GST Token,REKT,https://de.fi/rekt-database/gst_token,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing a #rugpull on $GST which has dropped >90% A wallet linked to the project created multiple contracts to sell GST which were then self destructed. In total 607 BNB was transferred to a new wallet. BSC: 0xfce07A79058a7817449193be2e5031c96f98f10a https://t.co/n12lBmVdeI"" / Twitter (archive.org)",,Quick Summary The token creator of the GST token Rug pull scamed the project and made off with a profit of 507 $BNB.  Details of the exploit<a href= https://www.youtube.com/watch?v=U4Mcd_1mKY rel=noreferrer noopener target=_blank Assumedly in an attempt to make the project look legit the token creator send 222m $GST token to the FT exchange in time of deploying token: https://www.bscscan.com/t/04ec845228e72222c35ab2580e7b7efb3fb6ef70273343f29e7c17a85b37a699c The token creator proceeded to establish a liquidity pool on PancakeSwap. bootstrapped with 100 $BNB and 666m $GST token: https://www.bscscan.com/t/0557d4b8812a73ac7875f3aaea73fd8558ae5ce02bf5826e37d4e8caca06db6d8After an acceptable price appreciation the token creator dumped the $GST token against $WBNB through various self/destructible smart contracts;1)  https://bscscan.com/t/057c002996cb14377c6c77903b90f725a7a12e9fba0d7ffd46b8e2772e0a7b5572)  https://bscscan.com/t/0b4378d63c50c9145e35353f6dead5cf8c08291326beadbe65610dae92c21977b3)  https://bscscan.com/t/0962bf971be65df81c4af98cff1f2b97a2926c4301937c06252f158becaa3287eThe token creator received 607 $BNB in total from these transactions. The funds have since been funneled through a plethora of wallets seemingly to finance new scam projects. Block Data ReferenceToken creator wallet address: https://bscscan.com/address/01155d95a8c38e94a2204f3e8a311a47b05c9fee1 Subset of associated wallet address: https://bscscan.com/address/0e9b887d3b00b755e93b6e9c4de88093d6031fffe  https://bscscan.com/address/03df944e56d0ac6ffa882bbf69174398d7d2de4f3  https://bscscan.com/address/02d9bb24814399cb8b16006dcd538304cb9a3312a https://bscscan.com/address/048cdad96c9b802e2dae7aa162727aa208cb2fb65,2022-07-20 0:00,2022,130943,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1046,World Cup,REKT,https://de.fi/rekt-database/world_cup,,,https://twitter.com/CertiKAlert/status/1562168870777098240,,Quick SummaryThe WCP project has been rug pulled by its team. The team made away with $131k in profits. This project is not be associated with the official World Cup. Block Data ReferenceInvolved addresses:- Scammer address. token deployer: https://bscscan.com/address/0b22955933dee31bb1982d6db980b33c263cae9f1,2022-08-23 0:00,2022,131892,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
592,Etbox,SlowMist,,https://hacked.slowmist.io/search/,,https://finance.yahoo.com/news/lazarus/hacker/group/continues/target/185426186.html,,The Etbox platform wallet was hacked causing the platform’s digital assets to be stolen.,2019-03-24 0:00,2019,132000,Instant user deception,Evil twin site,Imitation,Intermediary,Exchange,
934,Etbox,REKT,https://de.fi/rekt-database/etbox,,,Lazarus Hacker Group Continues to Target Crypto Using Faked Trading Software (yahoo.com),,The Etbo platform wallet was hacked. causing the platform’s digital assets to be stolen.,2019-03-24 0:00,2019,132000,External factor,Deceiving personnel,Human risk,Target,Other systems,
789,Dark Light,REKT,https://de.fi/rekt-database/dark_light,,,(1) DK $0.00000000000007443 / DarkLight / WBNB on BSC / PancakeSwap / DE Screener. (2) https://web.archive.org/web/20220701130354/https://twitter.com/PeckShieldAlert/status/1542356181762871296,,Dark Light token has been Rug pull scamed by the contract creator. The contract creator exchanged a sizeable amount of $DK tokens to $BNB via PancakeSwap. The funds were then laundered via Tornado.cash.,2022-06-30 0:00,2022,134120,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
472,Bancor,REKT and SlowMist,https://de.fi/rekt-database/bancor,https://hacked.slowmist.io/search/,,https://twitter.com/Hex_Capital/status/1273469889622077441,, Due to the unverified safeTransferFrom () function in the new Bancor network contract  user funds are about to be depleted. The Bancor team stated: 1. A security vulnerability was discovered in the new Bancor Network v0.6 contract released two days ago  2. After the vulnerability was discovered  the team conducted a white hat attack to transfer funds to a secure address  3. The audit of the smart contract has been completed.But there are still $135 229 preemptively traded by two unknown arbitrage robots.,2020-06-18 0:00,2020,135229,Contract vulnerability,Undetermined,Technical vulnerability,Target,Exchange,P
1019,Tin Finance,REKT,https://de.fi/rekt-database/tin_finance,,,https://www.bsc.news/post/liquidity-siphon-Rug pull scams-on-the-binance-smart-chain,,The project was holding a presale event using a separate smart contract:  https://www.bscscan.com/address/0e9e3864fd7f49a0b62ac68e99ed5da67ed7ab7f6#code  The final recipient was the token contract deployer. he received funds at:  https://www.bscscan.com/address/075b84a45fd046c01e3cd9ac725e991a8d28fe5f7#internalt  3.064 BNB. gathered from the presale. were transferred to the External wallet at:  https://www.bscscan.com/t/0c5899580b98933a1b3aae98216ed43c19da8589e3715ef113ac4392c2a55f99d  The BNB recipient deposited funds into the Binance exchange:  https://www.bscscan.com/t/0229c02f45594fdb1809285da6aa668a9ba42ab8c14a7591662f091d517250e67,2021-01-30 0:00,2021,137342,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Yield,CP
1039,Walletreum,REKT,https://de.fi/rekt-database/walletreum,,,(1) https://twitter.com/TReijnd/status/1328107905552429061 (2) https://twitter.com/h_bitcoiner/status/1328076656674672640,,Quick SummaryWalletreum\sproject deployer abused the <span style=\,2020-11-15 0:00,2020,138340,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Lending,P
178,Kingfund Finance,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/PeckShieldAlert/status/1483790509399511042,,Kingfund Finance had a Rug Pull and lost over 300 WBNB. Upon inquiry the official Twitter of the project has been cancelled.,2022-01-19 0:00,2022,139303.5,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
70,CoFiXProtocol,SlowMist,,https://hacked.slowmist.io/search/,,https://www.panewslab.com/zh/articledetails/nkp0jggw.html,, The project CoFiProtocol on BNB Chian suffered a price manipulation attack  and the attackers made a profit of about $140 000.,2022-06-02 0:00,2022,140000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Oracle,INT
264,Iconics,SlowMist,,https://hacked.slowmist.io/search/,,https://cryptoslate.com/solana/nft/iconics/defrauds/people/of/130000/in/sol/,, Iconics  an NFT project on Solana  was accused of being a Rug pull. The 17/year/old artist behind Iconics made about $140 000 before disappearing. The project developers also deleted Iconics Twitter account and disabled Discord channel chat.,2021-09-30 0:00,2021,140000,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,NFT,CA
322,THORChain,REKT and SlowMist,https://de.fi/rekt-database/thorchain,https://hacked.slowmist.io/search/,,"THORChain sur Twitter : ""A $140k bug bounty for what could have been a serious bug. No users or nodes were affected since the treasury will restore the insolvency. Nodes reacted quickly to isolate and defend. THORChain is an active system / not passive."" / Twitter",,THORChain a decentralized cross/chain transaction protocol tweeted that a malicious attack against THORChain was discovered. THORChain nodes have responded and isolated defenses. The capital loss caused by this attack was US$140 000 but THORChain stated that user funds will not be affected. The fund pool will be used to make up for the leaked funds. The team stated that the path of the attack was that EthBifrost had a logical error in processing the same symbol as ETH. THORChain claimed that it repaired Bifrost within 30 minutes and adopted node defense to stop Bifrost and THORNode. The team said it will also invest funds for ongoing code reviews and monitoring.,2021-06-28 0:00,2021,140000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
856,Giant Divine Shield,REKT,https://de.fi/rekt-database/giant_divine_shield,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a &gt;97% slippage on BSC 0x878595B05620B1c38898597c93AD19bB165f6Fa7. The initial token distributor sent 1 billion tokens to an EOA which has and continues to sell $GIDS. Stay vigilant! https://t.co/paXuRvWhrV"" / Twitter",,Quick SummaryGiant Divine Shield token price dropped by more than 97%. The initial token distributor sent 1.000.000.000 $GIDS to EOA address. which dumped the token price. Details of the exploitGiant Divine Shield is a BEP20 token that trades on PancakeSwap. The token distributor address sent 1.000.000.000 $GIDS to another EOA address on the 15th of September. The address started selling aggressively and drained liquidity from the GIDS/WBNB pair. The attacker used several addresses to distribute $GIDS and drain liquidity as well. The total profit of the attacker reached 140.869 $USD which was transferred to another EOA address. Block Data ReferenceAttacker address: https://bscscan.com/address/0de01a5203ff577ba951447aa90e90bff8780fced Distributor address: https://bscscan.com/address/09111f320c05915b0820430bd8169bfa7d4888888 Team/related transactions: https://bscscan.com/t/05c071e9e201fcb8e39b01f29f20395585bdeb330e2f39f9c31697dbf3ca39c2a https://bscscan.com/t/0fc2f601416338728526af0a6a40ddb374164a5307978f623cb976746c94454c5 Involved EOA addresses: https://bscscan.com/address/08c106fff8e75505cb0482bb6726b68d02df148d0 https://bscscan.com/address/0f81631073542bc263d8be0bcde00fc43eba8c7e8 https://bscscan.com/address/049245ce740625ffd2c00cb3d6a76d9b97d33d4f6 https://bscscan.com/address/08df7df0bb86367382124627b49f45e205ff6cbcc https://bscscan.com/address/0710b220cf4622f1b56228aebcc068aeda72935d2 Address the total profit transferred to: https://bscscan.com/address/0b8fd055830e08999cd7a4c2669035327bef5d42e ,2022-09-15 0:00,2022,140869,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
53,DHE,REKT and SlowMist,https://de.fi/rekt-database/dhe,https://hacked.slowmist.io/search/,,https://twitter.com/CertiKAlert/status/1539031511114063873,, A Rug Pull occurred in the DHE project  causing the price of DHE tokens to drop by more than 91%. Total losses are currently around $142 000.,2022-06-21 0:00,2022,142000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
871,HPD,REKT,https://de.fi/rekt-database/hpd,,,HPD $0.001328 / HPD / WBNB on BSC / PancakeSwap / DEX Screener,,Quick SummaryHPD token project has been Rug pull scamed by its team. The team made a profit of ~$143k. Details of the exploit  data/v/51e0c2ec=  >The creator of the token deployed the $HPD contract. minting 1 million tokens to the BSC network. and in the same transaction. an HPD/BNB pair was created on PancakeSwap:  data/v/51e0c2ec=  > https://bscscan.com/t/0ab1038254dd99874ef3bfe4a3a0fc5fe15b5c79a5f14ee5f464836359abebd29  data/v/51e0c2ec=  >Then the scammer transferred tokens to scammer address (B):  data/v/51e0c2ec=  > https://bscscan.com/t/01a6323a5c3bbd0588783339a4d1ae7698f8857c2a9004ea7ddb09de085ef9eb1  data/v/51e0c2ec=  >Scammer address (B) added liquidity in pair investing 32 $BNB:  data/v/51e0c2ec=  > https://bscscan.com/t/0eec02cfb0050e925b344ef1fe41e69fcec386930afb0814d0f2d0527ff4048edWhen community investment became acceptable for scammers. they started to remove liquidity: https://bscscan.com/token/0531044096a77bfbb9f45ee7613e3f90bf19efc8cAll the profit was transferred to scammer address (C): https://bscscan.com/t/0652c5ff26eb263ef5fe60ff3f06460f832a7330d440bca0d646012fd805e433e Block Data ReferenceInvolved address:/ Scammer address (A). token creator:  https://bscscan.com/address/069b359e0d078b68f5da38ac0990825790297e32a/ Scammer address (B):  https://bscscan.com/address/0edcc2f372e0a535ac1fbe817f5c7e7a365222cf8/ Scammer address (C):  https://bscscan.com/address/0fb696e27a90c81e59c978c7a8f812c06761c7f54<span style=>081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b<span style=>081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b,2022-09-19 0:00,2022,142950,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
652,EOS Max,SlowMist,,https://hacked.slowmist.io/search/,,https://slowmist.medium.com/roll/back/attack/about/blacklist/in/eos/adf53edd8d69,,The attacker (eykkszdrnnc) launched an attack on the EOS MA game contract (eosmaiodice) an EOS quiz game earning a total of 55 526.05 EOS. The game party has suspended the game operation at 6:40 am on the 19th and issued an announcement saying that it was caused by a loophole in EOS Node not a loophole in the game contract.,2018-12-19 0:00,2018,144922.86,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
385,refi.finance,SlowMist,,https://hacked.slowmist.io/search/,,https://m.bitalk.com/flash/detail/448654413024858112,, Weibo user “CryptoBlanker” broke the news: the refi.finance project party directly used the reserved setBoardroom() function to change the Boardroom address to the address it deployed. Light BAS was taken away 2 600  worth 111 ETH (about 144 000 US dollars).,2021-01-26 0:00,2021,147358.88,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
793,DDC,REKT,https://de.fi/rekt-database/ddc,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a #eitscam on project DDC (DDC) BSC:02a895aFAEB582b5C914dAA3DEECc08C9705C9fBC which has eperienced #slippage of &gt;94%. Appro. $193K was taken Disclaimer: Not to be confused with other projects of similar name &amp; symbol Stay safe! https://t.co/cYiqIFH23j"" / Twitter",,DDC token was Rug pull scamed for 148.019 $USD. The owner of the vault contract transferred $DDC tokens to another EOA address that drained liquidity for the amount.,2022-10-18 0:00,2022,148019,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
839,FlokiMoon,REKT,https://de.fi/rekt-database/flokimoon,,,"CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing &gt;99% drops on $LlamaCoin and $FlokiMoon with the 2 projects appearing to be linked. LlamaCoin: 0x4D0710507B655B4038642Ce0716c6e7E673c7597 FlokiMoon: 0x085Ac603e691217cD33eddDf587Eff09c04AF9e1 #Slippage Be careful out there! https://t.co/gDwwop413q"" / Twitter",,FlokiMoon has been Rug pull scamed by the contract creator. Token address: 0085Ac603e691217cD33eddDf587Eff09c04AF9e1Contract creator: 05bD2474DBc357E9DA6E933F982d24A7DCbD3939c Contract creator removed liquidity on PancakeSwap when price was rised: https://bscscan.com/t/0941cb2714432539204822ae2f6c8e9721875fe811d0d71ea16cd6196166e0ed0 https://bscscan.com/t/0a4d9b189e5d6ac64daa6bef09b82bfaeb7a54ddd8261bbf104edb2633ab8000b.Then tokens were transfered to 05CE8c6092BEc53A5E1707Db1A69E5d11DD43aab2 in this transaction:  https://bscscan.com/t/0ea37e76e4ad4b50fc65f99ef94801595c4fc2ce9fa51ff12ece1d51a60099d3b All BNB were laundered via TornadoCacheEample transaction:  https://bscscan.com/t/0672b5e9f5cf8b442dd0d785ffe79fd99fbd7ba5305b845d00205ba729da33e6e,2022-05-31 0:00,2022,148132,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
31,DeeKay,REKT and SlowMist,https://de.fi/rekt-database/deekay,https://hacked.slowmist.io/search/,,Hacker Targets NFT Artist DeeKay’s Twitter. Wipes NFTs Worth $150K (nftevening.com),,On July 16  hackers compromised the Twitter account of well/known NFT artist DeeKay. The 180 000 followers of DeeKay  s hacked Twitter account saw it post a link announcing a limited number of new airdrops  which directed them to a phishing site that mimicked DeeKay  s real site. One victim lost 4 Cool Cat NFTs and 3 Azuki NFTs with reserve prices around 4 ETH (~$5 350) and 12 ETH (~$16 200) respectively. The total value of the stolen NFTs was approimately $150 000. DeeKay said he wasn  t sure how his Twitter account was stolen  but &quot guessed that 2FA was shut down at a specific time.&quot REKT: The Twitter account of the artist DeeKay was hacked by a phishing attacker. A link with a phishing site was posted on the account. Users have lost a total of $150k due to interactions with the phishing link.,2022-07-15 0:00,2022,150000,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
219,Fractal,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://twitter.com/fractalwagmi/status/1473331954238070789. (2) https://twitter.com/zachbussey/status/1473324507200905226,, A Discord server run by Fractal in the recently launched game NFT market was hacked. The hacker defrauded 373 members of 800 Solana cryptocurrencies worth US$150 000. The startup said in its announcement that it will compensate the victims in full.,2021-12-21 0:00,2021,150000,Instant user deception,Social media compromission,Imitation,Intermediary,Dapp,
474,LMEX,SlowMist,,https://hacked.slowmist.io/search/,,https://www.quadrigainitiative.com/hackfraudscam/lmexstockexchange.php,, The LME Stock exchange's community issued a notice on the adjustment of exchange operations  stating that the platform was hacked and stolen and lost 150 000 USDT  which caused the platform to have a low debt. The deposit and withdrawal have been closed.,2020-05-27 0:00,2020,150000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
609,MyEtherWallet,REKT and SlowMist,https://de.fi/rekt-database/myetherwallet,https://hacked.slowmist.io/search/,,(1) https://www.freebuf.com/articles/blockchain/articles/169773.html. (2) https://www.reddit.com/r/MyEtherWallet/comments/8eloo9/official_statement_regarding_dns_spoofing_of/. (3) https://twitter.com/myetherwallet/status/988830652526092288. (4) https://coinjournal.net/news/150000/usd/in/ethereum/stolen/in/myetherwallet/hack/,,"After logging in to the website for 10s the user s wallet is emptied the hacker hijacks the DNS server and the user logs in to MyEtherWallet to force a redirect to the malicious website. The user was forced to redirect to a malicious website when logging in to MyEtherWallet. REKT: Hackers diverted visitors of MyEtherWallet.com. accessing user accounts and stealing approximately 215 ether.

MyEtherWallet warned users on Reddit and Twitter as soon as the hack was identified. But. this left a couple of hours where users of the wallet attempting to visit the MyEtherWallet.com website were redirected to a “spoof” or phishing site controlled by the hackers.
The hack employed the “decade/old” technique of redirecting Domain Name Servers (DNS) rather than a hack. or weakness in. MyEtherWallet.
It was quickly identified that over 150k worth of ETH had been stolen in the DNS hack with 179 transactions totaling 216.06 ETH sent to:
https://etherscan.io/address/0x1d50588c0aa11959a5c28831ce3dc5f1d3120d29",2018-04-24 0:00,2018,150000,Instant user deception,DNS attack,Imitation,Intermediary,Other systems,
903,LlamaCoin,REKT,https://de.fi/rekt-database/llamacoin,,,"CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing &gt;99% drops on $LlamaCoin and $FlokiMoon with the 2 projects appearing to be linked. LlamaCoin: 0x4D0710507B655B4038642Ce0716c6e7E673c7597 FlokiMoon: 0x085Ac603e691217cD33eddDf587Eff09c04AF9e1 #Slippage Be careful out there! https://t.co/gDwwop413q"" / Twitter",,LlamaCoin has been Rug pull scamed by the contract creator. Token address:  https://bscscan.com/address/04D0710507B655B4038642Ce0716c6e7E673c7597Contract creator:  https://bscscan.com/address/0891202Cb6128A9A922915B4441984827577B18E4 Contract creator removed liquidity on PancakeSwap when price was rised:  https://bscscan.com/t/0941cb2714432539204822ae2f6c8e9721875fe811d0d71ea16cd6196166e0ed0Then tokens were transfered to 05ce8c6092bec53a5e1707db1a69e5d11dd43aab2. in this transaction:  https://bscscan.com/t/0b5328bf453e711b56623c605be540a9acb3a54bb5625074f73324be249da47eb All BNB were laundered via TornadoCacheEample transaction:  https://bscscan.com/t/0e4242893eccd6926a148cfc4ec3068a72604cb2a72e0c930fe45e24cc89d1aa1,2022-05-31 0:00,2022,150620,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
735,ADAF,REKT,https://de.fi/rekt-database/adaf,,,"CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing a price drop on project $ADAF which has dropped more than &gt;75% after being rug pulled by the contract deployer for ~$156K USD. #slippage #Rug pull scam Contract Address: bsc / 0DC1dCd09A17c23eE77568b4EABa16edD3D0503a3 Stay vigilant! https://t.co/qLYiSz9Azy"" / Twitter",,ADAF token has been Rug pull scamed by contract deployer for ~$156K. Contract address: https://bscscan.com/address/0DC1dCd09A17c23eE77568b4EABa16edD3D0503a3Deployer address: https://bscscan.com/address/037a66BeD12095785EDd17EeE2f9B72183ea3A1A1 First rug pull t: https://bscscan.com/t/06c5ca5ad58eb7143b6f73d9426d2ccdc474a8cf301819d8764ed4c5271cb35a8 From address: https://bscscan.com/address/0f85768C0d3654BA60448eD73A5cc69B78AC1D1e4which traces tokens back to the ADAF contract deployer. Second rug pull t: https://bscscan.com/t/055070d327fb452900306ba2955be97b6f5da5597696fa2907aca22f3b23b1a9eFrom address: https://bscscan.com/address/ 0473Fb5526C71c798D513E7555e5dB5e36749F049 which also traces tokens back to the ADAF contract deployer.,2022-02-06 0:00,2022,156000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
765,BTDOG,REKT and SlowMist,https://de.fi/rekt-database/btdog,https://hacked.slowmist.io/search/,,BTDOG / Recherche Twitter / Twitter,,Quick SummaryBTDOG token was Rug pull scamed. The admin of the projectsstaking contract sends 9.000.000 $BTDOG tokens to an EOA address which drained the liquidity. Details of the exploitBTDOG is a BEP20 token trading on PancakeSwap. The projectsstaking contract was used to transfer 9.000.000 $BTDOG tokens to an EOA address which drained liquidity for the total amount of 156.844 $USD. Block Data ReferenceScammer address: https://bscscan.com/address/0152bdb3145a5b9c60d9f46babce165aff65c5be8 Privileged address: https://bscscan.com/address/0b7c207e72867cf1107c42aeacb540c9e5f195dea Staking contract: https://bscscan.com/address/04f4504bdaf1efabaf957c9f7366bb977c85986d9 Transfer transactions: https://bscscan.com/t/02c9dac9660fff1d37573bd54275f7c5679a4caafbd1d61b721566882908d0de8 https://bscscan.com/t/07989d1173566fca784d19da4d0829ad4f9f3c2e485e79a98927543ef7baf66b3,2022-10-22 0:00,2022,156844,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
788,DappNode,REKT,https://de.fi/rekt-database/dappnode,,,(1) https://mobile.twitter.com/BlockSecTeam/status/1586671125735825408. (2) https://twitter.com/DAppNode/status/1586769313872101376,https://discourse.dappnode.io/t/node-hack-post-mortem-and-recovery-plan/1826. https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool/,DappNode project's team wallet's private keys were compromised. The hacker was able to withdraw 158343 $USD worth of assets.,2022-10-29 0:00,2022,158343,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Exchange,P
994,SkyLands,REKT,https://de.fi/rekt-database/skylands,,,https://twitter.com/PeckShieldAlert/status/1500786823471112193,,The protocol was holding NFT presale on PinkSale platform:  https://www.pinksale.finance/#/launchpad/05a626dD78FFba94237B00Fd354Ff328EB1c9aD82?chain=BSC  All gathered funds 417.31 BNB were withdrawn by the contract deployer:  https://bscscan.com/address/0ad8970026ea0f76ffdf758c61c5af6d383341392#internalt,2022-03-07 0:00,2022,159136,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,NFT,CA
1002,Sport Move,REKT,https://de.fi/rekt-database/sport_move,,,https://twitter.com/CertiKAlert/status/1530012946717351952,,Sport Move confirmed that it was running away. and $SPORT fell by more than 61%. The project froze and deleted its social accounts about 10 hours after launch. In total. 507 BNB was laundered through Tornado Cache Token contract:  https://bscscan.com/address/0254433199984F5f43fFdA965d83a927635AFd300Marketing pool :  https://bscscan.com/address/02f422C25aA425ECE9f0e0E85baA149d586517bd From marketing pool address were totally transferred 507 BNB: https://bscscan.com/t/07b31b90027ba94d627d137aac6fa0ab27b3dfe1dd75c893e5ae710e4f952cb63 https://bscscan.com/t/02cee84aa2cacadb692c2400eef7061bf631bded7f93ac212e3a67daf626055b8 https://bscscan.com/t/0bd0d9408806aee6796636807b6a5b7ae9787b6b67b2d3eec5683dcc16201bd2c https://bscscan.com/t/0a8dd9031e65b31147e3d87efb5ce0588b464250cfbe69a91bd8821eeee5c3269 https://bscscan.com/t/091e9ef13cce976f631506afc0adbb1ce6efd38275cf3c49c75c4b33652c90d00 https://bscscan.com/t/017ea545e098b44edd5128ff82e1094e237c73c77dbc1855878aa6cfefc62dbaa Then tokens were laundered via Tornado Cache: https://bscscan.com/address/0f4e796BBAEf50648bf70B0550cb53E07B918cae1 &nbsp; &nbsp;  https://bscscan.com/t/0c8701ebbc4617f6d3698184adedca1e96df239e7d28e7a13471d56c9a34289c5 -&gt; 100BNB   https://bscscan.com/address/0eC70A137e6b2a4718d650847F7527036a7e6B867 &nbsp; &nbsp;  https://bscscan.com/t/0cb2909c9b225d6c2d87a4215f8f6e58eec0a2c355a8fb940264268a9d82b5dcf -&gt; 100BNB   https://bscscan.com/address/03d0bC5631B9F25D9386F44C99A455f9BadBF0c15 &nbsp; &nbsp;  https://bscscan.com/t/0533c61516084177a4ffc8afcd3d0138a55489e8951f0fe5923a5ba065b4f88b2 -&gt; 100BNB   https://bscscan.com/address/09B64930e5B5Ce8841ecb7d4A51A865a0E74C40bF &nbsp; &nbsp;  https://bscscan.com/t/0d97ee4afc07212dd6465bcacb27c9cb14f45f1b2d920def092761eaf5acf7476 -&gt; 100BNB &nbsp; &nbsp;  https://bscscan.com/t/0c49bc29c68515c8270e9c63ccf4d8b5e2c0a8abfe5cdbaf6f36f80c4cc0f436b -&gt; 100BNB  https://bscscan.com/address/0FD679488393079F19Cfa03d33bE56D34e3eC5DfA &nbsp; &nbsp;  https://bscscan.com/t/0b3a3016661d31d3050e2ca31c27f32bcff22304af589fe57f23137f2f8a45d08 -&gt; 1BNB &nbsp; &nbsp;  https://bscscan.com/t/0dae7a2bb0535a8cf0451fce559a4e07d83387b6667fe19ea78bf96b4d9d71dd5 -&gt; 1BNB &nbsp; &nbsp;  https://bscscan.com/t/087cec42bee43841e9e3f152fe48c7599bd62f15fc6e3f65ee002ad9908678ada -&gt; 1BNB &nbsp; &nbsp;  https://bscscan.com/t/035b7e2938eedbc412776693b3561adc8406f414f0bde639bbd52cbd8449aae89 -&gt; 1BNB &nbsp; &nbsp;  https://bscscan.com/t/09bd8dafe5924ddaea26e56d876fa58c043c3efd043287d23bc48b1804b3570c8 -&gt; 1BNB &nbsp; &nbsp;  https://bscscan.com/t/0173db020084d26b043a2b3db8070b4b7b54753cb69542a5a9c4fc58777c79af2 -&gt; 1BNB &nbsp; &nbsp;  https://bscscan.com/t/0434fd3396cd0327c7e0a6d2064f25f63800db7a5ec9317209ab8b7f2c69a76d4 -&gt; 1BNB    ,2022-05-27 0:00,2020,159685,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
376,Yeld Finance,SlowMist,,https://hacked.slowmist.io/search/,,,,The DAI pool of Yeld.finance the DeFi revenue aggregator was attacked by a lightning loan resulting in a loss of 160 000 DAI involving more than 10 users. Tether TrueUSD and USDC were not affected. According to reports Yeld's problem is consistent with the previous Yearn.Finance DAI pool vulnerability problem. The official also stated that the affected users will be repaid with tokens which will be rewarded with income from the DAI pool to make up for some of their losses. Later Yeld.finance officially stated that the 160 000 DAI caused by the lightning loan attack has been returned. This event is suspected to be the work of a white hat and the official will further update the details.,2021-02-27 0:00,2021,160000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Yield,CP
537,Poker EOS,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/97365.htm,, EOS game Poker EOS appears abnormal  which is confirmed to be caused by the disclosure of the private key of the game. The hackers made more than 20 000 EOS in total  and more than 10 000 of them have been transferred to the exchanges.,2019-05-23 0:00,2019,161346.05,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Dapp,P
95,X2Y2,REKT and SlowMist,https://de.fi/rekt-database/x2y2,https://hacked.slowmist.io/search/,,2Y2 Phishing Scam. Around $200K Stolen / CoinCodeCap,,Sentinel founder Serpent tweeted that the first search result of the NFT trading platform 2Y2 on the Google search page was a scam website. It used the loopholes in Google ads to make the real website and the scam URL look eactly the same  and about 100 ETH had been stolen. . At present  the fake website has been removed after being reported by community members and eposed by the media. Users can directly enter 2y2.io to enter the official website. REKT : Quick SummaryScammers used exploit to fake 2Y2 marketplace and stole nearly 100 ETH. Details of the exploit  data/v/51e0c2ec=  ><span lang=>2Y2 is a NFT marketplace for decentralized trading on the Etherium Blockchain. Scammers used Google Ads to advertise their fake link that lead to a phishing website. The website tried to get the users seed phrase and eecute the function to empty account balances. Roughly 100 ETH were stolen &nbsp;by this method.&nbsp; Block Data ReferenceAddress of scammer:  https://etherscan.io/address/04A036aa86D0BA304EC60605155810A6973D98EBC<span style= >081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b<span style= >081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b,2022-05-11 0:00,2022,165000,Instant user deception,Fake ads/pop ups,Imitation,Intermediary,Exchange,
253, Alpha Finance (Alpha Homora V2),SlowMist,,https://hacked.slowmist.io/search/,,MEV Bots & Uniswap Implicit Assumptions (alphaventuredao.io),,These implicit assumptions on Uniswap V2 resulted in 20 addresses on Alpha Homora V2 being impacted and lost a total of 40.93 ETH to miners who etracted this value. We have plans to compensate these 20 addresses. However  what's more important is to share this with our community  especially other builders in the space to be aware of these implicit assumptions that are not stated  how you can detect this as a builder  and how to prevent/mitigate this.,2021-10-23 0:00,2021,166373.39,Transaction attack,Front running attack,Technical vulnerability,Target,Yield,CP
774,Chessfarm.Tech,REKT,https://de.fi/rekt-database/chessfarm.tech,,,(1) 13 crypto projects you should avoid (publish0.com). (2) https://bscscan.com/token/002f92a9c381bdea49bde29a8277666c73e60c88d,,Quick SummaryInvestors of the Chessfarm.Tech project were betrayed due to the project deployers privileged withdrawal access. which enabled the deployer to etract appro. $167k from the project. Details of the exploitThe Chessfarm.Tech project was a DE. deployed on the Binance Smart Chain. The project promised to have tackled problems such as hyperinflation and price dumping through its new fair chess distribution. Only 5% of the staking rewards were supposed to go towards the team in order to fund further developments.The contract deployer added initial liquidity at: https://www.bscscan.com/t/0e2fd4137ef507c034c665f3fea4d6f77d873c5374ad27d3a21f8926bcb426f0b and made the $CHESS token tradable on pancake swap. Merely 5 days later the contract deployer used a hidden migration functionality under the <u>reduceReward</u>() function. by invoking it. the deployer received all deposited tokens from the staking smart contract. as can be seen in the following eample transactions: https://www.bscscan.com/t/0eefee4f7828e16a84062b0c3cf429d0cd4cc231a1ca6bc4950296490b98d430d https://www.bscscan.com/t/04abde5e6cdd45b0c6eeb46fd324988a2a65baa188f0876342006088cf0267ee3The received tokens were then sold by the contract deployer as can be seen in the eample transaction: https://www.bscscan.com/t/0777cb33644a763aa7e846495dc654e30f64e02f18313f537c3e722d8fceb50b1 The deployer managed to gain around $BNB 4000 and decided the funds for Binance BTC tokens at: https://www.bscscan.com/t/0d68620c0681c5fe6281ebde24c7d573734ae4c90f6b9d4f02f585f3e8262f4e8 The received $BTCB were distributed between different External addresses and deposited into Binance exchange. here an eample: https://www.bscscan.com/address/04bf9af802d9804c2e4e3308c5658123eeac89947#tokentns The deployer also made sure to remove the liquidity in order to maimize his profit: https://www.bscscan.com/t/052f89a249f4bbe6f3c029def0765a4ad6897fc98931f786725bc486fd07229a2 Block Data ReferenceEample Transactions (Reduce Rewards) https://www.bscscan.com/t/050b1a1594d9980e2bfca18dc80c7e5fa99c0170602936bbe37a7d527c322f447 https://www.bscscan.com/t/0fff49ffe24c3105b134e264748dfac4f4bcb3928d3207cde0f5d1f9c84edcd40 https://www.bscscan.com/t/084ddf423ecb1448466f3079a20004dda9619a75f4a4d5c6c5b671f5ebb1f93d5 https://www.bscscan.com/t/080611a1a729b0d49557aff9b2b9e83e8701ca264b640eacb924e9bb5e424b18f https://www.bscscan.com/t/02b1818c93db9c64be6865b034fafafc52bb228c703b544802b1a72430ee366f1 Eample Transaction (Deployer Dumping) https://www.bscscan.com/t/0353ce25e0d03838cb5255688a2a59f3428c117592aba570e98d73b39bde4e569 https://www.bscscan.com/t/0aaf8648a4b2fa3577e83220a8923570a45fc8c858a51a138b48dbf0913f391d4 https://www.bscscan.com/t/0604533dde572b549b0f247c0f68555977353ed429a4e8112de334bd8ce49b698 https://www.bscscan.com/t/0ebbf66a68dabb526bf673cda2a93ac947017963fb642327136a9a1047a4c79b3,2020-11-11 0:00,2020,167772,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
435,Soda,SlowMist,,https://hacked.slowmist.io/search/,,https://new.qq.com/omn/20200924/20200924A07M1U00.html,,The financial bloggerSuper Bitcoin  stated on Weibo that Mr. Huai (weibo username crash ) participated in the liquidity mining project Soda  and suddenly discovered a loophole in which 20 000 ETH can be directly liquidated Drop. But he chose to tell the development team  but the development team did not pay attention. He had no choice but to liquidate an ETH  and sent a Weibo warning to inform the developers of the eistence of this bug. One hour later  the parties to the Soda agreement responded by prompting the borrower to repay and the mortgager to withdraw  and at the same time indicated that they would fi the loopholes and suspend the front/end borrowing function. But as of the early morning of September 21st  more than 400 ETH in Soda's mortgage loan pool were still maliciously liquidated. In the morning of the same day  the agreement officially stated on Twitter that the vulnerability has been fied  and the newly deployed smart contract is epected to take effect at 21:00 on September 22.,2020-09-20 0:00,2020,168291.41,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
367,Iron Finance,REKT and SlowMist,https://de.fi/rekt-database/iron_finance,https://hacked.slowmist.io/search/,,https://ironfinance.medium.com/iron/finance/vfarms/incident/post/mortem/16/march/2021/114e58d1eaac,,Recently Iron Finance a stablecoin mortgage platform based on Binance Chain was attacked. Two vFarm liquidity pools (50% IRON 50% SIL pool 50% IRON 50% BUSD pool) lost a total of 170 000 US dollars. Later the official publication of the incident stated that: 1. The cause of the attack was due to the upgrade of the cloud service (FaaS) and the change in the reward rate integer but the official team was not aware of the problem. Later an attacker made a profit of 170 000 U.S. dollars by selling all the local token SIL rewards. 2. The Iron Finance smart contract has no loopholes. 3. vFarms will be restarted on March 18th and SIL tokens will be restarted to sIRON. 4. Users should not sell or exchange IRON tokens for the time being. When the new pool is restarted the full amount of BUSD can be redeemed. The Iron Finance agreement was launched on the BSC in early March. The IRON stablecoin is pegged to the U.S. dollar partly backed by collateral such as BUSD and USDT and partly backed by the SIL algorithm. REKT: Two vFarms were exploited:50% IRON — 50% SIL50% IRON — 50% BUSD  A user who farmed in these two pools claimed all SIL rewards allocated for farming over the net 12 months and made a profit of around $170K by selling SIL for BUSD on vSwap.  Value DeFi team has upgraded FaaS. in which the reward rate is in normal integer instead of Ggwei as before. Iron.Finance team was unaware of the change and updated Iron vFarm pools with reward rate in Gwei. This caused the poolsrewards to inflated by 10^18 times.  The following address took advantage of the mistake and drained all SIL rewards and sold them to the market:  https://bscscan.com/address/069655181a55755adc854cd35c15995393f63e9e5#tokentns,2020-03-16 0:00,2021,170000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Lending,P
1078,KeeperDAO (fake),REKT,https://de.fi/rekt-database/keeperdao_(fake),,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""$K3D Contract Sneak Peek Fee during transfer is calculate by unverified contract at 0xb40fdE3d531D4dD211A69dF55Ac13Bf1bf1D8D28 Be vigilant !!! #CryptoRedFlag https://t.co/JnkFPF0nU2… https://t.co/DL4rJNRISz"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xd9965ead567a1bfd380ef550f04f928eaaee6ba9c636a748e39840a4273f28ef  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0x133acaa12dd8fd5beedc3aa0f9efa3892ba3ea3e6a2137b5f8fc427b72e34e6f,2020-11-07 0:00,2020,170217,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
555,Cryptopia,REKT and SlowMist,https://de.fi/rekt-database/cryptopia,https://hacked.slowmist.io/search/,,(1) https://www.theblockcrypto.com/post/110495/e/employee/pleads/guilty/to/stealing/over/170000/from/cryptopia (2) https://www.stuff.co.nz/national/crime/125617315/ecryptopia/staffer/admits/stealing/almost/250000/of/cryptocurrency,,A former employee of the now/defunct Cryptopia exchange allegedly stole more than 250 000 New Zealand dollars (US$182 300) of cryptocurrency and customer data from Cryptopia. However the New Zealand authorities managed to recover the stolen funds and return them to Cryptopia s liquidator Grant Thornton. The man eplained in detail how he stole the funds. He said that he unauthorizedly copied the private keys belonging to Cryptopia s many wallets and saved the data on a USB storage device. Then he uploaded the data to his personal computer at home. This allows him to use thousands of wallets and more than 100 million U.S. dollars in various cryptocurrencies.,2019-07-05 0:00,2019,172000,Internal theft,Unauthorized use of private key,Human risk,Target,CeFi,
683,Casper DeFi,REKT,https://de.fi/rekt-database/casper_defi,,,(1) Casper DeFi Post Mortem After Casper Token Hack | by Casper DeFi | Medium. (2) https://casperdefi.medium.com/casper/defi/post/mortem/after/casper/token/hack/part/2/1bae9a65ae5c,,In the official post mortem. the project team says that their Solidity developer left the minting possibility in the contract constructor. Their Solidity developer is the contract deployer as well: https://ftmscan.com/address/0e6a025845e9ab116a135dbaec6de0f521219782b The contract deployer invoked the <u>mint</u>() function in the following transactions: https://ftmscan.com/t/0f296baf2e970316949e6910b54decbea52aaabc94447cb52fcbca6049205f29d https://ftmscan.com/t/04d02eac3127a00c673f0ce314d5565931e125c98605c2d74ced29543008d4a36 https://ftmscan.com/t/086360b2e69fd75f62424a17f6241112b0bd831679fe48aaab37f5acf5c7ea35d The minted tokens were sold by the contract deployer multiple times: https://ftmscan.com/ts?a=0e6a025845e9ab116a135dbaec6de0f521219782b&amp;p=1 Received WFTM tokens were exchanged on BNB tokens and bridged to the BSC: https://ftmscan.com/t/0f1d92544deb38a4508d85b2810da37aad8d03dae56e051142b80b0c0fc5586f8 https://ftmscan.com/t/0b099c04d0d5ef612e950ab019c9ab5888656f3d7823ff4fe6b9be34eafb6fd80 The token recipient on the Binance Smart Chain: https://www.bscscan.com/address/0e6a025845e9ab116a135dbaec6de0f521219782b The stolen 516.91 BNB tokens were exchanged on BTCB at: https://www.bscscan.com/t/0f4bc083c0436311870ca57996bb4de209b7df537a739ce9312d793945141c41b BTCB tokens were bridged through Ren: https://www.bscscan.com/t/02c22bd5fdc0faaf2d025a9bb77ce185c1a8e4b893f53fcd20ec53220f06111c2 According to the announcement below. stolen funds were returned: https://casperdefi.medium.com/casper/defi/post/mortem/after/casper/token/hack/part/2/1bae9a65ae5c,2021-08-04 0:00,2021,172411.75,Internal theft,Backdoor,Human risk,Target,Yield,CP
946,PAK REVOLUTION,REKT,https://de.fi/rekt-database/pak_revolution,,,PKR $0.009159 / PAK REVOLUTION / WBNB on BSC / PancakeSwap / DEX Screener,,Quick SummaryThe $PKRtoken has been rug pulled by its team. The team made away with &nbsp;523 $BNB in profits. Details of the exploitThe token deployer added the liquidity pair BNB/PKR in this transactions:  https://bscscan.com/t/0db89bfa188c1ed90855e14d05e894c79913cb7564a7e03cfc07c3cb902041604 Block Data ReferenceInvolved addresses:/ Scammer address. token deployer:  https://polygonscan.com/address/07bf7d0cf594f9628d4c09290675bc66137583ebc,2022-08-14 0:00,2022,175184,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
751,Bill Muray Wallet,REKT,https://de.fi/rekt-database/bill_muray_wallet,,,(1) Bill Murray Hacked Wallet - Blog - Web3 Security Leaderboard (certik.com). (2) https://web.archive.org/web/20220905162213/https://twitter.com/CertiKAlert/status/1566167217451958273,,Quick Summary Bill Murray's hot wallet was compromised by hacker. which led to the loss of funds collected in the actor\sNFT collection. The hacker managed to drain wallet for 112 $ETH. Details of the exploit: Bill Murray is an American comedian and actor. As soon as the actor got acquainted with the concept of NFT. he began to work on a collection that will consist of unique stories from his life. The proceeds from the asset sales were to go to charity for military families. emergency response services and rare medical diagnoses with the help of life/changing grants. data/v/51e0c2ec= >The hacker was able to get the actor\sprivate key or seed phrase. thanks to which. the malicious actor was able to drain the actor\swallet for 112 $ETH. As it turned out. the hacker also wanted to steal the actor\sNFT collection. but it was well protected. and all the NFTs were successfully sent to safe account.  Block Data Reference data Bill Murray Hot Wallet: https://etherscan.io/address/0abFEC94BE2D181F340C30BC70EE164eAc9935529,2022-08-31 0:00,2022,177873,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,NFT,CA
990,SHIDAO,REKT,https://de.fi/rekt-database/shidao,,,https://twitter.com/CertiKAlert/status/1529620537248567296,,On May 25th. SHIDAO was rug pulled for ~$180K. The project falsified the CertiK audit in order to gain the trust of its customers and lure them to rugpool. Rug funding address:  https://bscscan.com/address/01815b5805DD5260b644B8db230763e38df4C5d7f which distributed BNB for a t fee. funds approimately 25 other addresses with 0.02 BNB for token sales.The ShiD tokens are then distributed by the contract  https://bscscan.com/address/0C86D17c77dfCc002c17c4cBed83040795C0Ea9A1 to all the addresses. &nbsp;After funding completes. the wallets sold their tokens.  ,2022-05-25 0:00,2022,180000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
780,Cover protocol,REKT,https://de.fi/rekt-database/cover_protocol,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""Cover Protocol $COVER Sneak Peek https://t.co/W1e7Pm6OXZ Another _mint issue here. owner 0x0eC269A914E1CE6997dfa9a44D00f2A64A6958c1 is OEA and can mint ... brrrrrrrr Stay vigilant !! #cryptoredflag… https://t.co/LnveJJEhyz"" (archive.ph)",,The contract deployer added initial liquidity at: https://etherscan.io/t/035695ae8c956bbcbdd702171adc7233515bd4c3791b065ec00fa441cdecfb872 The liquidity was removed by the contract deployer at: https://etherscan.io/t/0259a237bcf504ef07b59259c4614f80e6b7ef88f39e5d50b782321011aa86c07 27.11.2020 The contract deployer added initial liquidity a second time at: https://etherscan.io/t/0b288e374836f0a0adf7d2dfecfb744e51cfd18f4cbc0b9641a2b7e5ae135517e The liquidity was removed by the contract deployer at: https://etherscan.io/t/0a91ddff3a1cb2f74d0cb59be7d6ae088fd1f2d74238e2362f0f7c7456c584847 30.12.2020,2020-11-27 0:00,2020,182745,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
587,nkpaymentcap,SlowMist,,https://hacked.slowmist.io/search/,,https://cloud.tencent.com/developer/article/1419237,,The attacker launched continuous attacks on EOS DApp nkpaymentcap and successfully profited 50 000 EOS. After analysis it was found that the attacker used a fake transfer notification attack to obtain a large number of contract tokens and then exchanged the tokens into real EOS for cash out through the DApp contract.,2019-03-11 0:00,2019,183000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
197,Meta apes token SHELL,REKT and SlowMist,https://de.fi/rekt-database/meta_apes_token_shell,https://hacked.slowmist.io/search/,,"(1) The ""centralized"" drinking of the ""decentralized field"" quenches thirst. HEGE Coin and SHELL running away event analysis (qq.com). 92) https://dexscreener.com/bsc/0xba54a71b2a9c7f4485af0f5638766722930cbf17",,"On June 11 the SHELL token price fell by more than 56%. The project owner minted 150 million tokens at one address then transferred them and sold some of them in 12 transactions for about $180 000. REKT: Quick Summary
The $Shell token was rugpulled by the token creator. The token creator took away approximately $180k in profit.

Details of the Exploit
$Shell is the in/game utility token of the NFT/Game Meta Apes.
The account with minter privileges minted 150M $SHELL token to scammer address (C) in this transaction: https://bscscan.com/tx/0x2a4bb4fc6300deee3bba4d7a010edfec2d8db87059f9a925c4f0e410ba8f6a4d
Scammer address (C) transferred the received 150M token to scammer address (D): https://bscscan.com/tx/0x264bbb37559ce3322156515051905c530363faf4c1fbc17fc2664f7f74069a5b
Then scammer address (D) proceeded to dump 60 million $SHELL token on PancakeSwap in a series of transactions for a total profit of $180k.
Here is an example of transactions:
1) https://bscscan.com/tx/0x1ea7a6439cd1289e8fad2ea34528e64250c19dd675930119f7fae3efc581c242
2) https://bscscan.com/tx/0x7ff107c22c3e75213ecb3eef5c1c39e12ed29f5a31a06a24c104cf129734af6f
3) https://bscscan.com/tx/0x24740d894e4438c8b17c3676c83ec480ba92e01a69c68ee3fed16c747a1b5f81
Then all the receive funds were transferred to the Binance Hot Wallet 6 along this chain of transactions:
1) https://bscscan.com/tx/0xaf9dd345c7621402bcef3b874dc420cb190e009c7cc8d22eab073f6f9f620182
2) https://bscscan.com/tx/0x75ff71287ae39adb9267e6666e9244faaed8e11f6a6d034e8923564d0eeeca59

As the time of this writing information on this case is scarce. More sources will be added if the case should develop.

Block Data Reference
Token creator. scammer address (A): https://bscscan.com/address/0x1b9dfc56e38b0f92448659c114e2347bd803911c
Token minter. scammer address (B): https://bscscan.com/address/0xd10c833f4305e1053a64bc738c550381f48104ca
Scammer address (C): https://bscscan.com/address/0xd699576b6b97f57bd7513f70bef38cd63556edf7
Scammer Address (D): https://bscscan.com/address/0x5ba8c3f55edc13c641d8612cd37ca89dc4e2cfb2",2022-06-11 0:00,2022,183151,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
203,FTX,REKT and SlowMist,https://de.fi/rekt-database/ftx,https://hacked.slowmist.io/search/,,https://crypto.news/ft/loses/over/100/million/en/and/81/eth/in/a/hack/,,Quick SummaryFTX was exploited due to gas limit vulnerability which caused mint of $EN tokens at zero cost. Details of the exploitFT is a centralized crypto exchange. FT provides an opportunity for performing fee/free withdrawals. The hacker deployed a smart contract with unverified source code to exploit the vulnerability and was able to mint $EN tokens with zero cost 17.000 times. FT lost roughly 81 $ETH due to gas stealing. and 61 $ETH worth of $EN tokens were minted and swapped through UniSwap. The price of the $EN token dropped by 33% after an incident. Block Data ReferenceAttacker address: https://etherscan.io/address/06b01f9f457a0fd978d69cf317987e81c86b9b831 Malicious contracts: https://etherscan.io/address/06438162e69037c452e8af5d6ae70db1515324a3d https://etherscan.io/address/056af41c4b3bdf6aeafcb9872e8ca31fd093dcf45 Malicious transaction: https://etherscan.io/t/0fb1a7b359d439548c120d006d535e6fde6578489f4da78acc60e3a1711e3107d,2022-10-13 0:00,2022,187156,Contract vulnerability,Access control flaw,Technical vulnerability,Target,CeFi,
908,Magix,REKT,https://de.fi/rekt-database/magix,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #57 / Magix $MAGX (0xb0Bc45972F1cBab76D6E433C28d53c012bcD568E) Reason: Only 1/3 of the ETH have been added to liquidity. Only 1/2 of the liquidity is unlocked. Owner is also selling 75K tokens. Likeliness of losing all funds: Very High DYOR. #WARONRUGS?… https://t.co/j2a7YOmqbe"" (archive.ph)",,The project was holding a fundraising event using MagiPresale smart contract. which received 332.9 ETH. List of received transactions:  https://bloy.info/ts/transfers_to/00f60125c8fe21a9c0bda69f2944a51eb71336278?currency_id=1  106.5 ETH was added to the initial liquidity by the proy contract:  https://etherscan.io/t/0fedb5f9013a1d243e1fc37b2b6da2690d48698f34d4b89853f8b972691b4ac47  264.5 ETH was deposited to the Tornado Cash mier at:  https://etherscan.io/address/0d01674a8920c71913578540a33e0321689c8a25e  https://etherscan.io/address/00a77eb9bc5d0c5af256b8fce9760eb3cf583b88e  The contract deployer received LP tokens from the proy contract. which added the initial liquidity earlier:  https://etherscan.io/t/021ff6db50be31f017f864bcf24990d05f1388634b93b8e939573ca2aa95f1b98  The liquidity was removed by the contract deployer few times:  https://etherscan.io/t/0337515729018432f2d91b399d5cb2b3f179350301c1b75191450dc626311048b  https://etherscan.io/t/0ba6e28ac0ee51db755bcfa5218b2276ac119f7c695ed07e701642fbd394701f0  https://etherscan.io/t/0d038ac5b4e52ac31fd10aa165344848955c8bfb9bd77953436a11bcec4d0f784  https://etherscan.io/t/08a1c9f13a4931197bfcef5ad0293f147360f3e626d65c4d4a413937156df2e37,2020-12-25 0:00,2020,188252,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
806,DMC Token,REKT,https://de.fi/rekt-database/dmc_token,,,https://archive.ph/7YW4,,DMC Token was Rug pull scamed by the token deployer and other liquidity providers. The scammers profited 189.876 $USD in total,2022-10-10 0:00,2022,189876,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
961,QuickSwap (2),REKT,https://de.fi/rekt-database/quickswap_(2),,,(1) https://decrypt.co/112750/polygon-quickswap-flash-loan-attack (2) https://twitter.com/BeosinAlert/status/1584551399941365763 (3) https://twitter.com/QuickswapDEX/status/1584524584984145922?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1584524584984145922%7Ctwgr%5E80802f1841beeca2583097ffd33e3d2664fa97fc%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fdecrypt.co%2F112750%2Fpolygon-quickswap-flash-loan-attack,,Quick SummaryQuickSwap exchange was exploited through a flash loan attack. The hacker managed to transfer 190.000 $USD using TornadoCash. ,2022-10-23 0:00,2022,190000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Exchange,P
898,Layer2DAO,REKT,https://de.fi/rekt-database/layer2dao,,,Layer2DAO Hacked for Nearly 50M $L2DAO. Repurchases Over 31M Tokens | TokenInsight,,Quick Summary Layer2DAO investing platform was exploited. The hacker compromised the private key of the multi/sig wallet and stole roughly 50.000.000 $L2DAO tokens. Details of the exploit Layer2DAO is a decentralized investment and staking platform running on the Optimistic chain. The projectsmulti/sig wallet was compromised. The attacker was able to steal 49.950.000 $L2DAO tokens. With the effort of the projectsteam. 31.239.611 $L2DAO tokens were repurchased to secure the tokensprice. Although. the token price dropped by more than 36% over the last 24 hours. The hacker profited for 71.119 $USD. Block Data Reference Malicious transaction: https://optimistic.etherscan.io/t/0074c9a7067a8a11937c3697549ccc2232ee123de483676428ca115fcf45a8201,2022-10-23 0:00,2022,190370,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Exchange,P
941,NWT Token,REKT,https://de.fi/rekt-database/nwt_token,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a #exitscam on project NWT. contract BSC: 0x2c44c71df4dbd3634e43ab0bc6dcb809d5286443. NWT has experienced a #slippage of 53%. Approx. $120K was taken. Stay vigilant! https://t.co/aOiqySutpu"" / Twitter",,Quick SummaryNWT Token was Rug pull scamed for 191.468 $USD. The token deployer drained liquidity by small transactions over time. Details of the exploitNWT token is BEP20 token trading on PancakeSwap. The token deployer started draining liquidity from the pool in the last 30 days. The total scammed amount reached 191.468 $USD. Part of the assets was transferred to an EOA address. Block Data ReferenceScammer address: https://bscscan.com/address/0610befad667b24e4059247b74bd4a0ce6137a0d4 Transfer transaction: https://bscscan.com/t/0cda5eec5cb796189a4d95059e6de259783ef08d583b4703bac0265c1b8209f7e,2022-10-22 0:00,2022,191468,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
809,DollarDoge,REKT,https://de.fi/rekt-database/dollardoge,,,"PeckShieldAlert sur Twitter : ""Rugpull or Compromised key? PeckShield has detected @dollardogebsc $DollarDodge's deployer has dumped token and deposited 513 BNB to @TornadoCash. $DollarDodge:https://t.co/qfuDYakxPK https://t.co/ztyiXb7Cml"" / Twitter",,The contract deployer has minted and sold tokens:  https://bscscan.com/t/0cce6ee774f3465571179e48d078f8fc51aa75c7aa89f88c1784a119351c2e1cf  Stolen funds were transferred to the External address:  https://bscscan.com/t/08ede198c36b8069992f380f9f2cd538267f48f457a6d5e96a0d41f4d44071d3f  The recipient deposited funds into Tornado Cash mier:  https://bscscan.com/address/00a01490526e59c275ac8e58e2c2d9b1d41d13233,2022-02-21 0:00,2022,193703,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
719,Rabby Wallet,REKT and SlowMist,https://de.fi/rekt-database/rabby_wallet,https://hacked.slowmist.io/search/,,(1) https://twitter.com/rabby_io/status/1581272081127571456. (2) https://bitkan.com/news/rabby/wallet/swap/contract/hacked/hackers/have/made/over/190000/5959,,,2022-11-10 0:00,2022,194500,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Other systems,
803,DistX,REKT,https://de.fi/rekt-database/distx,,,"(1) Another ""rug pull"" takes place. taking a $1.5m market cap Ethereum coin to $15.000 (cryptoslate.com). (2) https://archive.ph/P71g3",,The contract deployer was holding unfair distribution of the tokens,2020-12-14 0:00,2020,197818,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
186,Rari Capital,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/FloatProtocol/status/1482184042850263042,, According to a tweet from Float Protocol  the FLOAT/USDC UniV3 pool has approimately $1 million in funding due to the Float Protocol Pool 90 on the RariCapital pool being affected by the lack of liquidity of the Uniswap V3 FLOAT/USDC oracle  leading to severe price manipulation. It was stolen  leaving about $550 000 in FLOAT/USDC in Uniswap V3. The hackers then returned $250 000 of the stolen funds.,2022-01-15 0:00,2022,200000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Yield,CP
281,Pinecone Finance,REKT and SlowMist,https://de.fi/rekt-database/pinecone_finance,https://hacked.slowmist.io/search/,,"PeckShield Inc. sur Twitter : ""1/4 @PineconeFinance was exploited starting 2021/08/18 11:41:19 AM UTC with a flurry of deposits and withdraws. leading to the loss of ~3.5M PCTs (~$200K). https://t.co/2WFhBu8Ult"" / Twitter",, Pinecone launched the pledge pool of protocol token PCT at 09:00 UTC on August 18  2021  and was attacked at 11:41:19 AM UTC. When the Pinecone PCT pledge pool went online  the front/end was processed to limit illegal operations  but the hacker bypassed the front/end page during the attack and directly called the smart contract through the ordinary account  depositing PCT tokens greater than the amount of the account balance  and the PCT pool was wrong. Records the number of user deposits. When withdrawing  you can etract more PCT tokens. After discovering that the currency price had plunged  the project party immediately terminated the call of the smart contract. The current loss of the number of PCTs: about 3.53 million. REKT: The attackersaddresses:  https://bscscan.com/address/0472a2c88c1a5f794eb80706e587d4a120d9be255  https://bscscan.com/address/0430ad7e178d3e00145f35c041c7f486d7e8a4c7e  https://bscscan.com/address/0fc6682db7e9f57882e8b18ebc9adc7a19f770494  The transaction behind the attack:  https://bscscan.com/t/0e23ffa079edd975b5bd48503757040b7aa60e63d66972419fd56f4404c6d4da1  The root cause is a false deposit bug in the staking logic of Pinecone finance. In particular. the affected vault counts as valid deposits even no tokens are actually transferred in. The hacker has no sufficient PCT balance but stakes 200K PCTs to the vault. However. the t still succeeds and credits the hacker with 200K valid PCTs staked:  https://bscscan.com/t/010236426cbe9a6380b7990150013125a623784ed1002fe3e34d07ff89ffa2619  Overall. three hackers gathered 3.5 million PCTs. which were converted into 516.83 BNB (~$200.000).,2021-08-18 0:00,2021,200000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
310,DAFI Protocol,REKT and SlowMist,https://de.fi/rekt-database/dafi_protocol,https://hacked.slowmist.io/search/,,https://twitter.com/DafiProtocol/status/1414031232137052163,,According to official sources  DAFI Protocol  an on/chain incentive protocol  stated that DAFI worth 200 000 US dollars was sold due to the cross/chain asset bridge ChainSwap attack DAFI Protocol requests the community to withdraw liquidity from Uniswap and LP plans until further notice. DAFI Protocol added that the DAFI token contract and Super Staking are safe.,2021-10-07 0:00,2021,200000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Staking,CP
431,UniCats,SlowMist,,https://hacked.slowmist.io/search/,,https://decrypt.co/43927/ethereum/user/scammed/for/140000/in/uniswap/uni/tokens,, Encrypted wallet ZenGo researcher Ale Manuskin revealed that UniCats  a so/called yield farming platform  based on the Ethereum network  is suspected of stealing at least $200 000 in encryption from several users  including the governance token UNI of the decentralized financial platform Uniswap assets. A backdoor in the smart contract allows UniCats to retain control of its user tokens even if these tokens have been withdrawn from the user pool. Previous attacks against Bancor also used similar vulnerabilities.,2020-10-10 0:00,2020,200000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
744,Automated Assassins,REKT,https://de.fi/rekt-database/automated_assassins,,,"ZachBT sur Twitter : ""1/ The NFT rugs continue this time with @AutoAssassinNFT a $202k slow rug. https://t.co/DWBnz6ssuV"" / Twitter",,Quick SummaryThe Automated Assassins has been Rug pull scamed by the project team. The team that was involved in the project created a collection on OpenSea. then to make the collection look more attractive. they raised the price of the token. When people minted the NFT by investing their funds in the contract. the team called function withdraw() to get all the funds from it in the amount of $202K. Details of the exploitAutomated Assassins was supposed to be a P2E game.The team of the project created the NFT contract with this transaction ( https://etherscan.io/t/0026b705a99af7ff24b1e70e02fc1d432025b4a669320f8d8c6e254204b07d7a4). The project team used funds that were raised in the initial minting phase in order to sweep the floor price of the collection on OpenSea. making the collection appear successful to investors ( https://etherscan.io/t/07200806a75448f6fb4f3dcf741195a4479cd3e23bd6674eaad4df338964bb79e).In this transaction. the <em>withdraw()</em> function is called. where all the $ETH from the contract are withdrawn ( https://etherscan.io/t/003987fdd2ae42a01b201b4abeab462c8302ab457ff7021b466f5e92ef6c24b40).<br\ >As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceToken contract address: https://etherscan.io/address/08abfc9689827db7b00f67b7ebc90ee707bc07437 Address that deployed the contract: https://etherscan.io/address/0ff45874e2bde87e773551b7eb086533df02f022f Scammer addresses:&nbsp;1) https://etherscan.io/address/03c1e66d6fe004b581ace44612726164ad34dbd7f&nbsp;2) https://etherscan.io/address/0b7c8d69703289bdaf21d7a419b7af95b32d8ca40&nbsp;3) https://etherscan.io/address/067ef43a7b0fdc38db0990413a86f7b0dc0220f7f&nbsp;4) https://etherscan.io/address/01f07957e1e5f3585c762736a83a2ce3140fccfa9&nbsp;5) https://etherscan.io/address/0d40999c2b045f6a175acc0b478bbf0bed6e918fc&nbsp;6) https://etherscan.io/address/05609b9338ec0351dd0f31d29c9a5105b0c22371a,2022-06-07 0:00,2022,202000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
985,Santa DAO,REKT,https://de.fi/rekt-database/santa_dao,,,(1) https://hackernoon.com/crypto-exit-scams-are-nothing-new-lets-call-them-out-before-more-people-get-scammed-2q503z8g. (2) https://iconow.net/santadao-hoho-defi-pulls-exit-scam-with-200k/,,The project was holding a presale in 2 ways: 1. Funds were transferred to the contract deployersaddress:  https://bloy.info/ru/ts/transfers_to/06fb209016b489977ecc78abf3eb5a8613e7ac728?currency_id=1  2. Funds were transferred to the contract deployersaddress through a separate contract which was used for the presale:  https://etherscan.io/address/06fb209016b489977ecc78abf3eb5a8613e7ac728#internalt  The stolen ETH was transferred to the External address. marked as Phishing:  https://etherscan.io/t/0637385cabdde18dc107e4368b7932c606258fd97ab12050f229af66f30090cfe  https://etherscan.io/t/075edde275de517303d48cb9a59a32c583171439661e019f50eded9256c31c2f0  https://etherscan.io/t/0ebb79f82ca6aa673d2d190fc84e256feccb433efd4b154af564f3d4e56fa29f4  https://etherscan.io/t/0bf49540050f6c7d6b0a8f3773ae1d811f560e12db80ef0ef1ef8b1a8319a144d,2020-10-26 0:00,2020,203878,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
741,ArenaPlayAPC,REKT,https://de.fi/rekt-database/arenaplayapc,,,"PeckShieldAlert sur Twitter : ""#PeckShieldAlert #Rug pull scam Seems like @ArenaPlayAPC is soft Rug pull scam. https://t.co/l35tu957mI"" / Twitter",,Quick SummaryA soft Rug pull scam was noticed in the $APC token. The team took away approimately 1200 $BNB in profit. Details of the exploitThe creator of the token deployed the contract to the BSC network. where 100M tokens were minted on the address (B): https://bscscan.com/t/00fb8c25a81d96ae3cdc6271d674cdc483e7f50dc19405c7aa5cd5c9db284f2b8&nbsp;Address (B) sent 150k $APC to the address (C) in this transaction:&nbsp; https://bscscan.com/t/096510bd23322bf0b51dcb62b1fe17b9238f1aee6fadf91a37152593426397322Then address (C) interacted with address (D) that later transferred 1200 $BNB through Tornado.cash:Interactions transaction: https://bscscan.com/t/010978099e2f17e61cffef19b4353323bdadbf005063cd6557e156c35c1503762Address (E) received 1M $USDT from Binance Hot Wallet and 14 $BNB from Tornado.cash which then distributed funds to the bot addresses: https://bscscan.com/t/094609a43eb6c2967862788fb84014a37faf28ed55f5cad504a98ae994511723aBots started creating fake trade volume in order to attract investor\sattention in this project. When investors deposited funds into the token. part of the money ~1.2M $USDT was sent to address (D) in multiple transactions.Eample transactions:1) https://bscscan.com/t/0542f6f8c43eb79bd46aa1f09dbc1502f65c60c4f7dae33ffdd018b0230d2edf32) https://bscscan.com/t/00246a3220120bb7922ce7318799cbbbb1697c78c8c29090f6d56a6a14348f0183) https://bscscan.com/t/0b7a52cc614205b1d5795d6e8a1bdcb5d69216c8c77a1a457637f77774c0557e0Then 1200 $BNB was withdrawn via Tornado.cash. As the time writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceInvolved addresses:Token creator (A): https://bscscan.com/address/04e6b2534e1c030e2a849c1bd6409de609bdcf81fAddress (B): https://bscscan.com/address/034242a391f8e2d9c8a4f11bbcadc385cee6b3e32Address (C): https://bscscan.com/address/0d73fc94a4dfc5f2a31b73d668de816c39cf8d9deAddress (D): https://bscscan.com/address/00fc7ce891d8403c751555368f3b2e096aee5dcbeAddress (E): https://bscscan.com/address/017034afd3492E4141270478b59584e4e1D1E08AC Eample bot addresses:Address (F): https://bscscan.com/address/0ea2d5cacd55051d30b3ad0bdce73047993495777Address (G): https://bscscan.com/address/003a018efa37867eb0a00b7e8d308d3cc37bd8a0fAddress (H): https://bscscan.com/address/0cdb2a8d067dcb115c26c4b9f2024ef10bdccd73f Token creation: https://bscscan.com/t/00fb8c25a81d96ae3cdc6271d674cdc483e7f50dc19405c7aa5cd5c9db284f2b8,2020-07-15 0:00,2022,204259,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Dapp,P
966,Rare Bears,REKT,https://de.fi/rekt-database/rare_bears,,,(1) https://twitter.com/BearsRare/status/1504533547675435009 (2) https://twitter.com/BearsRare/status/1504293859467350019 (3) https://twitter.com/BearsRare/status/1504651613910466561 (4) https://twitter.com/PeckShieldAlert/status/1504298442071613440,,The projectsadmin account on Discord was compromised. The attacker posted a phishing link on the server. which led to the fake NFT minting website. The compromised account deleted admin roles from the project team. so no one could prevent this immediately.  As a result. users spent appro 73 ETH which were stolen by this address:  https://etherscan.io/address/067542f6e4ea651f4c72ab24abf2eb9c2c202fce1  After. the Discord server ownership was regained by the team.,2022-03-17 0:00,2022,205586,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
72,Armadillo Coin,SlowMist,,https://hacked.slowmist.io/search/,,Pi Shield: Armadillo Coin Occurs Rug Pull. 663.4 BNBs are transferred / BlockBeats (theblockbeats.info),,Rug Pull on Armadillo Coin on BNB Chian  scammers have transferred 663.4 BNB to Tornado.Cash.,2022-06-01 0:00,2022,206123.36,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
1132,DeFi WZ Token,REKT,https://de.fi/rekt-database/defi_wz_token,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an #exitscam on project Defi Wz Token (DEFIWZ) BSC:0x418Db510B4f1CF33565C459cfB6D838bbbbFf8F9 Which has dropped more than &gt;88%. Approx. ~$208K was taken. Disclaimer: Not to be confused with tokens &amp; symbols of similar name! Stay vigilant! https://t.co/6Jt0gR2Msi"" / Twitter",,"Quick Summary
DeFi WZ Token was rugpulled for 207.620 $USD. The deployer-related EOA address removed liquidity and transferred the funds.

Details of the Exploit
DeFi WZ is a BEP20 token trading on PancakeSwap. The token deployer-related EOA address removed liquidity for 44.822 $USD. Consequently. the swapped 2648 $DEFIWZ tokens for 162.797 $USD in one transaction. All the stolen amount was transferred to another EOA address.

Block Data Reference
Scammer addresses:
https://bscscan.com/address/0x8a8072bae4e1954eef33b36421cf73167ef86629
https://bscscan.com/address/0x5c469dc53ff2e51d84f162431b2f95c9194f9dcd

Liquidity removal transaction:
https://bscscan.com/tx/0x547d0921364e91402adf971b845cb590805cdc039751368380b0f49fa62ac139

Token swap transaction:
https://bscscan.com/tx/0x4f8df80306f2b31d6e07b70717a3d15bb16fa6cb6e5eef0a56138674bf4d49fc

Funds transfer transaction:
https://bscscan.com/tx/0xbd6d0ba6d39638687daf8566e5131ea73a42ae7a134c87fe67a84ca753c3b666",2022-11-07 0:00,2022,207620,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1092,Sifchain Finance,REKT,https://de.fi/rekt-database/sifchain_finance,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""Sifchain Finance $EROWAN Sneak Peek https://t.co/GtkrVhluI2 - transfer fees are controlled by: manager = 0x0F450Ddc280787b49B14B866A6E4e4D279A22Fa6; - the following contract is unverified - users can not sell on uniswap Be vigilant !!! #CryptoRedFlag… https://t.co/LmFgBsWATh"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x43659257190ace6f1ac5a4168a5f3a06256fc8af987ccb1e6d72fd5d0e6be02c  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0x079782c0f550ae66efd5d0e0c961b765df66edeb3cbbe1f5d1bc787fb42761db,2021-01-06 0:00,2021,207718,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1009,Swello Finance,REKT,https://de.fi/rekt-database/swello_finance,,,(1) https://coinmarketbag.com/was-swello-finance-hacked-or-did-they-rug-pull-safemoon-joe-loses-money-for-many-of-his-followers/. (2) https://desk.lsr.finance/asset/swlo-swello/,,Quick Summary : Swello Finance has been Rug pull scamed by the contract owner of the project. The contract owner called the pullForBNB() function through an unverified contract that dumped $SWLO against $WBNB via PancakeSwap.,2022-06-25 0:00,2022,210000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Staking,CP
984,Santa Coin,REKT,https://de.fi/rekt-database/santa_coin,,,https://twitter.com/CertiKAlert/status/1584648833107079169,,Santa Coin was rug pulled by the token deployer. 764 $BNB was stolen by the scammer.,2022-10-24 0:00,2022,210893,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
236,dYdx,REKT and SlowMist,https://de.fi/rekt-database/dydx,https://hacked.slowmist.io/search/,,https://dyd.exchange/blog/deposit/proy/post/mortem,, DeFi Derivatives Agreement dYd released an investigation report on the deposit contract accident on November 27  stating that there has been a serious loophole in the agent smart contract that has been handling deposits to the dYd exchange since November 24. At around 12:00 UTC on the 27th  dYd The team performed a white hat hacking operation to save vulnerable user funds  totaling approimately US$2 million. These funds are sent to a non/custodial escrow contract  and only the original owner of these funds can retrieve them. However  when the dYd team performed the white hat hacking operation  an estimated $211 000 of funds was used by the MEV robot  and the user has now been fully compensated. REKT: Affected contract:  https://etherscan.io/address/053773fE5ff4451c896127Dd2c91b8dE7ac51Ba2C  Timeline:  Nov 27 05:21. The dyd team received a report from a member of a trading firm regarding a vulnerability in the dYd deposit proy contract.  Nov 27 06:40. The dYd team confirmed the bug. They asked samczsun and Georgios from Paradigm to join them in the war room as they respond to the vulnerability.  Nov 27 06:50. The dYd and Paradigm teams together decided the best course of action is to eecute a white/hat hack of vulnerable funds to move them to a safe location.  Nov 27 07:33. As samczsun finished a proof of concept for a white/hat hack. the dyd began implementing the recovery flow in the frontend and implementing a bot to save any additional funds that become vulnerable.  Nov 27 08:01. The dyd determined that ~700 addresses had allowances set on the vulnerable proy contract. Of these. about 180 had funds at risk. totaling ~$2M.  Nov 27 09:27. The dyd team asked Etherscan to remove the verified source code from the proy contract and they made the source code on GitHub private.  Nov 27 10:33. The white/hat escrow contract was deployed.  Nov 27 10:56. The <u>setAllowance</u>() function was disabled in the dYd exchange frontend.  Nov 27 12:04. The first white/hat hack was eecuted via flashbots.  Nov 27 12:22. The front end was updated to show the warning and recovery process to users affected by the bug. Allowances for deposits were re/enabled using the old deposit flow.  Nov 27 12:32. Announcement was made on Twitter and Discord:  https://twitter.com/dydprotocol/status/1464572467872247815?s=20  Nov 27 12:43. The second white/hat hack was eecuted via flashbots for two more addresses.  Nov 27 13:16. A recovery bot was deployed to automatically retrieve and escrow any more funds that become vulnerable.  As of Dec 8 at 18:00 UTC. $533.000 of additional funds were rescued by the bot. and nearly 80% of affected addresses have revoked approval from the vulnerable contract. Another estimated $211.000 in funds were exploited by frontrunner bots.,2021-11-27 0:00,2021,211002,Contract vulnerability,Undetermined,Technical vulnerability,Target,Derivatives,P
749,Bep Finance,REKT,https://de.fi/rekt-database/bep_finance,,,Telegram: Contact @bep_finance (archive.ph),,The project was holding a fundraising event. this was stated as their Telegram announcement: https://archive.ph/QUjcL#selection/141.0/141.42 The External address was the recipient of the investors\funds. In total. 821.79 BNB was gathered during the fundraising event: https://eplorer.bitquery.io/bsc/address/0701aacd6bb09a0e10d39d67259e58e493faefe76 All the funds were distributed between some External wallets at the following transactions: https://bscscan.com/t/04926be51f53d478dac8d2c0061d537d5ec7ace046344cdc3a4a265389d9a96ad https://bscscan.com/t/0cd1eb46d4997fe0bc1c972140d005a20e1941c8729c2113740ff0a2c52f13b97 https://bscscan.com/t/03fac275d614c0ec57f4814a4a3886bc608318faa2d5366961dc6fa54e29e644a https://bscscan.com/t/0d64ffcaccf2d3cc4e6cd843ae7242c9e4af7fcbd3770954d8b34ae9fdd83780d https://bscscan.com/t/0443aa36cdf94141bc073d061dfcf90dfd606ab6fd7392ebc060dc0f83defffee The wallets. engaged in this case are marked as Fake Phishing by the BscScan.,2021-03-16 0:00,2021,212432,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
763,Brand New Quest Metaverse,REKT,https://de.fi/rekt-database/brand_new_quest_metaverse,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing an #exitscam on @MetaverseBNQ - $BNQ which has slipped over 99%. The deployer sent BNQ to an EOA which then began selling in 21 txns for a profit of approx. ~$57K. We can also confirm that we do not have any relation to this project #DYOR https://t.co/z6tTD9DQZO"" / Twitter (archive.org)",,Quick SummaryThe BNQMetaverse project has been rug pulled by its project team. The team made away with $214k in profits. Details of the exploitThe token creator deployed the token contract with zero decimal places in amount of 10^27 to the BSC network: https://bscscan.com/t/007effcb0bffe2238dfc8cc74eca570d8794869509264ffbc12bfc5a5b66b3af0Before dumping the token price. token creator added many addresses in the blacklist: https://bscscan.com/ts?a=02263a467995f606b0d931771b8a8a0e1b8a9d5eb&amp;p=5Then the scammer address (E) dumped the token getting profit of $214k. Eample transactions:1) https://bscscan.com/t/017ee2f081d252402e2ee87fe238525c9e81c2acce80cc4284b43a659573767732) https://bscscan.com/t/0aa06264d7119dc8671e6b02f98cc0a07acc61bca1c42205a123a59ae48f8ce703) https://bscscan.com/t/0db1198429fbcada51e88b970c71b8a73ecaa09257aeb4ff22ba30007dfd4f35f Block Data ReferenceInvolved addresses:/ Scammer address (A). token deployer: https://bscscan.com/address/02263a467995f606b0d931771b8a8a0e1b8a9d5eb/ Scammer address (B): https://bscscan.com/address/007dc84dea4fb9622fa7446b27530f69a76ee9347/ Scammer address (C): https://bscscan.com/address/063133957c93d132f3a60cfea5f35bfdef85a348e/ Scammer address (D): https://bscscan.com/address/05cc805dfcff7e64fb87cdba07a0a0b1505aac6e3/ Scammer address (E): https://bscscan.com/token/0a119bcfa607229b24c2f07d07a2ad4c46e1ec36e Transactions:/ Pair creation: 090db1dbad89cec01fba0d8075791864d0ac4aa9f/ Adding liquidity: https://bscscan.com/t/0dc6868bec4008a61ba69140aaa8024cf845ca99a776815573fc8598956675baf Smart/Contract Abilities/ Pausable/ Burnable/ Ownable/ Access Control,2022-08-13 0:00,2022,214122,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Dapp,P
923,MMFinance,REKT,https://de.fi/rekt-database/mmfinance,,,MMF $0.0003656 / MMFinance / WBNB on BSC / PancakeSwap / DEX Screener,,Quick SummaryThe MMF project has been rug pulled by its project deployer. The team made away with $BNB 726 &nbsp;in profits. This project should not be confused with the popular MMFinance farm on Cronos. Block Data ReferenceProject Deployer https://bscscan.com/address/0648361c2cd349568743c1537ba2c5d3fbe089fbe,2022-08-13 0:00,2022,215000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
150,NFTflow,REKT and SlowMist,https://de.fi/rekt-database/nftflow,https://hacked.slowmist.io/search/,,"The ""NFTflow"" that just swept away 92 ETH runs has been ""human flesh"" out by the community? /ODAILY",," Several NFT players posted on social media that a project called NFTflow  had a Rug Pull  ran away without completing the pre/sale  and transferred the 92 ETHs from the sale to the Tornado mier. According to the official website  NFTflow calls itself &quot a platform for creating liquid markets for illiquid NFTs on StarkNet&quot . REKT: The project was holding NFT presale event.

The contract deployer withdrew all deposited ETH at:
https://etherscan.io/address/0x5cad06e17452179abe3ee7f99ce649d16d059616#internaltx",2022-03-14 0:00,2022,216386,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,NFT,CA
783,Cubic Finance,REKT,https://de.fi/rekt-database/cubic_finance,,,"RD Labs (Previously Rug Detectives) sur Twitter : ""New video. Update to $CUBIC Rug´ and connections to other scams: $dsf. $mcp $bliss https://t.co/QuH59CcYPH What are your views? #btc #eth #crypto #scams"" / Twitter",,The project was holding a presale event,2021-03-01 0:00,2021,216694,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1012,Tetris Finance,REKT,https://de.fi/rekt-database/tetris_finance,,,https://de.fi/rekt-database/tetris_finance,,The contract deployer added initial liquidity at:  https://www.bscscan.com/t/0932f162d0821bf6bf3345fee5336590156c14341b7597fc03ca912ca38bd8a39  The contract deployer used hidden migration functionality under the <u>rewardUpdate</u>() to transfer all LP tokens from the reward distribution contracts onto the own wallet at:  https://www.bscscan.com/t/026a4c4163fc5c459da79a89d8d2e6eb85108b484211bfb1fe838fd1b6614d497  https://www.bscscan.com/t/00f1c4a132cd00035ef510a235c9ef1afba0abe2bceb99fd9fae1cf30be896f21  https://www.bscscan.com/t/0d6dbb59f15b0a5b69e37668722cf50cae140d3c6024d7de3f2ea143fa4db71fd  https://www.bscscan.com/t/0026d36499eeade202777a81c557103960e9b8ef82d5c63853bb06decf1108d22  https://www.bscscan.com/t/018c3914e1779f2a534ee6d2ba531fa573c917a479312e42c6be1cb43dc9ed52e  https://www.bscscan.com/t/07d54686bc40d2df363fc0fea2cca429eeadff00f99d24bb9fb7efaf0a05e5590  https://www.bscscan.com/t/045e47c922d4c6c0c10c02f4c662948f4274f16d9623b110be0b07b57bfb3084d  https://www.bscscan.com/t/08d176f37962de80beaf160e930508071ea19430b00cb6f58595a2c76bb07d106  The projectsnative tokens were sold as well. the eample transaction:  https://www.bscscan.com/t/0d8dd42cb76ca3d69d5e4c93e71e4a9bbf154500dfc9a9c979212eefaa5f373f7  The liquidity was removed by the contract deployer. The received tokens were exchanged on BNB and were distributed between different External wallets at:  https://www.bscscan.com/t/0965d4dd7c1cf670477dea9d681f077b091749b2922c2fadc2856c3bafebc81ef  https://www.bscscan.com/t/05030fc706d05dfbceaebe4ed464940dd146862102919ae7867bd03935297a26f  https://www.bscscan.com/t/084d0f4baadb846524be2a4eed8e02d343a9250a61e02d9ec5cc4a18666f29ae8  https://www.bscscan.com/t/046b5fee4b7bdd5f75b914cbca65576d6c707a6e7a373392d2c1765f870db6943  https://www.bscscan.com/t/0671ce1007ae06f60da40a3477572023bfcd99032be4f0a7276cc4dc79fe12e91  https://www.bscscan.com/t/06985c92ba8f3d9b1242abbea2e15db6bcc4b1201d43534ad1e683f923d1fda37  https://www.bscscan.com/t/08dfbab27a511e173adf7e1be3aaadc901c737ec2fbdf94a78f962788f0c1a0bb  https://www.bscscan.com/t/0bacda7bf73e32cc9279731d8a8dcd63f3f2e0e8751a2a349e6811308b72f2d16,2020-12-17 0:00,2020,217507,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1142,Sex DAO,SlowMist,,https://hacked.slowmist.io/search/,,SexDAO???????????????? - PANews (panewslab.com),,The Web3 social platform Sex DAO is suspected to have been Rug. The original white paper has been deleted. Over 220.000 USDT and 4.17 billion SED (SEXDAO Token) have been transferred on the chain. Currently. the Sex DAO official website and official Twitter account are inaccessible.,2022-10-05 0:00,2022,220044,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
483,Ledger Chrome,REKT and SlowMist,https://de.fi/rekt-database/ledger_chrome,https://hacked.slowmist.io/search/,,(1) https://cointelegraph.com/news/fake/ledger/live/chrome/etension/stole/14m/rp/researchers/claim. (2) https://twitter.com/xrpforensics/status/1242513076026556417,,Attacker creates malicious Ledger Chrome etensions and tricks users into downloading malicious Ledger Chrome etensions through Google search ad serving and other methods to steal users   cryptocurrency. So far  it is known that at least 1.4 million RP are stolen.,2020-03-25 0:00,2020,224000,Instant user deception,Fake ads/pop ups,Imitation,Intermediary,Other systems,
988,Shadetech,REKT,https://de.fi/rekt-database/shadetech,,,https://de.fi/rekt-database/shadetech,,The project raised 157 ETH on the fundraising platform here:  https://www.safu.investments/sale/28  Raised funds were added to the initial liquidity by the contract deployer:  https://etherscan.io/t/003ad0a15fe1b29929c9d8d01be4c326b62467cd8bfbc55b6f8b831bd99b37244  The contract deployer was the biggest token holder. he has sold tokens in multiple transactions:  https://etherscan.io/t/07b3c798d63675e611f333798531b1a11a544f7b06a1a09697aaff0106b7a71f6  https://etherscan.io/t/0bbd0e85c1ef99b1d2b0068d24edef5beb6d3db63f006a2fac1aa26c35c51372d  https://etherscan.io/t/0133ea1081def73c80a97d1a86bc4e082ed1d5cfa68082fea40252b3deab81dfb  https://etherscan.io/t/0453285b56bc49042d861f49b106c1a81e3da9d83fc5eb9bce524e74b24ef7d89  https://etherscan.io/t/0f1a19848815e8e98945f36d1a8c6a55dcc8ba2f5f963c03c7b5b39db3100f154  https://etherscan.io/t/0971153e5427c2e2fc6679f39cf927ff840c50f8b8b8d86a521b74c221033d885  https://etherscan.io/t/00e1737ee60a67141d8fdd5e1ece090b4513376fc7eb0e301635d63fe7184931a  https://etherscan.io/t/089c2bda161003ca0066b3b2367906f475d9060d971b8c47b2b1f3f84de3c1ec2  https://etherscan.io/t/072b3226efc7abe33f5e2ba9d2d96d6c2500693ef7f37ed6648a6ac625e1ab0bf  https://etherscan.io/t/0ed00c38e335686900079f13abea572740a8a11920c1039b9a6416388bd5d5699  https://etherscan.io/t/0ba743212593b7bc1aee98ad496fa81328c54c27c4b2af9e16bf2d4dc626bb657  https://etherscan.io/t/0a7e80f22b76ae953c08f6306ba7e4f70801c054c3e3d0ab645ba7e24272fcf84  https://etherscan.io/t/05bf35dc742040325aa15a417f53bb468f56ec93ca4fae0fa335431c7680e3126,2021-03-17 0:00,2021,224579,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Staking,CP
625,EOSBet,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://thenetweb.com/news/eos/gambling/app/hacked (2) https://latesthackingnews.com/2018/09/17/hackers/exploited/flaw/in/eosbet/smart/contract/to/steal/44000/eos/ (3) https://www.reddit.com/r/eos/comments/9fpcik/how_eosbet_attacked_by_aabbccddeefg/?ref=share&ref_source=embed&utm_content=body&utm_medium=post_embed&utm_name=80e72b3c02e54d5e8e263fb8bd3b9e31&utm_source=embedly&utm_term=9fpcik,,the attacker exchanged true EOS token with fake token within the vulnerability in the code winning without betting.,2018-09-14 0:00,2018,224595,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
429,Curve Finance,SlowMist,,https://hacked.slowmist.io/search/,,https://www.btcfans.com/en/us/flash/id/30048,,Recently  a user suffered a phishing attack while visiting the Curve exchange website  and lost 20 Bitcoins. It is reported that the fraud group used the Google advertising system to purchase Google search ads  pretending to be the Curve exchange for fraudulent advertising. Due to google's new advertising program  ads are usually displayed in the first place in search  which has caused many users to be deceived.,2020-10-11 0:00,2020,226988.5,Instant user deception,Fake ads/pop ups,Imitation,Intermediary,Exchange,
48,Convex Finance,REKT and SlowMist,https://de.fi/rekt-database/convex_finance,https://hacked.slowmist.io/search/,,https://twitter.com/ConveFinance/status/1540104036229185536,, ConveFinance officially tweeted that a DNS attack caused users to approve malicious contracts on some interactions on the website  and the problem has been fied.,2022-06-23 0:00,2022,236039.36,Instant user deception,DNS attack,Imitation,Intermediary,Yield,
12,Celer,REKT and SlowMist ,https://de.fi/rekt-database/celer,https://hacked.slowmist.io/search/,,"(1) CelerNetwork sur Twitter : ""??(1/n)A DNS cache poisoning attack on cBridge’s frontend UI apppro. during 08/17 07:45pm to 10:00 pm UTC caused some users to be redirected to malicious smart contracts that can drain all approved token amount. FIRST. PLEASE check&amp;revoke any approval to the followings:"" / Twitter. (2) https://web.archive.org/web/20220818040653/https://web3isgoinggreat.com/single/celernetwork/suffers/dns/hijacking/attack",,Celer said that cBridge's front/end interface suffered from DNS cache poisoning attacks. This attack targeted third/party DNS providers. Celer  s own contract was not affected  and users who suffered losses in this incident  Celer  will be fully compensated. REKT: Quick SummaryThe cBridge was the victim of a DNS attack during which users who used the bridge through the web interface lost their funds. During the attack. the total damage from users amounted to about $240k. Details of the exploit  data/v/51e0c2ec=  ><span lang=>Celer cBridge is a decentralized and non/custodial asset bridge that supports 110+ tokens across 30+ blockchains and layer/2 rollups.  data/v/51e0c2ec=  >A vulnerability in the hosting security system was used by a hacker to gain control of the bridge domain and change the External interface to redirect funds passing through the platform to a wallet controlled by the hacker.  data/v/51e0c2ec=  >Unsuspecting people made exchanges from one blockchain to another and noticed that they could not get their funds. Team members noticed this and issued a warning post on Twitter.  data/v/51e0c2ec=  >Before the Celer Network team noticed the problem. the hacker managed to take $ETH 128 and withdraw all funds through Tornado.Cash. Block Data ReferenceInvolved addresses:/ Ethereum:  https://etherscan.io/address/02A2aA50450811Ae589847D670cB913dF763318E8/ BSC:  https://bscscan.com/address/05895da888Cbf3656D8f51E5Df9FD26E8E131e7CF/ Polygon:  https://polygonscan.com/address/09c8b72f0d43ba23b96b878f1c1f75edc2beec9f9/ Avalanche:  https://snowtrace.io/address/09c8b72f0d43ba23b96b878f1c1f75edc2beec9f9/ Arbitrum:  https://arbiscan.io/address/09c8b72f0d43ba23b96b878f1c1f75edc2beec9f9/ Astar:  https://astar.subscan.io/account/09c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9?tab=transaction/ Aurora:  https://aurorascan.dev/address/09c8b72f0d43ba23b96b878f1c1f75edc2beec9f9<span style=,2022-08-18 0:00,2022,236334,Instant user deception,DNS attack,Imitation,Intermediary,Bridge,
950,POKeFARM,REKT,https://de.fi/rekt-database/pokefarm,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""POKeFARM $POK Contract Sneak Peek https://t.co/3SkizbhM1P AdminUpgradeabilityProxy contract at that address. It means that real implementation is hidden behind the proxy. which means that implementation can be change at any time. DEV should explain why #cryptoRedflag… https://t.co/nvz101HBNa"" (archive.ph)",,POKeFARM smart contract was backed by the proy contract. The major token pairsliquidity wasn tlocked. Because the token contract included minting functionality. the owner has minted 1M POK tokens while avoiding the proy contract. To confuse the community. the contract deployer sent 500K. 250K. 150K. and 100K POK tokens to some wallets. The recipient exchanged POK tokens for 500 ETH. which he subsequently put in Tornado Cash to hide the trace in the following transactions:   https://etherscan.io/t/01a3b8b06eef4b7db06979fadd0cc03b6c6287443e6ded9ce26e58c02533d4b9d  https://etherscan.io/t/06ad7bc755bb41ef4b40c66cf9c7c042c6a2233607ac3dd9bdd7c494985b81378  https://etherscan.io/t/0c313476793d893e33804ad87c8fc92d5c69219e6fd0aa94c62a2eb51f73c01ef  https://etherscan.io/t/03477512dbffccb10cdfbe9c20bbe389d4e08cf82cca6f8b8f0e2b232bbb59e74  https://etherscan.io/t/0bba546f684ab1034cf1232572b8779eeece8e935b8e5d721afe48f3038871a5d,2020-11-13 0:00,2020,238435,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
694,EarnHub,REKT,https://de.fi/rekt-database/earnhub,,,EarnHub Hacked: The EHB Staking Pools Compromised / CoinCodeCap,,The Exploitersaddress: https://bscscan.com/address/03d98aee279c82d8178b87d9d4dc442d65224dacc Attacker contract A: https://bscscan.com/address/089011932e486fc3548f82c279eb502ba7b4ad55f Attacker contract B: https://bscscan.com/address/0f7acfa1ce0e235e7072fa76bd0dc3c3e519bdfe5 The root of the issue: The <u>makeHop()</u> function allowed shareholders to shift their funds through different staking pools in a gas/efficient manner. This feature was intended to be implemented on the net dApp update. however. it’s been around for about 1 month on the contract side. The issue is in the line below. which assumes that there can not be a malicious smart contract on the pool that is called on <u>receiveHop</u>(_pool): tokenPool.stakingToken.approve(address(_newPool). tokenPool.stakingToken.totalSupply()); By approving the totalSupply to the new pool. Contract B was able to have allowance to spend the staking contract tokens. This basically means they were able to withdraw them from the staking contract at a whim once that initial setup was made. The attacker: / created contract A/ created contract B/ the attacker contract then proceeded to buy some EarnHub. stake it. and make it hop to contract B (makeHop(contractBaddress))/ after receiving the hop. the contract was able to drain the funds from the staking contract by just using the <u>transferFrom</u>() function repeated times. The eample transaction: https://bscscan.com/t/040e69064c70d7db8b2dcbad441da9a06a507f8f90959da3c2583242f89e01d3c Stolen funds were deposited into Tornado Cash mier: https://eplorer.bitquery.io/bsc/address/03d98aee279c82d8178b87d9d4dc442d65224dacc/outflow,2022-07-02 0:00,2022,244938,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
324,Safe Dollar,REKT and SlowMist,https://de.fi/rekt-database/safe_dollar,https://hacked.slowmist.io/search/,,https://www.coindesk.com/markets/2021/06/28/stablecoin/safedollar/hit/by/cyberattack/,,The algorithmic stablecoin project SafeDollar on Polygon is suspected of being hacked and an unconfirmed contract seems to have taken away 250 000 USD in USDC and USDT. REKT: The attackersaddress:  https://polygonscan.com/address/0fedc2487ed4bb740a268c565dacdd39c17be7ebd  The attack transaction:  https://polygonscan.com/t/01360315a16aec1c7403d369bd139f0fd55a99578d117cb5637b234a0a0ee5c14  The attack took the use of a flaw in Safe Dollar reward structure to alter the <u>accSdoPerShare</u> value. allowing it to claim a big number of SDO for each token deposited token.  In preparation. an initial deposit was placed into one of the protocolsSafe Farms:  https://polygonscan.com/t/055dad44a7ed31d1637e70879af66e02290d39aea54554f8411e6ec19c03a074b  Transfer fees are charged by PL. the currency that SafeDollar was incentivizing. These fees are meant to be borne by the user. however. they were taken from the rewarder balance instead during withdrawal transactions.  The hacker used a deposit/withdraw loop to progressively drain the poolsPL balance over the course of 101 transactions. resulting in a hugely inflated <u>accSdoPerShare</u> of 1.142.913.215.739.484.400 SDO being awarded for each PL contributed.  Claiming rewards on the initial deposit produced a total of 831.309.277.244.108.000 SDO which were sold by the attacker.,2021-06-28 0:00,2021,248000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
295,PolyYeld Finance,REKT and SlowMist,https://de.fi/rekt-database/polyyeld_finance,https://hacked.slowmist.io/search/,,https://news.coincu.com/6757/polyyeld/finances/yeld/drops/to/zero/after/hackers/exploited/the/vulnerability/and/generated/4/9/trillion/tokens/,,The profit farming agreement PolyYeld Finance was attacked. The project contract was used to mint 4.9 trillion YELD tokens and dump them in the secondary market. REKT: Quick SummaryPolyYeld finance introduced a transfer fee. which was inconsistent with its masterchef contract. The resulting vulnerability was exploited by an attacker for $250k. Details of the exploitPolyYeld Finance is a yield aggregator protocol on the Polygon network. PolyYield introduced the $YELD token. a deflationary token in order to support its yield aggregator services. A fee was applied on the transfers of the $YELD token. The PolyYeld Masterchef contract was not designed to support this token type. which created an exploit opportunity. After a series of deposits and withdraws. the $YELD balance of the Masterchef became 1 WEI. The calculation of the $YELD rewards were based on the YELD balance of the pool. >This referral mechanism generated &nbsp;$YELD 49B tokens to the attackers address. The attacker dumped a part of his balance in order to receive $ETH 123. The funds were then bridged and transferred through Tornado.cash. Block Data ReferenceThe attacker\saddress:  https://polygonscan.com/address/0a4bc39ff54e1b682b366b57d1f6b114a829f5c01 The transaction behind the hack:  https://polygonscan.com/t/03c143d2a211f7448c4de6236e666792e90b2edc8f5035c3aa992fd7d7daca974   ,2021-07-27 0:00,2021,250000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Yield,CP
481,Bisq,REKT and SlowMist,https://de.fi/rekt-database/bisq,https://hacked.slowmist.io/search/,,https://www.coindesk.com/hacker/exploits/flaw/in/decentralized/exchange/bisq/to/steal/250k,, Hacker exploits Flaw in Decentralized Bitcoin exchange Bisq to Steal $250K.,2020-04-08 0:00,2020,250000,Undetermined,Undetermined,Technical vulnerability,Target,Exchange,P
826,EtherDelta,REKT,https://de.fi/rekt-database/etherdelta,,,(1) Cryptocurrency Exchange EtherDelta Hacked in DNS Hijacking Scheme (ccn.com). (2) https://blog.idex.io/all/posts/a/complete/list/of/cryptocurrency/exchange/hacks/updated,,The DNS server of decentralized cryptocurrency exchange EtherDelta was successfully breached by an attacker. enabling the hacker to redirect users to a malicious website.  Consequently. the hacker was able to steal funds from users who unknowingly imported their private keys into the impostorswebsite.  According to data obtained from the Ethereum blockchain. it appears that the hacker stole approimately 308 ether — worth approimately $250.000.  The hackersaddress:  https://etherscan.io/address/03f8a37bde9b15b65c82f9cdd00192e0ba36cc5fc,2017-12-20 0:00,2017,251000,Instant user deception,DNS attack,Imitation,Intermediary,Exchange,
760,BNQ Token,REKT,https://de.fi/rekt-database/bnq_token,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing a price #slippage on BNQ token (BNQ) Contract bsc: 0x06C61725B98F1eF191D41e6B4f1E0aA50Bd465d5 which has dropped 99.46%. EOA 0x7F725 received 152m BNQ and sells for ~233k USDT. The Deployer burns 750k BNQ. Stay vigilant! https://t.co/I0yWhseRYf"" / Twitter",,Quick SummaryBNQ token was rug pulled by the token deployer/related address. The malicious actors sold 152.505.402 $BNQ. which leads to a price drop by more than 90% Details of the exploitBNQ token is a copycat BEP20 token and is not related to other projects with the same token symbol. An EOA address started selling $BNQ tokens on PancakeSwap after receiving the tokens from the token deployer/related address and drained 255.675 $USD worth of assets. Consequently. stolen funds were transferred to another EOA address. which added liquidity to another pool with $BNQ tokens and the stolen $BUSD. Block Data ReferenceMalicious actor address: https://bscscan.com/address/07f725bbd306e06a6eed5e89c0ca2751ecc8e1780 Liquidity Pool: https://bscscan.com/address/084d5b47BF4406A610AaE67803c0F040867eA7eE5 The deployer relation proof transactions: https://bscscan.com/t/0ef2256032527e276d6f2db4ea6cad081238d6ced8b36037cd1fe9788d37f77c9 https://bscscan.com/t/05164e07d372218c9786c45518b7d984da323b0b3f9391e62fccc2562fd7a71da,2022-09-19 0:00,2022,255675,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1008,SuperStep,REKT,https://de.fi/rekt-database/superstep,,,(1) https://web.archive.org/web/20220802132113/https://twitter.com/PeckShieldAlert/status/1551868745957920768 (2) https://web.archive.org/web/20220611075455/https://twitter.com/WealthByAle/status/1535530891925237761,,Quick Summary The SuperStep project was Rug pull scamed by the team that worked on it. The team created a staking platform. offering a high annual income from staking. The project entailed a backdoor in the contract. allowing the creator address to withdraw all of the staked $BNB within the protocol.,2022-07-25 0:00,2022,255682,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
953,PoW ETH,REKT,https://de.fi/rekt-database/pow_eth,,,Tweet / Twitter,,Quick SummaryFake Ethereum PoW token was exploited on the Binance chain. causing of loss more than 255.780 $USD of usersfunds in $WETH Details of the ExploitPoW ETH is a BEP20 standard token. which is not related to the original $ETH or $ETHW. The scammer created ETHW/WETH pair and added liquidity. The scammer had more than 95% token supply in balance and an opportunity to mint an infinite amount of fake $ETHW. After users began trading on various DE es the scammer used the remaining $ETHW tokens to drain $WETH. The profit of the scammer reached 180 $WETH or $255.780 in dollar terms.&nbsp; Block Data ReferenceScammer addresses: https://etherscan.io/address/0014fa6828db36b8d9b150d991ce21ded7604f269 https://etherscan.io/address/06001b9ffdb479f8efbba8b7aee9217db32f29204 Token pair: https://etherscan.io/token/0f64af4706c74b07a377bee8114b1c7d508f72aff Draining transactions: https://etherscan.io/t/0f1b564b117e997bd9f58d9c7621599c3ef1e1df41cc2b90d441f28ad64c0a92d https://etherscan.io/t/0242595a1b8588956e3e8a5988266a597301a818b98b9f060825bb713e0994704 https://etherscan.io/t/08f24728455fe4d6b8566fc5620f5c5b5472f00ee5ee159ebb6bc8caf08661c6b,2022-09-15 0:00,2022,255780,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
383,Multi Financial,REKT and SlowMist,https://de.fi/rekt-database/multi_financial,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/223202.html. (2) https://hacked.slowmist.io/,,According to feedback from Binance Smartchain investors on February 1st the BSC listed project Multi Financial ran away and it only took about 5000 BNB in one day. The compromised investor stated that it had reported that Binance had blocked the address of the project party and reported to the police. Recently there have been many running incidents on BSC. The popcornswap project has approached 48 000 BNB. In a few days three other projects (Zap Finance and Tin Finance SharkYield) ran away. The current SharkYield ran away is suspected to have taken away 6000 BNB. Binance said that BSC is the same public chain as Ethereum and should not be responsible for the above projects. It hopes that users will manually intervene in investment and select high/quality projects to participate.,2021-02-01 0:00,2021,258050,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
97,GOAT,REKT and SlowMist,https://de.fi/rekt-database/goat,https://hacked.slowmist.io/search/,,https://twitter.com/PeckShieldAlert/status/1523550360140664832,, The GOAT project claimed to be ''the new standard in cryptocurrencies'' but one of the project's developers abruptly sold their assets  taking $260 000 with them  and the token price fell to nearly $0.,2022-05-09 0:00,2022,260000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1147,Ethereum alarm clock,SlowMist,,https://hacked.slowmist.io/search/,,Ethereum Alarm Clock exploit leads to $260K in stolen gas fees so far (cointelegraph.com),,According to Cointelegraph. a vulnerability in the Ethereum Alarm Clock service (Ethereum Alarm Clock) has been exploited. and the hacker has so far made about $260.000 in profit. According to the analysis. hackers managed to exploit a loophole in the scheduled transaction process to profit from the refund of gas fees for canceled transactions. According to Etherscan transaction history. the hackers have obtained 204 ETH. worth about $259.800. It is reported that the Ethereum alarm clock service is to allow users to schedule future transactions by pre-determining the recipient address. sending amount and transaction time,2022-10-20 0:00,2022,260000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
989,SherLOCK,REKT,https://de.fi/rekt-database/sherlock,,,https://twitter.com/CertiKAlert/status/1572586893937631235,,SherLOCK token's liquidity was totally removed by the token owner. The scammer drained 938 $BNB from the PancakeSwap liquidity pool.,2022-09-21 0:00,2022,262175,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
66,BAYC,REKT and SlowMist,https://de.fi/rekt-database/bayc,https://hacked.slowmist.io/search/,,https://twitter.com/NFTherder/status/1533037408144572417,, Discord servers for Yuga Lab projects Bored Ape Yacht Club (BAYC) and Otherside appear to have been affected by phishing attacks. The attackers allegedly stole more than 145 ethereum ($256 000) worth of tokens. It appears that the community administrator  s account was compromised  which gave attackers access to the administrator account on the server. They then went on to post a link to a phishing site that encouraged users to link their wallets to access &quot eclusive giveaways.&quot  Subsequently  the NFT project BAYC stated on its official Twitter that its Discord server was briefly attacked today  and the team quickly resolved the problem  but some NFTs were still affected. REKT: Quick SummaryBoris Wagner\sDiscord was compromised. which the hacker took advantage of by posting a phishing link with airdrop through his account. Details of the exploit  data/v/51e0c2ec=  >The Bored Ape Yacht Club is a collection of 10000 unique Bored Ape NFTs— unique digital collectibles living on the Ethereum blockchain.  data/v/51e0c2ec=  >After gaining access to the employee’s account. scammers shared a phishing link from Vagner’s Discord account into the official BAYC. MAYC and Otherside groups. The community. without suspecting anything suspicious. without hesitation followed the link and clicking on the get airdrop button signed a transaction to give all their funds to the scammers.,2022-06-04 0:00,2022,262732,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
34,Kyber Network,REKT and SlowMist,https://de.fi/rekt-database/kyber_network,https://hacked.slowmist.io/search/,,Kyber Network Hack Update: Attack Vector Removed. Affected Wallet Fully Compensated (cryptopotato.com),,Decentralized liquidity protocol Kyber Network disclosed on Twitter that its users lost $265 000 in funds due to a front/end exploit. The vulnerability stems from malicious Google Tag Manager code in the KyberSwap website  where attackers target whale wallets and gain permission to transfer user funds by inserting fake approvals. REKT: Quick SummaryThe Kyber Network project was exploited by a hacker who took advantage of a vulnerability in the front end taking a profit of ~$265k. Details of the exploit Kyber Network is a decentralized. blockchain/based protocol that aggregates liquidity and enables the exchange of tokens without an intermediary.. The hacker managed to add malicious code to Google Tag Manager (GTM). which performed an approve. which gave the hacker access to user\sfunds. The script added by hacker\steam was specifically targeting whale wallets. Block Data Reference Involved addresses:  data/v/51e0c2ec=  >/ Scammer address:&nbsp;  data/v/51e0c2ec=  >&nbsp; / Polygon:  https://polygonscan.com/address/057A72cE4fd69eBEdEfC1a938b690fbf11A7Dff80  data/v/51e0c2ec=  >&nbsp; / Ethereum:  https://etherscan.io/address/057A72cE4fd69eBEdEfC1a938b690fbf11A7Dff80  data/v/51e0c2ec=  >&nbsp;/ Addresses supplying native tokens to hacker addresses:  https://etherscan.io/address/09bc22f7e0234029eaf2c570588d829f07123fdd6,2022-09-01 0:00,2022,265050,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Exchange,P
305,DeFiPie,REKT and SlowMist,https://de.fi/rekt-database/defipie,https://hacked.slowmist.io/search/,,https://medium.com/defipie/hacking/investigation/85e07454f1c9,,DeFiPie (PIE) the lending protocol on the Ethereum and Binance smart chains was hacked. It is recommended that all liquidity providers etract all liquidity from the application. PIE tokens fell by more than 66% in 24 hours. The attacker used a re/entry attack to over/borrow and lent a portion of valuable assets. Later the counterfeit currency was used for liquidation operations and took away the mortgaged valuable assets which led to the DeFiPie agreement not only lent assets but also lost all mortgage assets and liquidity was lost. REKT: The hackersaddress on Ethereum:  https://etherscan.io/address/0f6f43f77ef9e561dcb2997d8e7ec1d685b6c0fe1  BSC:  https://bscscan.com/address/0f6f43f77ef9e561dcb2997d8e7ec1d685b6c0fe1  Polygon:  https://polygonscan.com/address/0ce1f4b4f17224ec6df16eeb1e3e5321c54ff6ede  The transaction behind the attack on the BSC:  https://bscscan.com/t/045f6f792638d114f31f6608dca4c79b1216bd5c7c45218a5fd8f1c2e309c6d75  The hacker: / created a token contract ( token) with a modified transfer function:  https://etherscan.io/token/0f8dFD22A3724DE8DF4D03254e4141aDD24966e4B#readContract  https://etherscan.io/token/0b5337f26745f59dbdEa1185e25169796256362Ef  / created pools for  tokens and deposited liquidity  / provided collateral (USDT. DAI. USDC. etc)  / borrowed  tokens and real tokens (PIE and others) and with a modified transfer function in  token. could able to borrow more than he provided as collateral  / after that from his second account he liquidated loans of  tokens in the first account thereby returning the collateral  / repeated with each pool.  Stolen funds were deposited into Tornado Cash and Typhoon miers.,2021-12-07 0:00,2021,269315,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Lending,P
326,xWin Finance,REKT and SlowMist,https://de.fi/rekt-database/xwin_finance,https://hacked.slowmist.io/search/,,https://peckshield.medium.com/xwin-finance-incident-root-cause-analysis-71d0820e6bc1,,The DeFi protocol xWin Finance based on Binance Smart Chain was attacked by lightning loans. The Win Finance token WIN has fallen by nearly 90% in 24 hours. The attacker used Win Finance s &quot reward mechanism&quot to continuously add and remove liquidity to obtain rewards. Under normal circumstances due to the small amount of users added the gains may be small or even not enough to pay the handling fees but in the face of huge amounts of funds the rewards will become abnormally high. REKT: The attackersaddress:  https://bscscan.com/address/0b63f0d8b9aa0c4e68d5630f54bfefc6cf2c2ad19  The transaction behind the attack:  https://bscscan.com/t/0ba0fa8c150b2408eec9bbbbfe63f9ca63e99f3ff53ac46ee08d691883ac05c1d  The attacker: / flash loaned 76.000 BNB from Fortube Bank  / swapped 37999.99 BNB for 95.409 Win tokens via PancakeSwap V1 BNB+Win Pool due to an invalid slippage control in the <u>WinFundP::_swapBNBToTokens</u>() function  / deposited 37999.99 BNB and 0.003 Win tokens into PancakeSwap V1 BNB+Win Pool as liquidity and minted in return 11.28 PancakeSwap LP tokens. Got an etra amount of Win tokens as a reward from Win Finance  / swapped 95.406 Win tokens for 75995.77 BNB via the above PancakeSwap V1 BNB+Win Pool and burnt 11.28 PancakeSwap V1 LP tokens to get 4.19 BNB  / repeated one to four twenty times. the attacker got about an etra 303.998.86 Win tokens reward from Win Finance for this attack  / swapped 303.998.86 Win tokens for 903.92 BNB via PancakeSwap V2 BNB+Win Pool and returned the flash loan in the first step  607.998 Win tokens were transferred to the attacker. and then it was used to swap for BNB. This incident was due to a bug in the internal <u>_swapBNBToTokens</u>() function of the <u>WinFund</u> contract which implements a price slippage control.,2021-06-25 0:00,2021,270000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Staking,CP
444,Chainlink,REKT and SlowMist,https://de.fi/rekt-database/chainlink,https://hacked.slowmist.io/search/,,https://www.theblockcrypto.com/post/76986/chainlink-nodes-attack-eth,,Nine Chainlink node operators were subjected to so/called spam attacks.&quot  The attackers obtained approimately 700 ETH (worth approimately $335 000 at the time) from their hot wallets. REKT: Chainlink operates as a network of nodes that connect smart contracts to the inputs and outputs in the real world that they require in order to function. This creates a decentralized oracle network. which in principle protects a contract from the risks of relying on a single oracle. which may be hacked.  The attack specifically targeted certain nodes—in this case. nine that provided pricing data for different other coins. In other words. it was a conventional spam attack in which the attacker allegedly issued a large number of price requests. causing node operators to suddenly pay eorbitant amounts for Ethereum\sgas costs.  Hot wallets are kept by node operators to offset any gas epenses (to ensure their services work). In this eample. the wallets\reserve funds were quickly depleted. with one operator reporting losing 20 ETH.  The attacker minted new Chi tokens (which provides a hedge against gas price volatility and users can mint new tokens at current prices. and trade them later. depending on whether the price is higher or lower than when the token contract was created) at the higher price. then sold them for regular ETH.,2020-09-04 0:00,2020,270718,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Oracle,INT
713,Omni Bridge,REKT,https://de.fi/rekt-database/omni_bridge,,,ETHW Replay exploit Caused by Omni Contract Vulnerability / The Chain Bulletin,,Quick SummaryOmni Bridge was hacked by exploiting a smart contract on the EthereumPoW chain. 200 $WETH was stolen by a replay attack and transferred through Mec Global. Details of the exploitOmni Bridge is a crosschain bridge. A replay attack was launched against Omni Bridge on the EthereumPoW chain. which resulted in a hacker exploiting 200 $WETH. The hacker was able to withdraw bridged funds from the both EthereumPoS and EthereumPoW chains because the OmniBridge contract failed to validate chainId before approving the transaction. Block Data ReferenceAttacker address: https://etherscan.io/address/082faed2da812d2e5cced3c12b3baeb1a522dc677OmniBridge address: https://etherscan.io/address/08eb3b7d8498a6716904577b2579e1c313d48e347EthereumPoS transaction: https://etherscan.io/t/0bddb0cc8bc9949321e1748f03503ed1a20dd618fbf0a51dc5734c975b1f8bdf5EthereumPoW transaction: https://www.oklink.com/en/ethw/t/09c072551861ce384203516f4d705176a2d2e262d5b571d853467425f1a861fb4,2022-09-16 0:00,2022,271800,Transaction attack,Replay attack,Technical vulnerability,Target,Bridge,INT
904,LOO,REKT,https://de.fi/rekt-database/loo,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an #exitscam on project LOO (LOO) bsc:0xfDB0fE3dD8F7e9A671f63b7e7db0935A955659ab Which has seen #slippage &gt;97% due to the contract deployer sending &gt;1B LOO to 0x36ec9... which then sells for a profit of approximately ~$269K. Stay vigilant! https://t.co/QcRzeCKB1n"" / Twitter",,Quick SummaryLOO project was Rug pull scamed by the deployer/related address. The scammer drained 275.117 $USD from the liquidity pool. Details of the exploitLOO is a BEP20 token trading on PancakeSwap. The token deployer sent 1.050.000.000 $LOO tokens to an EOA address which drained the liquidity for 275.117 $USD in total. The stolen funds were transferred to another EOA address. Block Data ReferenceScammer addresses: https://bscscan.com/address/0d9c37a0a6b4cd686fa895eab06e1005bdda43194 https://bscscan.com/address/036ec92f4f74eef3779a1d6d3ec4f11583e324d6a https://bscscan.com/address/0f88e124bb2098c58a4a8c9d49b510d6f0f6c67b4 Token transfer transaction: https://bscscan.com/t/0e5c67dff99bc615f755a7818a3f9600404b13549147ed004c21c8c0e45b5aecd Stolen funds transfer transaction: https://bscscan.com/t/0ed08f93146be4775baf50a060b3579e8a393d0e6734672087c4fb685caaeac5c,2022-10-29 0:00,2022,275117,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1010,SynLev,REKT,https://de.fi/rekt-database/synlev,,,https://www.cryptonary.com/synlev-price-crashes-by-over-80-in-24-hours-as-developers-left/,,"The removeLiquidity() function makes a call of the External function getSharePrice() in vaultHelper contract:
https://etherscan.io/address/0e0d6b68403d32dd659e452db880393df15fa00f2#code vaultHelper is a proy contract with EOA owner - 0a2e316cbfa81640ce509ab487867a136b75c83c4 The owner could set any address as price aggregator in vaultHelper calling proposeVaultPriceAggregator() A new aggregator (unverified contract) was provided in the transaction: https://etherscan.io/t/0c888619c64524f8b682952a0feb6c92ad73d7c90f9660aa3de9caad1467107a6 This hidden aggregator set the share price to 0.
",2021-03-13 0:00,2021,277897,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
298,Sanshu Inu,REKT and SlowMist,https://de.fi/rekt-database/sanshu_inu,https://hacked.slowmist.io/search/,,https://blocksecteam.medium.com/the/analysis/of/the/sanshu/inu/security/incident/28c0c7c0e783,,Using the mechanism of deflation token KEANU to attack the reward vulnerabilities in the Memestake contract deployed by Sanshu Inu the attacker finally made a profit of about 56 ETH. REKT: The attackersaddress:  https://etherscan.io/address/00333e323e61aa8afa38a1623604a165dcb9f4fec  The affected Memstake contract:  https://etherscan.io/address/035c674c288577df3e9b5dafef945795b741c7810#code  The attacker: / created two attack contracts. the first one deposited 2.049B KEANU:  https://etherscan.io/address/067a54b340392e661af8f757ba03674ede40d9dc3  the second one is the attack contract:  https://etherscan.io/address/0e30dc9b3c29534e9b4e9a166c2f44411163ad59f  / borrowed a large number of KEANU tokens using the flash loan from UniswapV2. and then deposited the tokens into/withdraws from the Memestake using the second smart contract. Since the KEANU has the deflation mechanism. which burns 2% tokens for each transaction. the real number of tokens deposited into the Memestake is smaller than the value (<u>user.amount</u>) maintained by the Memestake contract. The attacker repeated this process and made the number of KEANU tokens inside the Memestake decrease to a small one (1e/07):  https://etherscan.io/t/000edd68087ee372a1b6e05249cc6c992bb7b8478cc0ddc70c2a1453428285808  / invoked the <u>Memestake.updatePool</u>() to update the <u>accMfundPerShare</u>. This value relies on the number of KEANU tokens (which was manipulated in the second step.) Then the attacker obtained a large number of Mfund(~61M):  https://etherscan.io/t/0a945b1857630e730bd3fac6459c82dee44da45e35cfbbd6dfb7b42146e8dde41  / swapped the MFund and KEANU to WETH and deposited stolen funds into Tornado Cash mier:  https://bloy.info/ts/calls_from/00333e323e61aa8afa38a1623604a165dcb9f4fec?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967  The attacker gained 156.51 ETH as profits.,2021-07-21 0:00,2021,279608,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
491,Soft Yearn Finance (SYFI),REKT and SlowMist and ChainSec,https://de.fi/rekt-database/soft_yearn_finance_(syfi),https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) State of DeFi: The SYFI exploit & Lessons From Crypto’s New Wild West | OK. (2) https://twitter.com/0Amplify/status/1302852331680051200. (3) https://cointelegraph.com/news/jackpot/user/turns/200/into/250k/thanks/to/a/buggy/defi/protocol (4) https://twitter.com/softyearnfi/status/1301915560654131202,,Amplify a user of DeFi discovered a bug in SYFI a smart contract for DeFi and made 747 ETH on a single transaction but from other users. The project crashed. CRYPTOSEC: “An anonymous user has revealed how he made $250k in profits from a minor investment in a cloned version of Yearn.finance called Soft Yearn (SYFI).” — CointelegraphREKT: The protocol did not handle the rebase event correctly. It enabled a user to start Uniswap sell transaction immediately following the modification of wallet balances. but before any price change in the token was registered.  The rebase event functioned wrong. Because the YFI to SYFI conversion rate was incorrectly entered. an erroneous balance change was started. Together. these two errors permitted a transaction to be initiated that would basically remove the poolsaggregate cash.  The transaction. where the External address buys 2 SYFI using 0.5 ETH on the Uniswap:  https://etherscan.io/t/0ed33e727dd5b2f8e5164f6e15dabc1923652f2e933645378a87c45bf33c4e59a  15 minutes later. the same External address sells 15.551 SYFI for 747 ETH after the positive rebase event:  https://etherscan.io/t/0bb45a3aaa222432f50974b4be0852445e446698d33b0fcd47a4f627a2764ea83,2020-09-07 0:00,2020,281382,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
1020,Tomatos,REKT,https://de.fi/rekt-database/tomatos,,,https://de.fi/rekt-database/tomatos,,The withdrawal of the usersfunds was possible by the smart contracts unlimited malicious approval. which granted attacker to take DAI. TrueUSD. USDC-Tomatoes LP. USDC. USDT. and UNI from userswallets. Users that deposited ETH during the pre-sale did not get project tokens. The projectssocial media is inaccessible. Stolen funds were deposited into Tornado mier,2020-09-24 0:00,2020,286136,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
191,DaoMetaland,REKT and SlowMist,https://de.fi/rekt-database/daometaland,https://hacked.slowmist.io/search/,,(1) https://twitter.com/PeckShieldAlert/status/1479252602991054849. (2) https://www.altcoinbuzz.io/cryptocurrency/news/metaland/dao/lists/token/on/pancakeswap/amidst/fraud/claims/,,Rug Pull occurred in the DaoMetaland project on BSC  and the current loss eceeds 640 BNB. DaoMetaland's official Twitter has been deleted. REKT: According to the PeckShield alerts. they have detected that Metaland DAO stole more than 640 WBNB,2022-01-06 0:00,2022,286585,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
696,FASTSWAP,REKT,https://de.fi/rekt-database/fastswap,,,"(1) FASTSWAP sur Twitter : ""Fastswap hack was an insider job. The developer that deployed the farm was the same person that hacked the pools. He his a Japanese that base in Canada and we have gave him 24s since yesterday to refund us or we will release all his personal details and send authorities after him"" / Twitter. (2) https://archive.is/4MRMN",,The attacker: https://bscscan.com/address/0fd544b216bf23f4051281f13836c040feefd0921. as was stated by the project team in the tweet: https://archive.is/4MRMN <u>tokenMigrate</u>() function was called by the address which probably was saved to MasterChef in the <u>constructor</u>() initialization into private variable <u>migrateAddress</u>. Since the caller of the <u>tokenMigrate</u>() function was address 0193D4D22A8610Da6A89b36a1C938778D268D15ef. he was able to invoke LP and token migrations multiple times at: https://eplorer.bitquery.io/ru/bsc/ts/calls?contract=0ad4219cd9e26832269a49fe6d0edb3c40f64d701&amp;method=99594431 After. tokens were transferred to the External address multiple times. the example transaction: https://bscscan.com/t/05bb2d2cef907dba0ea6de4b6ea3a3f1c26e57fd99d3dd68b50d6e94d5fb0f9e2 Liquidity was removed multiple times. tokens were sold as well. the example transaction: https://bscscan.com/t/0830f9f79b3d43976ed204d095e03b2e9a9b048cdbff2f20a7fc03ac94cb144ba,2021-08-14 0:00,2021,290738,Internal theft,Unauthorized use of private key,Human risk,Target,Exchange,P
1148,OlympusDAO,REKT and SlowMist,https://de.fi/rekt-database/olympusdao,https://hacked.slowmist.io/search/,,Security Team: The Olympus DAO hacker has returned the stolen funds - PANews (panewslab.com),,The redeem() function in OlympusDAO’s BondFixedExpiryTeller contract resulted in a loss of approximately $292.000 due to inability to properly validate inputs. The OlympusDAO hacker has returned the stolen funds to the DAO.,2022-10-21 0:00,2022,292000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
156,Flurry Finance,REKT and SlowMist,https://de.fi/rekt-database/flurry_finance,https://hacked.slowmist.io/search/,,"CertiK Security Leaderboard sur Twitter : ""#CommunityAlert ?? @FlurryFi’s Vault contracts were attacked leading to around $293K worth of assets being stolen from Vault contracts Incident Analysis ??"" / Twitter",, Flurry Finance's Vault contract was hit by a flash loan attack  resulting in the theft of approximately $293 000 worth of assets in the Vault contract. REKT: The attackersaddress:  https://bscscan.com/address/00f3c0c6277ba049b6c3f4f3e71d677b923298b35  The malicious token contract:  https://bscscan.com/address/0b7a740d67c78bbb81741ea588db99fbb1c22dfb7  The attacker deployed a malicious token contract. which is also used as the attack contract. and created a PancakeSwap pair for the token and BUSD.  The attacker made a flash loan from the Rabbit Bank contract and called the eecute function on StrategyLiquidate:  https://bscscan.com/address/05085c49828b0b8e69bae99d96a8e0fcf0a033369  The eecute method decodes input data as the LP token address. allowing the attacker to eecute code from the malicious token contract.  The malicious token contract called <u>FlurryRebaseUpkeep.performUpkeep</u>() which rebases all vaults and updates multipliers for Rho Tokens. The update is based on all strategiesbalances.  The update was triggered in the process of a flash loan and the tokens borrowed from the Bank contract were not returned yet. the low balance led to a low multiplier.  The attacker returned the flash loan and finished the preparation transaction.  In the net transaction. the attacker deposited tokens with the low multiplier. updated the multiplier to a higher (normal) value. and withdrew the tokens with the high multiplier.  Because the multiplier is one of the factors deciding the RhoToken balance. the attackersRhoToken balance was increased in the transaction so they were able to withdraw more tokens than they deserve from the Vault.  The attacker repeated this process multiple times.  Stolen funds were transferred to this address and then redistributed between several External addresses:  https://bscscan.com/address/0b7a740d67c78bbb81741ea588db99fbb1c22dfb7#tokentns,2022-02-22 0:00,2022,293000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
101,Fury of the Fur,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/Rug pull scamfinder/status/1523082874022469633,, The Fury of the Fur NFT project was a collection of 3D models that sort of resembled bears. However  the NFT rollout has not been smooth / out of a total supply of 9 671 NFTs  less than 2 800 NFTs have been minted. The project attempted to relaunch but failed to generate more interest  so the creators decided to pull it out while preserving funding  of course. The project founders have left a long message to the community that they will close the project.,2022-05-07 0:00,2022,300000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,NFT,CA
256,Glide Finance,REKT and SlowMist,https://de.fi/rekt-database/glide_finance,https://hacked.slowmist.io/search/,,https://twitter.com/GlideFinance/status/1449775133992755206,,DeFi Glide Finance tweeted that a contract loophole was exploited to siphon money out of the matching contract for a loss of approimately $300 000 because the team changed the fee parameters after an audit but did not update the number on the contract from 1 000 to 10 000. The team is now contacting the exchange to block the transfer of funds and reminding users who have money in Glide's liquidity pool to withdraw funds.,2021-10-17 0:00,2021,300000,Contract vulnerability,Integer overflow,Technical vulnerability,Target,Exchange,P
1114,Lymex,REKT,https://de.fi/rekt-database/lymex,,,"PeckShieldAlert sur Twitter : ""#PeckShieldAlert $LYM has dropped -99.93% https://t.co/PVFwHcTqfh"" / Twitter",,"Quick Summary
46.6M LYM were dumped on Pancakeswap by the attacker. 
Details of the Exploit
The attacker received 46.6M LYM tokens from a proxy contract with unverified implementation (0xbC8054Ab4Bb4E60a13eDE09854F7957FF16D9679) through calling the claimStaticReward() function. All the received tokens have been sold off on the DEX.  
 
Block Data Reference
The attacker address:
https://bscscan.com/address/0x00e6392f9ae5d022e30ff406830bb9b3bed6993e#tokentxns
The attack transaction:
https://bscscan.com/tx/0x8fc7dce64ee16be4d494282f9b9a03853b483e8d1bce9ad005891cd243e03a92",2022-12-04 0:00,2022,301754,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Derivatives,P
5,ShadowFi,REKT and SlowMist,https://de.fi/rekt-database/shadowfi,https://hacked.slowmist.io/search/,,"PeckShieldAlert sur Twitter : ""#PeckShieldAlert PeckShield has detected @ShadowFi_ suffered an exploit possibly due to a vulnerability of SDF token which allows the token can be burnt by anybody. the Exploiter grabbed ~1.078 $BNB (~$301k). $SDF has dropped 98.5% https://t.co/O8ugq2sU3p https://t.co/Ljg3RfkGFl"" / Twitter",,Privacy project ShadowFi suffered a hack  and its official TokenSDF fell 98.5%. The attacker exploited the vulnerability of SDF to allow anyone to burn the Token  making a profit of about 1078 BNB (about $300 000)  and the stolen funds have been transferred to TornadoCash. REKT: Quick SummaryThe ShadowFi project was exploited by a hacker who took advantage of a vulnerability in the $SDF token. making a profit of 1078 $BNB. Details of the exploit  data/v/51e0c2ec=  >ShadowFi is a BEP20 token focused on anonymous payments. NFT. and passive income. The hack proceeds in two parts.  data/v/51e0c2ec=  >In the first part. the hacker used a scanner to track new token pairs. and stole $WBNB on PancakePair contract.&nbsp;  data/v/51e0c2ec=  >In the second part. another attacker used the burn function. which mistakenly allows any user to burn $SDF tokens from any address. The attacker burns almost all $SDF tokens on the liquidity pool. so the token price was unfairly high. He deployed an exploit smart contract to use the situation to swap 9 $SDF tokens for 1078 $WBNB and made a profit of 302.817 $USD. Consequently. he swapped all the stolen funds and transferred them to Tornado Cash.  data/v/51e0c2ec=  > Block Data Reference  data/v/51e0c2ec=  >Affected address of token pair:  data/v/51e0c2ec=  > https://www.bscscan.com/address/0f9e3151e813cd6729d52d9a0c3ee69f22cce650a  data/v/51e0c2ec=  >Address of attacker:  data/v/51e0c2ec=  > https://bscscan.com/address/06478576716666758401168757460978685492205  data/v/51e0c2ec=  >Swap transaction:  data/v/51e0c2ec=  > https://www.bscscan.com/t/0e30dc75253eecec3377e03c532aa41bae1c26909bc8618f21fb83d4330a01018  data/v/51e0c2ec=  > ,2022-09-02 0:00,2022,302817,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
835,FileSystemVideo,REKT,https://de.fi/rekt-database/filesystemvideo,,,"(1) PeckShieldAlert sur Twitter : ""#SCAM The minter of #FileSystemVideo just minted a 64k $FSV (https://t.co/o4qXxxVyLr). swapped to 700 BNB and deposited to @TornadoCash. Be careful out there! https://t.co/TkKDASK6nF"" / Twitter. (2) https://twitter.com/ishwinder/status/1490700088116662277",,The contract deployer of FSV token invoked addMinter() to grant the External address with the privileged function to mint new tokens:  https://bscscan.com/t/0974c0eb764b7764d1e808a90ec8aab2ce61f1375d2e2ff6c590c980daa79cdc6  06a6296c4853fF09c591AC2FE7568246630cf2E43 minted tokens to the 0746cE48320e14b366D9Ca4b02611Af728A7C12b3 address.  The stolen fundsrecipient was the following address:  https://bscscan.com/address/04c64068fefe2660c83fc0e1ecca99c024fe4b15f#tokentns  Funds were deposited into Tornado Cash mier:  https://bscscan.com/t/03fdc3cfc05ac52ec09f56454bf6ccc2ccbaf87c3cbf7566f7d1cc25e3f8c4c9d  https://bscscan.com/t/0f5af061f39d95f8be111c5fdd4014c2d593802980fc0ce04d30f79f279efb7eb  https://bscscan.com/t/0815b2fef900de3ee2a89dbfdb01e0901304639b189b801804050422096081e40  https://bscscan.com/t/07534b2385895a4bb7d5d008d7adbb950251c4092e31ee25103f5c6552479677b  https://bscscan.com/t/06b84ff0b2478368f4a5d143e8f51f58436f7117eb89a92790f6558974cfa15dd  https://bscscan.com/t/014302cf6d8c6ae69606c436a04db69369b85a901c907f1e8e6e5e11f20c787b8  https://bscscan.com/t/041156139a1a8b038b410520ae29211147c29cd29f1508c703bb81abd579fb17e,2022-02-07 0:00,2022,303625,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
967,Rbase Finance,REKT,https://de.fi/rekt-database/rbase_finance,,,https://archive.ph/MX9OA,,The project was holding the presale event. Funds were gathered directly on the EOA wallets:  https://etherscan.io/ts?a=0516b5abd608ef7bb1491dd1578ab110d51080907&amp;p=3  https://etherscan.io/ts?a=0e849c544cf389bc6846db54f38a6e5070be33474&amp;p=2  The raised funds were transferred to the contract deployer at (550 ETH in total):  https://etherscan.io/t/05bb82b766b8b5c23f64a74bf058d3ad63c7115935cee0ee7bc065482cf189c88  https://etherscan.io/t/0fd73d9147b92373aa308579e1abf2cbe59a5c038be831de87f1728c479e3acc5  The contract deployer added initial liquidity at:  https://etherscan.io/t/0e6cd42472ed3d4cd5f67db73c0f8dd9f06a865171d7cd360ac3597d61b28b85e  The liquidity was removed by the contract deployer at:  https://etherscan.io/t/037253c1ad1ed055eef9bfedb042a926be8cceccbd91c23b6a7830a8350a8aabd,2021-01-21 0:00,2021,307098,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
209,WonderHero,ChainSec,,,https://chainsec.io/defi-hacks/,(1) https://therecord.media/wonderhero-game-disabled-after-hackers-steal-320000-in-cryptocurrency (2) https://wonderhero.medium.com/community/update/wonderhero/bnb/chain/bridging/withdrawal/compromised/84327a4fd79 (3) https://twitter.com/CertiKAlert/status/1512023769010823169 ,https://wonderhero.medium.com/community-update-wonderhero-bnb-chain-bridging-withdrawal-compromised-84327a4fd79,"The operators of cryptocurrency play-to-earn game WonderHero have disabled the service after hackers stole about $320.000 worth of Binance Coin (BNB).
The attack caused the price of WonderHero’s own coin. WND. to plummet more than 90%.",2022-04-07 0:00,2022,320000,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
325,Merlin Labs,REKT and SlowMist,https://de.fi/rekt-database/merlin_labs,https://hacked.slowmist.io/search/,,https://twitter.com/RugDocIO/status/1409821481941540866,,The hacking of the revenue aggregator Merlin Lab stems from a logical loophole in MerlinStrategyAlpacaBNB. The contract mistakenly uses the BNB transferred by the beneficiary as mining revenue which makes the contract issue more MERL as a reward. After repeated operations the attacker made a profit of 300 000 US dollars. REKT: The attacker\saddress:  https://bscscan.com/address/02bADa393e53D0373788d15fD98CB5Fb1441645BD  Via the smart contract. a hacker deposited 0.1WBNB into the vault and then manually transferred 1000BNB into the contract to trick the contract into thinking it has received 1000BNB in rewards. which resulted in the minter producing MERL rewards.  Stolen funds were bridged into Ethereum mainnet at:  https://etherscan.io/t/07926165ea3164f375fde964e3ebbe78aaf412aba96442ef6ea9bd38c2e11346a  Deposited into Tornado Cash mier at:  https://bloy.info/ru/ts/transfers_from/02bada393e53d0373788d15fd98cb5fb1441645bd?currency_id=1,2021-06-29 0:00,2021,333825,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
436,LV Finance,REKT and SlowMist,https://de.fi/rekt-database/lv_finance,https://hacked.slowmist.io/search/,,https://ihodl.com/topnews/2020-09-21/defi-project-lv-finance-turns-out-eit-scam/,, According to the intelligence of the SlowMist Zone  the LV Finance project of the Ethereum mining project is suspected of running away within an hour and 4 million have been transferred away. Unlike previous projects  the project used fake audit websites and provided false audit information to trick investors into doing business. Invest and run away when the amount in the fund pool is large enough after a period of time. Currently  the project website lv.finance is no longer accessible. REKT: The core staking smart contracts were backdoored with the <u>addReward</u>() function. The following contracts accepted deposits from users in different tokens:  https://etherscan.io/address/0x80c09d3cc108fa52b7b63cdcc071daebc059a494#code  https://etherscan.io/address/0x9e1d0964d519ccb470151dd85e78fc798c75deb7#code  https://etherscan.io/address/0x7b63771fdc7ae30bad88b84cf902161ef3c39f80#code >K SUSHI. 816 UNI. 1K LINK. 1.3 SNX. 261 YFV. 0.02 YFI. 82.1 PYLON and 0.76 YFII were stolen and exchanged on ETH. https://etherscan.io/address/0xa2a430ce64c1f15f6d3c4a6cce04613986d6f27d#code  https://etherscan.io/address/0xb7b3ab6363507e5f36e744607696d60b2cdd2f3e#code  https://etherscan.io/address/0x828995b479999abb8e9e3f82381f34b2c05f7a27#code  https://etherscan.io/address/0x5a529c3a12006d5a5ecbb5044b66bed0a872bc6c#code  https://etherscan.io/address/0xd76e44702168e5d3270344e0d14ca10bb902f7f1#code  https://etherscan.io/address/0xbca5fc48d3d0310204965f6d22764add6989ca06#code  https://etherscan.io/address/0xc3dc2d24fe3e9127d86ed822e86ddc42b87b903f#code  https://etherscan.io/address/0xe52dfd3d4bfe8aa76a0cd4ae2f8ad443fa2a3e14#code  https://etherscan.io/address/0x478e26cbd368aeb8b0b23a43255ccc2d41d28c02#code  In the example below. the external address refers to each smart contract by invoking <u>addReward</u>() function and withdrawing user\sdeposits:  https://etherscan.io/tx/0xa5b92bb943f4ddae839145abf11b059b79d3353f4254b989325e415295f03325  In total. 201.5K USDC. 79.6K USDT. 8.1 LEND. 2.7<span style=\,2020-09-19 0:00,2020,333987,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
439,Coral,SlowMist,,https://hacked.slowmist.io/search/,,https://www.sohu.com/a/417422116_100217347,,The wRAM of the EOS ecological DeFi liquidity mining project Coral was attacked by hackers and lost more than 120 000 EOS.,2020-09-10 0:00,2020,334200,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Yield,CP
125,Marvin Inu,SlowMist,,https://hacked.slowmist.io/search/,,Marvin Inu's cross/chain bridge was hacked and tokens worth 110 ETH were stolen / PANews (panewslab.com),, According to official news  Marvin Inu's cross/chain bridge was hacked  and tokens worth 110 ETH were stolen and sold  causing a sharp drop in price. The project party has closed the cross/chain bridge and fied the loopholes. At the same time  it has adjusted the purchase ta to 0%  and promised to repurchase and destroy the tokens to make up for this loss after the price fluctuations stabilize.,2022-04-11 0:00,2022,340115.88,Contract vulnerability,Undetermined,Technical vulnerability,Target,Bridge,INT
681,Bubbleworld,REKT,https://de.fi/rekt-database/bubbleworld,,,(1) https://twitter.com/CertiKAlert/status/1533756527663845376. (2) https://twitter.com/CertiKAlert/status/1534060680038449152. (3) https://twitter.com/CertiKAlert/status/1534147722063888384,,Bubbleworld has been exploited for 194.78 ETH. The scammer has taken 250 NFTs and exchanged them on &nbsp;LooksRare. Exploiter address: https://etherscan.io/address/01588afd4da044a607f3085C0844510a79E3Ab0c2 Transaction eample: https://etherscan.io/t/03816210275de4e36715e7a23177aed23cd589736ac449219f4ba0941a3361532,2022-06-06 0:00,2022,343697,Instant user deception,Social media compromission,Imitation,Intermediary,Dapp,
855,GHOSTP2E,REKT,https://de.fi/rekt-database/ghostp2e,,,(1) GHOSTP2E Presale / Ghost Riches ?? is a Play/to/Earn (P2E) game with a large open world where players can enjoy both single/player and co/op modes. You will play the role of a ghost which is looking for mysterious lost treasures of the ancestors in a fairy forest. (pinksale.finance). (2) https://twitter.com/PeckShieldAlert/status/1509883838570262536,,The project was holding a fundraising event on the PinkSale launchpad:  https://www.pinksale.finance/#/launchpad/09F4A2B740691e53ddD41d70e2cbEbc6Ab2b32E8F?chain=BSC  Deposited funds were withdrawn:  https://bscscan.com/t/068bae23324b946043d1a33ec313c919b0012a1f0a026a7ac51c115a1d24403b7  The scammer deposited stolen funds into Tornado Cash mier:  https://bscscan.com/address/07fcf92ddc96c5ab25ff108403a9599f387934f90,2022-04-01 0:00,2022,346253,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
20,Velodrome,SlowMist,,https://hacked.slowmist.io/search/,,"Velodrome (??.??) sur Twitter : ""An update from Velodrome on our investigation into the team wallet exploit. https://t.co/sz1ePStcT0"" / Twitter",, On August 4  the team behind the Velodrome exchange and liquidity marketplace noticed that $350 000 had been taken from a team/operated wallet that was normally used for operational funds. They announced they were beginning an investigation into the theft  which they initially believed was due to a compromised wallet. Their team member Gabagool tweeted more details  underscoring that no user funds were lost. On August 13  Gabagool posted a long confession to his Twitter account  writing that he had stolen the $350 000  and had previously taken $56 000 over the course of two months  to try to &quot revenge trade&quot  the money he had lost in the crypto crash. xEplaining why he took the $350 000  he wrote  &quot I thought I could make the 56k back and return all of the funds  which was delusional&quot . He also wrote that &quot the majority of the funds have been returned to the Velodrome team. The rest will be.&quot  Velodrome later confirmed they had recovered all of the stolen money.,2022-08-04 0:00,2022,350000,Internal theft,Unauthorized use of private key,Human risk,Target,Exchange,P
1171,Android applications,SlowMist,,https://hacked.slowmist.io/search/,,https://www.techspot.com/news/90349-fake-cryptomining-apps-found-play-store-scam-350000.html,,Lookout Threat Lab security researchers exposed more than 170 Android applications and the number of deceived users exceeded 93 000. Among them 25 applications managed to evade the Google Play Store detection and successfully launched but this is mainly because they do not involve any malicious operations and may even be purely to fool users. Lookout security researchers pointed out that these counterfeit applications belong to the BitScam and CouldScam series respectively claiming to provide cloud/based cryptocurrency mining services that can aggregate the computing power of users mobile devices and share mining revenue. These apps are not free and various additional payment excuses such as subscriptions and upgrades will be made. Prices range from 12.99 to 259.99 US dollars and cryptocurrencies such as BTC or ETH are accepted as payment methods. LookoutThreatLab estimates that these malware creators defrauded 300 000 U.S. dollars through illegal sales and 50 000 U.S. dollars in cryptocurrency through fake payments and upgrade services.,2021-07-08 0:00,2021,350000,Instant user deception,Fake service,Imitation,Intermediary,Other systems,
49,Ribbon Finance,REKT and SlowMist,https://de.fi/rekt-database/ribbon_finance,https://hacked.slowmist.io/search/,,"Ribbon Finance sur Twitter : ""We are aware of a DNS attack on https://t.co/b1zD0kjQGk and have immediately remedied the issue. The takeover prompted 2 users to approve malicious contracts for vault deposits. All funds on the vault contract are unaffected."" / Twitter",, Ribbon Finance said in a tweet that the homepage of the URL suffered a DNS attack  causing 2 users to approve a malicious contract for vault deposits. At present  the team has solved the problem  and the funds in all contracts are in a safe state. After analyzing the data on the chain  SlowMist believes that it is the same attacker as Conve. At the same time  it is found that a user of Ribbon Finance lost 16.5 WBTC in the attack. REKT : Quick Summary A DNS attack was made on Ribbon Finance. During the attack one of the users lost 16.5 $WBTC.  Details of the exploit<a href= https://www.youtube.com/watch?v=U4Mcd_1mKY rel=noreferrer noopener target=_blank A DNS attack was carried out on the Ribbon Finance project. during which 16.5 $WBTC was lost. The on/chain analysis revealed that the attack has common features with the DNS attack on Conve Finance and was made by the same hacker team. Hackers created a similar website with a malicious contract that required calling the approve() function. Block Data ReferenceScammer address:  https://etherscan.io/address/0b73261481064f717a63e6f295d917c28385af9aaContract creator address:  https://etherscan.io/address/047832f5505847b6e1cce802201c55ad885146fc6Malicious contract address:  https://etherscan.io/address/065a8ec2c367a2d60efc1944c6eab614d73453b2fTransferring 16.5 $WBTC from victim to scammer address transaction:  https://etherscan.io/t/0d09057f1fdb3fa97d0ed7e8ebd8fd31dd9a0b5b61a29a22b46985d6217510850,2022-06-24 0:00,2022,351064,Instant user deception,DNS attack,Imitation,Intermediary,Yield,
951,PolBase Cash,REKT,https://de.fi/rekt-database/polbase_cash,,,"CaptainJackCryptoAPE sur Twitter : ""Great. they rug pool with 225K usd. https://t.co/p5amVw4InF"" / Twitter",,Quick SummaryPolBase Cash was an algorithmic stable coin project that contained unverified smart contracts which empowered the contract deployer to withdraw funds from the operation. Investors were deprived of $350k. Details of the exploitPolBase Cash an algorithmic stable coin project that boasted three coins. $PBC (PolBase Cash) was the dollar pegged stable coin. In order to enable stabilization mechanisms $PBB (PolBase Bonds) and $PBS (PolBase Share) were introduced. similar to the popular Tomb Finance protocol on the Fantom network.The contract deployer created four smart contracts for staking $USDT. $USDC. DAI and LP tokens separately. The staking contracts were unverified. meaning the code was not visible on the block eplorer for everyone to review.The contract deployer interacted with these 4 smart contracts using function <u>setOperation</u>() with the below address as input data: 05C0D86B9c5de0b2b88895a6Cb0441a0Cdd5d52eA. This address received permission to withdraw funds from the staking smart contracts. The stolen funds were then transferred to a variety of External wallets. In addition. the liquidity from the pair was removed by this address as well:  https://etherscan.io/t/0bf17223dc8c0aba097a79ec1e63b40fee758dd62ece339384de20a15a51d62fc Block Data ReferenceUSDT staking contract: https://etherscan.io/address/04f2582fe5e50b5c77cb5f57e6bc958b49fe3381bUSDC staking contract: https://etherscan.io/address/02b3e2fe7c8718353fc6cebaa79451c7193025bc3DAI staking contract: https://etherscan.io/address/0a72180b8ce83f5717228d87bed3ef520093faf2cLP contract: https://etherscan.io/address/0386e747afbd6cf412a055816820fa0d4948b63a9 Outgoing transactions could be found at:  https://bloy.info/address/05c0d86b9c5de0b2b88895a6cb0441a0cdd5d52ea,2021-01-07 0:00,2021,353807,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
487,bZx,REKT and SlowMist,https://de.fi/rekt-database/bzx,https://hacked.slowmist.io/search/,,bZ Hack Full Disclosure (With Detailed Profit Analysis) | by PeckShield | Medium,,DeFi lending protocol bZx exploited  may lose up to $350 000. REKT: The transaction behind the attack:  https://etherscan.io/t/0b5c8bd9430b6cc87a0e2fe110ece6bf527fa4f170a4bc8cd032f768fc5219838  The attackersaddress:  https://etherscan.io/address/0148426fdc4c8a51b96b4bed827907b5fa6491ad0  The attacker: / flash loaned 10.000 ETH from the dYd exchange  / with the borrowed flash loan. the attacker deposited 5.500 ETH into Compound as collateral to borrow 112 WBTC  / Deposited 1300 ETH and called bZ margin trading function. i.e.. mintWithEther (that cascadingly invokes marginTradeFromDeposit). The margin trading function leveraged KyberSwap to swap the borrowed 5637.623762 ETH for 51.345576 WBTC in return. Notice that it is 5 borrow to short ETH. The swap essentially drove up the conversion rate of 1 WBTC to around 109.8 WETH. roughly triple the normal conversion rate (~38.5 WETH/WBTC)  / with the spiked WBTC price on Uniswap. the attacker sold the Compound/borrowed 112 WBTC back for WETH on Uniswap. This dump step leads to the net of 6871.4127388702245 ETH in return with the overall conversation rate of 1WBTC=61.4 WETH  / With the netted 6871.4127388702245 ETH from the dumped 112 WBTC. the attacker repaid the flash loan 10000.000000000011ETH back to dYd.,2020-02-15 0:00,2020,355880,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Lending,P
922,Miss Universe NFT,REKT,https://de.fi/rekt-database/miss_universe_nft,,,(1) Beware of sophisticated scams and rug pulls. as thugs target crypto users (cointelegraph.com). (2) https://twitter.com/zachxbt/status/1545426491340689408?s=21&t=HRDSSdXjE1mfxcMEHFF2nA. (3) https://drive.google.com/file/d/174GN6tOyJF8jbhj2ADRUL_tU_Bh04td_/view?usp=sharing,,Quick Summary The official Miss Universe NFT project that boasted a roadmap with monthly AMAs. charity donations and signed prints. Rug pull scamed its holders within 3 days after inception and incurred losses of appro. $360k to its holders.  Details of the exploitThe Miss Universe NFT project was in fact endorsed by Paula Shugart. the president of The Miss Universe Organization as well as by Steve Harvey the famous American television host and other Miss Universe models. The project promised its holders an array of off/chain benefits such as eclusive events. signed prints and virtual AMAs with a strategic orientation towards women\sempowerment. Within the net day after the minting of the project took down its official Instagram account.Moderators on discord still encouraged members to buy more NFTs. Within 3 days all social media channels were deleted.The transactions that evolved on/chain appear to be undertaken by professionals since transfers and cash/outs between more than 20 wallets have been detected. Block Data Reference   Miss Universe NFT token address:  https://etherscan.io/token/0a048c212449c68eaaf866309c1202db7ab512c5c   Token creator addresses (Scammer): 1)  https://etherscan.io/address/08831569a68dcb1e1091f86443ac75214f8f95a86 Some of the intermediary wallet address:2)  https://etherscan.io/address/00171a1e4cc0b2e5170c93bf155670e2c223d6a0e3)  https://etherscan.io/address/0992ec9e34faa0b9975409b6c4789368e6ad2925f4)  https://etherscan.io/address/083e657aa83c649cdff5b2ffd7a363ec6f0e25c355)  https://etherscan.io/address/03bd3de20a6dba974affcbbb4f4397f70fe1011f6<a href= https://etherscan.io/address/03bd3de20a6dba974affcbbb4f4397f70fe1011f6  Sample of cash out transactions:1) https://etherscan.io/t/0e475a5774698a8db0e97f8eff5722df4fa1c7cef0b827c1b600cb31df035ee522) https://etherscan.io/t/03442786129a4d39b8f2287c74a726ef132be90ecbb1a0c45825863f5e3da96c8,2021-12-12 0:00,2021,360000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,NFT,CA
633,EOSCast,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/61261.htm (2) https://www.reddit.com/r/eos/comments/9s1j/eoscast_been_attacked_where_have_70000_eos_flowed/,,The hacker &quot refundwallet&quot tried to attack the EOSCast game contract &quot eoscastdmgb1&quot . The hacker first used the &quot fake EOS&quot attack method to conduct 8 transfer attacks but failed and then successfully attacked 9 times by using the &quot fake EOS transfer variant&quot . According to the rules of the game hackers launched attacks with 100 1 000 and 10 000 fake EOS. Each attack can get 198 9 800 19 600 EOS. When the last attack was carried out the game party noticed an abnormal attack and transferred it in time. After leaving the remaining 8 000 EOS in the bonus pool in the end the hacker made a total of 72 912 EOS.,2018-10-31 0:00,2018,361900,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
877,Hype Bet Finance,REKT,https://de.fi/rekt-database/hype_bet_finance,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #100 / Cake Lock $LOCK (0x5f3bb338aE09a5A15CEB3D0E9E5194B404b95A1b) Reason: This project is being run by serial scammer @Techwithyani. Likeliness of losing all funds: 50% of the presale is already gone. we recommend you to move out. DYOR. #WARONRUGS?… https://t.co/QABACS6yRe"" (archive.ph)",,The project was holding a fundraising event using a Proy smart contract:  https://etherscan.io/ts?a=03f9560721d4a613d3a0f528fe871f0537a8e990c&amp;p=31  The contract deployer minted tokens and transferred them to the Proy smart contract:  https://etherscan.io/t/0d29090c06a2da8db658781994c822f266509bd3d04cc6ae34d340def85cbcef5  https://etherscan.io/t/0e7606055f5149e207362c8eda80f90123d4b0182c825ed5bb94a00170b7367f6  The initial liquidity was added through the Proy smart contract using 721.78 ETH at:  https://etherscan.io/t/09e49739d2f97081722395ffe14183fc6c00633ed7bccd8ea879ede41f12c3917  The rest of ETH. raised on the presale was distributed between different External addresses:  https://etherscan.io/t/033db0e0174ca25cf4580740247be2be845107bef9e7e55edbaa8cfb809653339  https://etherscan.io/t/065dbf80b76336f08449cfb0511ac77cd03dcf349796a9621fe9546e3fd62b2f7  https://etherscan.io/t/098fdb11f7e8f467f1e1dfc298517e4afaa35206b747a2a72d390bd5699cd2bfc,2020-11-30 0:00,2020,363854,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Dapp,P
1049,xSTABLE Protocol,REKT,https://de.fi/rekt-database/xstable_protocol,,,(1) https://tokeninsight.com/en/news/peckshieldalert-stable.protocol-appeared-rug-pull (2) https://twitter.com/PeckShieldAlert/status/1557189912403005440,,Quick SummaryThe STABLE Protocol was Rug pull scamed by its team.&nbsp; Details of the exploit  data-v-51e0c2ec=  >Stable claimed to be a new form of a synthetic commodity that operates with a free float that over a longer-term achieves stability and forms a volatility hedge across a basket of cryptocurrencies as well as fiat currencies.  data-v-51e0c2ec=  >The Stable Protocol token price has dropped by 98% after the team removed all traces of the eistence of their project on the Internet. During the creation of the pair. the team added $70 ETH:  data-v-51e0c2ec=  > https://etherscan.io/t/04e329c949703aac1e74588c6bc84c5f18296b68a988dbbe71bfbd0d75f74de28&nbsp;  data-v-51e0c2ec=  >The community started buying tokens and liquidity increased to 303 $ETH in 2 days. After enough funds were added into the liquidity pool. the team began to swap $ST for $ETH. taking a profit of $233 ETH. Block Data ReferenceInvolved addresses:&nbsp;- Scammer address (A). contract creator:  https://etherscan.io/address/0cee3101c0a8167f083f34b95a2f243c9b0bef6a6 Involved contracts:- Liquidity Reserver:  https://etherscan.io/address/0dc958664bc528a55723740b2f32f11ca8b601c83- Stabilizer:  https://etherscan.io/address/016a17e12031db06932cd3b2eb7450112b7c91289- Presale:  https://etherscan.io/address/079d25fb416bd9364f4dc0a9c2839b6ecd1fbaa27- Liquidity:  https://etherscan.io/address/07a90d4c425b3492dc119a46655149ad71ef027db Transactions:- Pair contract creation:  https://etherscan.io/t/04e329c949703aac1e74588c6bc84c5f18296b68a988dbbe71bfbd0d75f74de28<span style=,2022-09-08 0:00,2022,366975,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
364,Force DAO,REKT and SlowMist,https://de.fi/rekt-database/force_dao,https://hacked.slowmist.io/search/,,(1) Eplained: The ForceDAO Hack (April 2021) (halborn.com). (2) https://cryptobriefing.com/millions/drained/forcedao/attacks/white/hat/returns/funds/,, The DeFi quantitative hedge fund Force DAO posted a blog stating that it was responsible for the previous attack and has implemented procedures to ensure that any such incidents are mitigated in the future. A total of 183 ETH (about 367 000 U.S. dollars) worth of FORCE tokens were ehausted and liquidated in this attack. REKT: ForceDAO was exploited by one white hat and four black hat hackers.  The white hat hackersaddress:  https://etherscan.io/address/0f88a427c5bf29acf58497c0088cbf7ca9836b7b2  The black hat #1 hackersaddress:  https://etherscan.io/address/09d9c3695c54601929cd72d34a52935268eb9b00b  The black hat #2 hackersaddress:  https://etherscan.io/address/0e29a07002c7be4299b51a2892799cc4a372994dd  The black hat #3 hackersaddress:  https://etherscan.io/address/00608576ea47b265f1f16b8b8383d0508f703a0cb  The black hat #4 hackersaddress:  https://etherscan.io/address/000000b20f0f6a3a212aa6b85106709cd5941457c  The root cause: 1. The exploited FORCE vault is a fork of the SUSHI contract. which assumes that a failed transfer will result in a reversion.  2. The token used in ForceDAO is an Aragon Minime token that returns false if a call to the <u>transferFrom()</u> function fails.  The ForceDAO hackers took advantage of this vulnerability: if a deposit into the FORCE vault fails. the deposited tokens will remain in the sender’s wallet. However. on the vault’s side. the sender will receive FORCE tokens in exchange because the code assumes that if it’s still running after the transfer. that the transfer went through successfully.  Black hat #1: / minted FORCE:  https://etherscan.io/t/0df05020d5d3c3a975627ce29f24b4eb8ccb8807f9f9c9aa05e644c61fe5f0141  / withdrew FORCE. using minted FORCE:  https://etherscan.io/t/03b60252b36d2de2930a64f360926bfcba44d12ff44719de3c6dd486b9dafe118  / sold FORCE:  https://etherscan.io/t/003c84e3f7d9c117260a49bab6bd9cb1b2d7e1cbc6d9362e74c10ef6d48a987e6  Black hat #2: / minted FORCE:  https://etherscan.io/t/07df2fe63dfb43676a13146060d36ded98779092e0f7c9fd46caf18b791d4b9fd  / withdrew FORCE. using minted FORCE:  https://etherscan.io/t/0e7be5bf25b0ea9fad2fd51021f4a51e5099cf4c91c2ffef94547072fe25ca8d1  / sold FORCE in multiple transactions:  https://etherscan.io/address/0e29a07002c7be4299b51a2892799cc4a372994dd  Black hat #3: / minted FORCE multiple times:  https://etherscan.io/t/037b44d5dbbe9c1dd75223e15977153234e8a4dbbbab2495cdcc531f44bf6e3d0  https://etherscan.io/t/06202403f9fc418fcc464d714753ef49893c174a3da714784251ce03898b34f00  https://etherscan.io/t/05a27ee4140741fce2dd21ae642a74e95bd3de0df17ba7ae5d9ffc475574135f8  / withdrew FORCE. using minted FORCE:  https://etherscan.io/t/02616ae9fb59e2cbae848208daa3d0f63530b74a8a4e5c6099ee1b858fdc732a8  / sold FORCE in multiple transactions:  https://etherscan.io/address/00608576ea47b265f1f16b8b8383d0508f703a0cb  Black hat #4: / withdrew FORCE. using minted FORCE:  https://etherscan.io/t/08aedc3d1eaef0d63f026dec48d845dfcba2d74211998acb5d19929e4bc020317  https://etherscan.io/t/0ef10be2cbb33ff810cf07bd9195596556485f767744afbb93dfeb5717775ebb6  / minted FORCE multiple times:  https://etherscan.io/t/0ef10be2cbb33ff810cf07bd9195596556485f767744afbb93dfeb5717775ebb6  https://etherscan.io/t/0f8352e968503efbbd0ad24173c87d5d9b009adf74bdfdf5df4519be6e4911e39  https://etherscan.io/t/0c4abacc3987280fcd97a4dad1459c7a811550589357a9c5ec36f6b783a898106  / sold FORCE in multiple transactions:  https://etherscan.io/address/000000b20f0f6a3a212aa6b85106709cd5941457c  / later. funds were returned:  https://etherscan.io/t/04d535b8c68dd7f03e99a3a350d5df7ef0c6a3e0b2edd4f5601637711b960b793,2021-04-04 0:00,2021,367000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
771,Cauldron and Avalanche,REKT,https://de.fi/rekt-database/cauldron_and_avalanche,,,Cauldron Flashloan Attack / Blog / Web3 Security Leaderboard (certik.com),,Quick SummaryThe biggest flash loan attack on Avalanche in 2022 was detected. The attacker took 370.000 $USD after interacting with several assets. Details of the exploitThe attacker interacted with Cauldron. Aave. JoeSwap. and Curve for various purposes. The attacker used a malicious smart contract with an unverified source code to withdraw 998.000 $nUSD using LP tokens worth 500.000 $USDC. The full attack flow of the exploit transaction succeeded as follows:&nbsp; &nbsp;1. The attackers malicious contract flashloaned 51.000.000 $USDC from Aave&nbsp; &nbsp;2. 280.000 $USDC were swapped to $WAVA with JoeSwap&nbsp; &nbsp;3. liquidity was added using claimed $WAVA and 260.000 $USDC so 0.0045 JoeLPToken was received&nbsp; &nbsp;4. The remaining 50.460.000 $USDC were swapped for $WAVA on JoeSwap and it changed the reserve of the pool&nbsp; &nbsp;5. The attackers contract called the updateexchangeRate function on the CauldronV2 smart contract. which changed the exchangeRate variable according to the previous JoeSwap poolsreserve amount&nbsp; &nbsp;6. The attackers contract deposited 0.0045 JoeLPToken to the CauldronV2 and 998.000 $nUSD were withdrawn from DegenBo. Because of the manipulated exchangeRate variable. the attacker was able to take that amount for 500.000 $USD worth JoeLPTokens&nbsp; &nbsp;7. The remaining $WAVA were swapped back for 50.426.896 $USDC on the previous JoeSwap pool&nbsp; &nbsp;8. Consequently. Curve.fi and other pools were used to swap 998.000 $nUSD for 970.010 $USDC&nbsp; &nbsp;9. The 51.025.500 $USDC for the flash loan were paid back to Aave&nbsp; &nbsp;10. The profit amounted to 371.406 $USDC and were transferred to an EOA address. Block Data ReferenceCauldronV2 vulnerable contract: https://snowtrace.io/address/0e767c6c3bf42f550a5a258a379713322b6c4c060exploit transaction: https://snowtrace.io/t/00ab12913f9232b27b0664cd2d50e482ad6aa896aeb811b53081712f42d54c026Attacker address: https://snowtrace.io/address/069992a2e5d6ec031ab16733975110f0b43a0b1afAttacker smart contract: https://snowtrace.io/address/016b94c6358fe622241d055811d829281836e49d6DegenBo contract: https://snowtrace.io/address/00b1f9c2211f77ec3fa2719671c5646cf6e59b775Stolen funds sent to: https://snowtrace.io/address/08ec74e6f9627d445f546cdc606a35a3334378381,2022-06-09 0:00,2022,370000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Lending,P
1,Nereus,SlowMist,,https://hacked.slowmist.io/search/,,https://medium.com/nereus/protocol/post/mortem/flash/loan/exploit/in/single/nusd/market/343fa32f0c6,, AVA/USDC Joe LP NUSD was attacked by flash loan  hackers made 371 000 USDC,2022-09-06 0:00,2022,370935.08,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
714,opyn,REKT,https://de.fi/rekt-database/opyn,,,Opyn Hacks: Root Cause Analysis. Started at 09:25:54 AM +UTC… | by PeckShield | Medium,,The eample transaction of the attack: https://etherscan.io/t/0d06378b73536e7718895069a5219855774d362db47312dc304dfd4b6e39ef000 This exploit was carried out by using <u>eercise</u>() function with more than two vaults containing ETH as the underlying asset. Because the implementation interprets the same batch of ETH as many batches of ETH receptions. the hacker re/uses that batch of ETH to recover the collateral USDC and profit. Opyn allowed anyone to eercise a vault with underlying assets and oTokens. By burning the oTokens and taking in the underlying assets. the Option Contracts payout collateral assets to the caller of <u>eercise</u>(). The Opyn ETH Put contract must take in the underlying assets and burn oTokens inside the <u>_eercise</u>() method before paying out collateral assets. The <u>transferFrom</u>() function is used to transfer assets from the msg.sender to address(this). which is a very typical approach. When the underlying asset is ETH. the treatment is completely different. In Solidity. msg.value refers to the amount of ETH carried by the current transaction that would be collected by the smart contract with a payable interface (in this eample. <u>eercise</u>()).,2020-04-08 0:00,2020,371260,Contract vulnerability,Undetermined,Technical vulnerability,Target,Derivatives,P
237,Ploutoz Finance,REKT and SlowMist,https://de.fi/rekt-database/ploutoz_finance,https://hacked.slowmist.io/search/,,https://twitter.com/peckshield/status/1463113809111896065?s=21,,"Ploutoz Finance  the BSC loan agreement  was attacked. Hackers made a profit of 365 000 US dollars  and the agreement suffered even greater losses. The hacker manipulated the oracle price of DOP tokens and used DOP as collateral to lend assets such as CAKE  ETH  BTCB  etc. After that  the hackers used ParaSwap and PancakeSwap to trade for BNB and then transferred to Tornado.Cash. REKT: The attacker's address:
https://bscscan.com/address/0x2f618493b9ff77d61426e4dbf3b844666a6b315e
The transaction behind the attack:
https://bscscan.com/tx/0x7fe46c2746855dd57e18f4d33522849ff192e4e26c74835799ba8dab89099457
The attacker:
/ flash loaded 1.000.400 BUSD from PancakeSwap BNB/BUSD pair
/ swapped 1.000.00 BUSD for 570.234 DOP tokens to push the price up
/ swapped 400 BUSD for 8.841 DOP
/ borrowed 86.921 BUSD. 85 CAKE. 18.000 DLOOY. 18 ETH. 1.69 BTCB. 89.000 USDT on Ploutoz Finance using pumped DOP as collateral
/ reversed swap and repaid the flash loan.
The hack is made possible due to the price oracle manipulation of DOP. ",2021-11-23 0:00,2021,372441,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
30,PREMINT,REKT and SlowMist,https://de.fi/rekt-database/premint,https://hacked.slowmist.io/search/,,https://www.panewslab.com/zh/articledetails/j5hz0v9c.html,,"The NFT access list tool PREMINT issued an alert through its official Twitter  because some users reminded that the tool  s website was hacked  and the collections of NFT collectors have been stolen. Subsequently  the blockchain security company SlowMist confirmed that the PREMINT website was attacked by hackers. Hackers carried out phishing attacks by implanting malicious JS (JavaScript) files in the website  deceiving users to sign the transaction of &quot set approvals for all&quot   thereby stealing users. of NFT assets. The attack lost about 280 ETH in total  amounting to $381 818  making it one of the biggest NFT hacks of the year. REKT: Quick Summary
Users of the PREMINT NFT platform transferred approval rights to the hacker instead of logging into the platform due to a malicious code. uploaded by the hacker. $375k worth of NFT's were stolen by the hacker.

Details of the Exploit
PREMINT is an NFT service intended to help project creators build access lists for new NFT projects based on various qualifications.
The PREMINT's platform website was attacked by a hacker utilizing a malicious JavaScript code.
When users tried to log into the platform. they instead signed over all approvals of their wallet to the attacker. The attacker proceeded to exploit affected wallets and send NFTs out of famous collections such as Murakami.Flowers. Kaiju Kingz and Azuki to a variety of his own wallets. Below a number of transaction made by the attacker:
https://etherscan.io/tx/0xc705b6add99f1bcffeb07bddf39406d34e8bfdb278eead2320a1e59015ab0662
https://etherscan.io/tx/0x81d49fc3cc37409fc7a0a0adb43be57f998c5faf24b79c9aa1a3843a9bba25a8
https://etherscan.io/tx/0x78607d70ef50db5ad506ae529b2c778fc96d31c62c23b190ba9784e49effb4ab
A majority of the funds were aggregated in this wallet (https://etherscan.io/address/0x99aeb028e43f102c5776f6b652952be540826bf4). As the time of this writing 284 $ETH have been laundered through Tornado.Cash.",2022-07-17 0:00,2022,375000,Instant user deception,Undetermined,Imitation,Intermediary,Other systems,
917,MetaFinanceDAO,REKT,https://de.fi/rekt-database/metafinancedao,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an #exitscam on copycat project @MetaF_DAO (FD) with a slippage of over &gt;88%. Approx ~373k has been taken. Bsc:0xb5723edf367583b28f123dd436eef343f013d36b Disclaimer: Not to be confused with other projects with the same name. Stay vigilant! https://t.co/KZACD4NXC6"" / Twitter",,Quick SummaryMetaFinanceDAO was Rug pull scamed by the token deployer/related address. The scammer drained the liquidity for 380.300 $USD. Details of the exploitMetaFinanceDAO is a copycat token and can tbe confused with other tokens with the same name and symbol. The token deployer sent $FD tokens to an EOA address. which drained 380.000 $USD worth of liquidity. The stolen funds were transferred to another EOA address. Block Data ReferenceScammer address: https://bscscan.com/address/0d7dc8314552a3394d3b46c6bc0f72182b669d09b Relation proof transactions: https://bscscan.com/t/0bfb7968bf5171961580d40b950fc0d62d6b2fa82e06cbbc14eff4edc1beaf051 https://bscscan.com/t/079a102f7d7113b96762cfeb075de98b67a2656e8ca9b4d465ed0efe7acaba897 Liquidity drain transactions: https://bscscan.com/token/055d398326f99059ff775485246999027b3197955?a=0d7dc8314552a3394d3b46c6bc0f72182b669d09b,2022-10-12 0:00,2022,380300,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
808,Dollar,REKT,https://de.fi/rekt-database/dollar,,,https://archive.is/TpCS5,,Quick SummaryDollar token was rug pulled. The token deployer removed liquidity and took away 382.660 $USD. Details of the exploitDollar is a BEP20 token. and can tbe confused with other tokens with the same name. The token deployer removed liquidity for the total amount of 382.660 $BUSD.&nbsp; Block Data ReferenceScammer address: https://bscscan.com/address/09b5c721715fd9abaeabcb64e89b777c06adee4a1 Removal transaction: https://bscscan.com/t/04f81f454ad6dba8190d0cab9fbc48383ba54d6e2086120fd38d187e4a4c9fb43,2022-09-26 0:00,2022,382660,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
173,Wegrocoin,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/PeckShieldAlert/status/1486500426174189573,, The project Wegrocoin (WEGRO) on BSC suffered a Rug Pull and lost more than 1000 BNB.,2022-01-26 0:00,2022,383020,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1122,Cezar Hard Fork,REKT,https://de.fi/rekt-database/cezar_hard_fork,,,https://twitter.com/PeckShieldAlert/status/1592708485724372992?s=20,,"Quick Summary
Cesar Hard Fork was rugpulled by the token deployer for over 398.748 $USD. The scammers used the privileged mint function.

Details of the Exploit
Cesar Hard Fork is a BEP20 token trading on PancakeSwap. There are two copycat tokens with related deployers. Both $Cesar tokens were rugpulled by the deployers. rewardHolders() privileged function allowed to mint an unlimited amount of $Cesar tokens to the contract owner. Consequently. pools were drained. The stolen funds accumulated in a single EOA address. and reached 1.212 $BNB in total which is worth 398.748 $USD at the moment. The accumulated amount was transferred through TornadoCash. Cesar Hard Fork is not a single project of the scammers.

Block Data Reference
Scammer addresses:
https://bscscan.com/address/0xdb783c187d251e47543d8b37050432f7f4a83b83
https://bscscan.com/address/0x4925b8e1215a3135508053d5713767b578da8726
Funds accumulated address:
https://bscscan.com/address/0x2bb4edcf2619e958dcf6827b28b2f54c8cf7c119
Drain transaction example:
https://bscscan.com/tx/0x4818130976ba4bcea3fb93e884fac000aca5764d35cd7d84baaba9b3bfe7381f",2022-11-16 0:00,2022,398748,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
899,Leverage x,REKT,https://de.fi/rekt-database/leverage_x,,,x,,The project was holding a fundraising event using TokenSale smart contracts:  https://etherscan.io/address/00e98f782ea6e0e80a919801e35ed35013d3f26ad#code  https://etherscan.io/address/0efb433255a52c3080bd9b106245723cd37c24e97#code  The final fundsrecipient from the presale was the contract deployer:  https://etherscan.io/address/00e98f782ea6e0e80a919801e35ed35013d3f26ad#internalt  https://etherscan.io/address/0efb433255a52c3080bd9b106245723cd37c24e97#internalt  (469.83 ETH raised in total)  The contract deployer added initial liquidity using 200 ETH at:  https://etherscan.io/t/04b1fac41d1f3167ac2743fa6daa23b12f9ce07ed452e86c5713ec07fb0907e4f  The contract deployer locked LP tokens until 27.11.2021 at:  https://etherscan.io/t/0da44dc8e2647dd35df922d6aaafa675c6bb5007d48405738291d237dee804dbf  The rest 269.83 ETH was distributed between other External wallets.&nbsp;,2021-02-25 0:00,2021,399855,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Yield,CP
221,WePiggy,REKT and SlowMist,https://de.fi/rekt-database/wepiggy,https://hacked.slowmist.io/search/,,Incident Report for WePiggy — OEC Protocol CHE Market Abnormal Liquidation | by WePiggy.com | Medium,,At 5:21 (UTC+8) on December 15  2021  the WePiggy/OEC agreement made a short/term error in the CHE oracle  which caused the price of CHE in WePiggy to be much higher than the market price  resulting in abnormal liquidation for users who borrowed CHE assets. Calculated at the price at the time of the incident  the total loss of user assets is approimately US$400 000. REKT: WePiggy/OEC protocol eperienced a short/term error in the CHE oracle. causing the CHE price in WePiggy to be much higher than the market price. and resulting in abnormal liquidations for users who borrowed CHE assets. Based on prices at the time of the incident. the total loss of user assets was approimately US$400.000.  The price of CHE surged from the normal US$0.28 to a maimum of US$33.486.904.70  All abnormal liquidating transactions:   https://www.oklink.com/zh/cn/oec/t/0e9651ee34f1141a26f41eda222caa499f355e5b7c503eff8946a764eb7245295  https://www.oklink.com/zh/cn/oec/t/007727fba60b9f1218bb5cd12e3607232c6ee8225aa7ae443121b37ba2e90f3c9  https://www.oklink.com/zh/cn/oec/t/0ab489d069cf05168ec33fdd0a758bc542eb2e05dfa69f2da5c01a54c9a6f5319  https://www.oklink.com/zh/ cn/oec/t/0ec53bc8dc606ae03e4431c3f1154719d51e0f665ac55d26d31658460377a0122  https://www.oklink.com/zh/cn/oec/t/09b1c3aef45f5c2f4eb1a12f9cd592dd238546d602a8b96a36f1a0835a7af9fe8  https://www.oklink.com/zh/cn/oec/t/07ad59f192d5079a9968310a0636edd3c9a4d474309489a16cce63e1a812ca82e  https://www.oklink.com/zh/cn/oec/t/077e49db8a73532ac05ef2cd8811a8a33e1937aa137d57a92ec04e22e7b4c95d2  https://www.oklink.com/zh/cn/oec/t/0b39401131776e010ab5f3705b6d88d6eb626c1f7d65bd797890469dd6610116c  https://www.oklink.com/zh/cn/oec/t/057b7c6564b117c6ffb61bf9f12b8d6e20be2d5657afd5fee7aa7b8ad811151ab  Affected user addresses:  015B8a631c3EaE390C9A4948046a93cF0e30dA07C 076179cc14A11c7aD82BC988EF0EbFd4f5fa69d40 053a8ba050EFb5f4d800711B157CF85E8C7C09e73  List of lost funds: 1.78975414 BTC 2.221780053 ETH 301.310.5381 USDT 173.6123858 OKT,2021-12-15 0:00,2021,400000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
601,BlackWallet,REKT and SlowMist,https://de.fi/rekt-database/blackwallet,https://hacked.slowmist.io/search/,,(1) https://www.reddit.com/r/Stellar/comments/7q9g31/statement_blackwallet_hacks_update/?ref_source=embed&ref=share (2) https://twitter.com/orbit054/status/952368665206427653 (3) https://stellarchain.io/accounts/GBH4TZYZ4IRCPO44CBOLFUHULU2WGALTAVESQA6432MBJMABBB4GIYI ,,User orbit84 posted on Reddit that a hacker entered his hosting provider account and changed the DNS settings to his own hosted version of BlackWallet. The attacker s wallet seems to have accumulated about $400 000 worth of cryptocurrency and its market value has almost tripled in the past month. In a statement the founder of BlackWallet claimed that the open source online &quot star wallet&quot BlackWallet had been hacked. REKT: A DNS hijack has led to hackers withdrawing $400.000 worth of Stellar Lumen (LM) coins from wallets hosted by Blackwallet.co without users’ permission.  As multiple sources reported. attackers took control of BlackWallet’s hosting server. changing settings to allow code to run which automatically sent customer balances over 20LM to an address under the hackers’ control.  The hackerswallet:  https://stellarchain.io/address/GBH4TZYZ4IRCPO44CBOLFUHULU2WGALTAVESQA6432MBJMABBB4GIYI,2018-01-13 0:00,2018,400000,Instant user deception,DNS attack,Imitation,Intermediary,Other systems,
939,Nut2Earn,REKT,https://de.fi/rekt-database/nut2earn,,,"CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing a #rugpull on project Nut2Earn. symbol $NUT. Approximately ~$410.000 has been taken after an initial analysis. More details to come! https://t.co/ukKiXzIkaI Stay safe out there! https://t.co/PTOlnFaj1u"" / Twitter",,Quick SummaryThe $NUT token has been rug pulled by its team. The team made away with $410k in profits. Details of the exploitThe token deployer created contract in this transaction:  https://bscscan.com/t/06aaa5241988cd6ee8a89e0aea7cdab15ba58b10e7157ca926d3634696b2232a0The team involved in this scam made approimate profit of $410k. Block Data ReferenceInvolved addresses:/ Scammer address. token deployer:  https://bscscan.com/address/0935fb7c2eac68a62018e3defafd9a1b30eb62343,2022-08-16 0:00,2022,410000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Dapp,P
316,RAI Finance,REKT and SlowMist,https://de.fi/rekt-database/rai_finance,https://hacked.slowmist.io/search/,,https://medium.com/rai/finance/hacker/has/returned/part/of/the/rai/stolen/due/to/a/loophole/in/the/chainswap/contract/9b1161eafc51,, RAI Finance  a cross/chain transaction protocol based on the Polkadot blockchain issued a post stating that due to the vulnerability of the ChainSwap smart contract  the RAI access and payment permission addresses connected to it were also hacked and stolen. The total amount of stolen RAI in the account reached 2.9 million. On July 5  Rai Finance tweeted that after investigation by the team  hackers had returned 2.2 million RAIs to ChainSwap Deployer. The total loss caused by this incident was reduced to 670 000 RAI. REKT: To connect the liquidity between ERC20 and BSC. RAI Finance has been using Chainswap to ensure the liquidity between both blockchains.  RAI Finance reserved 2.9M RAIs to an address 09D4D377cFd6466Fe03e3cCbB266DC0ac235CcDe3. and this address automatically approves the spent access to the Chainswap’s bridge contract.  The Chainswap smart contract for RAI spend access has been exploited on Jul/03–2021 12:39:18 AM +UTC. from the contract address 00e128fb9f266f0cfedeb3b789f6fd4af50d51b84 which has access up to 2.9M RAIs in total at the account.,2021-07-03 0:00,2021,414013,Contract vulnerability,Undetermined,Technical vulnerability,Target,Bridge,INT
1034,Unlock Protocol,REKT,https://de.fi/rekt-database/unlock_protocol,,,https://unlockprotocol.notion.site/Sunday-November-21st-2021-Incident-Update-a8e05ba111284d5ba43872fa5f00bccb,,"The private key of Unlock Founder & CEO was compromised. This key had been used to deploy the Unlock contract on xDAI and Polygon previously and was able to upgrade them.

Ownership was transferred at:
xDAI:
https://blockscout.com/xdai/mainnet/tx/0x12f0a54b0d5eb595c217377ff0432069f9bee8c3a1a60f8e55459047d008bda8

Polygon:
https://polygonscan.com/tx/0xe3b852c9570588f475cff7c1d5f9d57ecfb9faaa65676da9e3ac87abf314a1a3

xDAI:
1. 20.000 Tokens were stolen from Unlock contract:
https://blockscout.com/xdai/mainnet/tx/0x6e9cbe9508f6d21e921aff0b6765a7bfecee5dd6eca43460a24d84a87fa13904

2. Out of the 20.000 tokens that were stolen. 19.980 UDT were transferred by the attacker to the xDAI bridge:
https://blockscout.com/xdai/mainnet/tx/0x9241dcbf6cc7e700ebe8bc44762b27dea862c1a48fb8cd062b4b83da19724448

3. Tokens were burnt on xDAI. transferred on Ethereum. and sold on Uniswap:
https://etherscan.io/tx/0x966c9cda072a0a2d609aa143ced55f1759730a33388a6979e0b5424f5a9efd54

Polygon:
1. 30.000 tokens were stolen from the Unlock contract:
https://polygonscan.com/tx/0x91a74c7b550c4e538e84b94697ee442a03ff35738b278bb5dda69684c1bbd5a4

2. 10.000 UDT were transferred to the Polygon Bridge:
https://polygonscan.com/tx/0xc5527097f93c2964c97a7c6e1f3b404d900210f8388f181e367a659caf5cb6b6

3. The attacker transferred another 20.000 tokens. the token recipient then transferred them to the Polygon Bridge:
https://polygonscan.com/tx/0x687e7742a338b65a7d907965f92ea95788edf5b517ff1d908e57ff6429f91fe1",2021-11-21 0:00,2021,416125,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
1117,BGE,REKT,https://de.fi/rekt-database/bge,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an #exitscam on BGE (BGE) Contract BSC: 0xbD7afa932F59F0e451D57BA523bA379e7545a4b3 Which has dropped &gt;88% Not to be confused with projects of similar name &amp; symbol The deployer sold tokens for approximately ~$426K in profit Stay safe! https://t.co/VY9N3iSfgV"" / Twitter",,"Quick Summary
The token deployer sold off BGE that had been preminted to their address on PancakeSwap. 
 
Details of the Exit scam
13M of the BGE were preminted to the token’s deployer address in the contract’s creation transaction. 
The deployer dumped 705.000 BGE on PancakeSwap in 23 transactions having gained $426.892.
Block Data Reference
The deployer address:
https://bscscan.com/address/0xcdf77769ab5abf61097969417789101913e1c2d8 
Example sell transactions:
https://bscscan.com/tx/0xb54485b09bf1d86d5091adc586af492a57ed8eabc90bafdea8b5cc73e28b82d7
https://bscscan.com/tx/0x3ac49ba765703bc03e4bb3c52220332feb142d2968f52d32a025f82a3dd42a9f
https://bscscan.com/tx/0xabcd55d399bfb15a1c841989261d023a23aef224e3d77d31067256d61ec15d3b ",2022-12-01 0:00,2022,426892,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1131,Fair Token,REKT,https://de.fi/rekt-database/fair_token,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing an #exitscam on project Fair Coin (Fair) Contract bsc:0xC5C24Cb9177A130128Fb15b0B0a74a502974F379 Which has dropped ~94.68%. Approx. $326K has been taken so far. Stay vigilant! https://t.co/OJJYRyK3FR"" / Twitter",,"Quick Summary
Fair Token was rugpulled by the deployer-related address. 428.872 $USD was drained from the liquidity pool.
Details of the Exploit
Fair is a BEP20 token trading on PancakeSwap. The token deployer sent 180.000.000 $Fair tokens to an EOA address. Which received additional 52.000.000 $Fair tokens from other addresses and drained the liquidity from the pool. The scammer was able to siphon 428.872 $USD in total. All the stolen funds remain at the scammer's address at the moment.

Block Data Reference
Scammer addresses:
https://bscscan.com/address/0x224bc6579c62d003a3353dc4a41a5d79b039be6c
https://bscscan.com/address/0x7972aba9f0236ded31b193729b636bac5581b6d6
https://bscscan.com/address/0x79203eaf041b39327bb7f06e7380cba7ac4647a3

Token transfer transaction:
https://bscscan.com/tx/0x659eddc54f8e74b383aa58bf6b6d5c7ab8cf49320c62c104d0b9d6e5b4067f60",2022-11-10 0:00,2022,428872,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
196,HEGE,REKT and SlowMist,https://de.fi/rekt-database/hege,https://hacked.slowmist.io/search/,,"The ""centralized"" drinking of the ""decentralized field"" quenches thirst. HEGE Coin and SHELL running away event analysis (qq.com)",,On June 12 the price of the HEGE token plummeted by more than 97%. The current loss amount is approimately $429 000. REKT: ,2022-06-12 0:00,2022,429000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
277,Dot Finance,REKT and SlowMist,https://de.fi/rekt-database/dot_finance,https://hacked.slowmist.io/search/,,https://medium.com/@Knownsec_Blockchain_Lab/knowsec/blockchain/lab/dot/finance/flash/loan/security/incident/analysis/98f7b5707a15,, Polkadot Eco DeFi revenue aggregator Dot.Finance suffered a lightning loan attack. Dot.Finance  s token PINK plummeted 35% in a short time  from 0.77 USD to approimately 0.5 USD. The attacker made a profit of 900.89 BNB (approimately $429 724 in total). REKT: Team announcement: Someone took advantage of an opening that was set in our contracts in preparation for a future PINK farm on PancakeSwap.  The user deposited CAKE tokens and made the system believe the farm eisted. The deposited tokens was mistaken by the vault as yield which was rewarded back to him as PINK tokens when he withdraw his funds.  By the time we disabled all of our contracts. this person had managed to withdraw tokens. which he later on sold on the market.  Dot Finance Team identified the configuration exploit and enabled our contracts for complete operational form.  There was no need to upload new contracts as there was no breach in contracts. There was no need to eamine the protocol as there was no exploit in our protocol. We suffered from an exploit in configuration. which is now closed.  These days. our contract is going through a new audit. and we are working on shifting to the Kusma network (an update on that will be published soon).  Dot Finance team knows and understands that these kinds of events can cause stress and uncertainty. We want to emphasize our responsibility for every token deposited on our system and doing our 100% to keep our community funding safe. which we did and will keep doing in the future. Thank you for the support and understanding and for going back with full force towards our future destination.  . ,2021-08-25 0:00,2021,429724,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
119,MaxAPY Finance,SlowMist,,https://hacked.slowmist.io/search/,,"PeckShieldAlert sur Twitter : ""#PeckShieldAlert #Rug pull scam PeckShield has detected @MaAPYFinance rugged. https://t.co/Dnd1uynM3 $MaAPY dropped 67%. @MaAPYFinance already deleted its social accounts/groups. MaAPY contract owner transfers ~ 1.042 $BNB (~$440k) https://t.co/T2kzYSoFb7 @pinkecosystem https://t.co/AG3RvKQ3"" / Twitter",, A Rug Pull occurred in MaAPY Finance  an automatic pledge protocol on BNB Chain and its official Twitter account and Telegram group have been deleted. MaAPY contract owners have transferred 1 042 BNB.,2022-04-20 0:00,2022,439572.91,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Staking,CP
1087,Pills for Sale (Fake),REKT,https://de.fi/rekt-database/pills_for_sale_(fake),,,"#WARONRUGS? on Twitter: ""? Scam Advisory #81 - (FAKE) https://t.co/hvbo8Pp3mq $PILLS (0x38710A11b17Ca49362F461cBE2713491716b4B2b) Reason: Regular scam token spoofing real names where you cannot sell. Likeliness of losing all funds: Absolute DYOR. #WARONRUGS?… https://t.co/ZtvUslTHTN"" (archive.ph)",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x80464b808fd4ae02c5950cdcbcc8321034b88c42ae49f6f8cb98db4aa20d0585  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0xbd5e38b18dba9eaf6f43e343ee0e8394cf59dc24dbb26c49d3d7f6994e3f9904,2021-01-17 0:00,2021,447069,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
1048,xdef finance ,REKT,https://de.fi/rekt-database/xdef_finance_,,,https://defifinance.medium.com/def-relaunch-with-proper-audit-d9fade806692,,Many users noticed that the project tokensrebasing function was always negative. As a result. they were losing tokens in which they had invested. The project also made use of the mint function. which was managed via an EOA wallet: https://etherscan.io/t/0365a45f816c396f704938c77260968013e5ff38dc474a10a88f11459df33e100 Another warning flag is a proy contract. The owner sold a large number of tokens at this transaction: https://etherscan.io/t/016a0abbe9e32f668a2ee254c786da7878a0958aff9669fb6e69e8ffa166e0e9f After that. the team began to justify themselves on the projectsTwitter account.,2021-01-05 0:00,2021,449690,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Yield,CP
1103,Snowflake,REKT,https://de.fi/rekt-database/snowflake,,,"PeckShieldAlert sur Twitter : ""#PeckShieldAlert Our community contributor has reached out to us &amp; reported Snowflake finance rugged https://t.co/B5z1TTsaQC Its social media gone &amp; web down $354k stablecoins mainly sit in https://t.co/KrtjfmMqlD &amp; https://t.co/2IEUFFYC6H $154k on polygon https://t.co/QF4SVEcYQo https://t.co/qxcfzABKlG"" / Twitter",,"Quick Summary
Snowflake finance was rug pulled. An EOA address was able to remove liquidity from the Snowflake pools for a total of 468.000 $USD due to the backdoor functionality in the protocol. 
Details of the Exploit
The Snowflake Exchange protocol is a single-side AMM (decentralized exchange) designed for
exchanging stable cryptocurrencies (USDT. USDC. DAI).
All protocols contracts are built using a Proxy upgradability pattern. In that case. the project admin has the ability to change implementation anytime. All project liquidity pools have a privileged caller with the role of ""pool"". Currently. the pool has unverified implementation and exactly this contract was used for the rug pull. 

Block Data Reference
Scammer addresess:
https://bscscan.com/address/0x198C258B3BeE99CED4E1e3CECfCAE3D5eD481Db6
https://polygonscan.com/address/0x37fb3B6F911F9d2AAd643e2Bc275eC6AC7781A28
https://bscscan.com/address/0x74016af21F6A0bCe08fBc8bca5f352d705125b18#tokentxns
https://bscscan.com/address/0x37fb3b6f911f9d2aad643e2bc275ec6ac7781a28#tokentxns

Liquidity drain transactions:
https://bscscan.com/tx/0x3f4510867ecf743b6e6674ec570d1750ac77f35b4c621bb74c63b88dbd4615a9
https://bscscan.com/tx/0x538498d63c342db94d0014403b4d4d30afaf659578a8b7099eefa7f1bb7c0b95
https://bscscan.com/tx/0xd8efdc86e8791b15a13b9e79ebf6d0776f978d36cf6e98cb40ac357906bed511
https://bscscan.com/tx/0xab6bad65be1bc2d25b6f22e52c84899aa3dc8af2b72843097da874d4784bb0c8",2022-12-30 0:00,2022,468000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
204,Arbitrage Robot Token,REKT and SlowMist,https://de.fi/rekt-database/arbitrage_robot_token,https://hacked.slowmist.io/search/,,Report: over $160 Million Lost in DeFi exploits and Scams in September | by DEFIYIELD.App | Oct. 2022 | DEFIYIELD Official Blog,,Quick SummaryThe Arbitrage Robot Token projectstoken $RBTR price dropped by over 96% after the Staking contract was exploited. Details of the exploitArbitrage Robot Token is a platform that provides arbitrage opportunities. The projectsStaking contract was hacked because of security issues after a week of deployment. The attacker used a couple of deployed smart contracts with unverified source codes in order to drain all $RBTR tokens in the staking contract. After stealing the funds. the attacker sold 10.088.644 $RBTR tokens for 472.459 $USD on PancakeSwap which dumped the token price by more than 96%.,2022-09-08 0:00,2022,472459,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
959,Pump Farm,REKT,https://de.fi/rekt-database/pump_farm,,,"(1) #WARONRUGS? on Twitter: ""?? Your wallet might have been compromised if you used PumpFarm $PPF before it rug pulled. Owner has been caught stealing thousands through malicious allowance that have been set during the lifespan of the website. Used PPF? Please revoke allowances on https://t.co/g8NcHztBEw"" (archive.ph). (2)  https://archive.ph/iAAAi",,The contract deployer interacted with the 3rd party malicious unverified smart contract that received infinite approval for spending the usersapproved tokens. He invoked the <u>setMigrator</u>() function at the following transaction:  https://etherscan.io/t/0cacef01fb0b75344864a2666dcd94ffacb0e70ec241811af962f85328ab30864  This contract called <u>migrate</u>() function multiple times. Eample transaction:  https://etherscan.io/t/088e788afd3e0efb5d4cc7e49c977075b6c25fed6ad270e8c664d26404142c164  Migrated LP tokens were removed from the liquidity pool at:  https://etherscan.io/t/0eb99cfe73e3d61d9e8e07cb74d4efa87db4a695f03760de7c9c992be3a5d3bfe  In addition. the contract deployer has minted 10q PPF tokens onto his wallet:  https://etherscan.Io/t/0a7ca31dbb91f19d57e5797c6ab6970be3414c63563d3e16c1e8fcc8304699d77  After. 1 billion PPF tokens were exchanged for 220.60 WETH:  https://etherscan.io/t/06d455a00f300c75152b0d6ecc1b2825c4be3b71df50f613adbb3ba6e1802c483 Stolen funds were deposited to the Tornado Cash at these 8 transactions to cover up the tracks:  https://etherscan.io/address/00ef1a03cfdbcfbe0ddcff99bc663c9842efe1eaa,2020-11-12 0:00,2020,477544,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
496,NULS,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/hackers/grab/nearly/480k/from/blockchain/platform/nuls,,The well/known public chain NULS suffered a hacker attack and lost nearly $480 000 worth of NULS tokens. The SlowMist security team analyzed and found that the reason for the attack was that there was a loophole in the NULS transaction signature verification algorithm. The hacker bypassed the signature verification by using a carefully constructed transaction  transferred the tokens of the team account  and then some tokens were thrown into the market.   At present  major exchanges have suspended the deposit and withdrawal of NULS. After the attack  the official urgently checked the problem  carried out problem repair and code testing  and then released a new version of the program  and scheduled a hard fork at the height of 878000 (about noon on December 25th  Beijing time) to freeze other tokens that have not flowed into the market.,2019-12-23 0:00,2019,480000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Blockchain,DLT
370,HSO,REKT and SlowMist,https://de.fi/rekt-database/hso,https://hacked.slowmist.io/search/,,https://www.wu/talk.com/html/kuaiun/2021_1052.html,,The oracle project HSO on the Huobi Eco/Chain HECO carried out IDO and ran away with 30 000 HT. The website and TELEGRAM could not be opened. Later under the full promotion of HECO core code contribution team Star Lab HECO technical community and HECO White Hat Security Alliance 24823 HTs have been recovered.,2021-03-10 0:00,2021,481800,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Oracle,INT
159,RigoBlock,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://twitter.com/RigoBlock/status/1494351180713050116. (2) https://twitter.com/danielvf/status/1494317265835147272,, RigoBlock has been hacked. All tokens in Dragos except ETH and USDT are at risk due to protocol vulnerabilities being exploited. The hacker  Whitehat  has returned funds to the affected RigoBlock pool  leaving only 10% of the bug bounty reward.,2022-02-17 0:00,2022,483577.73,Contract vulnerability,Undetermined,Technical vulnerability,Target,Blockchain,DLT
1041,WanderVerse NFT,REKT,https://de.fi/rekt-database/wanderverse_nft,,,https://www.elliptic.co/hubfs/NFT%20Report%202022%20-full.pdf,,The contract deployer withdrew all deposited ETH after the NFT mint event: https://etherscan.io/t/05b75f9bdc8a480c35976b1098dd9afddd51bc061a1b3c7f5ea0b257c6adfad79 https://etherscan.io/t/07cdb35a1bf723c6bb395b5bffd27a60fa965b3ada33a3d3ed7a76ec755440414 Stolen funds were deposited into Tornado Cash mier: https://bloy.info/ts/transfers_from/0b9542fc056821d242d4c8a47d7ebfd22545d1ead?currency_id=1,2022-03-08 0:00,2022,484887,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,NFT,CA
918,MetaverseToken,REKT,https://de.fi/rekt-database/metaversetoken,,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? 1/ We have seen a suspicious flashloan which has caused a #slippage on project MTDAO (MT) Contract bsc: 0x2f3f25046Ea518d1E524B8fB6147c656D6722CeD Which has dropped ~90% https://t.co/wxLgofzdOh"" / Twitter",,Quick SummaryMetaverseToken was exploited by a flash loan attack. The attacker profited 487.042 $USD and sent the stolen funds to other EOA addresses. Details of the exploitMetaverseToken is BEP20 token trading on PancakeSwap and can tbe confused with other tokens with the same MT symbol. The attacker took a flash loan for 406.405 $BUSD and used the funds to exploit $MT token. The attacker was able to withdraw 893.447 $BUSD after some operations and paid back the flash loan. The total profit of the hacker reached 487.042 $USD. The stolen funds were distributed between other EOA addresses. Block Data ReferenceAttacker address: https://bscscan.com/address/0d0665538e599b02cdb565edb0a38813a88b31d9e Malicious contract: https://bscscan.com/address/0561d38206dd390e173b6236e6a2316687dfc31a9 Malicious transaction: https://bscscan.com/t/0b1db9743efbc306d9ba7b5b892e5b5d7cc2319d85ba6569fed01892bb49ea499,2022-10-16 0:00,2022,487042,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,FT,CA
1144,MTDAO,SlowMist,,https://hacked.slowmist.io/search/,,Beosin: The MTDAO project's unsourced contract suffered a flash loan attack and lost nearly $50.<> - PANews (panewslab.com),,The unopened contract 0xFaC064847aB0Bb7ac9F30a1397BebcEdD4879841 of the MTDAO project party was attacked by a flash loan. and the affected tokens were MT and ULM. with a total profit of 487.042.615 BUSD. The attacker used the functions 0xd672c6ce and 0x70d68294 in the unopened contract to call the sendtransfer function in the MT and ULM token contracts to profit (because they are both deployed by the project party. the unopened contract 0xFaC06484 has minter permission).,2022-10-17 0:00,2022,487225.26,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
620,Fomo3D,SlowMist,,https://hacked.slowmist.io/search/,,https://www.apriorit.com/dev/blog/556/fomo3d/vulnerability,,The EOS Fomo3D game contract suffered an overflow attack and the cash pooling became negative.,2018-07-23 0:00,2018,487308.58,Contract vulnerability,Integer overflow,Technical vulnerability,Target,Dapp,P
1095,Stable Yield Credit,REKT,https://de.fi/rekt-database/stable_yield_credit,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $yCREDIT FAKE ONE 0x8b57319da5b35fe95920cef465d0796e924fe8d4"" / Twitter",,The contract owner could disable the transfer function. which restricted users in selling their tokens.  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0xed3fb3f24bebbfee5ec056eab0214b0837fa5b55374cbc956e74fe45c81ae84b  The liquidity was removed by the contract deployer at:  https://etherscan.io/tx/0x17527fedddde0939d15279a959abf7f5ee0fda68a1dd63d8d62438132afd3ebc  The token contract is unverified.,2021-01-05 0:00,2021,494001,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
805,DMC Token,REKT,https://de.fi/rekt-database/dmc_token,,,https://web.archive.org/web/20220629083038/https://twitter.com/CertiKAlert/status/1540585021953769472,,At the inception of the project 520m DMC tokens were minted. The scammer received 100m DMC by the contract deployer. The scammer waited 25 days for the project to accrual value before he started dumping the DMC tokens and etracting nearly 500k $BUSD in ill/gotten gains in the process.,2022-06-25 0:00,2022,497386,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
145,BAYC,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/wilburforce_/status/1504437189979119622,, According to a report by Twitter user Will Sheehan  the arbitrage bot took out more than 6w APE Coins (worth $8 each) through flash loans. After analysis  it was found that this was related to a loophole in the airdrop mechanism of APE Coin. Specifically  whether APE Coin can be airdropped depends on whether a user holds the instantaneous state of BYAC NFT  and this instantaneous state attacker can manipulate by borrowing a flash loan and then redeeming to obtain BYAC NFT. The attacker first borrows BYAC Token through flash loan  and then redeems to obtain BYAC NFT. Then use these NFTs to claim the airdropped APE  and finally use the BYAC NFT mint to obtain BYAC Token to return the flash loan.,2022-03-17 0:00,2022,500000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,NFT,CA
328,SharedStake,REKT and SlowMist,https://de.fi/rekt-database/sharedstake,https://hacked.slowmist.io/search/,,https://medium.com/immunefi/sharedstake/insider/exploit/postmortem/17fa93d5c90e,,The Ethereum 2.0 staking solution SharedStake released an attacked report stating that the reason the SharedStake token was minted before the official launch was due to the use of vulnerabilities in time/locked contracts (that is smart contracts that perform certain operations at a fied time) by internal personnel. The vulnerability was submitted to the team by the white hat Lucash/dev on April 26. Because a team member had permission to view the vulnerability he used the vulnerability to cast a value of about 50 on the main network four times on June 19 and 23. Ten thousand USD tokens were sold and mortgaged after the official launch. Although there is not enough evidence the core members of SharedStake suspect that it was the work of a new team member. REKT `: Some members of the SharedStake core team claimed that a SharedStake insider. who was given access to the bug report of critical timelock vulnerability by the SharedStake team. appears to have used the vulnerability to exploit the SharedStake contracts four times for approximately $500.000 on June 19 and June 23.,2021-06-23 0:00,2021,500000,Internal theft,Contract vulnerability exploit,Human risk,Target,Staking,CP
374,SeascapeNetwork,REKT and SlowMist,https://de.fi/rekt-database/seascape_network,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/229955.html,,"The game ecosystem platform SeascapeNetwork stated that the private key of an early investor was stolen after the token was released today which led to hackers obtaining 18 750 CWS in the investor s wallet. According to Etherscan data verification this address has changed all CWS to ETH and then recharged it to the Ethereum mixing platform Tornado.Cash several times which is close to 330 ETH which is equivalent to USD 500 000. REKT : The hacker's address:
https://etherscan.io/address/0xf52772f51e00b1f5532517a6aa1776fc9d7c5a3d According to the gaming ecosystem platform Seascape Network. an early investor's private key was taken after the token was released. resulting in hackers getting 18.750 CWS in the investor's wallet. This address. according to Etherscan data. has converted all CWS to ETH and then deposited it to the Tornado Cash mixer at: https://bloxy.info/txs/calls_from/0xf52772f51e00b1f5532517a6aa1776fc9d7c5a3d?signature_id=994162&smart_contract_address_bin=0x905b63fff465b9ffbf41dea908ceb12478ec7601",2021-03-01 0:00,2021,500000,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
426,Aion Network,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/certik/dissects/the/aion/network/incident/and/subsequent/price/crash,,Cointelegraph reported that on November 2  a project called Aion Network launched the token AN and was hacked a few hours after it was hacked. 79 billion AN were minted and sold to the market. The token price was almost zero. The hacker made a profit of 1 300 ETH  or about $500 000.,2020-11-02 0:00,2020,500000,Internal theft,Malicious code injection ,Human risk,Target,Blockchain,DLT
501,VinDAX,REKT and SlowMist,https://de.fi/rekt-database/vindax,https://hacked.slowmist.io/search/,,https://www.theblockcrypto.com/post/46408/little/known/asian/crypto/exchange/vinda/got/hacked/lost/half/a/million/usd/worth/of/tokens,,Vietnamese cryptocurrency exchange VinDAX has been hacked  losing at least $500 000 in cryptocurrency. REKT: VinDAX. a little/known cryptocurrency exchange in Vietnam. has been hacked. resulting in the loss of half a million USD in cryptocurrencies.  VinDA has lost funds via 23 cryptocurrencies. The admin declined to share further information but said: We have made a full recovery from this attack. without providing details.,2019-11-08 0:00,2019,500000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
695,Enigma,REKT and SlowMist,https://de.fi/rekt-database/enigma,https://hacked.slowmist.io/search/,,Hackers nab $500.000 as Enigma is compromised weeks before its ICO | TechCrunch,,Enigma. a decentralized platform that was preparing to raise money via a crypto token sale. had its website and a number of social accounts compromised with the perpetrators netting nearly $500.000 by sending out spam. Enigma. which was started by a group of MIT graduates. did not lose any money from the attack. Whoever orchestrated it grabbed money from the Enigma community. people who joined the company’s mailing list. or a Slack group of over 9.000 users to learn more about its ICO in September. The hacker posted Slack messages. altered the website. and spoofed emails to a community list that were made to look official and urged money to be sent to their crypto wallet. That’s netted the hacker 1.492 in Ether (worth $494.170.68). according to Etherscan: https://etherscan.io/address/029d7d1dd5b6f9c864d9db560d72a247c178ae86b Users on Reddit found that Enigma CEO Guy Zyskind’s email was accessed by the hacker. His email had been part of hacking of different services in the past and had been dumped on the internet. but seemingly Zyskind had not taken the time to change the password: https://www.reddit.com/r/ethtrader/comments/6v0vei/warning_enigma_website_and_slack_probably_hacked/,2017-08-21 0:00,2017,500000,Instant user deception,Social media compromission,Imitation,Intermediary,Other systems,
1030,Union Capital,REKT,https://de.fi/rekt-database/union_capital,,,https://archive.ph/U31bp#selection-3011.0-3017.1,,The project was holding a fundraising event using TokenSale smart contract: https://etherscan.io/address/087b5ef63fa5579b40875b66c68cd485656b86259#code 1000 ETH were raised on the token sale: shorturl.at/svwF4 The Initial liquidity. using 500 ETH from the token sale was added: https://etherscan.io/t/0fd1e40f95a2105187909b35f343fd53089d67d7dc772019e41b4db947ada58a6 Tokens were bought for (10 + 10 + 20 + 100 + 50) ETH: https://bloy.info/t/02e97605ce1887d4085e2a429cc6fe19f462089783992c9847c24b53781a7a895 https://bloy.info/t/0c2a3c840ae5b880590b5be8625b5128e78a779d910ee947751ae6beb111865f6 https://bloy.info/t/0d5fa35af7bac271bec9e9a35f63ff49557d70e05866cbf108baf1bd77574f42d https://bloy.info/t/02d3f3bb0df21a6393b27f036710b8e9fae98b59e909248ca1eb96be30c551165 https://bloy.info/t/012354f0daa941c487efc7de745f4010b4519d970cd0ba1b3e624ceae866aa818 83.6 ETH were drained by removing the liquidity: https://bloy.info/ts/calls_from/0ca8b324d02f1718041d0024136280e7e45e48b88?signature_id=1137786&amp;smart_contract_address_bin=07a250d5630b4cf539739df2c5dacb4c659f2488d https://bloy.info/ts/calls_from/0ca8b324d02f1718041d0024136280e7e45e48b88?signature_id=1102188&amp;smart_contract_address_bin=07a250d5630b4cf539739df2c5dacb4c659f2488d,2021-02-10 0:00,2021,500000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,CeFi,
333,Visor Finance,REKT and SlowMist,https://de.fi/rekt-database/visor_finance,https://hacked.slowmist.io/search/,,Visor Beta — Incident Report. On Saturday. June 19th we discovered… | by Visor Finance | Medium,,The Visor Finance smart contract a DeFi liquidity protocol based on Uniswap V3 was withdrawn with 230 ETH in an emergency and the attacker gained access to an account that manages certain Hypervisor management functions and then transferred the funds to Tornado.cash. REKT : The attacker had obtained access to an account that managed some of the Hypervisor admin functions. The attacker was able to withdraw funds from deposits that had not yet been allocated to LP positions. The withdraw amounted to $500k.  Treasury funds were used to restore the token amounts withdrawn to each user. restoring position values.,2021-06-19 0:00,2021,504845,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Yield,CP
312,Umbrella Network,REKT and SlowMist,https://de.fi/rekt-database/umbrella_network,https://hacked.slowmist.io/search/,,https://twitter.com/UmbNetwork/status/1414073273495687171,,According to official sources  the DeFi oracle Umbrella Network was stolen over 3 million UMB tokens due to a loophole in the ChainSwap contract of the cross/chain asset bridge. REKT: REKT: The hackers attacked Chainswap’s contracts and stole a little over 3 million $UMB tokens on ETH from the Chainswap vault. which was the entirety of the UMB tokens available there. The hackers also managed to mint an additional 20 million in UMB tokens on the BSC side but did not manage to sell them before all UMB tokens there were frozen.  The transactions the hackers have made:  https://docs.google.com/spreadsheets/d/1KLpMvhypikrcNph7NAimeFdyPbRK1rrw/6yAcREqa4/edit?usp=sharing,2021-10-07 0:00,2021,505060,Contract vulnerability,Undetermined,Technical vulnerability,Target,Oracle,INT
875,HUT,REKT,https://de.fi/rekt-database/hut,,,"CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing a #rugpull on $HUT after the price dropped over 90%. The rugpuller sold 10.150 HUT Tokens obtained from the initial distribution for 509K USDT in an unverified USDT/HUT pool. BSC:0x95914A07749D7EBbfA36753c3781371C45b2Db27 Stay vigilant! https://t.co/TlQVr8BkxP"" / Twitter",,Quick SummaryThe $HUT token has been rug pulled by its team. The team made away with &nbsp;$509k in profits. Details of the exploitThe team sold 10150 $HUT tokens in the initial distribution. earning 509k $USDT on this. Block Data ReferenceInvolved addresses:/ Scammer address (A). token deployer:  https://bscscan.com/address/06a5d9cae9630a509291cab7ec6b07973e8efa162/ Scammer address (B). :  https://bscscan.com/address/0b75664b6a4310e82238d9f69a8b9365be03794cc/ Scammer address (C). :  https://bscscan.com/address/020e79a18f64f324c7bb39002cd19b9f903370767,2022-08-20 0:00,2022,509000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
332,PolyDEX,REKT and SlowMist,https://de.fi/rekt-database/polydex,https://hacked.slowmist.io/search/,,https://polyde.medium.com/pl/locker/smart/contract/incident/post/mortem/75342124a3e8,,The Polygon ecological project PolyDE had a hacking incident. The hackers carried out a reentry attack on the Token Locker smart contract and stole about $500 000 worth of funds from the project. REKT: The attackersaddress:  https://polygonscan.com/address/08a0a1eb0bae23e4e95608e3aad7fa25b0d907c6c  The transaction behind the attack:  https://polygonscan.com/t/06b3f057683083d7f0a25e4d3898ca68308cfe2335878143466f84b3003ebe3a2  The attacker performed the re/entrance attack on the Token Locker smart contract. The contract itself does not have an issue with standard ERC20. but since the PL token is ERC777 standard. there will be <u>tokenReceived</u>() callback event every time method <u>transfer</u>() triggered. The attacking smart contract deployed by the hacker has included the <u>unlockAll</u>() trigger repeatedly (40 times) in the event. so he was able to unlock more than the amount he locked in before.  The attacker: / locked 15.711.384 PL in the Locker. received 15.711.384 fPL/ unlocked all 15.711.384 fPL from the Locker. received 1.184.289 PL/ in the <u>tokenReceived</u>() called <u>unlockAll</u>() function/ repeated previous step 40 times.  Stolen tokens were sold on USDC. which then were bridged on Ethereum:  https://polygonscan.com/t/0e02124b1a2fa3c4d7f0bad162f06c96688f5911951010063ac7f65ef4b6bd1ad,2021-06-20 0:00,2021,511144,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Exchange,P
299,Array Finance,REKT and SlowMist,https://de.fi/rekt-database/array_finance,https://hacked.slowmist.io/search/,,https://blocksecteam.medium.com/the-analysis-of-the-array-finance-security-incident-bcab555326c1,,The DeFi project Array Finance was attacked by a lightning loan. The attacker used Array Finance s pricing mechanism to rely on aBPT s totalSupply to attack Array Finance. Officials stated that the attacker made a profit of about 272.94 ETH worth about $515 000. REKT: The attacker:  https://etherscan.io/address/013370353f69665f36eb0a708f828c50dc23604af  The transaction behind the attack:  https://etherscan.io/t/0a17bbc7c9ab17aa88fdb5de83b41de982845e9c9c072efff6709dd29febf0daa  The attacker: / flash loaned DAI. USDC. WETH. WBTC on Aave  / invoked the <u>buy()</u> function of Array Finance. The attacker gained 430 ARRAY tokens minted by Array Finance using 45.91 WETH  / invoked the <u>joinPool()</u> function of a closed source contract (Array Collater / 0a800cda5f3416a6fb64ef93d84d6298a685d190d) five times  / deposited 676.410.58 DAI + 679.080.46 USDC + 901.82 WETH + 20 WBTC + 20 renBTC and gained 726.38 aBPT tokens minted by Array Collater  / invoked the <u>sell()</u> function to burn 430 ARRAY tokens and got 77.17 aBPT tokens  / invoked the <u>eitPool()</u> function of the Array Collater  / burned 804.55 aBPT tokens obtained in previous steps and obtained 748.271.55 DAI + 751.225.08 USDC + 997.62 WETH + 22.63 WBTC + 22.74 renBTC  / repaid the flash loan.  The attacker exploited the vulnerability: the price mechanism of the Array Finance depends on the <u>totalSupply</u> of the aBPT token. which is manipulatable.,2021-07-18 0:00,2021,516391,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
655,BetDice,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/71797.htm (2) https://mp.weiin.qq.com/s/WyZ4j3O68qfN5IOvj3MOg,,Rollback transaction attack.,2018-12-19 0:00,2018,522000,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
469,Balancer,REKT and SlowMist,https://de.fi/rekt-database/balancer,https://hacked.slowmist.io/search/,,"Hao sur Twitter : ""Apparently this happened an hour ago. someone used dyd flashloan(again) and drained unclaimed COMP in several balancer pool. making 10.8 ETH profit in the process. Thread incoming. https://t.co/TeJZZSSycE"" / Twitter",,According to DeBank Twitter  hackers once again used dYd's lightning loan to attack the COMP trading pair in Balancer  s part of the liquidity pool  and took away the unreceived COMP rewards from the pool to make a profit of 10.8 ETH  which is about $2408. REKT: The transaction behind the attack:  https://etherscan.io/t/0013be97768b702fe8eccef1a40544d5ecb3c1961ad5f87fee4d16fdc08c78106  The attackersaddress:  https://etherscan.io/address/0bf675c80540111a310b06e1482f9127ef4e7469a  The attacker: / borrowed a flash loan (104.331 WETH) from dYd  / performed multiple <u>swapEactAmountIn</u>() calls within the same transaction to drain the STA balance in the attacked Balancer pool. <u>swapEactAmountIn</u>() sets the limit on the swap amount. i.e.. <u>inRecord.balance</u> * <u>MA_IN_RATIO</u>. The attacker calculated the limit and swapped the maimum allowed amount of WETH for STA via a flurry of operations. The result of performing the above swaps is to intentionally left 1e/18 in the Balancer pool  / by sending in 1e/18 STA into BPool via <u>swapEactAmountIn</u>(). the attacker swapped out 30.347 WETH in the first run. In internal records for book/keeping. <u>_records[STA]</u> is increased by <u>tokenAmountIn</u> (i.e.. 1) before the BPool contract actually collects the corresponding STA tokens from the <u>msg.sender</u>  / the <u>_pullUnderlying</u>() function collected the STA tokens. Note: STA is a deflationary token that charges shown 1% on every token transfer. Because of the transfer fee cut. the Balancer pool actually got zero STA tokens. Therefore. there’s a mismatch between the actual STA balance of BPool and its internal records (i.e.. <u>_records[STA]</u>)  / The <u>gulp</u>() is exploited to reset the <u>_records[STA]</u>. which helps the attacker to maintain the state that BPool has only 1e/18 STA  / repaid the flash loan back to dYd.,2020-06-28 0:00,2020,523613,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Exchange,P
140,REALSWAK,REKT and SlowMist,https://de.fi/rekt-database/realswak,https://hacked.slowmist.io/search/,,https://twitter.com/PeckShieldAlert/status/1506187501609775107,,The NFT project REALSWAK has a Rug Pull  and its official social account (@REALSWAK) has been cancelled. Scammers have transferred 1 300 BNB to the TornadoCash mier. REKT : The NFT project REALSWAK rug pulled.  The contract deployer removed all liquidity at:  https://bscscan.com/t/0c079f43a29ad6e616a9dfdcd10304102d5e78416a478878aaddd20a28b552410  Stolen funds were deposited into Tornado Cash mier:  https://bscscan.com/ts?a=06b51df1a9b82cb1219229a4ac78baaac3035776c,2022-03-22 0:00,2022,526968,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,NFT,CA
217,Visor Finance,REKT and SlowMist,https://de.fi/rekt-database/visor_finance,https://hacked.slowmist.io/search/,,https://medium.com/visorfinance/post/mortem/for/vvisr/staking/contract/exploit/and/upcoming/migration/7920e1dee55a,,Uniswap V3 liquidity management protocol Visor Finance was hacked again. Hackers took advantage of the loopholes to withdraw more than 8.8 million VISRs and sold them on Uniswap  causing the VISR tokens to plummet by nearly 95% and profit over 120 ETH through Tornado Cash. Money laundering. According to SlowMist analysis  this attack is due to a flaw in the RewardsHypervisor contract when checking the permissions of the user's recharge  causing the attacker to construct a malicious contract to arbitrarily cast mortgage credentials. Prior to this June  Visor Finance was also hacked and lost more than US$500 000. REKT: The attacker:  https://etherscan.io/address/08efab89b497b887cdaa2fb08ff71e4b3827774b2  The transaction behind the attack:  https://etherscan.io/t/069272d8c84d67d1da2f6425b339192fa472898dce936f24818fda415c1c1ff3f  exploited contract:  https://etherscan.io/address/0c9f27a50f82571c1c8423a42970613b8dbda14ef#code  The problem:  Deposit function calls delegatedTransferERC20 function on any contract from parameter from without any restrictions. this function call opens ability for reenter target contract. After calling delegatedTransferERC20 function deposit was called a second time. This lead to minting double share amount. In addition. there is no check for the from parameter. so the called contract can do nothing. and the function can be called with any value for visrDeposit parameter.  Minted share tokens were withdrawn and exchanged for VISAR tokens. Then the attacker sold them in liquidity pair on Uniswap and deposited them into Tornado Cash mier:  https://etherscan.io/address/08efab89b497b887cdaa2fb08ff71e4b3827774b2#tokentns   https://bloy.info/ts/calls_from/08efab89b497b887cdaa2fb08ff71e4b3827774b2?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967,2021-12-21 0:00,2021,529929,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
174,InfinityToken,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://coincodecap.com/infinity/token/rugged/more/than/1390/wbnb. (2) https://twitter.com/PeckShieldAlert/status/1486153486005727235?s=20,,Rug Pull occurred in the BSC ecological InfinityToken (INF)  which lost more than 1390 WBNB.,2022-01-26 0:00,2022,538180.75,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
83,Feminist Metaverse,REKT and SlowMist,https://de.fi/rekt-database/feminist_metaverse,https://hacked.slowmist.io/search/,,https://twitter.com/FM_Token/status/1526945914061049856,,The Feminist Metaverse project on BNB Chain was attacked. The attackers have transferred 1838 BNB to Tornado.cash  about $540 000. REKT: On May 18th. Feminist Metaverse’s FmToken contract was exploited for about 1838 BNB. Attacker transaction:  https://bscscan.com/t/0fdc90e060004dd902204673831dce466dcf7e8519a79ccf76b90cd6c1c8b320d&nbsp;Attacker address:  https://bscscan.com/address/0aaA1634D669dd8aa275BAD6FdF19c7E3B2f1eF50Attacker contract:  https://bscscan.com/address/00B8d752252694623766DfB161e1944F233Bca10FVictim contract:  https://bscscan.com/address/0843528746F073638C9e18253ee6078613C0df0f1 exploit step by step:1) Attacker directly receives FmToken that is not credited to the liquidity pool using skim function of the SakeSwapPair contract.2) Attacker transfers 10 FmTokens tokens into an attacking contract to prepare for a subsequent attack.3) Attacker calls the attack contract. where it cyclically transfer FmToken to the attackersaddress. thereby triggering the operation of transferring tokens from the FmToken contract to SakeSwapPair and. finally. transferring them to the attackersaddress through the skim function.4) Multiple transfers of small amounts of FM token to their own address using the created attacker contract 00B8d…a10F.5) Since the FmToken contract balance has reached the standard 150.000 token for transferring to SakeSwapPair. each transfer triggers line 920 to increase the balance of FmToken &nbsp;to SakeSwapPair. SakeSwapPair thus has a difference between token balance and reserve SakeSwapPair thus has a difference between token balance and reserve.6) Then attacker calls the skim() function in SakeSwapPair to etract the difference in token balance to his own address.7) Using PancakeSwap attacker swapped FmToken for BNB,2022-05-18 0:00,2022,540000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Dapp,P
895,Kper Network,REKT,https://de.fi/rekt-database/kper_network,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""$KPER Contract Sneak Peek Clone of Keep3rV1 (KP3R The minting function can be called by governance which right now is a ordinary ethereum address So they can mint unlimited number of tokens ... Stay vigilant !!!!… https://t.co/NZqZoT2Ltp"" (archive.ph)",,The contract deployer invoked <u>setGovernance</u>() function at:  https://etherscan.io/t/0ecaf79cfe196e1567f21ed00e86c6917580c152d36aa77a132de0eaf3b5ede79  The value in the transaction was the External address. which was privileged to use such functions as <u>mint</u>():  https://etherscan.io/t/0138d8e6a870788a3680279d401371cee73acefec9ddf7cc2579bb4c7f494b3e1  https://etherscan.io/t/047f53a6aa3461a788ffd9168aeac8eb3135f92f8fa3572264589b9d96348b29c  The minted tokens were sold by the External wallet at:  https://etherscan.io/t/0b4a01b32a11c11438f4110ca93e5f18cba7962d50ea73ea1bf2a6b0245a042d6  https://etherscan.io/t/0a4bd2c5b8f58b99b0a7a966d8fea78848893431830952d10617342c97dce57e1,2020-10-31 0:00,2020,541755,Rug pull scam,Hidden mint function,Malicious use of contract,Perpetrator,FT,CA
616,ZenCash,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://blog.horizen.io/zencash-statement-on-double-spend-attack/ (2) https://www.crowdfundinsider.com/2018/06/134560-zencash-cryptocurrency-hacked-in-51-attack/,,The ZenCash encountered a 51% cyber attack or double/spend attack at around 8:26 PM on June 2nd (June 3rd 00:26 UTC). This attack resulted in the loss of Zen encrypted tokens worth approimately US $550 000. The ZenCash team responded immediately and implemented preventive mitigation measures which greatly increased the difficulty of future cyber attacks.,2018-06-02 0:00,2018,550000,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
709,Merlin Labs,REKT,https://de.fi/rekt-database/merlin_labs,,,Rekt - Merlin Labs - REKT 2,,The attackersaddress: https://bscscan.com/address/0f6f6cc59ca893bd11180654b285b1a0652fca36a The transaction behind the attack: https://bscscan.com/t/0664cbe3af9d7627819e1955a90d777d6cf492021eede057bc52686186da192e5 The second attack took advantage of a mistake in their new <u>priceCalculator</u> that mispriced only BAND.,2021-05-27 0:00,2021,550000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
758,BNB HEROES,REKT,https://de.fi/rekt-database/bnb_heroes,,,Once popular play/to/earn game BNB Heroes rug pulls after a period of inactivity from the team (web3isgoinggreat.com),,The contract owner removed liquidity from the main token pair at: https://bscscan.com/t/0e7d7f444aeeecf20b4b6fbb06652fff1573921232118360e91655c97ae923576 The rest of the tokens were dumped at: https://bscscan.com/t/0ae461edfb539b822bf750b27843a857bf900af742ef4325b0474213c2ee8fb5a https://bscscan.com/t/01dd4b70f388ebefe3499bf9a668ef7a2351e509cda26f7ec4c7ba9c3b6cb9e59 https://bscscan.com/t/02aaef863c2c6d18b751da391588a4a1160a3aff4ebc12c7c28d1969263adabe6 https://bscscan.com/t/091f03917a2875cc2b6c689dc0ad26a8d73608d657126067c72437b545be828f4 https://bscscan.com/t/02545685fe84d331d486e040b770241bd970ebe2db2ea8aa1a73d5cba395e8993 https://bscscan.com/t/0552166f9348f37254fdd3cd0e08800d72c412a5a204121c7fc7e17acf65a123e,2022-01-18 0:00,2022,561284,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
527,Bitsane,REKT and SlowMist,https://de.fi/rekt-database/bitsane,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/eit/scam/dublin/based/exchange/bitsane/vanishes/with/users/funds,,According to Forbes on June 27  Bitsane  an Irish cryptocurrency exchange  disappeared without a trace last week  had lied to as many as 246000 users. REKT: Bitsane. an Irish cryptocurrency exchange. has apparently vanished in a multimillion/euro fraud. Over 100 people have lost between €5.000 (~$5.700) and €132.000 (~$150.000).  Bitsane reportedly went offline on June 17 and its Twitter and Facebook accounts have also been deleted. On June 19. one Twitter user posted that he can’t withdraw RP from Bitsane:  One user named Shane Johnson. who claims to be “a US Army veteran.” tweeted that he is missing over $7000 worth of crypto in Bitsane:  https://twitter.com/MrShaneson/status/1143943208398983168  Another user from India. named Vikas Tak. tweeted that Bitsane closed their exchange “without any notice” and that he is unable to recover his 6.400 RP tokens:  https://twitter.com/VikasTa96623196/status/1143760208222494720,2019-06-17 0:00,2019,570000,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,CeFi,
1013,The Micro Elements,REKT,https://de.fi/rekt-database/the_micro_elements,,,https://twitter.com/CertiKAlert/status/1579707616002908160,,The Micro Elements project was Rug pull scamed for the total amount of 573.223 $USD. The deployer-related EOA drained liquidity from the PancakeSwap pair.,2022-10-11 0:00,2022,573223,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
241,MetaPool,SlowMist,,https://hacked.slowmist.io/search/,,https://mp.weiin.qq.com/s/bqSAwKQn9ZN79r6cELIi9w,,The Nerve cross/chain bridge MetaPool was attacked. This attack was an exploit of the logical vulnerabilities of fUSDT and UST MetaPool on the Nerve cross/chain bridge BSC  causing the fUSDT and UST liquidity in the Nerve staking pool to be ehausted  and the attacker made a profit of about 900 BNB . The attacked contract code Fork is from Saddle.Finance.,2021-11-15 0:00,2021,579593.25,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Bridge,INT
787,DAO_Officials,REKT,https://de.fi/rekt-database/dao_officials,,,"(1) Beosin Alert on Twitter: ""Beosin EagleEye reported that $DAO @dao_officials was exploited in a number of Ts. The attacker 000a62eb08868ec6feb23465f61aa963b89e57e57 has profited 581.250 $BSC/USD. https://t.co/0NaHTyVhkl"" / Twitter (archive.org). (2) https://web.archive.org/web/20220905143723/https://twitter.com/CertiKAlert/status/1566614948230340609",,A flash loan attack was made on the project. DAO_Officials. The hacker managed to get a profit of $581k.,2022-09-04 0:00,2022,581250,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
4,DaoSwap,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/BlockSecTeam/status/1566606770650300416,, On September 5th  DaoSwap lost 580 000 USDT in an attack that allowed users to set the inviter’s address as themselves due to mining rewards that were larger than the fees charged during the swap process and lack of verification.,2022-09-05 0:00,2022,581257,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
711,Nerve Finance,REKT and SlowMist,https://de.fi/rekt-database/nerve_finance,https://hacked.slowmist.io/search/,,(1) Eplained: The Synapse and Nerve Bridge Hacks (November 2021) (halborn.com). (2) https://blocksecteam.medium.com/the/analysis/of/nerve/bridge/security/incident/ead361a21025,,The attacker: https://bscscan.com/address/0d5476194bdc298b6981f5414b693363f94d69228 The transaction behind the attack: https://bscscan.com/t/0ea95925eb0438e04d0d81dc270a99ca9fa18b94ca8c6e34272fc9e09266fcf1d The attacker: / borrowed 50.000 BUSD using a flash loan from Fortube / swapped 50.000 BUSD for 50.351 fUSDT from Ellipsis / invoked the swap function of MetaSwap to swap 50.351 fUSDT for 36.959 Nerve 3/LP with a relatively big slippage / invoked the <u>removeLiquidityOneCoin()</u> function of Nerve.3pool with the LP tokens (received in the previous step) to remove the liquidity of BUSD. i.e.. 37.071 BUSD / invoked the <u>swapUnderlying()</u> function of MetaSwap to swap BUSD for fUSDT. and received 51.494 fUSDT. The attacker repeatedly eecuted the above steps to drain the liquidity of the MetaPool and finally harvested 900 BNB. Stolen funds were deposited into Tornado Cash mier: https://bscscan.com/t/0cf43eefbfd8cf94a8daeaa5b05d9530782852018f487927be2dd391ed50aec90 https://bscscan.com/t/055bd06a000af99dc662685b69f5d093905f07bee5e7b9e84b5c4adf2d8190a53 https://bscscan.com/t/02dbc18c67be69213497b250934e877306fa7763de8b4d7787ff9c0d61e23067b https://bscscan.com/t/017cd04cb3f3162eb983af4eb74bf8a0c0804da9f95733f8311c605c77e334e7c https://bscscan.com/t/0e5a0a0588b3d1e615b82c30a8baba83b0b700f8a3fa6abc19db82527ce4fa1f4 https://bscscan.com/t/016ec28d4c386b6ee34488739122d0d75c4e7c4cd699af999bbe7d278b1896581 https://bscscan.com/t/07f6b43137d3787626613f0908f92af4c589fd20491dc21384ba84eca780bb3c1 The rest were bridged though AnySwap: https://bscscan.com/t/00348cc9220d3b2b1c47f5e15d2a3a7746356332ed979e7c21dff1060302332a6 The swap function ignores the impact of the virtual price. which means the value of the LP token will be underestimated and more LP tokens could be swapped out. As a result. it is possible to harvest more pool stablecoins by first fetching back the liquidity of the underlying stablecoins with the corresponding LP token. and then swapping pool stablecoins by invoking the <u>swapUnderlyin</u>g() function.,2021-11-15 0:00,2021,585882,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Exchange,P
86,FEG,REKT and SlowMist,https://de.fi/rekt-database/feg,https://hacked.slowmist.io/search/,,https://twitter.com/CertiKAlert/status/1526357878503768070,, The multi/chain DeFi protocol FEG was attacked again  and the flash loan attack suffered on the BNB chain lost about $1.3 million in assets. The subsequent flash loan attack on Ethereum caused a loss of about $590 000  with a total loss of about $1.9 million in assets. This attack is similar to yesterday's attack and is caused by a vulnerability in the swapToSwap()  function. This function directly uses the path  entered by the user as a trusted party without screening and validating the incoming parameters. Additionally  the function will allow an unverified path  parameter (address) to use the current contract  s assets. Therefore  by calling &quot depositInternal() and  swapToSwap()  the attacker can obtain permission to use the assets of the current contract  thereby stealing the assets within the contract.,2022-05-16 23:31,2022,590000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
15,Blur Finance,SlowMist,,https://hacked.slowmist.io/search/,,https://www.coindesk.com/tech/2022/08/10/more/than/600k/vanishes/from/defi/project/blur/finance/as/developers/disappear,,Yield aggregator Blur Finance withdrew more than $600 000 in assets from BNB Chain and Polygon before deleting websites and social media accounts. The project  which has only been active for about a month  has amassed about 750 users on its initial BNB Chain implementation  which was announced on Polygon on August 5.,2022-08-10 0:00,2022,600000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
143,Li Finance,SlowMist and ChainSec,,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://blog.li.finance/20th/march/the/exploit/e9e1c5c03eb9. (2) https://cointelegraph.com/news/li/finance/protocol/loses/600/000/in/latest/defi/exploit (3) https://blog.li.fi/20th/march/the/exploit/e9e1c5c03eb9,, According to official reports  attackers exploited Li.finance's smart contracts and managed to steal around $600 000 (currently worth $587 500 or 205 ETH) from 29 wallets. Attackers took various tokens from users wallets  including USDC  MATIC  RPL  GNO  USDT  MVI  AUDIO  AAVE  JRT  and DAI. The project team has found the vulnerability and created a fi  compensating most of the affected users in less than 18 hours. CRYPTOSEC: “The Li Finance swap aggregator has eperienced a smart contract exploit leading to the loss of around $600000 from 29 users’ wallets.The exploit took place at 2:51 am UTC on Sunday. The attacker was able to etract varying amounts of 10 different tokens from wallets that had given “infinite approval” to the Li Finance protocol.” — Cointelegraph,2022-03-20 0:00,2022,600000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
1139,Dogechain,SlowMist,,https://hacked.slowmist.io/search/,,"Crumbs sur Twitter : ""Exploiter managed to mint 9.7M wDoge (~$600k). 3M still remains in his wallet and about $100k worth of USDC/ETH. #doge #dogechain #exploit https://t.co/QHmg2ITeyy"" / Twitter",, In a tweet. @0xCrumbs disclosed that Dogechain was hacked yesterday. and the attackers exploited the vulnerability to mint 9.7 million $Doge (about $600.000) and transfer $316.000 through a cross-chain bridge. Currently 3 million remain in the starting wallet. in addition to $100.000 worth of USDC/ETH. Therefore. @0xCrumbs believes that yesterday's Dogechain maintenance was caused by the attack. SlowMist also tweeted that the attackers used Anyswap to bridge funds to the BSC and ETH chains. which were then transferred to Binance. But Dogechain officials tweeted that no funds were lost during the maintenance period.,2022-09-11 0:00,2022,600000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
214,MetaSwap Gas,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/metaswap/gas/incommunicado/as/eperts/link/mgas/price/drop/to/rug/pull,,The assets of MetaSwap  a project on the BSC chain  were transferred. The total amount of stolen funds of 1100 BNB was transferred to the Tornado.cash wallet (BSC version)  and the price of MGAS tokens fell by 46.99%. All official accounts related to Metaswap / including Twitter   Instagram and Medium / all deleted.,2021-12-27 0:00,2021,611657.75,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
16,Curve Finance,REKT and SlowMist,https://de.fi/rekt-database/curve_finance,https://hacked.slowmist.io/search/,,"(1) Curve Finance sur Twitter : ""Don't use https://t.co/vOeMYOTq0l site / nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem"" / Twitter. (2) https://decrypt.co/107120/ethereum-defi-exchange-curve-frontend-hack-hijack. (3) https://www.coindesk.com/business/2022/08/09/defi-protocol-curvefinance-hacked-570k-stolen/",,"The Curve Finance frontend was attacked  prompting users to grant token approvals to malicious smart contracts. The attackers moved the stolen funds to FiedFloat and Tornado Cash  with at least 362 ETH (~$620 000) stolen. FiedFloat tweeted that they had frozen 112 stolen ETH (~$192 000). REKT: Quick Summary

An attacker managed to compromise the Curve Finance website through a DNS attack and made away with approx. $612k worth of stablecoins.


Details of the Exploit

Curve.Finance is a backbone DeFi application. which does not only serve as a main focal point for institutional players with its stablecoin pools but also revolutionized Tokenomics by introducing the $CRV token rewards.

An attacker managed to compromise the Curve.Finance website and redirect users to a malicious website. that extracted funds out of users wallets that interacted with it. This example transaction shows how the malicious smart contract transferred funds out of a users wallet to the attacker https://etherscan.io/tx/0x525fb894ed485b2cbdbdfaccedc3d405ba0f4659816ca4b639be7dd22e31a5e4.
At the time of this writing  362.8 ETH has flown out of the attackers wallet. with the majority of funds flowing to the CEX's FixedFloat (292 ETH) and Binance (20 ETH).

Curve.Finance found the problem and fixed it and urges all its users to check if any approvals to the malicious smart contract were given and if so. to revoke the permitted rights.
83% of stolen funds were recovered.",2022-08-09 0:00,2022,612000,Instant user deception,DNS attack,Imitation,Intermediary,Exchange,
1156,FITE,SlowMist,,https://hacked.slowmist.io/search/,,Piper Shield: The FITE project is suspected of being a rug pull. and the scammers have transferred 1900 BNB-PANews (panewslab.com),,The FITE (FTE) project is suspected of Rug pull. its website fit[.]app has been shut down. and social media has been deleted. Scammers have transferred 1900 BNB to Tornado Cash.,2022-11-01 0:00,2022,618929.75,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
1099,VitaDAO.com,REKT,https://de.fi/rekt-database/vitadao.com,,,REKT,,Quick SummaryThe VitaDAO.com project was a honeypot on the Ethereum network that caused investors approx. 626k. The project has taken down all of its online presence.&nbsp; Details of the ExploitThe VitaDAO.com project was a honeypot. which meant that the contract owner could disable the transfer function. which restricted users in selling their tokens. The embedded function in the contract implies that this project was solely launched for the purpose of exploiting investors. The contract deployer added initial liquidity. hereby investing $ETH 99 at:  https://etherscan.io/tx/0x4254f2a1f8137f3303a743ca9db97e255171af53f2178bcefe2a135f1c60e0ebThe marketing for this project must had been top notch since only 8 hours after adding initial liquidity. the project deployer started the exploit.The contract deployer invoked the <u>_mint()</u> function twice in order to obtain additional tokens on his address:  https://etherscan.io/tx/0xd08d956fae5187e5aacf3593217dd2fb889b2d9be2ec461b9a5920ccb7f9b560  https://etherscan.io/tx/0x72995725cb876dbb89b566ae53b1cd4d7bca7cb265cf43c3888ef2b8725df037In order to ensure that the community would not be able to react quickly to the dump that was planned ahead. the contract deployer locked the liquidity in the pool. The contract deployer proceeded to dump the newly minted tokens for $ETH 389 in total:  https://etherscan.io/tx/0xaa4682560159362d1f804c8dbe55a83e4783d19af125d39c6b87048c1f137b25  https://etherscan.io/tx/0xdb275fd6696d164288c599842c11a40fdd81a6dc849a57cff2e4ccce3d4439ef Block Data ReferenceContract Deployer (Scammer) address: https://etherscan.io/address/0x5c55d01c716fed96834806e8f7688767fc019c6dLocked liquidity transaction: https://etherscan.io/tx/0x0652ed44e3f9fbf00f90b6b4d708969055ef939dbc59b65fb68ff1a80bb6384d,2021-06-19 0:00,2021,626595,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
539,TronBank,SlowMist,,https://hacked.slowmist.io/search/,,https://mp.weiin.qq.com/s/aInEaYdS97HP7FbzWl6AQ,,At 4:12 AM on May 3  Beijing time  a contract call transferred 26.73 million TR (valued at RMB 4.27 million) from the TronBank contract  and the contract balance returned to zero. About two hours after the theft  wojak  the owner of THeRTT**  who transferred the 26.73 million TR address  appeared. According to wojak  he wrote a script to analyze the bytecode of the TRON virtual machine  scan the contracts in batches and initiate transactions to see if there is any way to make money  but accidentally hit a bug in the Tronbank contract. At first he didn  t even know that the money came from Tronbank. Some people in the community suggested that wojak return the money to the Tronbank developers  but wojak believes that this is not his problem. Developers should write test eamples  do audits  and at least run some formal verifications (obviously they didn't do anything). He is willing to return the money intact to every investor in Tronbank  not the developer of the project. Based on the available information  it is still too early to conclude that &quot the developer placed a backdoor in the contract&quot . There are only two objective conclusions that can be drawn at present: 1. TR Pro has a backdoor in the contract on the main network  2. The code certified on TSC does not match the actual contract operation logic.,2019-05-03 0:00,2019,640116.68,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
725,TECRA,REKT,https://de.fi/rekt-database/tecra,,,(1) https://archive.is/gfc3F. (2) https://twitter.com/Mauricio_0218/status/1490082089441673217,,The Exploitersaddress: https://etherscan.io/address/0b19b7f59c08ea447f82b587c058ecbf5fde9c299 The transaction behind the exploit: https://etherscan.io/t/081e9918e248d14d78ff7b697355fd9f456c6d7881486ed14fdfb69db16631154 The attacker: / approved a big number of tokens to the Uniswap pool / bought 101 TCR from the pool / used the loophole to burn the TCR owned by the pool. increasing the TCR price / used the bought TCR to take away a lot of USDT Wrong implementation: &nbsp; &nbsp; function burnFrom(address from. uint256 amount) External { &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; require(_allowances[msg.sender][from] &gt;= amount. ERROR_ATL); Correct one: require(_allowances[from][msg.sender] &gt;= amount. ERROR_ATL); The actual token implementation allows any account A to burn tokens from any other account B if account A approves that number of tokens to B. The part of the stolen funds was deposited into Tornado Cash mier. and the rest holds on the Exploitersaddress: https://bloy.info/ts/transfers_from/0b19b7f59c08ea447f82b587c058ecbf5fde9c299?currency_id=1,2022-02-04 0:00,2022,642756,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
914,Melody,REKT,https://de.fi/rekt-database/melody,,,"(1) Beosin Alert sur Twitter : ""@Melody_SGS was hacked earlier today. causing 2.224.9 $BNB in losses. It is suspected that the off/chain front/end was hacked or the private key was compromised. Here we only analyze the transactions of the hacker. but the attack is not caused by vulnerability exploits."" / Twitter. (2) https://mobile.twitter.com/Melody_SGS/status/1584629847997190144",,Quick SummaryMelody project was exploited for 2225 $BNB. The hacker was able to withdraw $SNS tokens using an off/chain vulnerability. Details of the ExploitMelody is a GameFi and SocialFi project providing passive income opportunities to creative people. The projectssignature check function was exploited by the attacker. which gained $SNS tokens and swapped them for 2225 $BNB. All the stolen amount was sent to another EOA address.&nbsp; Block Data ReferenceAttacker addresses: https://bscscan.com/address/0a3793ccb57fddaedd4edcbd4ca515876057e43a0 https://bscscan.com/address/07ce402b6753589965ae152971f7d7010bf25408a https://bscscan.com/address/01e091ae02f932be50088cc2e6ac9ca841ecebdb7 Malicious transactions: https://bscscan.com/t/07fd61155cc33cf52e107980f31c1e198766709d8fa75f6e48230af82ec9dea8f https://bscscan.com/t/0e10c76cb5da111ea71a085cb08775d9b1824eeafa96fcf4a20aaa7c3c4b59e83,2022-10-24 0:00,2022,644404,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Dapp,P
405,Wild Credit,REKT and ChainSec,https://de.fi/rekt-database/wild_credit,,https://chainsec.io/defi-hacks/,(1) https://twitter.com/WildCredit/status/1397848317741002755 (2) https://twitter.com/Mudit__Gupta/status/1397888548737413120,,“Preliminary results show that BNT/ETH was the only exploited pool.Total amount is 125585 BNT (~ $637k).The attacker has returned the BNT. All funds have been recovered with zero losses.” — @WildCredit [1][2]\n\n\n\n REKT : The attackersaddress:  https://etherscan.io/address/0b1af124c860f819bf8de7d4c459e5b31fecdb95e  The transaction behind the attack:  https://etherscan.io/t/0dbef3b393a64608756c284568217355f694a0e5c8edf80eac75ec087d642ce07  The exploited contract:  https://etherscan.io/address/07b3b69eab43c1aa677df04b4b65f0d169fcdc6ca  Wild Credit team left initialize() function in the LPTokenMaster contract public and reusable. so anyone can become the owner of the LP token contract. The hacker took ownership of the contract. has minted tokens to themselves. and then used those tokens to withdraw real funds.  The hacker was a whitehat and returned the funds to the contract deployer:  https://etherscan.io/t/0b4fffa0e824034a10af2807f1504ac247ae1dd6f2bcfed8085989bbfda434542,2021-05-27 0:00,2021,650000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Lending,P
36,Freeway,REKT and SlowMist,https://de.fi/rekt-database/freeway,https://hacked.slowmist.io/search/,,"Freeway to reset Ponzi after ""hack"" (behindmlm.com) https://twitter.com/FreewayFi/status/1547306526863511558",, Staking platform Freeway tweeted  The price of its token FWT fluctuated violently on July 13 and is currently under investigation. Freeway's blockchain bridging service provider Coffe was attacked  and a large number of FWT tokens were bridged from Coffeâ's It was removed from the wallet and subsequently sold. There was no damage to the Freeway platform  nor was the Supercharger affected. However  Freeway temporarily disabled FWT withdrawals  deposits and purchases on the platform.,2022-07-13 0:00,2022,651525,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Staking,CP
235,Lever,REKT and SlowMist,https://de.fi/rekt-database/lever,https://hacked.slowmist.io/search/,,Full Report of the Lever Hack. On Nov/26–2021 06:48:42 PM +UTC. a… | by Lever | Medium,,Lever  a decentralized margin trading protocol based on AMM  was attacked by lightning loans. According to the official statement  Lever attacked contract A to borrow 2 100 BNB from PancakeSwap and deposit 2 000 BNB into Lever’s BNB vault. Then borrowed 1500 BNB from Lever’s BNB vault and transferred it to Lever Attack Contract B. Lever Attack Contract B deposited 1500 BNB and used it to consume 32.78 ETH  1 068.05 BAKE  167.25 VS  1 042.89 DAI  674 360 USDT. BTC   1 930.01 CAKE  463.0078 DOT and 332.9184 WBNB. (Calculated at the current market price  the total loss is equal to US$652 941.949.). REKT: The attacker:  https://bscscan.com/address/01bd2c35424bcb28b79ff75b540bbe0c84902f76b  The transaction behind the attack:  https://bscscan.com/t/0b5365a299c07c81670e52934893793ad7c225a5cf30b641e20b451b2b5815593  Attack contract A:  https://bscscan.com/address/05f92949a14e92d42ac182b27e1541fca4ca13f4e  Attack contract B:  https://bscscan.com/address/03790c9b5a9b9d9aa1c69140a5f01a57c9b868e1e  Steps:/ attack contract A flash loaded 2.100 BNB from PancakeSwap and deposited 2000 BNB on Lever’s BNB vault  / borrowed 1500 BNB from Lever’s BNB vault and transferred it to Lever attack contract B  / attack contract B deposited 1500 BNB and used it to drain 32.78 ETH. 1.068.05 BAKE. 167.25 VS. 1.042.89DAI. 64.157.79 BUSD. 54.335.19USDT .2.8806 BTC. 1.930.01CAKE. 463.0078DOT. and 332.9184 WBNB  / The total loss equals $652941.  Attack contract A used attack contract B’s 1500 BNB (which had been collateralized to borrow other assets) to repay the 1500 dBNB it borrowed. by calling the <u>repay</u>() function in the MarginPool.sol contract.  The contract didn’t check the liabilities of the caller. The attack contract B was able to repay the attack contract A’s dtoken with its token. The attack contract A repaid the flash loan on PancakeSwap.,2021-11-26 0:00,2021,652941,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Lending,P
331,Impossible Finance,REKT and SlowMist,https://de.fi/rekt-database/impossible_finance,https://hacked.slowmist.io/search/,,(1) https://decrypt.co/74105/binance/smart/chain/defi/project/impossible/finance/hacked. (2) https://twitter.com/Mudit__Gupta/status/1406878176509194246?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1406878176509194246%7Ctwgr%5Eae47455e892832f1589a4c0c146c0dbf445c5835%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fdecrypt.co%2F74105%2Fbinance/smart/chain/defi/project/impossible/finance/hacked. (3) https://medium.com/impossiblefinance/impossible/finance/v2/swap/jun/21st/postmortem/94e4b59ad490. (4) https://watchpug.medium.com/impossible/finance/exploit/root/cause/analysis/ba0ed7c151e4,,"Impossible Finance the DeFi protocol on the BSC chain was attacked by a lightning loan and the attacker made a profit of 1 510.75 WBNB (a total of US$497 000). On June 25 the attackers refunded approimately $252 000. The core of this attack is that the K value check is not performed in the cheapSwap function which causes the attacker to obtain additional tokens by performing multiple exchange operations in one exchange process. REKT: The attacker's address:
https://bscscan.com/address/0x8e0d334a77614a7ce089c9246e9b1d7c7172ef02

The transactions behind the attack:
https://explorer.bitquery.io/bsc/txs/calls?internal=false&contract=0xc7ca5478a41d58e73f0487b0f4084b6120aa11e6&method=641ccd83
The attacker:
/ borrowed 233.3 BNB of flash loan from PancakeSwap
/ swapped 65.140 IF tokens
/ created a fake token called AAA (BBB)
https://bscscan.com/token/0x9892dd7a51a09c970e2a925e3baf2107bc8dac74
/ created LP with the fake token and IF token
/ swapped 32.570 IF into 221.898 BUSD and another 32.570 IF into 221.898 BUSD using IF router through the FAKE token LP
/ repeated the steps from 3 to 5
/ sold 556.384 BUSD for 1.731 BNB. repaid the flash loan.
Stolen funds were bridged into Ethereum mainnet onto this address:
https://etherscan.io/address/0x8e0d334a77614a7ce089c9246e9b1d7c7172ef02
The further destination is unknown.
There are transactions where the Impossible Finance hacker is transferring BNB tokens. which were used to perform a flash loan into the Impossible Finance deployer's address",2021-06-21 0:00,2021,660657,Contract vulnerability,K value verification vulnerability,Technical vulnerability,Target,Staking,CP
742,Ariva Digital,REKT,https://de.fi/rekt-database/ariva_digital,,,"Ariva Digital sur Twitter : ""Dear Ariva Family. we regret to inform you that one of our staking wallets was hacked last night. Our software security team has completed the necessary investigations and the cause of the leak has been determined."" / Twitter",https://x.com/BlockSecTeam/status/1598621473115377666,The staking wallet of Ariva Digital was compromised. All tokens held on the wallet were sold at: https://bscscan.com/t/003adcbed2ea8cb8005eecc643bfe16785b966d26d447fc596e4dbc25094e857d Stolen funds were deposited into Tornado Cash mier: https://eplorer.bitquery.io/bsc/address/0cb25e1927d1fcc0beb11b492b96b0a351216260e/outflow,2022-02-25 0:00,2022,660739,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
1163,OptiFi,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/OptifiLabs/status/1564367455220219904,,Solana's ecological derivative OptiFi tweeted that at around 6:00 UTC on August 29th  team members tried to update and upgrade on Solana  but the OptiFi mainnet program was shut down due to an operation error and could not be recovered  of which 661 000 USDC Locked (95% of funds are owned by team members)  all user funds will be compensated.,2022-08-29 0:00,2022,661000,External factor,Exploiting operational mistake,Human risk,Target,Derivatives,P
164,BabyMuskCoin,REKT and SlowMist,https://de.fi/rekt-database/babymuskcoin,https://hacked.slowmist.io/search/,,https://twitter.com/CertiKCommunity/status/1491483014467047437?s=19,, BabyMuskCoin plummeted 99%  1 571 BNB (~$660 000) was dumped  and funds were moved to Tornado. The project team claimed to have been scammed through Telegram  but Twitter and the website were down  suspected of Rug pull scam. REKT: The contract deployer dumped tokens on PancakeSwap:  https://bscscan.com/address/0f316e82c0eda97d740fa79152c99260a9733034d#internalt  Stolen funds were transferred to the External wallet:  https://bscscan.com/t/0b06625759acf1f27b4085c3f9535b4af29a47ffca6f4fec3552d1805215d58fd  The fundsrecipient deposited them into Tornado Cash mixer:  https://bscscan.com/address/01c1ccdaa684b56ce1b47c93d6a5a95f6fc754835,2022-02-09 0:00,2022,664910,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
486,bZx,REKT and SlowMist,https://de.fi/rekt-database/bzx,https://hacked.slowmist.io/search/,,2.388 ETH Estimated Lost in bZ's Second exploit / Crypto Briefing,,bZ was attacked again with an estimated loss of $645 000 of ETH REKT: The transaction behind the attack:  https://etherscan.io/t/0762881b07feb63c436dee38edd4ff1f7a74c33091e534af56c9f7d49b5ecac15  The attackersaddress:  https://etherscan.io/address/0b8c6ad5fe7cb6cc72f2c4196dca11fbb272a8cbf  The attacker: / flash loaned 7.500 WETH from the bZ protocol  / with the flash loan. the attacker swapped 900 ETH in two batches for sUSD through Kyber. The first batch was sold for 540 ETH in KyberSwap that. after internal consulting of reserves. was routed the swap order to the KyberUniswap reserve (031e085afd48a1d6e51cc193153d625e8f0514c7f) and got 92.419 sUSD in return. The second batch was sold 18 times for 20 ETH each. also in Kyber that. after internal consulting of reserves. routed the swap orders to the Kyber/sUSD reserve (04cb01bd05e4652cbb9f312ae604f4549d2bf2c99) and got 63.584 sUSD in return. The sell/off of these two batches effectively drove the price of sUSD up to 0.00899 ETH (or 1ETH=111 sUSD). The manipulated price is around 2.5 higher when compared to the average ETH/sUSD market price. After the swap. the attacker acquired 92.419+63.584=156.003 sUSD tokens at his disposal  / turned to Synthetic Depot contract to acquire substantially more sUSD at market price. Note Synthetic Depot contract allows for depositing Ether for sUSD at a fair rate. The attacker sent 6.000 ETH and bought 943.837 sUSD back (with 2.482 ETH refunded back as there’s no enough sUSD to buy). Note this step is typically launched before the previous step. For whatever reason. this is not the case in this particular hack (and the ordering does not affect the final result as the pricing in Synthetic Depot is not affected by KyberSwap)  / the sUSD/ETH price was driven up and the attacker has &gt;1M sUSD at his disposal. Note that the attacker takes the approach by capitalizing on the spiked price in a profitable Compound position in the first hack. Considering the possibly low liquidity of sUSD. the attacker this time takes the approach of first collateralizing the collected &gt;1M sUSD back into bZ and then borrowing from it 6.796 ETH. As bZ relies on Kyber for the price feed. with the spiked sUSD/ETH price. the collection of &gt;1M sUSD allows for the borrow of 6796 ETH. With the normal conversion rate of 1ETH=111 sUSD. the same amount of sUSD tokens can only buy 4.000 ETH. which indicates that this loan is now underwater with insufficient collateralization  / the attacker repaid the 7.500 ETH flash loan back to bZ with a profit of 2.378 ETH,2020-02-18 0:00,2020,665840,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
289,Zerogoki,REKT and SlowMist,https://de.fi/rekt-database/zerogoki,https://hacked.slowmist.io/search/,,https://twitter.com/bachonchain/status/1424263990402715648,,BachOnChain  a core member of Duet Protocol  a multi/chain synthetic asset protocol  tweeted that the Duet Protocol pioneer network Zerogoki eperienced an oracle attack a few hours ago  and the wrong price led to unrecognized transactions. BachOnChain said that the oracle has been suspended  zUSD has eperienced certain fluctuations  and it is epected that the price will resume in market trading and arbitrage after a period of time. REKT: Zerogoki was attacked by way of compromising the price oracle. The attacker provided a price oracle signed by legitimate private keys. which contained a crafted number of tokens to be swapped. However. the reason why the attacker could construct a valid signature is unknown.  The attackersaddress:  https://etherscan.io/address/0aef46df5efe3173f17b878f3345cf6e79c30680d  The transaction behind the attack:  https://etherscan.io/t/081e5f7158b7ef59f45864e34375bd52bb8227f51ef970fe07ec2abf1d421acf8  In the attack transaction. the attacker constructed a message that contained valid signatures and passed a crafted ns parameter (which contains a large number of zUSD). As a result. the attacker used 300 REI to swap 700k zUSD.  Three addresses that are collated with the signatures are:00d93A21b4A971dF713CfC057e43F5D230E76261C03054e19707447800f0666ba274a249fc9a67aa4a04448993f493b1d8d9ed51f22f1d30b9b4377dfd2,2021-08-08 0:00,2021,670000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Dapp,P
342,Merlin Labs,REKT and SlowMist,https://de.fi/rekt-database/merlin_labs,https://hacked.slowmist.io/search/,,https://rekt.news/merlinlabs/rekt/,,MerlinLabs the DeFi revenue aggregator was attacked. The attack method was similar to that of PancakeBunny which was attacked by lightning loan 5 days ago and lost US$6.8 million. REKT: The attacker:  https://bscscan.com/address/0400fa7edd10d480f034113f5e81bc1bb78c162fa  The transaction behind the attack:  https://bscscan.com/t/08e20a1118a669d03b66c5eca2d937646bd855a998afb1e94b94ff6303456ff97  The attacker: / added a small sum of deposit to the LINK/BNB Vault at:  https://bscscan.com/t/03ce0be64e6daae35c8c5155d38148a2af3eaf8a9b26d5a8c4d7337dc86f475ac  / sent 180 CAKE to the LINK/BNB Vault contract (leads to the hack)  / called <u>getReward</u>() with the deposit of LINK/BNB Vault from the first step  / with a large amount of CAKE token in the wallet balance of the vault contract (sent by the hacker in step 2). it returns a large amount of profit. As a result. the system minted 100 MERL as a reward to the hacker  / repeated 36 times. received 49K of MERL token in total  / swapped MERLIN token into 240 ETH and transferred out of BSC using Anyswap.  The attack was performed using a similar way as Bunny and Autoshark exploits.,2021-05-26 0:00,2021,680000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
1061,BitDao,REKT,https://de.fi/rekt-database/bitdao,,,REKT,,The contract owner could disable the transfer function. which restricted users in selling their tokens:  https://honeypot.is/ethereum.html?address=0x1533c795ea2b33999dd6eff0256640dc3b2415c2  The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x3966fb3f4b384dd7d08ffb76edb628d457c8078dbc41a27edfca4cec4d16a980  The contract deployer invoked <u>_mint</u> to generate new tokens on his address:  https://etherscan.io/tx/0x2d704fd0ebea8d5a6c8d5e5639aa5aa9d6c95b0325a842cb8dfa9368ca4ba660  Newly minted tokens were sold by the contract deployer:  https://etherscan.io/tx/0x90d7e07eb547b1cfbe9d3c4e874036616cc497635f933842e3929979f4596c7b  https://etherscan.io/tx/0xc0a7f3662c9773be35986f3fb4a24c574b8199b73bfccb59dd82a71db1f6bff9  Stolen funds were deposited into Tornado Cash mixer:  https://etherscan.io/tx/0xa576b767c839bde6cd000bc261989425334e563f336959c767d3dfa938b45adc,2021-06-17 0:00,2021,686491,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
144,Umbrella Network,REKT and SlowMist,https://de.fi/rekt-database/umbrella_network,https://hacked.slowmist.io/search/,,"Umbrella Network sur Twitter : ""Dear Umbrella Community Earlier today. hackers managed to exploit our Polar Stream staking contracts on both Ethereum and BNB Chain and drained the LP tokens staked in both of the contracts. The hacker then withdrew liquidity using those stolen LP tokens from both the UMB/ETH"" / Twitter",,DeFi oracle Umbrella Network's Ethereum and BNB Chain (formerly BSC) reward pools were hacked  resulting in the hackers earning around $700 000. The hacker was able to succeed because of an unchecked vulnerability in withdraw()   so anyone could withdraw any amount of funds without having any balance. REKT: The hacker attacked Umbrella Networksreward pools. causing $700.000 to be siphoned from both BNB Chain and Ethereum.  On March 20. 2022. Umbrella Network revealed that the LP tokens staked in their Polar Stream staking contracts on Ethereum and BNB Chain had been drained from both contracts. According to reports. the hacker then used the stolen LP tokens to withdraw liquidity from both the UMB/ETH Uniswap and the UMB/BNB Pancakeswap pools.  The hack is possible because of an unchecked underflow in <u>withdraw</u>() so that anyone can withdraw any amount even without any balance.,2022-03-20 0:00,2022,700000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Oracle,INT
708,Meebits,REKT,https://de.fi/rekt-database/meebits,,,$85 million ‘Meebits’ NFT project exploited; attacker nabs $700.000 collectible (cointelegraph.com),,The Exploitersaddress: https://etherscan.io/address/0009988ff77eeaa00051238ee32c48f10a174933e The Exploiterssmart contract: https://etherscan.io/address/0270ff2308a29099744230de56e7b41c8ced46ffb Affected NFT smart contract: https://etherscan.io/address/07bd29408f11d2bfc23c34f18275bbf23bb716bc7#code Minting function in NFT uses pseudo randomization depends on block values: uint inde = uint(keccak256(abi.encodePacked(nonce. msg.sender. block.difficulty. block.timestamp))) % totalSize. It means close to zero randomnesses of the returned inde. The Exploiter has used a bot and deployed a contract to interact with the NFT contract. The Exploiter used open information which eactly what metadata he should receive to sell NFT with the highest profit. If the bot minted an undervalued NFT. the bot reverted the transaction. This vulnerability allowed Exploiter minting predictable epensive NFTs.,2021-08-05 0:00,2021,700000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,NFT,CA
80,QAN platform,REKT and SlowMist,https://de.fi/rekt-database/qan_platform,https://hacked.slowmist.io/search/,,"(1) QANplatform sur Twitter : ""UPDATE ?? [THREAD] 2/ Dear #QANplatform Community. Auditors. partners. and our team are actively researching the $QAN bridge issue. The bridge was turned off immediately. Both research and solution can take some time. We will update you in 24 hours. https://t.co/6a8lc7JWGK"" / Twitter. (2) https://medium.com/qanplatform/qan/bridge/disclosure/analysis/continuously/updated/849f7a91d05e",, @QANplatform was attacked on both Ethereum and BNBChain. $QAN is down 36% with around 325 ETH of stolen funds. REKT: Quick SummaryQANplatform Bridge was exploited on the Ethereum chain. The attacker stole 704.000 $USD using a smart contract vulnerability. Details of the exploitOn May 18 QANplatform Bridge was affected. The attacker took advantage of the vulnerability of the bridgeWithdraw function. then exchanged tokens using Uniswap. Approimately 368 ETH was laundered via TornadoCache. Attacker transferred from (01c8465662cAA8005ed41430e433E399c699cbcE2) to (0c6d3F752A65Df7fb937B25C55Bea6Ae7E70f07Ce. 0189e078EF2c61c2b11F6B0F6C6d6Fe645d1ad995.076b64Ff33dcdFaf4DCf10ec8E7261BedD5E912f2) in total 368 ETH. here is the transaction: Transaction 1 (325 ETH):  https://etherscan.io/t/0be9159b129cc4ed7926fb70bbef1615587a4e220a7fd73d1ee32ca534283215e Transaction 2 (18 ETH):  https://etherscan.io/t/0e1c342cd4f9e35e94a6e604316aa91ee278fdf9d521281b128d8f6867c94db99 Transaction 3 (25 ETH):  https://etherscan.io/t/097a7d4f165d74e60c06317f2bcd8fb20d34ab0eaab0cecaf5f044a79966363b9 Block Data Reference Addresses involved in this exploit:  https://etherscan.io/address/0c6d3f752a65df7fb937b25c55bea6ae7e70f07ce  https://etherscan.io/address/0189e078ef2c61c2b11f6b0f6c6d6fe645d1ad995 Victim address:  https://bscscan.com/address/0AAA4940aA878D932D3482Bf1DE332E1D50c15AaA,2022-05-18 0:00,2022,704590,Contract vulnerability,Undetermined,Technical vulnerability,Target,Bridge,INT
9,PokeMonFi,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/CertiKAlert/status/1562555089306685440,,Pokémon piracy project PokémonFi has Rug pull scam  the project and token first launched in April  the project recently deleted its Twitter account  but its website still exists.,2022-08-24 0:00,2022,708000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
916,Meta Pets,REKT,https://de.fi/rekt-database/meta_pets,,,x,,The contract deployer at:  https://etherscan.io/t/077d8cbefb94a7933cd3cd9b8f431f4dd81a3cce41e243df0bcc07b36a482f0ff  Tokens were unfairly distributed in huge amounts between different EOA addresses: 1. Recipient: 080f  https://etherscan.io/t/0f9822c733275563fc1b4935e6480ece841c1d5eafce5089db055888ffbc72dd0  2. Recipient: 057c  https://etherscan.io/t/00b2a54b3677ad367cc94d2622957c8ff44a3a3e627360e2fb660b9d089d70c3a  3. Recipient: 06b2  https://etherscan.io/t/0c453b1e114df807ff6f71faef4cbd4272d0ec174211b38c8744924df826104ae  4. Recipient: 03a3  https://etherscan.io/t/0c71960c20588a8e774d7b7bb34f3bf8460869f161722ea355cac5240c377d9d2  Between contracts:  1. Recipient: token sale contract  https://etherscan.io/t/0c71960c20588a8e774d7b7bb34f3bf8460869f161722ea355cac5240c377d9d2  2. Recipient: vesting contract  https://etherscan.io/t/056bede5d9b81556dfa1cb3599ef7e9fe6b3dad718b708a504b82431292ae7292  The contract deployer added liquidity at:  https://etherscan.io/t/0f6b2f700c36e1cef0990b5cfad2d0bc94450bed6ef5eeffeaddb3870f8f93b46  Token sale contract was used to distribute gathered ETH from the fundraising at:  https://etherscan.io/address/0c6695f1087ac6b83b83c56f393601a190933d6a6#internalt  ETH was transferred into 0eaf EOA and the contract deployersaddress.  The contract deployer added liquidity at:  https://etherscan.io/t/0f6b2f700c36e1cef0990b5cfad2d0bc94450bed6ef5eeffeaddb3870f8f93b46  080f sold tokens at:  https://etherscan.io/t/07dad2876fb8b2deaecb165b5c28e0898f4e016951acc035997ae3c2e79245db4  057c sold tokens at:  https://etherscan.io/t/0719737193866f9817437ded65973a6045c084b9fba425453bc5176edce5f2b96  06b2 transferred tokens to the other EOA address. which sold them at:  https://etherscan.io/t/07240a1eabcf93363770e09bdbdb075b8739d316520286128c571888c57a005ae  03a3 holds tokens on the address.  The final recipient of the stolen funds was the following address:  https://etherscan.io/address/0839973ac9ab94f3512b5da825488552ff67056d7  Funds were deposited into Binance exchange wallet at:  https://etherscan.io/t/0cd09f05c37f5e761299a0da0fd75444ff74e2ea70998fa8da22a2bc3945a8ae8,2021-11-18 0:00,2021,708623,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Dapp,P
1028,UniCat.farm,REKT,https://de.fi/rekt-database/unicat.farm,,,https://twitter.com/amanusk_/status/1313070969699868672,,Function setGovernance() was eecuted 8 times on the farm contract which allowed the External wallet to withdraw staked tokens,2020-09-24 0:00,2020,713402,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
818,ElectronDAO,REKT,https://de.fi/rekt-database/electrondao,,,https://de.fi/rekt-database/electrondao,,The project was holding a fundraising event using smart contract:  https://polygonscan.com/token/0d54b5a3b333a2aaf4521835fdf465af9df4e8130  Funds were received directly on the mentioned contract in the exchange of tokens:  https://polygonscan.com/tokentns?a=0d54b5a3b333a2aaf4521835fdf465af9df4e8130&amp;p=16  After the creation of the initial liquidity. tokens were removed from the pair together with fundraised DAI:  https://polygonscan.com/t/02ef9d9840e3de8242b728205b51f365644f5cb85358fdae2ca473f6b1d3ebbc2,2021-11-25 0:00,2021,728653,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
78,bDollar,SlowMist,,https://hacked.slowmist.io/search/,,https://www.defidaonews.com/article/6752278,,The first algorithmic stablecoin project on Binance Smart Chain  bDollar  suffered a price manipulation attack  and the attacker made a profit of 2 381 WBNB (worth about $730 000). This attack mainly exploits the design loophole of the claimAndReinvestFromPancakePool function in the DAO fund proy contract CommunityFund when adding liquidity. It does not fully consider that after the price is maliciously raised  the project party will passively use the funds in its own contract when adding liquidity. The situation of high/level connection.,2022-05-21 0:00,2022,729597.93,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
841,Forest Tiger Pro,REKT,https://de.fi/rekt-database/forest_tiger_pro,,,TIGER $0.03727 / TIGER / USDT on BSC / PancakeSwap / DEX Screener,,Quick Summary The Forest Tiger Pro project has been Rug pull scamed by the token creator. resulting in $700k of ill/gotten funds.  Details of the exploit<a href= https://www.youtube.com/watch?v=U4Mcd_1mKY rel=noreferrer noopener target=_blank The creator of the token deployed the token on the BSC network. where 21M $TIGER was minted in total and 500k tokens of the total supply was minted to the scammer address (B). The token creator made a series of transactions where all tokens from his balance were sent to three staking contracts and two exchange contracts:1)  https://bscscan.com/t/0f28bd3d5b34dbbd6a9ccd9a7df88afe289a44d1e477bbbee6036d7facb75691b2)  https://bscscan.com/t/0f1e106bc213449efae59c85cbf269f5c213a2347d7f2ba59bd02bbb0b2c4ed9b3)  https://bscscan.com/t/020cf8df34e6726579ce258b9d8fdb50c3588b40c4a012f05d64aa1ff3ab44e9d4)  https://bscscan.com/t/0284bc017261ded87954d708e0416c85ffc21a9933ef817f3afd5cb475232df815)  https://bscscan.com/t/0722e161e9c56fe447a7f456026163f8ccf438b9671d1229a625e4d3b000f1bddThe scammer address (B. which held 500k tokens sent 35k tokens to scammer address (C). then an hour later another 150k were sent:1)  https://bscscan.com/t/010fe4704bbd828867f732e686e60826d171840cec35c4f9bb79c79b2d45af0e82)  https://bscscan.com/t/0e6744c64611480eb37c84042fa8b8c17ce72a031a1c91ada91379ce298d89df6 The scammer address (B) added liquidity to the TIGER/USDT pair for 2.6M $USDT in these 3 transactions:1)  https://bscscan.com/t/01465e26a1d8bcc811c7d35cf3d991e7d480bc18704a238eb55ebcb7aba3255042)  https://bscscan.com/t/015f761f34d5c08f58633f3521fe1dbd055a7dfedd9d552739dd556360ac00a703)  https://bscscan.com/t/0cca2ebf33ca4e76c36f4bec93a715cbb95895096777caefb1c6c6a38277c458f The scammer address (C) added liquidity to theTIGER/USDT pair for 1M $USDT and approimately 39k $TIGER: https://bscscan.com/t/07dc35d4f133832502bc3c36a52213eb175da6ac1ff15553d57a6fd1f91bf5a58Then he proceeded to gradually raise the price of the token by making exchanges for 8.7k on average $USDT. investing a total of $55k. Below some eample transactions:1)  https://bscscan.com/t/076c9c19aa5f938f95aec2e4943ec246485732f614ca0de7bed5304e247cc14e02)  https://bscscan.com/t/0179f31f383c9f9ce9a6faa8367e3bcb121916ccd8c919419df60965dddb71d8e3)  https://bscscan.com/t/000ea36814d8feef6b811c9d11631645a2942ec2aaa6d14994a5737d23fedd652On July 13. scammer address (C) removed the liquidity with a profit of 500k $USDT: https://bscscan.com/t/0d72bdfc13adec524e45652321f247f0546470bc8520c2c54df96b9dbb939cff5Then the scammer address (B) also removed the liquidity with permission:  https://bscscan.com/t/0c03899a5384dea089c7ce6843230190c08f22fe8106a4e609a79c0b808539d93All the USDT were transferred to scammer address (D):&nbsp;1)  https://bscscan.com/t/08de163930db6eadd00f6add3c372e1ede0debe9cd346810dd64f0b7f8fd9b84f2)  https://bscscan.com/t/096248173fb20078b2212620e6f2eae835df3bb5c2682e0ed227b0605fe9b817a  ,2022-07-13 0:00,2022,732647,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
225,Gelato Network,REKT and SlowMist,https://de.fi/rekt-database/gelato_network,https://hacked.slowmist.io/search/,,https://medium.com/gelato/network/sorbet/finance/vulnerability/post/mortem/6f8fba78f109,, Smart contract automation tool Gelato Network tweeted: We have been alerted to a critical vulnerability in Sorbet Finance's G/UNI router contract. This vulnerability only affects users interacting with the Sorbet UI.  Gelato Network released a security incident investigation report  saying that white hat hackers transferred a total of $27 million in assets to ensure the safety of user assets  but there were still $744 000 of funds that were maliciously attacked by MEV. The project stated that the vulnerability that emerged this time is similar to the previous dyd vulnerability  and the smart contract at risk can make arbitrary low/level calls aimed at eecuting transactions on 1inch  making potential exploits possible. REKT: The transaction behind the exploit:  https://etherscan.io/t/090a5d10ca9092a82464fd87efb1a7ed06c0d0420fde0cbb20af6e7ec9046c303  The bug in GUniRouter02 within the rebalanceAndAddLiquidity() function was able to be exploited to transfer funds from userswallets who have previously approved GUniRouter02 for spending their tokens.  Tokens. which were mostly affected: DAI. USDC. FEI. agEUR. FRA. WETH. ENS. ETH2/FLI. G/UNI DAI/USDC. and POP.  The root issue: rebalanceAndAddLiquidity() can be invoked with custom _swapAction and _swapDatas parameters. Given the fact that users have given infinite allowances for the router contract. the possible Exploiter could drain usersfunds from their wallets.  The project team eecuted a successful whitehat hack which secured around $26M of user funds.,2021-12-11 0:00,2021,744000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
456,YAM,REKT and SlowMist,https://de.fi/rekt-database/yam,https://hacked.slowmist.io/search/,,https://medium.com/yam-finance/yam-post-rescue-attempt-update-c9c90c05953f,,On August 13  2020  the well/known Ethereum DeFi project YAM officially issued a post on Twitter indicating that there were loopholes in the contract. The price plummeted by 99% within 24 hours  resulting in the permanent destruction of the governance contract  with a value of 750 000 USD Curve tokens. It is locked and cannot be used. Since the value of totalSupply was taken during rebase  the value of totalSupply calculated incorrectly will not be immediately applied to initSupply through mint  so before the net rebase  the community still has a chance to recover this error and reduce losses. But once the net rebase is eecuted  the entire mistake will become irreparable. REKT: The bug is in the rebase function of smart contract YAM.sol in the YAM project:  https://github.com/yam/finance/yam/protocol/blob/767e3a4a6918b6fb6100ad6bb356164408f5d82f/contracts/token/YAM.sol#L340  The rebase function was built to keep the token at a stable price. However. the line in the code mistakenly calculates the <u>totalSupply</u> wrong. which would reserve too many minted tokens. The correct code/calculation equation for the line of code should be:  totalSupply = initSupply.mul(yamsScalingFactor).div(BASE);  The rebase bug led to the minting of decillions of YAM to the governance vault. As a result. a larger supply diluted the intended price. YAM token has lost more than 90% of its market capitalization. The bug resulted in a loss of funds worth $750.000.,2020-08-13 0:00,2020,750000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
343,AutoShark Finance,REKT and SlowMist,https://de.fi/rekt-database/autoshark_finance,https://hacked.slowmist.io/search/,,(1) https://rekt.news/autoshark/rekt/. (2) https://watchpug.medium.com/sharkfinance/performance/fee/minting/incident/analysis/4b2e3bd03923,,The DeFi protocol AutoShark Finance on the Binance Smart Chain (BSC) was attacked by a lightning loan and the currency price suffered a flash crash with a drop of more than 99% at one time loss of 750 000 USD. REKT: The transaction behind the attack:  https://bscscan.com/t/0fbe65ad3eed6b28d59bf6043debf1166d3420d214020ef54f12d2e0583a66f13  The attackersaddress:  https://bscscan.com/address/0d9c7efe29f3e90ce3630ea1c665217c7ab298a3b  The attacker: / added a small sum of deposit to the SHARK/BNB Vault:  https://bscscan.com/t/02a2003fb4c57c0e03dfbdda8eb695ef8f39022df30da977942d930fffbb8e125  / borrowed 100K BNB of flash loan from PancakeSwap  / swapped 50K BNB into SHARK token and sent them alongside the rest 50K BNB to the SharkMinter contract  / called <u>getReward</u>() with the deposit of SHARK/BNB Vault from the first step  / with the huge amount of SHARK token and WBNB in the wallet balance of the minter contract. it returned an etremely large amount of profit. As a result. the system minted 100M SHARK as a reward to the hacker  / sold SHARK token for 102K WBNB. repaid flash loans. taken out 2.2K WBNB  / exchanged BNB on ETH at:  https://bscscan.com/t/0a6e265b96d92a24b1b3307f14367ac18031c33062fa6c195331db50417011df7  / bridged ETH into Ethereum network:  https://bscscan.com/t/033c01cf4885553542a8b820ef57f079ea8fe165e41b57d30b5492cfe47b0ba3b,2021-05-24 0:00,2021,759046,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Exchange,P
175,Mercenary,REKT and SlowMist,https://de.fi/rekt-database/mercenary,https://hacked.slowmist.io/search/,,(1) https://coincodecap.com/mercenary/gold/nft/project/Rug pull scam. (2) https://twitter.com/PeckShieldAlert/status/1486305364018556928?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1486305364018556928%7Ctwgr%5Eeafd8a0d7af0bc11531eaa0241aab6bbfa0ad7ba%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcoincodecap.com%2Fmercenary/gold/nft/project/Rug pull scam,,"The social media accounts of NFT project Mercenary have been deleted. Deployers spent over $760 000. REKT: The contract deployer removed liquidity at:
https://bscscan.com/tx/0x53deb909bc12ca29ff132caf8ad50a81e794f8618d8a4fd3116977fef04234c7

The contract deployer started to mint tokens several times. the example transactions:
https://bscscan.com/tx/0xbdd7c46caa1f9fdbd22bc9716f014179b51d5ea59af8f6b332122600dea1318a
https://bscscan.com/tx/0xabc092e8f8da2ae389487a0f348a856ec3479e9651557cc99634641d283e2626

The contract deployer sold tokens several times. the example transactions:
https://bscscan.com/tx/0xd219f3e072bb94a49c00736c32ea66cf7dd9cd078f1194572502566e9a9513c1
https://bscscan.com/tx/0x9b27635b300c6722acf91208f78b900b413841efedd7d48e3b39a38e145cd918
https://bscscan.com/tx/0x80ffb26c95ee3cc68566321aa87224cd0cf355c962461b89dcf60bdebfb2ba91",2022-01-26 0:00,2022,760000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,NFT,CA
184,Crypto Burgers,REKT and SlowMist,https://de.fi/rekt-database/crypto_burgers,https://hacked.slowmist.io/search/,,https://medium.com/@cryptoburgernft/a/tough/day/for/crypto/burgers/b371da577c8b,, There is a vulnerability in the Crypto Burger project  an NFT project on the BSC chain. The attacker discovered a vulnerability related to the $BURG token contract  which managed to burn most of the tokens in the liquidity pool  while immediately liquidating the tokens it had previously acquired  from liquidity.  The project said in a statement. $770 000 was stolen from the pool. REKT: Crypto Burgers suffered a flash loan attack.  The attack was caused by a smart contract vulnerability that allows the token to burn in any account.  According to the official announcement. whitehat hacker did a front/run the hackerstransaction and recovered part of the stolen funds:  https://medium.com/@cryptoburgernft/it/has/been/6/days/since/the/attack/17fc253a57b5  Stolen funds were transferred to the contract deployer:  https://bscscan.com/t/0eaad36bd24617b92dbb15c3eaba3ac9b75f9e0d1266b7f71a46903b590a46fce,2022-01-17 0:00,2022,770000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,NFT,CA
629,EOSBet,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/57970.htm (2) https://medium.com/orbs/network/hea/labs/a/security/analysis/for/blockchain/september/octob/2018/86f26f949dd4 (3) https://thenetweb.com/news/eos/dapp/hacked,, The attacker exploited the vulnerabilities in the EOSBet contract to falsify the transfer prompt.,2018-10-15 0:00,2018,776740.75,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
791,DataDAO Finance,REKT,https://de.fi/rekt-database/datadao_finance,,,(1) Users of DataDAO Finance Are at Risk of Losing Their Funds (yahoo.com). (2) https://web.archive.org/web/20220131021525/https://twitter.com/rugdocio/status/1487972154696155136,,Quick SummaryA backdoor is created in the supportsInterfaceCall() function that allowed to do calls to token contracts and transfer Part tokens of those who did approvals to the malicious &nbsp;Part contract. Details of the exploitBy 13.09.2022. supportsInterfaceCall() is being continuously called. For now. the last function eecution was done on the 10th of Aug 2022. The tokens draining started on the 31th of Jan 2022.As a result. the following losses take place:&nbsp;558348 USDC214749 &nbsp;DAI8540 MIM Still. any approved tokens left are endangered and can be drained anytime. This again demonstrates the importance of monitoring approved contracts and checking them for vulnerabilities and backdoors.&nbsp; Funds lost: 781 637 Block Data ReferenceBackdoor function (supportinterfaceCall()) https://ftmscan.com/address/0689e0205d21337cfebbe0beabf33e1bae2a1ae06#code#L1007Eample transactions&nbsp; https://ftmscan.com/t/0754b5ab0d6aaec00e4a7f173caccce3fc3e999d2a1a58192ae7a11527b9189d5 https://ftmscan.com/t/05d1242f7e07f5f803005039f490d5d0c84d73679bb1a239df6cac342f54d088bRecipient of tokens https://ftmscan.com/address/0fc2fb8fd8c98b6a16a0da7638e1c0b8085f8ed69,2022-01-30 0:00,2022,781637,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
1017,TIGER,REKT,https://de.fi/rekt-database/tiger,,,https://twitter.com/CertiKAlert/status/1573201331472547840,,TIGER token was rug pulled and the token price dropped by more than 90%. The attacker was related to the initial token holder.,2022-09-23 0:00,2022,784106,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
817,Eco DeFi,REKT,https://de.fi/rekt-database/eco_defi,,,"PeckShield Inc. sur Twitter : ""Drained lending pool funds (~1.418+ BNB) @eco_defi"" / Twitter",,The attacker: / swapped 0.02 WBNB to 12.368 RP  / deposited 12.368 RP to the pool 0c406  https://bscscan.com/address/0c4068f463d9cb722b936e0194847ab3a86de4dab  / minted 60.975.194.844 eRP share tokens  / set admin (<u>newAdmin</u>()) in Unitroller contract (06f5edd47b34ceb6506c85c15108b12b3c2cf919e) to the malicious contract (08043bfe3793597f6e74cebe495b471c27f80a179)  / new owner called <u>setPriceOracle</u>() and changed oracle address from 0f074b445e3b5858eea1e58fe5fe716ae33b69528 to malicious one 08043bfe3793597f6e74cebe495b471c27f80a179  / wrong oracle data allowed withdrawing all assets from the pool: 69.940.838139881955983638 ($69.530.01) (BSC/US...) 57.211.335292168881759699 ($57.182.27) &nbsp;(USDC) 46.906.146588682998823308 ($46.845.31) &nbsp;(BUSD) 335.725.42257116669113152 ($286.829.58) &nbsp;(VAI) 13.280051065798373675 ($51.503.49) &nbsp;(ETH) 0.581669136989633591 ($28.460.35) &nbsp;(BTCB) 244.082029656114025206 ($133.271.00) &nbsp;(WBNB) 268.860558650762202142 &nbsp;(SOL) 3.279.711492555105148787 ($52.392.89) &nbsp;(VS) 5.614.98460021139519757 ($69.977.67) &nbsp;(Cake) 99.994.616.089438012 &nbsp;(JOJO)  Stolen funds are held at the following address:  https://bscscan.com/address/068926c8595b211bd8effd9ffee7355426cdd4ce8,2021-12-28 0:00,2021,794041,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Lending,P
75,LUNC,REKT and SlowMist,https://de.fi/rekt-database/lunc,https://hacked.slowmist.io/search/,,"Anchor Protocol Got exploited with Launch of Luna 2.0. User Makes ""Free"" $800.000",, On May 30  after the launch of the new Terra chain  the price of the oracle machine of LUNC (Luna Classic) reached $5  while the actual price was much lower than $5. An Anchor platform user noticed the vulnerability and deposited about 20 million tokens. Lido Bonded Luna Token  and successfully lent 40 million UST  eventually withdrawing and making a profit of about $800 000.,2022-05-29 0:00,2022,800000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Oracle,INT
158,Gold Mine Finance,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/rugdocio/status/1494737976819163139?s=21,,Rugdoc.io tweeted that the Fantom ecological project Gold Mine Finance has rug pull.,2022-02-19 0:00,2022,800000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
290,Wault Finance,REKT and SlowMist,https://de.fi/rekt-database/wault_finance,https://hacked.slowmist.io/search/,,https://twitter.com/Wault_Finance/status/1422759668317925376,,Wault Finance on the BSC chain was attacked  and the attacker made a profit of 930 000 US dollars. Attackers due to design flaws in the economic model can carry out arbitrage attacks on the pool of WaultSwapPair (BSC_USDT/WE). REKt : The attacker:  https://bscscan.com/address/0886358f9296de461d12e791bc9ef6f5a03410c64  The transaction behind the attack:  https://bscscan.com/t/031262f15a5b82999bf8d9d0f7e58dcb1656108e6031a2797b612216a95e1670e  The attacker: / flash loaned 16.8M WUSD from WSwap’s WUSD/USDT pool and redeemed it for 15M USDT and 106M WE  / flash loaned 40M USDT from PCS’s WBNB/USDT pool  / swapped a part of the flash loaned USDT to WE before the price is pumped  / staked the flash loaned USDT to WUSDMaster contract. The 10% of staked USDT was used to buy WE and the attacker gained the WUSD with a 1:1 rate  / since there was a limit on the staking amount. the attacker performed the previous step repeatedly to increase the WE price with almost no cost  / gained profit in USDT by swapping WE from steps 1 and 3 back to USDT  / returned the flash loaned WUSD and USDT  / swapped the remaining WUSD and the USDT profit to ETH.,2021-08-03 0:00,2021,800000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
309,OptionRoom,REKT and SlowMist,https://de.fi/rekt-database/optionroom,https://hacked.slowmist.io/search/,,https://twitter.com/option_room/status/1414006279778054144,,According to official news Polkadot's ecological oracle and prediction protocol OptionRoom stated that it was affected by the cross/chain asset bridge ChainSwap attack and many projects including OptionRoom were affected by the hacker attack. Hackers can obtain 2.3 million ROOM tokens on Ethereum and 10 million ROOM tokens on BSC. OptionRoom noticed the hacking before the hackers sold any tokens and decided to remove liquidity from Uniswap and Pancakeswap to protect token holders and liquidity providers from being sold to the liquidity pool by hackers. By selling the deployer's tokens to the Uniswap pool OptionRoom was able to recover $342 117. In this way OptionRoom successfully etracted liquidity on behalf of the liquidity provider of the project. The recovered amount will be allocated according to the share of the liquidity provider. REKT: OptionRoom has been affected due to the ChainSwap hack.  As such. we had no other way to withdraw and secure the community liquidity other than by selling into the pool. This enabled us to mitigate the financial damages of the hack. reducing a potential $800.000 loss into a $38.000 loss. All the funds recovered from the emergency actions we took were added back as liquidity on PancakeSwap. and all liquidity providers were recompensed directly to their wallets.,2021-10-07 0:00,2021,800000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Oracle,INT
321,ChainSwap,REKT and SlowMist,https://de.fi/rekt-database/chainswap,https://hacked.slowmist.io/search/,,https://chain/swap.medium.com/chainswap/post/mortem/and/compensation/plan/90cad50898ab,,The cross/chain asset bridge Chainswap announced the details of the hacking incident today saying that at 04:30 AM UTC on July 2nd they noticed an abnormality on the cross/chain bridge. Some users reported that their tokens were actively removed from wallets interacting with ChainSwap. After it was taken out the ChainSwap team immediately froze the cross/chain bridge shut down all nodes and deployed the fi within 30 minutes. The team of the affected project received an alert. According to the announcement the stolen assets include 32237576.17 TSHP 80052.82027 CORRA 643405.7157 BLANK 2922720 RAI 19392.27712 ROOM 4820309.98 DET 210 108.22 UMB 55476328.8 FAIR. Chainswap stated that after negotiating with hackers it has recovered some of the CORRA and RAI tokens and the total loss is estimated to be 800 000 US dollars. At present a small amount of affected tokens have been repurchased from the market and returned to the contract wallet. The rest will be fully paid by Chainswap Vault Compensation. In addition Chainswap will also issue compensation to affected users. REKT: The attackerswallet:  https://etherscan.io/address/0941a9e3b91e1cc015702b897c512d265fae88a9c#tokentns  For cross/chain transfers. each token has its own proy contract. with the implementation pointing to the Factory contract. The hacker used the Factory contracts<u>receive</u>() method. The attacker was required to pay a fee of 0.005 ETH in <u>_chargeFee</u>. There are no real authentication checks. and just one signature is necessary. To get around this. the attacker simply signed signatures with new addresses each time. In the <u>_receive()</u> function. the volume argument is subsequently sent to the attackersaddress.,2021-07-02 0:00,2021,800000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
396,ChainSwap,REKT and ChainSec,https://de.fi/rekt-database/chainswap,,https://chainsec.io/defi-hacks/,(1) https://cryptopotato.com/chainswap/exploited/projects/using/the/bridge/protocol/crashed/99/ (2) https://chain/swap.medium.com/chainswap/post/mortem/and/compensation/plan/90cad50898ab,,“On July 2nd the project announced that its smart contract was compromised and the hackers drained around $800000 worth of assets from users’ wallets.” — CryptoPotato,2021-07-02 0:00,2021,800000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
723,Stader labs,REKT and SlowMist,https://de.fi/rekt-database/stader_labs,https://hacked.slowmist.io/search/,,(1) Stader Labs Hit by $800K+ exploit (bsc.news). (2) https://web.archive.org/web/20220817045158/https://twitter.com/CertiKAlert/status/1559764522780565504. (3) https://blog.staderlabs.com/stader/near/incident/report/08/16/2022/afe077ffd549,,Quick Summary&nbsp;A vulnerability made it possible for an attacker to mint $Near 20 million. Block Data ReferenceStader labs provides staking services and risk adjusted returns to delegators. The protocols smart contracts were exploited by an attacker named gregoshes.near. The attacker managed to transfer $Near to his wallet without providing $NEAR as collateral. The attacker then utilized the illegitimately minted $Near to drain $Near/$Near pools on Jumbo exchange and Ref Finance. In order to address the attack and identify the vulnerability the smart contract was paused. The Stader team has initialized communication with the attacker in order regain the stolen funds. which the attacker did not answer to.The team has also established a recovery plan which will make all impacted liquidity providers whole again.&nbsp;,2022-08-16 0:00,2022,800000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Yield,CP
755,BitBot,REKT,https://de.fi/rekt-database/bitbot,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #100 - Cake Lock $LOCK (0x5f3bb338aE09a5A15CEB3D0E9E5194B404b95A1b) Reason: This project is being run by serial scammer @Techwithyani. Likeliness of losing all funds: 50% of the presale is already gone. we recommend you to move out. DYOR. #WARONRUGS?… https://t.co/QABACS6yRe"" (archive.ph)",,The project was holding a fundraising event using Token Sale contract: https://etherscan.io/address/011ab1c266776228b7f620dcf666dbea205aff2c7#code The final fundsrecipient was the contract deployer: https://etherscan.io/address/011ab1c266776228b7f620dcf666dbea205aff2c7#internalt 615 ETH were transferred to the contract deployer: https://etherscan.io/t/01f2ef3fc70309007fb1319dd6401d151dc3e5eb028bb88541540abe0cbf0ffb1 The contract deployer use added initial liquidity using 300 ETH: https://etherscan.io/t/0899d79c7087c0f1fee974dc8f35b2c7db8cc363475bf2a959d88f978b069bb84 The contract deployer removed 89 ETH and 1.075 BBP from the liquidity pair: https://etherscan.io/t/03cfea957ff82e43a6d2322a0b5607d78d0f10caee9c8a31f8680912cfc4931fb The contract deployer sold 1.017 BBP For 15.69 ETH: https://etherscan.io/t/00fe2adf8ca2dbd3469c87612ef7e78b90799c09b46aebae053cc7d2244375d64,2021-02-20 0:00,2021,805001,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
882,Inputs.io,REKT,https://de.fi/rekt-database/inputs.io,,,A Complete List of Cryptocurrency Exchange Hacks [Updated] — IDEX Blog,,Inputs.io was compromised on October 23 and then again on October 26. with hackers making off 4.100 bitcoins total. The loss was a result of a social engineering attack that compromised a chain of email accounts. Eventually. the attacker gained access to reset the password for the Linode server.,2013-10-23 0:00,2020,809000,External factor,Deceiving personnel,Human risk,Target,CeFi,
410,DeTrade Fund,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://cryptocoindaddy.com/detrade/fund/eit/scams/runs/away/with/1438/ether/. (2) https://cryptoslate.com/happy/ending/investors/track/down/rug/pull/scammers/some/ethereum/returned/,,According to reports DeTrade Fund was the biggest scam on Friday the platform allowing any user to profit by putting money into its arbitrage system and defrauding more than 1 400 ETH raised in a pre/sale. Twitter user Artura discovered that DeTrade Fund is actually run by a Lithuanian. Shortly after Artura's tweet the scam's affiliate addresses distributed hundreds of ETH to presale participants returning around 65/70% of the initial stolen funds.,2020-12-14 0:00,2020,842452.3,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
395,ArmorFi,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/EaseDeFi/status/1365863250827620352,,DeFi Insurance Agreement The Armor team claimed that some team members were scammed by OTC and were defrauded of 1.2 million ARMOR tokens. The scammers have already dumped all tokens for a profit of 600 ETH (approimately US$850 000). The Armor team disclosed that the scammers pretended to be strategic investors on social media falsely claiming to purchase tokens from the team through OTC defrauded 1.2 million ARMOR tokens in OTC transactions and then sold them. According to the Armor team &quot No hacking the project is still safe.&quot,2021-02-27 0:00,2021,850000,External factor,Deceiving personnel,Human risk,Target,Dapp,P
1110,ElasticSwap,REKT,https://de.fi/rekt-database/elasticswap,,,(1) https://archive.ph/raRih. (2) https://archive.ph/mHua9. (3) https://twitter.com/BlockSecTeam/status/1602848642066366466,,,2022-12-13 0:00,2022,850000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
183,Crosswise,REKT and SlowMist,https://de.fi/rekt-database/crosswise,https://hacked.slowmist.io/search/,,https://twitter.com/crosswisefi/status/1483667387522162688,,Decentralized trading platform Crosswise was attacked in nearly an hour  losing about $879 000. The hacker exploited a publicly eposed privileged function  which was then used to set trustedForwarder and further hijack Crosswise's owner privileges. The stolen funds have now been transferred to Tornado Cash for miing. REKT: The transaction behind the attack:  https://bscscan.com/t/0d02e444d0ef7ff063e3c2cecceba67eae832acf3f9cf817733af9139145f479b  The attackersaddress:  https://bscscan.com/address/0748346113b6d61870aa0961c6d3fb38742fc5089  The attack was made possible by the public disclosure of a privileged function. which is subsequently used to set the <u>trustedForwarder</u> and further hijack the Crosswise MasterChef owner permission.  The attacker: / called <u>setTrustedForwarder</u>() function to change <u>trustedForwarder</u> / transferred the ownership / swapped 0.01 WBNB to 3.71 CRSS through CrosswiseRouter / deposited 1 CROSS to Crosswise MasterChef / set strategy to the new one under the hackerscontrol / withdrew 692K CRSS from the MasterChef / swapped 692K CRSS to 547 WBNB  Stolen funds were deposited into the Tornado Cash proy:  https://eplorer.bitquery.io/bsc/ts/calls?caller=0748346113b6d61870aa0961c6d3fb38742fc5089&amp;contract=00d5550d52428e7e3175bfc9550207e4ad3859b17,2022-01-18 0:00,2022,879000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
11,Sudorare,REKT and SlowMist,https://de.fi/rekt-database/sudorare,https://hacked.slowmist.io/search/,,https://twitter.com/Brentsketit/status/1561957211064020995,,Sudoswap imitation disk Sudorare is suspected to have a Rug Pull  and the Looks  WETH and MON tokens in the contract address were transferred to the first 0bb42 address (0bb42f789b39af41b796f6C28D4c4aa5aCE389d8A)  and then sold for ETH on Uniswap  with a total profit of about 519.5 ETH (about 800 000 US dollars)   the Sudorare website and Twitter account are now inaccessible. ‎According to the analysis  the initial deployment funds came from the exchange Kraken. REKT : >The owner of SudoRare contracts used privileges and transferred all deposited assets from SudoRare Pools. The contracts contained security issues as minting and privileges to freely transfer any types of assets from the pools contract were accessible by the owner.&nbsp;   dir=>Details of the exploit<span style=>SudoRare was a NFT platform with staking features using $MON. $LOOKS and $ETH assets. After reaching certain amount of assets. the owner of the SudoRareGenesisPool contract used his privileges to withdraw funds including 6 $MON (125.4 $ETH). 1.115.216 $LOOKS (192 $ETH) and 200 $wETH. After the withdrawal. all assets were sold on UniSwap for $wETH. The total of the ill/gotten funds amounted to 517.4 wETH. which were transferred to three newly added addresses.&nbsp;<span style=>Subsequently. a huge amount of $SR tokens (87.7 % of total supply) was transferred to another address. Official site sudorare.yz has been downed and social accounts have been deleted.,2022-08-23 0:00,2022,883201,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Staking,CP
468,VETH,SlowMist,,https://hacked.slowmist.io/search/,,https://www.tuoniao.com/newsflash/p/447988.html,,Coingecko researcher Daryllautk tweeted that VETH suffered a hacker attack on the decentralized exchange Uniswap. The hacker stole 919 299 VETH (worth $900 000) using only 0.9ETH. After the attack  VETH officially stated that the contract was used by the U improvement it placed in transferForm()  which was their fault. They will redeploy vether4 and will compensate all affected Uniswap pledgers. This attack mainly uses the visibility of the changeEcluded function in the contract to be External and there is no permission restriction. The user can directly make External calls to create the necessary conditions for the attack.,2020-07-01 0:00,2020,900000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
228,8ight Finance,REKT and SlowMist,https://de.fi/rekt-database/8ight_finance,https://hacked.slowmist.io/search/,,https://coincodecap.com/8ight/finance/hacked/all/funds/in/treasury/withdrawn/due/to/leak/of/the/private/key,, 8ight Finance on the Harmony chain was hacked  and $1.75 million was stolen due to the leak of the private key due to google doc. The platform tweeted about the loss yesterday  and in its discord server provided an eplanation for the loss of funds: Two developers on the team have the keys and they were sent via Facebook group chat and google drive. This is our first project  so we have to admit that our opsec is low. REKT: The project\steam stated: Our private key got compromised and the funds have been transferred out of the treasury.  As a result. the address that received access control withdrew: / 490.170 DAI  https://eplorer.harmony.one/t/07a9aeca34468a667fd1cc045d12245b424fcaf65ab97c54cb09ac0f48b9af964  / 378.417 DAI / 10.843 LP  https://eplorer.harmony.one/t/00af0e8ea2af54429ba84f1e645725b6c6b0844fccc7fa4e2f69dc580a2dc70b2  / 12.362 USDT  https://eplorer.harmony.one/t/071a8fa404b7d8b4776397dedb5c7aa9090e045d86a8c621ae1b681fb92ec5bf9  Transfer from ca1d account to cc541:  https://eplorer.harmony.one/t/0be7617d4c46c334327a018d6cfe7d6d492726b102f2d63d57da5ee11ab797bec  Funds were delivered into Ethereum and deposited into Tornado Cash mier:  https://etherscan.io/address/04d8071452bf5f629ea1c72e1e42a18aebc04ca1d,2021-12-06 0:00,2021,923719,External factor,Exploiting operational mistake,Human risk,Target,Dapp,P
597,Electrum,REKT and SlowMist,https://de.fi/rekt-database/electrum,https://hacked.slowmist.io/search/,,(1) Phishing Attack on Electrum Wallet Nets Hacker Almost $1 Million in Hours: Report (cointelegraph.com). (2) https://twitter.com/ElectrumWallet/status/1078319006862454785. (3) https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/,,Electrum suffers from Update Phishing theft. (The Update Phishing attack continues  and the older version (less than 3.3.4) is still under threat.) REKT: The hacker setup a whole bunch of malicious servers.  The hacker\swallet:  https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj If someone\sElectrum Wallet connected to one of those servers and tried to send a BTC transaction. they would see an official/looking message telling them to update their Electrum Wallet. along with a scam URL:  https://user/images.githubusercontent.com/29142493/50359293/8780b500/055c/11e9/8cfd/83b342edeffb.png  There is an ongoing phishing attack against Electrum users. Our official website is  https://electrum.org Do not download Electrum from any other source. / Electrum stated.,2018-12-27 0:00,2018,949000,Instant user deception,Evil twin site,Imitation,Intermediary,Other systems,
747,Bacon Protocol,REKT,https://de.fi/rekt-database/bacon_protocol,,,Bacon Protocol Hacked: Reportedly $1M Lost / CoinCodeCap,,The Exploitersaddress: https://etherscan.io/address/07c42f2a7d9ad01294ecef9be1e38272c84607593 The transaction behind the exploit: https://etherscan.io/t/07d2296bcb936aa5e2397ddf8ccba59f54a178c3901666b49291d880369dbcf31 The hack is made possible due to a reentrancy bug in the <u>lend</u>() routine so that the Exploiter can get more lending credits via re/entering the <u>lend</u>() routine. The contract exploit led to sending 957.166 USDC out of the protocol. A second exploit was prevented by a white hat group who returned the 34.232 USDC they received. These changes caused the price of bHOME to temporarily unpeg and decrease to $0.86. As of March 6th. the BaconCoin team has deposited 991.441 USDC into the BaconCoin multi/sig that will be used to recapitalize the protocol: https://etherscan.io/t/0f13823eccb9debdfc41cbd4a36430fa727271e74fca27caadadb967fd5bdcdc7 https://etherscan.io/t/023ccdd965c1c376d229c121cc1ffe113a6dac1ecc6a6b16ae4af92d8428dc668,2022-05-03 0:00,2022,957166,Contract vulnerability,Reentrancy,Technical vulnerability,Target,FT,CA
233,Visor Finance,REKT and SlowMist,https://de.fi/rekt-database/visor_finance,https://hacked.slowmist.io/search/,,https://twitter.com/GammaStrategies/status/1464702295153774594,, The malicious contract attacked Visor's OHM/ETH 1% LP management contract. Funds in the targeted pool were recovered by Visor just hours after the attack. The funds deposited by users into Visor are not at risk. REKT : The attackersaddress 1:  https://etherscan.io/address/089640eb6c8d72606d6a0fff45415bff0ab0e3ae1  The attackersaddress 2:  https://etherscan.io/address/0f434edf6b19e7310a7bea05ad3df6c086fd3a98e  The transactions behind the flash loan attack (Exploiter 1):  https://etherscan.io/t/05c9ac39ca05e51147d60156f085e650370a1e930f9f615f758fecb31deafb6ab  https://etherscan.io/t/0c2104896231ed5ad66e880f046d9973a0b85e28d5534f3e7213bbb41e83f7316  https://etherscan.io/t/007f39ed1cb3c2e1426236344d3d35dd7d79ce6cddb3a9ed17885ae9eef099639  https://etherscan.io/t/02f49b4365b688211812ec9fd0c9ac3969a6a49b99d1df75edebd3adbed0d8f55  https://etherscan.io/t/0ca68269685524d3818c98cb588c00a215fcc8a15c739c0a4468e078b3f3f3a7a  Stolen funds (91 ETH) were deposited into Tornado cash mier at:  https://bloy.info/ts/calls_from/089640eb6c8d72606d6a0fff45415bff0ab0e3ae1?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967  The transactions behind the flash loan attack (Exploiter 2):  https://etherscan.io/t/04208ef772b9ecb7a0494510101525e765240568d3788bab555942d344b984f67  https://etherscan.io/t/06e5be7b85df2913ba8e807de9350d69969134d3f73391e620db267a9d0f8f461  https://etherscan.io/t/042c91595b1b1ec782f99069cd0c5a31fccdf2244c49b8493a2ddf70141ab5fb8  Stolen funds (124 ETH) were deposited into Tornado cash mier at:  https://bloy.info/ts/calls_from/0f434edf6b19e7310a7bea05ad3df6c086fd3a98e?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967  The exploit was eecuted according to the following scheme:  1. Take a flash loan of asset .  2. Swap  for Y to pump the price of Y. dump the price of .  3. Deposit Y into Y Visor Pool to get outsized shares based on the manipulated value of Y.  4. Withdraw shares to get the equal ratio of Y back from Visor.  5. Rebalance the pool. and pay back the flash loan.,2021-11-25 0:00,2021,972616,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
955,Profanity Wallet Hack,REKT,https://de.fi/rekt-database/profanity_wallet_hack,,,About $1M in crypto stolen from vanity address exploit. / The Coin Republic,,Quick Summary732 $ETH was stolen from the wallet generated by the Profanity tool. The hacker compromised the private key and transferred funds to Tornado Cash. Details of the exploitAnother hack occurred related to Profanity generated addresses. The hacker stole 977.550 $USD worth of assets from the vanity address and transferred them to Tornado Cash. The victim sent a transaction with the message. asking for a return of 50% of the stolen funds. Block Data ReferenceAttacker address: https://etherscan.io/address/09731f44b8d28e6d5c2f110f9643a3da6c80539b9 Transactions to Tornado Cash: https://eplorer.bitquery.io/ethereum/ts/calls?caller=09731f44b8d28e6d5c2f110f9643a3da6c80539b9&amp;contract=0d90e2f925da726b50c4ed8d0fb90ad053324f31b The Transaction with the message: https://etherscan.io/t/0f7e7de7c5b3a23b9407f2b763f2dd0531588e0ea407b6c2d781112b13452e512,2022-09-18 0:00,2022,977550,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
1130,King Tribe,REKT,https://de.fi/rekt-database/king_tribe,,,"CertiK Alert on Twitter: ""#CertiKSkynetAlert ?? We are seeing a price #slippage on project @KingTribe_Defi (KTB) Contract bsc: 0x7696c8bcf00d42c2a93a3750d13b80d6a61b45f5 which has dropped &gt;97%. Deployer sends 232.5m KTB tokens to 0xcA13A which sells for ~230k BUSD. Stay vigilant! https://t.co/dMzY6HFKw2"" / Twitter (archive.ph)",,"Quick Summary
King Tribe was rugpulled by the token deployer-related EOA addresses. The total drained amount reached 997.086 $USD.
Details of the Exploit
KingTribe is NFT and a BEP20 token on the Binance chain. The $KTB token price dropped by more than 95% after several EOA addresses drained the liquidity from the PancakeSwap pool. The scammers received $KTB tokens from the token deployer. All the stolen amount was collected to a certain EOA address which sent the funds to an address labeled ""mexc.com"". The total stolen amount reached 997.086 $USD and the last transfer happened on November 18. 

Block Data Reference
Scammer addresses:
https://bscscan.com/address/0x2015ca29bd0ab4adead28e08a9fa0aa3dffd202d
https://bscscan.com/address/0xca13add78bd66f9e5e52612d81fb1d78f3a4cbce
https://bscscan.com/address/0x87b89a7ed1cf3ca8a491788ccf98fa68ff2ba72d
https://bscscan.com/address/0x9b629e1a662be030fafb3cb18e0e4a0b51b798ff

Address collected the funds:
https://bscscan.com/address/0x36e39ce87d1a60507143acf6c04d798bf9a2814b

Final destination address:
https://bscscan.com/address/0x4982085c9e2f89f2ecb8131eca71afad896e89cb

Token distribution transactions:
https://bscscan.com/tx/0x9f45aa5e1e2f025de6d69bc06125f575acd2826052c1cc81f863f8b103242863
https://bscscan.com/tx/0x0999d3b1019afc4f9cbded399dd576f4cda8e09b6194bc4a1885f680a9619fe2
https://bscscan.com/tx/0x87762d7bc077e84490eea8e5a5e219ec7f7a78578183e961c1d6e6896070b342",2022-11-06 0:00,2022,997086,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
117,ZEED,SlowMist,,https://hacked.slowmist.io/search/,,"BlockSec sur Twitter : ""1/ What if rewards can be tripled? Our system detected an attack transaction(https://t.co/k8Tet2o0Q) that exploited the reward distribution vulnerability in ZEED on #BSC. @zeedcommunity @defiprime"" / Twitter",,The DeFi ecological protocol ZEED was attacked and lost about $1 million. At present  the attacker's gains are all in the attack contract.,2022-04-21 0:00,2022,1000000,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
187,Frosties,REKT and SlowMist,https://de.fi/rekt-database/frosties,https://hacked.slowmist.io/search/,,https://cryptoslate.com/frosties/nft/investors/rug/pulled/loses/over/1/million/,,The creator of the NFT project Frosties absconded with the money  causing investors to lose more than $1 million. According to available information  there are 8 888 NFTs in the series with a floor price of 0.04 ETH  roughly over $120. Within an hour  all NFTs were sold  but instead of getting their assets  investors found out that the project developers closed all communication with community members. Etherscan data shows that developers have moved most of the funds from the OpenSea account to another wallet.,2022-01-09 0:00,2022,1000000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,NFT,CA
210,Mirror Protocol,REKT and SlowMist,https://de.fi/rekt-database/mirror_protocol,https://hacked.slowmist.io/search/,,"(1) FatMan sur Twitter : ""???? What if I told you that Mirror Protocol. up until 18 days ago. was susceptible to the one of the most profitable exploits of all time. allowing an attacker to generate $4.3m from $10k in a single transaction? Here's how I discovered this / by pure serendipity. ????"" / Twitter. (2) https://www.investing.com/news/cryptocurrency/news/90/million/hack/of/terras/mirror/protocol/went/unnoticed/for/seven/months/2831933",,Terra research forum member FatMan tweeted that the Mirror Protocol  a synthetic asset protocol developed by Terraform Labs  has a longstanding vulnerability. Since October 2021  attackers have exploited this vulnerability for multiple attacks within a period of 7 months  and the highest single profit eceeded $4 million ($4.3 million using $10 000)   of which was recovered by Terraform Labs Or the Mirror team found out. By the time the bug was fied  the attacker  s total profit from exploiting the bug could have eceeded $30 million. FatMan said the bug was discovered and questioned by Mirror forum members 11 days ago and has since been fied  but the Mirror team has not made any statement on the matter. REKT: Quick SummaryTerra\sMirror Protocol was exploited for ~$90 million by a hacker. The attack went unnoticed for 7 months before a Terra community member called FatManTerra identified the exploit. Details of the exploitThe Mirror Protocol was a synthetic assets protocol that allowed users to deposit USTC or LUNAC with a lockup period in order to mint synthetic stocks and commodities. The protocol allowed user to utilize both short and long strategies. The shorting functionality could only be accessed by locking funds for 14 days. The lock contract would then generate a position ID which was used in order to release the users funds if desired. The attacker initially deposited 100.000 UST to the lock contract in this transaction: https://finder.terra.money/classic/t/29C9CFBBC9562100A5DB19D705E440CE24768D3BDE399507FA1C2EC2424413C4 in order to prepare the attack. The attacker noticed that the lock contract had a vulnerability which allowed the attacker to unlock funds by using the same position ID over and over again as can be seen in this transaction: <span style=\> https://finder.terra.money/classic/t/08DD2B70F6C2335D966342C20C1E495FD7A8872310B80BAF3450B942F79EBC1F. exploiting the protocol for appro. $90 million USTC in the process. Block Data ReferenceAttacker address:  https://finder.terra.money/mainnet/address/terra1200zm8crgjaj949ta8r7p6pay0qq638js4sdmh ,2021-10-08 0:00,2021,1000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Lending,P
211,Vesper Finance,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/VesperFi/status/1476713007526957065,, Vesper Finance tweeted that its No. 23 lending pool Vesper Lend beta launched on the interest rate agreement Fuse has been attacked again. The attacker manipulated an oracle and depleted the beta test borrowing pool of DAI  ETH  WBTC  and USDC of approimately $1 million. This is not an attack on the Vesper contract  no VSP or VVSP is threatened. Vesper has banned the lending of all tokens in Beta Vesper Lend Rari Pool #23  and also switched the oracle from VUSD/USDC to VUSD/ETH (Uni v3). Prior to this  the Vesper Lend loan pool on Rari Fuse was attacked  and the attacker made a profit of 3 million US dollars.,2021-12-31 0:00,2021,1000000,Interconnected actors flaw,Undetermined,Technical vulnerability,Target,Yield,CP
392,Sentinel,REKT and SlowMist,https://de.fi/rekt-database/sentinel,https://hacked.slowmist.io/search/,,"Sentinel dVPN ?? sur Twitter : ""Here's the t where @hitbtc eposed their mnemonic. we will let the wider crypto community decide who is at fault. our software matches Cosmos SDK. This is not a hack but just mismanagement. we call for HitBTC to refund the $DVPN they willingly lost. https://t.co/IiSzerYbHV"" / Twitter",,Sentinel a Cosmos ecological dVPN project stated on Twitter that the $40 million DVPN tokens were stolen due to the leak of the mnemonic phrase on the HitBTC exchange. Sentinel stated that the user s own DVPN was safe and HitBTC had the problem. They reported the hacking incident to Sentinel one hour after the incident. So Sentinel hopes that HitBTC will take action to return DVPN to users. HitBTC responded that Sentinel was trying to shirk responsibility for its technical defects and deceive everyone. HitBTC believes that Sentinel’s technology has vulnerabilities that can easily cause user mnemonics to be publicly disclosed. Such vulnerabilities are common in the Sentinel network and the blockchain and software have not been thoroughly tested and the company has not invested enough Time and resources to protect users. Therefore HitBTC recommended that Sentinel fi the security vulnerabilities in the software conduct more tests and restart the current centralized system. REKT : Sentinel. a Cosmos ecological dVPN project. stated on Twitter that the $40 million DVPN tokens were stolen due to the leak of the mnemonic phrase on the HitBTC exchange. Sentinel stated that the user's own DVPN was safe. and HitBTC had the problem. They reported the hacking incident to Sentinel one hour after the incident. So Sentinel hopes that HitBTC will take action to return DVPN to users. HitBTC responded that Sentinel was trying to shirk responsibility for its technical defects and deceive everyone. HitBTC believes that Sentinel’s technology has vulnerabilities that can easily cause user mnemonics to be publicly disclosed. Such vulnerabilities are common in the Sentinel network. and the blockchain and software have not been thoroughly tested. and the company has not invested enough time and resources to protect users. Therefore. HitBTC recommended that Sentinel fix the security vulnerabilities in the software. conduct more tests. and restart the current centralized system.,2021-08-21 0:00,2021,1000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Dapp,P
521,Soe,REKT and SlowMist,https://de.fi/rekt-database/soe,https://hacked.slowmist.io/search/,,https://www.coinonpro.com/kuaiun/49935.html,, Soe exchange has been eposed to abscond with the funds. At present  the website of the exchange has been unable to open  and hundreds of millions of funds of investors have been swept away  involving BTC  ETH  HT  OKB and other mainstream currencies. Over 1 million USDT has been flowing into other exchanges. REKT : According to PeckShield digital asset escort system (AML) data. the Soe exchange was suspected of running away. The exchange website has been unable to open. swept away hundreds of millions of investors' funds. involving BTC. ETH. HT. OKB. and many other mainstream currencies. According to some addresses submitted by victims (incomplete statistics). PeckShield security personnel locked the flow of target assets (USDT part) and found that the target addresses starting with 1G8cEC and 1GLsou aggregated over 1 million USDT. After one or two transfers. a total of 1 million USDT was transferred to the Huobi exchange starting with 1HckjU.,2019-07-04 0:00,2019,1000000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,CeFi,
547,Bitcoins Norway,REKT,https://de.fi/rekt-database/bitcoins_norway,,,Bitcoins Norway exchange Refunds Hacked Users / InsideBitcoins.com,,A small Norwegian cryptocurrency exchange has refunded its users after falling victim to a SIM swap and phishing hack. reportedly losing $1m worth of digital assets.  A judge at a Sør/Rogaland District Court hearing ruled that Bitcoins Norway CEO Ole/André Torjussen distributed an appropriate refund amount.,2019-05-07 0:00,2019,1000000,External factor,Deceiving personnel,Human risk,Target,CeFi,
77,DecentraWorld,SlowMist,,https://hacked.slowmist.io/search/,,"CertiK Alert sur Twitter : ""#CommunityAlert ?? We are seeing a #Rug pull scam on DecentraWorld / $DEWO which has dropped more than &gt;97%. Their social media accounts are down and approimately $1M USD (~3127 BNB) was taken. Token Address: 0cdd6494aeb193c8d5541b5b9c5e72a3809a98fdc Stay safe out there! https://t.co/KzRVA7i8CK"" / Twitter",,DecentraWorlds DEWO token price plummeted  the founding team of DecentraWorld drained the projects funds and stole 3 127 BNB (about $1 million)  and the projects official website and Twitter account were deleted.,2022-05-25 0:00,2022,1028118.51,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
794,DecentraWorld,REKT,https://de.fi/rekt-database/decentraworld,,,(1) Revisiting DecentraWorld / Blog / Web3 Security Leaderboard (certik.com). (2) https://dappradar.com/blog/decentraworld/rug/pull/drains/over/1/million/in/bnb. (3) https://twitter.com/CertiKAlert/status/1529180042311389184?s=20&t=f4Thrt5Y16ndZlbeRyPBQ. (4) https://web3isgoinggreat.com/single/decentraworld/project/rug/pulls/for/1/million,,The DecentraWorld project was successfully Rug pull scamed by its project team. At that time. projet's $DEWO token showed a positive development trend until the team drained out all the treasures from the project. stealing more than $1m.,2022-05-24 0:00,2022,1037288,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
666,Bithumb,REKT and SlowMist,https://de.fi/rekt-database/bithumb,https://hacked.slowmist.io/search/,,(1) https://www.trendmicro.com/vinfo/us/security/news/cybercrime/and/digital/threats//south/korean/cryptocurrency/exchange/bithumb/hacked/. (2) https://www.bleepingcomputer.com/news/security/fourth/largest/cryptocurrency/exchange/was/hacked/users/lose/ethereum/and/bitcoin/,,Bithumb is one of the five largest bitcoin exchanges in the world. Hackers succeeded in grabbing the personal information of 31 800 Bithumb website users including their names mobile phone numbers and email addresses. The exchange claims that this number represents approimately three percent of customers. And the exchange further claims that the breach was made to a personal computer belonging to an employee and not the exchange’s internal network servers nor digital currency wallets. Attackers appear to have stolen enough credentials to begin a process of “voice phishing ” where the scammers call up victims one at a time and pose as representatives of Bithumb. REKT: South Korea/based Bithumb has said that it believes the personal details of more than 30.000 of its customers were stolen as a result of the hack.  The security breach involved an employeeshome PC rather than computer servers at the firmsheadquarters.  Bithumb said the leaked data did not contain passwords. dozens of customers have reported receiving follow/up scam calls and tets that persuaded them to share their accountsauthentication codes.,2017-06-29 0:00,2017,1040000,Instant user deception,Undetermined,Imitation,Intermediary,CeFi,
686,CollectCoin,REKT,https://de.fi/rekt-database/collectcoin,,,"(1) CollectCoin sur Twitter : ""This is not a scam. we have been hacked and we sincerely apologize. We're going to make this right and make a new contract. We will restore the tokens and refund the same value 1:1 before the hack happened. More details here : https://t.co/8vyZ3Kjkyc https://t.co/z6OQGcmlQY"" / Twitter. (2) https://monacomarket.medium.com/clct/got/hacked/c0c8f1a960d3",,The attackersaddress: https://bscscan.com/address/0bb1d1d435d8c2238cc65a0f427034440b00ef1d2 The transaction behind the attack: https://bscscan.com/t/085778af13373250cd7d2a09903128c086e76bbbb5adc61b3df74ae8b126abfd8 The deployed contract involved in the attack: https://bscscan.com/address/09be506b15a45757e1fb36e978ecadb415aaba9e0 The attacker: / swapped 1 BNB on 2.860 CLCT on PancakeSwap / invoked public <u>burn</u>() and pumped CLCT price / sold 2.860 CLCT for 1.661 BNB Stolen funds were deposited into the Tornado Cash mier and distributed between External addresses.,2021-02-12 0:00,2021,1071931,Contract vulnerability,Undetermined,Technical vulnerability,Target,CeFi,
722,Sovryn,REKT,https://de.fi/rekt-database/sovryn,,,Eplained: The Sovryn Hack (October 2022) (halborn.com),,Quick SummarySovryn ProtocolsRBTC and USDT lending pools have been exploited by price manipulation. The attacker profited for 1.078.000 $USDT worth of assets as $RBTC and $USDT. Details of the exploitSovryn is the protocol that provides trading and lending opportunities on the Layer 2 Bitcoin/based RSK chain. The protocols$RBTC and $USDT lending pools were exploited and the attacker took away 44.93 $RBTC and 211.045 $USDT. The attacker exploited price calculation logic to withdraw more $RBTC than usual. Devs managed to recover roughly half of the stolen assets through a combined effort at the moment.&nbsp; Block Data ReferenceAttacker address: https://eplorer.rsk.co/address/0c92ebecda030234c10e149beead6bba61197531a Malicious contract: https://blockscout.com/rsk/mainnet/address/0A893cdcb731aE8F91cb50f51f28980cDba96b0A6 Malicious transaction eample: https://eplorer.rsk.co/t/0f5ea6266a56f4e0135b73f63050afca7146bc940ac73da8b5fade9d8031582e2,2022-04-10 0:00,2022,1078194,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Lending,P
827,Ethereum Yield,REKT,https://de.fi/rekt-database/ethereum_yield,,,Telegram: Contact @ethereumyieldfarms (archive.is),,The project was holding token sales using 2 smart contracts:  https://etherscan.io/address/0052cd7423b54d18c97847c0b5c73abcb8cf6bf5b#internalt  https://etherscan.io/address/028a34597dd445192c0c53bee5d4f9e16c3553203#internalt  The major and final Ether recipient. raised on the presale. was the Ethereum Yield deployer:  https://etherscan.io/t/0d4f0e4fd2ef754133b94449d3d589c8d047554550bbad40acce5302893d76450  https://etherscan.io/t/0bc4d09d88004e41a48305458d5c2e8293d54de39ae8cd2a9f139e6f4438a4c01  https://etherscan.io/t/045f56a337f32a7192cb5b40aeb33f6efe53d0064de313b52e1b2b92d7ef29e96  In total. the Ethereum Yield deployer received 3.100 ETH.  The contract deployer used 700 ETH to add the initial liquidity into the ETH / ETHY pair:  https://etherscan.io/t/03a0f9586d57ef7920c841dc97d48846ee02821366f52189984eea7c4a6fb75ce  This liquidity was locked till 01.01.2100 at:  https://etherscan.io/t/0aa6aab75cc06b2253d9e85e20e1bf4a4d4228dc6d025319bcb1d07842977a36b  The contract deployer used 1.000 ETH to add the initial liquidity into the ETH / ETHYS pair:  https://etherscan.io/t/0fed11e4b89a3ba51a4e4ebd27d60e96ee1a5e3c1d3d8f215038b6e828e0b0082  However. the liquidity wasn tlocked and the contract deployer removed it multiple times at:  https://etherscan.io/t/0c9fe6fd44401b645a98f66db3b71aa779ef8133722ac532b041f39af41b1dfd7  https://etherscan.io/t/062d4cb45091b89273e581b0de583f25a365129856524cc48811692678191a7b5  https://etherscan.io/t/0f99ad612c0ce171a134193495509a836d977667a5b4a92367bd26894fb8f1cfc  https://etherscan.io/t/0747add9e56367654431fdd82ff24f1cc5959e1d3519f4142237d15727afe8eb2  https://etherscan.io/t/0b55fb4850f1d0bf95caa094b41cf0e5d2e8dbb752edb265072130dc662c3a77d  https://etherscan.io/t/05eda7b6a70c677c91f9e5708654d789c9b6f9a0b7b2ae374fa9b09442bb004d1  https://etherscan.io/t/00e09397ffcaa9c8339095da0f47214d52b62c0cf755f048022854598a1bd80b7  The last pinned message in the official Telegram group says that the owner and developer left the team:  https://archive.is/fSGYW,2021-02-11 0:00,2021,1099672,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Yield,CP
27,Audius,REKT and SlowMist,https://de.fi/rekt-database/audius,https://hacked.slowmist.io/search/,,https://twitter.com/AudiusProject/status/1551377708722008065,,Web3 music streaming service platform Audius community treasury was hacked  losing 18.5 million AUDIO Tokens. The hackers exchanged the funds for about 705 ETH on Uniswap. Audius officially stated that the problem has been found and is currently being repaired. All Audius smart contracts on Ethereum must be stopped  including tokens. The team believes that there is no further capital risk. Before the repair is completed  token balances  transfers  etc. will be temporarily unavailable. use.,2022-07-23 0:00,2022,1100000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
58,Treasure swap,REKT and SlowMist,https://de.fi/rekt-database/treasure_swap,https://hacked.slowmist.io/search/,,Security Agency: The treasure swap project side was attacked. and the attackers accumulated a profit of 3.945 BNB / PANews (panewslab.com),, The treasure swap project was attacked. The attacker only used 0.000000000000000001 WETH to exchange all the WETH tokens in the transaction pool. The reverse of the source code found that the swap function of the attacked contract lacked the K value check. At present  the attacker has completed the attack on the two contracts 0e26e436084348edc0d5c7244903dd2cd2c560f88 and 096f6eb307dcb0225474adf7ed3af58d079a65ec9  and accumulated a profit of 3 945 BNB. REKT: Quick SummaryThe Treasure Swap project has been exploited by hackers. Using the vulnerability. the hacker needed only 1 wei to exchange all the $WETH tokens in the transaction pool. Details of the exploitTreasure Swap is a donation protocol driven by the community to build a sustainable DAO.The hacker noticed a vulnerability in the Treasure Swap contract. where in the swap<em>&nbsp;</em>function the check for the k/value of the constant formula k = a * b. which determines the price of the token (A) in the token (B). was skipped. The hacker noticed this vulnerability. deployed his malicious contracts on the network with which he began to steal the <span style=\  >$WETH&nbsp;reserves from the protocol.Eample transactions of the exploit:1)  https://bscscan.com/t/013285cc0397d529d81b70e1736c81b73c585532d6290803f0f371e2f9beba0c32)  https://bscscan.com/t/090a8e176537782ac64c672b0140133974873e92eafef835bdf2d6f2fd180c92d3)  https://bscscan.com/t/00b13710aebdc2fa7655a511655cac84ae9ae8a93a778d7628fd7f0b21afc219cAll stolen $BNB are still held on the hacker\swallet. Block Data ReferenceHacker address:  https://bscscan.com/address/00FaCB17eFCb6cA6Ff66f272DE6B306DE9fb5931D Vulnerable contract addresses:&nbsp;1)  https://bscscan.com/address/0e26e436084348edc0d5c7244903dd2cd2c560f882)  https://bscscan.com/address/096f6eb307dcb0225474adf7ed3af58d079a65ec9 Malicious contract addresses:1)  https://bscscan.com/address/0d53826f2c10b116990507d35f7b9fe4461651fba2)  https://bscscan.com/address/05baa2e6b84c2bd1871e147983bc57fa90bdce3763)  https://bscscan.com/address/0d14c71b8f1b9576e0560273c764e289f593c2016,2022-06-11 0:00,2022,1100000,Contract vulnerability,K value verification vulnerability,Technical vulnerability,Target,Exchange,P
679,Brinc Finance,REKT,https://de.fi/rekt-database/brinc_finance,,,Brinc Finance was attacked due to suspected private key compromise. resulting in the loss of 290 ETH (~ $1.1 million) / BEOSIN / Medium,https://medium.com/@brinc.fi/brinc-fi-exploit-post-mortem-76ca6b355211,The address marked as hacker on Etherscan: https://etherscan.io/address/06B0b61323F6d77ef8A1a35D11FA877631d8f67Bb 1. The contract deployer of the staking contract invoked <u>transferOwnership</u>() at: https://etherscan.io/t/009ae252d00122864070461e78810a3b91c4fb64076f72eb6dba775a80ca00df4 2. The <u>newOwner</u> was set to hacker\ address: https://etherscan.io/address/06B0b61323F6d77ef8A1a35D11FA877631d8f67Bb 3. The contract deployer of the staking contract upgraded implementation of the contract at: https://etherscan.io/t/0dc7b986561a0bec76f1565881a2983b2afd34091130c6658275e1b6276efcfa7 4. The new implementation is: https://etherscan.io/address/01eC83036A1dbbd6e001bb216e31b8A259ebd8f3D#code 5. The new implementation includes <u>rescueTokens</u>() function which allows the owner to withdraw all tokens balance from the contract: https://etherscan.io/address/01eC83036A1dbbd6e001bb216e31b8A259ebd8f3D#code#F1#L817 6. The hacker invokes <u>rescueTokens</u>() at: https://etherscan.io/t/0729c2888077942764f9c3ea7aae6b22d8d92b37dec0e96f63589a97e2926da27 https://etherscan.io/t/003bae1ef2096d490e277cc2aa46022b1985db70b59fd8801b3a9bdfbf9c510db 7. The hacker burns BRC and receives DAI in exchange: https://etherscan.io/t/0160471a45ddf9130b7e1b0d3f87c3612084bfad6ac3df31079eab7fbfdda15bc 8. The hacker swaps gBRC for DAI on SushiSwap at: https://etherscan.io/t/0fc559fad3bb06e926c2b9736b61b8a61bfdad4f1d5f6db06b33e9ef767e551f7 9. Stolen DAI were exchanged on ETH at: https://etherscan.io/t/0c16be592c609728548e74ea7b1d82bf898d7c11eb58b30ada08e11e9615fc9c9 10. Received ETH were deposited into Tornado Cash mier at multiple transactions: https://bloy.info/ts/calls_from/06b0b61323f6d77ef8a1a35d11fa877631d8f67bb?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967 The hacker was funded by the contract deployer before the incident: https://etherscan.io/t/0c95e14ea17062bc04bd824fff995a110e07f67ea25c14b2c298768c6bb0c4944,2021-12-14 0:00,2021,1100000,Internal theft,Unauthorized use of private key,Human risk,Target,Yield,CP
676,Blizzard,REKT,https://de.fi/rekt-database/blizzard,,,"(1) Ari sur Twitter : ""#BlizzardNetwork #BlizzardAva #blizz $blizz was hacked?????? https://t.co/Sl5gaBLNAc"" / Twitter. (2) https://www.reddit.com/r/CryptoCurrency/comments/qu58rf/blizzard_network_token_just_got_hacked_and/",,The insider attack was performed by 2 team members: front/end and back/end developers. Developers had access to the key contracts as they were members of a multisignature account. which requires only 2 signs. 1. Whitehat reported found bug in the vault contracts to the Immunefi team 2. Whitehat received bug bounty and the core team of Blizzard asked the back/end developer to remove retired vaults. put 0 reward rate and disable deposits. 3. Front/end and back/end started testing new vaults: https://snowtrace.io/t/0f66a695d7df17771a649d9bf2c6076c324453c7a199d6da78dbc58b0baf3f48e 4. Back/end dev set the <u>rewardMintRate</u> to 50 BLIZZ per block 5. Developers exploited the harvesting issue: https://snowtrace.io/t/0a7818cb803c1f29f4e5fd0d1cbc591e8514e07db4ed6042f76e23298c84b0363 6. Front/end dev had removed the retired PNG/AVA vaults from the website front. 7. Developers exploited a single USDC vault: https://snowtrace.io/address/0db6969402dd0b431d26cdf539acffc6db649b64e#code 8. Developers dumped received tokens: https://snowtrace.io/t/07cd6c8c8d8fb5d60a08780d95df01a257a00be910b3445130a2649394a00e482 9. Attackers used Anyswap bridge to transfer funds on Ethereum. and then. on the Binance Smart Chain https://snowtrace.io/t/0198c7303d1e9f05ac9da81b7d4b2a02c2ffcb735b56c84c331c7a3e00a111495 10. Stolen funds were deposited into Tornado Cash mier at: https://eplorer.bitquery.io/bsc/ts/transfers?sender=0bb2c0ef4bad535e042b0f2686f83abec7e2ea965&amp;currency=BNB&amp;receiver=00d5550d52428e7e3175bfc9550207e4ad3859b17 The exploit is described in 3 steps:/ Modify the <u>rewardRate</u>. by calling <u>setRewardMintRate</u>(uint256 _rate) with the following parameter: 50000000000000000000/ Deposit any amount of USDC and wait until the desired amount of tokens has been minted/ Call <u>claim</u>() to transfer the rewards from the origin pool and additional minted token rewards from the aggregator to the beneficiary.,2021-11-13 0:00,2021,1109632,Internal theft,Contract vulnerability exploit,Human risk,Target,Yield,CP
123,Rikkei Finance,REKT and SlowMist,https://de.fi/rekt-database/rikkei_finance,https://hacked.slowmist.io/search/,,(1) https://twitter.com/RikkeiFinance/status/1514838355758161920. (2) https://twitter.com/peckshield/status/1514809005700395022,, Metaverse DeFi protocol Rikkei Finance was attacked because the attacker changed the oracle machine to a malicious contract. Rikkei Finance said users affected by the exploit will be fully compensated  and the team said the bug is being fied and services have been fully restored. The total loss value is approimately $1.1 million (2671 BNB). REKT : Quick Summary The Rikkei Finance project was exploited by a hacker who replaced the main price oracle with a malicious one due to the lack of access measures in SetOracleData. which led to the loss of $1.1M.  Details of the exploitRikkei Finance is a DeFi lending and borrowing protocol and an NFT Marketplace.The attacker deployed a fake ChainLink contract. taking advantage of the vulnerability to replace the real ChainLink address with a fake one. The attacker created a smart contract that was used to carry out an attack on the project in this transaction:&nbsp; https://bscscan.com/t/0b660132567cf5fb60af136762729fd9ad0662baf01ac6cc74b0a285e5b3399ddAfter creating the contract. the attacker called the function  021e85463 which caused a number of transactions to empty the protocol. All the stolen funds were laundered via Tornado.Cash. Block Data ReferenceAttacker address:  https://bscscan.com/address/0803e0930357ba577dc414b552402f71656c093abAttacker contract addresses:&nbsp;1)  https://bscscan.com/address/0e6df12a9f33605f2271d2a2ddc92e509e54e6b5f2)  https://bscscan.com/address/0a36f6f78b2170a29359c74cefcb8751e452116f9Attack transaction:  https://bscscan.com/t/093a9b022df260f1953420cd3e18789e7d1e095459e36fe2eb534918ed1687492,2022-04-15 0:00,2022,1115266,Interconnected actors flaw,Undetermined,Technical vulnerability,Target,Lending,P
323,Vitae,REKT and SlowMist,https://de.fi/rekt-database/vitae,https://hacked.slowmist.io/search/,,https://cryptoadventure.com/vitae/coin/founders/arrested/over/alleged/crypto/scam/,,European Union legal body Europol has cracked down on the Belgian Ponzi scheme Vitae. Europol raided 17 locations associated with the site  which were advertised as social media sites with their own cryptocurrencies  confiscating German currency and luury cars totalling over 1 million euros. The company operates in Switzerland under the name VITAE AG.,2021-06-26 0:00,2021,1119810,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,FT,CA
160,TopGoal,REKT and SlowMist,https://de.fi/rekt-database/topgoal,https://hacked.slowmist.io/search/,,https://medium.com/@TopGoal_NFT/latest/update/and/solution/of/todays/hacking/event/e18774b6e69a,,Hot wallets operated by TopGoal were attacked and compromised. In this hack  only the hot wallet operated by TopGoal  which manages the distribution of TopPrize rewards  was affected. All user assets including NFTs and TMTs are safe. The hackers transferred a total of 4 809 984 TMT from the TopGoal/operated hot wallet to the address 07F0D082D08874A57110c73a8853967e7C19D1a6e. The hackers then exchanged all those TMTs from PancakeSwap for over 2 600 BNB and used Tornado to transfer the BNB out of the address. REKT : The TopGoal team stated. that the TopGoal operational wallet has been attacked and compromised.,2022-02-16 0:00,2022,1135097,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
269,Nowswap,REKT and SlowMist,https://de.fi/rekt-database/nowswap,https://hacked.slowmist.io/search/,,https://twitter.com/PuPuThrashing/status/1438058002817323009,,Nowswap  a decentralized exchange on Ethereum  was attacked by a flash loan. The attacker emptied Nowswap's liquidity pool. The liquidity pool was reduced from US$1 069 197 to US$24.15. The attacker made a profit of 536 000 USDT and 158 WETH. A total of more than 1 million US dollars. The attacker used the K value verification vulnerability in the Nowswap USDT/WETH transaction pair contract to perform multiple exchanges  and each exchange obtained multiple times the normal due assets  until the assets in the trading pair pool were ehausted. REKT: The attackersaddress:  https://etherscan.io/address/05676e585bf16387bc159fd4f82416434cda5f1a3  The transaction behind the exploit:  https://etherscan.io/t/0f3158a7ea59586c5570f5532c22e2582ee9adba2408eabe61622595197c50713  NowSwap hack was made possible by an error when updating the smart contract’s code. &nbsp;The original code of the contract contained a value. K. of 1.000 in three different places. &nbsp;The update to the code changed this value in two places but not the third.  This third location was a check of the value of K. but it only checked for a value 1/10 of the actual value. &nbsp;This enabled the attacker to swap 1 wei for 98% of the value stored in the contract.  Stolen funds were deposited into Tornado Cash mier:  https://bloy.info/ts/calls_from/05676e585bf16387bc159fd4f82416434cda5f1a3?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967,2021-09-15 0:00,2021,1142357,Contract vulnerability,K value verification vulnerability,Technical vulnerability,Target,Exchange,P
886,Jumpn Finance,REKT,https://de.fi/rekt-database/jumpn_finance,,,"Beosin Alert on Twitter: ""JUMPN Finance $JST rugged with ~$1.15M. 2.100 $BNB sent to https://t.co/sjV0KlpIbO; 2.058 $BNB sit at hacker's address. The scammer calls the 0xe156 contract’s 0x6b1d9018() function and withdraws the user assets and transfers to the scammer's address https://t.co/pJ3ZvTIIqj https://t.co/GepFizEUAh"" / Twitter (archive.ph)",,Quick SummaryJumpn Finance was Rug pull scamed and 4158 $BNB was stolen using a privileged function. Details of the exploitJumpn Finances$JST and $JAC staking pools were Rug pull scamed. The scammer used 06b1d9018() privileged function on two pools and drained assets for a total 4138 $BNB. Consequently. 4100 $BNB was transferred through TornadoCash. the remaining 58 $BNB stays at the scammersaddress.&nbsp; Block Data ReferenceScammer address: https://bscscan.com/address/0d3de02b1af100217a4bc9b45d70ff2a5c1816982 Malicious transactions: https://bscscan.com/t/043e77e6e0f52c51832fabc5c32a584aaed096e82391b5d07fba84adcc965d218 https://bscscan.com/t/048333962e6e946748a26d6222db95ce97e76c9ed3917123a7c9f2731f896b72c Withdraw transactions: https://bscscan.com/ts?toaddress=00D5550d52428E7e3175bfc9550207e4ad3859b17&amp;address=0d3de02b1af100217a4bc9b45d70ff2a5c1816982,2022-10-09 0:00,2022,1143446,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
550,ETC,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://medium.com/@slowmist/the/analysis/of/etc/51/attack/from/slowmist/team/728596d76ead (2) https://www.forbes.com/sites/ginaclarke/2019/01/09/after/ethereum/classic/suffers/51/hack/eperts/consider/will/bitcoin/be/net/?sh=7f9d16d9a56b,,The attacker launched a Governance issue through the rental power and the exchanges such as Gate.io Yobit and Bitrue were affected and after a week the attacker returned all the ETC.,2019-01-06 0:00,2019,1164996.25,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
960,QAN Platform (2),REKT,https://de.fi/rekt-database/qan_platform_(2),,,(1) https://medium.com/@CryptoSavingExpert/qanx-token-dumps-99-after-qanplatform-suffers-1m-bridge-hack-75fd56a83a8d (2) https://decrypt.co/111633/quantum-resistant-blockchain-qanplatform-suffers-bridge-hack-1-million,,Quick SummaryQAN Platform Bridge was hacked due to a private key compromise. The hacker gained access to the private key of the bridge deployer address and withdrew $QAN tokens from the bridge contract on both Ethereum and BSC chains. ,2022-10-11 0:00,2022,1165500,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Bridge,INT
866,HeroCat,REKT,https://de.fi/rekt-database/herocat,,,"PeckShieldAlert on Twitter: ""#PeckShieldAlert #slippage $HCK has dropped ~94%. @HeroCatGameFi PeckShield has detected that Address 0x6e49ae035ef344abe4bed87a0dce44fc97d6a441 made big sale and transferred ~151k $BUSD to 0x74A12a28Fea0d1b59A05B94c5F23a22ee323CF4C https://t.co/On6mnKOB7q"" / Twitter (archive.is)",,Quick SummaryHeroCat\sproject tokens $HCT and $HCK were rug pulled. Both token lost appro. &gt;90% of their value. &nbsp; Details of the exploit  data/v/51e0c2ec=  ><span lang=,2022-08-30 0:00,2022,1177347,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Dapp,P
674,BitKeep,REKT,https://de.fi/rekt-database/bitkeep,,,Crypto Wallet BitKeep Hacked for $1M in BNB Chain. Polygon Tokens (coindesk.com),,Quick SummaryBitKeep wallet was exploited for 1.192.464 $USD. The hacker managed to transfer almost all the stolen funds through TornadoCash. Details of the exploitBitKeep is the multi/chain wallet mostly used for DeFi operations. The smart contract of the project with unverified source code was hacked. The attacker used the swap function to drain funds from addresses that approved various tokens to the projectssmart contract. The stolen tokens were swapped for $BNB and 4368 $BNB was transferred using TornadoCash.&nbsp; Block Data ReferenceAttacker address: https://bscscan.com/address/08a4172a718b7c6edd97805f5c2585277df11b8d0 Malicious contract: https://bscscan.com/address/0c37589014e2294bc17578f1229ce5c95b01c2fd8 Malicious transaction: https://bscscan.com/t/0d13e68b2a33ab6e56e0083aaa3d43ec955c715a9a6753b6d31ae68af944214e6,2022-10-17 0:00,2022,1192464,Contract vulnerability,Undetermined,Technical vulnerability,Target,CeFi,
100,Hunter,REKT and SlowMist,https://de.fi/rekt-database/hunter,https://hacked.slowmist.io/search/,,https://twitter.com/CertiKAlert/status/1523153063875575809,,The DeFi project Hunter has been rug pull  and currently Telegram  Discord  and the website cannot be opened.,2022-05-08 0:00,2022,1200000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
129,BasketDAOOrg,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/BasketDAOOrg/status/1509009439315034115,,According to BasketDAOOrg's official Twitter there is a vulnerability in BMIZapper which caused users to lose about 1.2 million US dollars.,2022-03-30 0:00,2022,1200000,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
874,Hunter Global,REKT,https://de.fi/rekt-database/hunter_global,,,"CertiK Alert on Twitter: ""#CommunityAlert ?? We are seeing a rugpull worth ~$1.2 Million USD in assets on project @HUNTER__Global / $Hound which has closed their discord &amp; telegram &amp; their website is currently unavailable. Contract / bsc 0x1e4402Fa427a7A835fC64ea6d051404ce767A569 Stay safe! https://t.co/LOZGO9tZMm"" / Twitter (archive.is)",,Quick SummaryHunter Global\scentralized team wallet rug pulled $HOUND token worth roughly 1.200.000 $USD. Details of the exploit  data/v/51e0c2ec= >Hunter Global claimed to be a bot service platform meant facilitating trades amongst decentralized autonomous organizations.. Their centralized team address used privileges and removed liquidity in 4 transactions. Subsequently swapping them on PanCake Swap for $BNB worth 1.200.000 $USD at the moment.&nbsp; Block Data ReferenceAddress of scammer:  https://bscscan.com/address/0cAA51c5C8F6E6fD82e99eAa1606afF3f91E56626Liquidity remove transactions: https://bscscan.com/t/00aec4347e4bacad7819093b916885a589ca2972b1f057ac7497b199a578dde4a https://bscscan.com/t/0155d2f20ea7201081e3d87bd05d52b94d1858464232eb0633022aa775fc51a1f https://bscscan.com/t/0fc30fcce88a6c22d2201824ad9d592df8a598188bd26d7d828b6144e0020bfefSwap transactions: https://bscscan.com/t/0b16dee699dedaf246c804780ca13042393e7fdf59b57eed9155d5ebcc333dd62 https://bscscan.com/t/014cf575629ee4c9e3f793cdeca3f105666ebfc1e75a0a5de7cc1883cd561373c<br  >081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b<span style= >081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b,2022-05-08 0:00,2022,1200000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
732,Zenon Network,REKT,https://de.fi/rekt-database/zenon_network,,,Eplained: The Zenon Network Hack (November 2021) (halborn.com),,The attackersaddress: https://bscscan.com/address/053d4307d7cc1e1b728c0678618efe10a339c18fd The transaction behind the attack: https://bscscan.com/t/0c14ae484b49a346fca9bb414e302c6a9ad0e16fc085c8e197ac7ae85df5727fc The Zenon Network hack was made possible by an unprotected burn function within the smart contract. Zenon Network left External access to the <u>burn</u>() function: https://twitter.com/peckshield/status/1462165620506742784 The attacker deposited tokens in the protocol’s pool for wrapped ZNN (wZNN) tokens and then called the burn function to destroy over 26k wZNN tokens. This decreased the supply of wZNN tokens. increasing their value dramatically. &nbsp;As a result. when the attacker redeemed his wZNN tokens. the pool believed that he was owed a massive number of WBNB tokens. enabling him to drain the pool. Stolen funds were deposited into the Tornado Cash mier.,2021-11-20 0:00,2021,1209467,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
239,Formation.Fi,REKT and SlowMist,https://de.fi/rekt-database/formation.fi,https://hacked.slowmist.io/search/,,https://formation/fi.medium.com/greetings/formation/fi/community/supporters/investors/and/friends/b09d673cda8a,,DeFi protocol Formation.Fi was attacked by flash loans. The main reason for this incident is that the project party underestimated the impact of fee on totalTokens when designing the function swapIn  and ignored the impact of decimal point accuracy between different tokens. REKT: The attacker:  https://etherscan.io/address/089640eb6c8d72606d6a0fff45415bff0ab0e3ae1  The transaction behind the attack:  https://etherscan.io/t/05c9ac39ca05e51147d60156f085e650370a1e930f9f615f758fecb31deafb6ab  The attack contract:  https://etherscan.io/address/0b5aef637d77648c4b937d1be5f6a036f52b1711e  Affected contracts:  https://bscscan.com/address/0e2ee850d72d02b3d827b98847d332add0d3f0012   https://etherscan.io/address/062931dece3411ada1038c09cd01baa11db08334b  The farming contract has been using the balance of the pool for price discovery of the FORM token and LP token in order to calculate the USD (stable coin) value of the position and pay rewards accordingly.  The Flash Swap mechanism allows to alter the price of the FORM token — the exploit contract used that in order to ecessively increase the value of the reward calculated at the withdrawal transaction.  The attacker: / staked LP tokens./ pulled available funds from the pool. unstaked LP token. and sent back funds to the pool.  Further exploitation was prevented by devs by setting the multiplier to 0. which makes the contract send no FORMs for any new staked LP tokens:  https://etherscan.io/t/09aad3091b1f71b8fdb9587aadfec512809dec0d4118e1f2b8922a5e1a263efc8,2021-11-20 0:00,2021,1225348.74,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
240,Phantom Galaxies,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/animocabrands/status/1461381098261258242,,According to blockchain game developer Animoca Brands  on November 19  hackers successfully accessed the Discord account of the science fiction NFT game Phantom Galaies and took over its server. The hacker subsequently issued a fraudulent statement claiming that the game was launching an NFT minting activity. The hacker directs the user to a website  charges the user 0.1 ETH  and then sends the funds to the hacker's Ethereum address. A total of 265 sent ETH  about 1.1 million US dollars. Animoca Brands pointed out that there is no evidence that smart contracts have been breached  and no funds have been stolen from the game or its developers or publishers.,2021-11-18 0:00,2021,1225348.74,Instant user deception,Social media compromission,Imitation,Intermediary,Dapp,
750,Big Daddy Ape Club,REKT,https://de.fi/rekt-database/big_daddy_ape_club,,,Big Daddy Ape Club $1.3M Scam. Although It Had Civic 'Verification' / CoinCu News,,On January 11. scammers staged one of the largest NFT scams in the history of the Solana blockchain. The scammers made off with 9.136 SOL. or about $1.3 mln. in funds sent by would/be collectors to mint the Big Daddy Ape Club NFT. The owners of the Big Daddy Ape Club project were able to abscond with funds despite the fact that the NFT drop was verified by decentralized identity verification company Civic. Civic now says it\sworking with law enforcement to find those responsible for the scam. The Big Daddy Ape Club was introduced as a collection of 2.222 monkey/themed NFTs to be minted on the Solana blockchain and listed on the Solanart NFT marketplace. Mert. a software engineer at Coinbase and a Solana researcher said he traced the Solana scammer\swallet. and that some of the funds were transferred to accounts on the Binance crypto exchange. The exchange said it has suspended the accounts and will also be working with law enforcement to investigate. The address behind the case: https://solscan.io/account/C2JoNvhfh4WYLUzDDE4YFeqsMQT3UreJKfARA1JYYmw,2022-11-01 0:00,2022,1237622,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,NFT,CA
2,New Free Dao,REKT and SlowMist,https://de.fi/rekt-database/new_free_dao,https://hacked.slowmist.io/search/,,"(1) SlowMist sur Twitter : ""?? SlowMist Security Alert?? Brief Analysis of New Free DAO exploit Early today. our security team detected that New Free Dao. a project on the BSC chain. suffered a flashloan attack. Here's what happened: ???? https://t.co/TtGuSwJD2Z"" / Twitter. (2) https://beincrypto.com/new/free/dao/crashes/99/reported/flash/loan/attack/",,"The New Free Dao project on the BSC chain suffered a flash loan attack. According to SlowMist analysis  the main reason for this attack is that the way of calculating rewards in the contract is too simple  and it only depends on the balance of the caller  which leads to arbitrage by flash loans. REKT: Quick Summary

The New Free DAO project was subjected to a flash loan attack. suffering losses of $1.25M.

Details of the Exploit
New Free DAO is a DAO project that give participants the opportunity to coordinate activities and manage resources in accordance with a pre/agreed and formalized set of rules.
The attackers took 250 $WBNB via flash loan and swapped the loaned funds for $NFD tokens via the $WBNB /> $USDT /> $NFD path. 
The attackers contract then created multiple contracts to claim airdrop rewards from the targeted victim contracts. 
The attacker returned the flash loan and swapped all the $NFD for $WBNB. Then the malicious actor swapped 2k $BNB for $USDT.
Step by step the transaction occurred as follows:
/ The scammer took a flash loan for $250 $BNB
/ The $BNB tokens were then exchanged for the $NFD tokens
/ The scammer contract had the ability to create malicious contracts that also created contracts and transferred them all tokens received from airdrop.
/ In the end. the last contract exchanges the entire balance of $NFD tokens for $BNB. transfers them to the main contract. restores the flash loan. and then the main contract transfers the funds to the scammer.
All the stolen funds have been transferred through tornado.cash.",2022-09-08 0:00,2022,1250372,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Dapp,P
55,Inverse Finance,REKT and SlowMist,https://de.fi/rekt-database/inverse_finance,https://hacked.slowmist.io/search/,,(1) https://www.panewslab.com/zh/articledetails/m20ffpy4.htm. (2) https://twitter.com/peckshield/status/1537383690262589440?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1537385343967633409%7Ctwgr%5Ed241a20d9fdc268dbc3ba9d32c6097c30e5bf627%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fcryptoslate.com%2Finverse/finance/suffers/another/attack/hacker/steals/1/3/million/causes/5/8/million/protocol/loss%2F. (3) https://rekt.news/inverse/rekt2/. (4) https://www.certik.com/resources/blog/6LbL57WA3iMNm8zd7q111R/inverse/finance/incident/analysis. (5) https://hacken.io/industry/news/and/insights/flashloan/attack/on/inverse/finances/frontier/. (6) https://cryptopotato.com/second/time/in/2/months/defi/lender/inverse/finance/drained/for/1/6m/,," Inverse Finance suffered a flash loan attack  resulting in a loss of approimately 1068.215 ETH (approimately $1.26 million). This is the second time that Inverse Finance has suffered a flash loan attack in the past two months. The main reason for this attack is the use of insecure oracles to calculate LP prices. REKT: Quick Summary

Ethereum/based Inverse Finance was exploited for more than $1.2 million by an attacker utilizing an oracle manipulation through a flash loan attack.
 
Details of the exploit
1) The attacker flashloaned 27.000 WBTC using it's contract from AAVE. Then WBTC was added as liquidity to the Curve pool.
2) The obtained LP tokens were deposited to the Yearn’s Vault. Yearn’s Vault tokens were deposited to Inverse Finance’s Yearn 3Crypto Vault to serve as collateral on Inverse Finance.
3) The attacker's then uses the remaining 26.775 WBTC of the initial flashloan to swap for 75M USDT on Curve 3Crypto. It manipulates the pricing oracle that let's the attacker is then able to borrow $10M worth of Dola USD StableCoin.
4) Then. the 75M USDT is swapped for 26.626 WBTC.
5) The attacker then uses the borrowed DOLA to provide liquidity to the Curve Metapool. When the liquidity is ~10.1M USDT. it is removed.
6) Then. it converts 10M USDT to 451 WBTC using the 3Crypto pool on Curve. A remaining 99.976.294 USDT was kept in the attacker’s smart contract.
Exploit transaction: https://etherscan.io/tx/0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c
Exploiter address: https://etherscan.io/address/0x7b792e49f640676b3706d666075e903b3a4deec6
Exploiter contract: https://etherscan.io/address/0xf508c58ce37ce40a40997c715075172691f92e2d
Withdrawing 100K USDT: https://etherscan.io/tx/0x3d2f86c1c289731f56bed95dce20434eff48e3bd4a50cdc007ef5d0a2177a9f7
Withdrawing 53.24 WBTC: https://etherscan.io/tx/0x9959f8f10f59b3b88a5499066a21237e492f193e5ff2950bcc7e6c1f5e1fa60c",2022-06-16 0:00,2022,1260000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
303,ApeRocket Finance,REKT and SlowMist,https://de.fi/rekt-database/aperocket_finance,https://hacked.slowmist.io/search/,,(1) https://aperocket.medium.com/moving/forward/24b9ae22c428. (2) https://watchpug.medium.com/aperocket/finance/performance/fee/minting/incident/root/cause/analysis/b959c1e963ba,,ApeRocket the DeFi revenue mining aggregator and optimizer released the lightning loan attack details and compensation plan. ApeRocket s BSC version and Polygon version encountered lightning loan attacks at 4:30 AM and 8:00 AM (UTC) respectively and lost 260 000 US dollars and 1 000 000. REKT: The attackersaddress:  https://bscscan.com/address/053d07afa123702469ab6cf286e9ff7033a7eff65  The transaction behind the attack:  https://bscscan.com/t/0701a308fba23f9b328d2cdb6c7b245f6c3063a510e0d5bc21d2477c9084f93e0  The attacker: / borrowed 1.6M CAKE ($21.8M) of flash loan from PancakeSwap  / added 509K CAKE of deposit to the CAKE vault. Got the majority share (99.5%) of the vault  / sent 1.1M CAKE to the CAKE vault contract  / called <u>harvest</u>() and <u>getReward</u>() on the CAKE vault  / with the rather large amount of CAKE token in the wallet balance of the vault contract (sent by the hacker at step 3). it returned a large amount of profit. As a result. the system minted 508K SAPCE as a reward to the attacker  / repeated one more time  / swapped the rewarded SPACE token to CAKE. repaid the flash loan  / taken out 883 BNB.  By delivering a large number of CAKE tokens to the vault and calling harvest(). the profit amount for everyone in the vault is increased. Despite the fact that the hacker owns the bulk of the vault. virtually all of the earnings will be returned to the hacker. REKT 2: The attackersaddress:  https://polygonscan.com/address/0fabd1c2f4f16f2f6e2007abbed5549c84d82c19d  The transaction behind the attack:  https://polygonscan.com/t/0377fb92f6e04db4bf5a0917a79d171ce27b28deaa23594b7fc498dd080cf9d35  The attacker: / borrowed 24M DAI and 54M MATIC of flash loans from Aave  / created 25M DAIMATIC LP  / deposited 10M LP to the DAI/MATIC LP vault. Got the majority share (99%) of the vault  / deposited 15M LP from the MiniApeV2 contract of ApeSwap to the DAI/MATIC LP vault of ApeRocket  / called <u>withdrawAll</u>() on the vault  / with the rather large amount of LP token added (deposited from ApeSwap’s MasterChef) by the attacker at step 3. it returned a large amount of profit. As a result. the system minted 2.5M pSAPCE as a reward to the attacker  / swapped the rewarded pSPACE token to ETH. repaid the flash loan  / taken out 521 ETH.  The <u>deposit</u>() function of ApeSwap PolygonsMiniApeV2 (a fork of SushiSwapsMiniChefV2) allows deposits to any address. which is not possible for a regular MasterChef v1. allowing the profit amount for everyone in the vault to be increased. Even if the attacker owns the bulk of the vault. virtually all of the profit will be returned to the attacker.,2021-07-14 0:00,2021,1260000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
998,Solend (2),REKT,https://de.fi/rekt-database/solend_(2),,,(1) https://twitter.com/solendprotocol/status/1587671511137398784 (2) https://www.coindesk.com/business/2022/11/02/defi-protocol-solend-struck-by-126m-oracle-exploit/?utm_medium=referral&utm_source=rss&utm_campaign=headlines,,Quick Summary Solend protocol was exploited by oracle manipulation. The protocol has suffered 1.260.000 $USD in bad debt.,2022-11-02 0:00,2022,1260000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
897,LaserSwap Cash,REKT,https://de.fi/rekt-database/laserswap_cash,,,Telegram: Contact @defiyield_info (archive.ph),,The contract deployer added initial liquidity at:  https://bscscan.com/t/0f893069f583fea636b66688b9bbed194391eb2c52f5b704bb81c7976c5e100bf  The contract deployer transferred LP tokens to the External wallet at:  https://bscscan.com/t/0e2ef4781fac3093477ea974821751a6d33877c7a046fd08a3267caa639c46000  https://bscscan.com/t/07c0f27015d5b2efc41036bcab1b874e46f45be5b81da9c966755fb4117dce46f  The LP token recipient deposited tokens to the MasterChef. which was behind the upgradeable proy contract. All deposited LP tokens were migrated by the External wallet at this transaction:  https://www.bscscan.com/t/0c4b822cee55c8755b29284078f978b6d51853d7886a762cc37918441c15bce7a  The liquidity was removed by the External wallet at:  https://www.bscscan.com/t/05a0f53949652d289c42a49c8a291760d4a89fdb8a57d45aa3c18bfb20195b1b6  https://www.bscscan.com/t/0ea7abc7479d49687f4d33a8a7eb9a7453ad580d00febdaf9895b1c8013d668df  The stolen funds were distributed between multiple wallets at:  https://eplorer.bitquery.io/ru/bsc/ts/transfers?sender=094e981a44e9e112e43752daa4d795dec1f7ddbd8&amp;currency=0e9e7cea3dedca5984780bafc599bd69add087d56,2021-03-15 0:00,2021,1280809,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
87,FEG,REKT and SlowMist,https://de.fi/rekt-database/feg,https://hacked.slowmist.io/search/,,(1) https://twitter.com/FEGtoken/status/1525965942517268480. (2) https://twitter.com/CertiKAlert/status/1526336115187322881,,The multi/chain DeFi protocol FEG was suspected of being attacked  and a total of 143 Ethereum and 32 747 BNB were lost  about $1.3 million.,2022-05-16 21:24,2022,1300000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
434,GemSwap,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/cryptoculgin/status/1310922743555080192,, On September 26  the SushiSwap imitation project named GemSwap was eposed and LP was taken away. The query found that the project posted a tweet at around 15:00 today and revealed that it was attacked by the developer of whatitdobb. It is understood that the project completed the liquidity migration earlier today  but the developer who initiated the attack had The relevant permission was obtained and the tokens in the liquidity pool were able to be taken away. The specific losses caused by this attack are currently unclear.,2020-09-26 0:00,2020,1300000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,CeFi,
729,Uranium Finance,REKT,https://de.fi/rekt-database/uranium_finance,,,(1) Uranium : post-mortem. v2. compensations | by Uranium Finance | Medium. (2) https://medium.com/shentu-foundation/uranium-finance-exploit-analysis-d135055d6a6a,,The attackersaddress: https://bscscan.com/address/036ad9ee78bfb730955993d2aa77ecccf95e3313e The exploited contract: https://bscscan.com/address/0d5aac41d315c1d382dcf1c39d4ed9b37c224edf2 The attacker: / called the <u>deposit</u>() function to increase the value of <u>u</u><u>ser.amountWithBonus</u> https://bscscan.com/t/009976b55015997df711be8f911afe6db2f21b40728532f16ee96257b4a52a48f / called the <u>emergencyWithdraw</u>() function to get his deposit back and set <u>user.rewardDebt</u> equal to 0 https://bscscan.com/t/0730ad83dd0aa96519a8876ef28f26620ad6a4ca7a614d2aca661b51e874c6c07 / called the <u>withdraw</u>() function to receive the RADS/sRADS reward tokens https://bscscan.com/t/0b9b7005fcf0b05161c5db136092372c743e74b48ecf7e85e588a84fee777ffcf / repeated the process to drain most of the reward tokens from the pool. Reward tokens were withdrawn from the MasterChef contract onto the attackersaddress multiple times at: https://eplorer.bitquery.io/bsc/ts/transfers?receiver=036ad9ee78bfb730955993d2aa77ecccf95e3313e&amp;currency=07ca1ebc56496e3d78e56d71a127ea9d1717c4be0 Received tokens were sold for $1.3M worth of BUSD and BNB.,2021-04-08 0:00,2021,1300000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
1025,UFCT,REKT,https://de.fi/rekt-database/ufct,,,https://cointool.app/ido/exchange?id=236b257521232075502150272572237071232a2b2a26762321242322272522262222242652552b762b726f2625,,The project was holding a fundraising event:,2021-11-19 0:00,2021,1323077,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
135,InuSaitama,SlowMist,,https://hacked.slowmist.io/search/,,"Saitamaguru sur Twitter : ""Hey @InuSaitama fam! We are analyzing all data from the last 12 hours. going through blacklisted wallets and generating a solution moving forward for Saitamask and it’s infrastructure. Please allow us a little time to analyze and address and then will hold an AMA to relay info."" / Twitter",,InuSaitama is suspected to have suffered an arbitrage attack. The attacker (0Ad0C834315Abfa7A800bBBB5d776A0B07b672614) Saitamask (000480b0abBd14F2d61Aa2E801d483132e917C18B) exchanged almost 10 times the value of SAITAMA Token through swap and then exchanged it back to ETH through uniswap and transferred it to 063493e679155c2f0aAd5Bf96d65725AD6427faC4 with a total profit of about 4.,2022-03-26 0:00,2022,1342496.88,Undetermined,Undetermined,Technical vulnerability,Target,FT,CA
93,Venus,REKT and SlowMist,https://de.fi/rekt-database/venus,https://hacked.slowmist.io/search/,,(1) Venus Protocol Official Statement regarding LUNA | by Venus Protocol | Venus Protocol. (2) https://therecord.media/collapse/of/luna/cryptocurrency/leads/to/11/million/exploit/on/venus/protocol/,, Venus Protocol issued a statement saying that Chainlink suspension of LUNA price updates after etreme volatility in LUNA prices caused the price of LUNA on the Venus lending market to remain at $0.107  while the market price of LUNA had dropped to $0.01 at that time. After the price update was suspended  two addresses lent about $13.5 million in assets by staking 230 million LUNA (worth about $2.3 million at the time)  resulting in a loss of about $11.2 million to the protocol. At present  the LUNA lending market has been suspended  and this loss will be made up by the risk fund. REKT: Venus protocol has been drained for $13.5M.The exploit occurred due to a drop in the price of the LUNA token. More detailed information can be found at this link:  https://blog.venus.io/venus/protocol/official/statement/regarding/luna/6eb45c3cb058. Victim contract:  https://bscscan.com/address/0151b1e2635a717bcdc836ecd6fbb62b674fe3e1dToken address:  https://bscscan.com/address/0cf6bb5389c92bdda8a3747ddb454cb7a64626c63,2022-05-12 0:00,2022,1350000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
102,Day of defeat,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/CertiKAlert/status/1522301583605780480,,Day of Defeat has rug pull  value has suddenly dropped by over 96%  and over $1.35 million in assets has been moved from BSC/based projects to External wallets. After the funds ran out  the project claimed they had been hacked by outside actors and had reported to Binance and local authorities.,2022-05-05 0:00,2022,1350000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
792,Day of Defeat,REKT,https://de.fi/rekt-database/day_of_defeat,,,"DayOfDefeat 2.0 sur Twitter : ""We are currently investigating this situation. our marketing wallet and and transition wallet was compromised by an outside hacker. We have reported to Binance and local authorities. Please follow us for updates."" / Twitter",,"On may 6th marketing wallet of DayOfDefeat protocol was compromised by an outside hacker. Approimately $1.35M in assets was sent to EOA addresses in DOD tokens.
The two addresses below contain a large number of DOG tokens. they received tokens or exchanged them from addresses that were somehow associated with the contract.",2022-05-06 0:00,2022,1350000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
462,2gether,REKT and SlowMist,https://de.fi/rekt-database/2gether,https://hacked.slowmist.io/search/,,https://www.securitylab.ru/news/530338.php,,Spanish cryptocurrency exchange 2gether has been maliciously hacked  affecting around 5 500 users who trade on the platform. According to a statement by Spanish police dated 22 February 2022  a team from the Ministry of Cybercrime has arrested five persons suspected of hacking. A 2gether employee was reportedly found guilty of stealing $7 million from the company. He downloaded a pirated movie that contained malware. The malware hacked into the exchange's systems  allowing hackers to steal more than $7 million in BTC and ETH. Police found attackers using computer viruses such as Remote Access Trojans (RATs) to gain access to 2gether's internal network. Although the employee gave the hackers access to the company's network  the attackers spent about si months analyzing the exchange's activity before carrying out the theft. REKT: 2gether CEO Ramón Ferraz Estrada has reported security a breach in a series of tweets. He eplained that on July 31st. they eperienced a cyberattack on their servers. which led unknown hackers to steal cryptocurrencies worth $1.4 million from 2gether investment accounts.  While the funds were stolen and an investigation was under progress. Ramón assured that no sensitive data like customerspayment information that card data used for buying cryptocurrencies. or banking details were stolen. but the passwords were breached by the hackers anyway. Thus. it’s advised to change them as logical security practices.,2020-07-31 0:00,2020,1400000,External factor,Exploiting operational mistake,Human risk,Target,CeFi,
480,Uniswap,REKT and SlowMist,https://de.fi/rekt-database/uniswap,https://hacked.slowmist.io/search/,,https://securityaffairs.co/wordpress/101895/cyber/crime/uniswap/lendf/me/hacked.html,,The attacker used a reentrancy attack to steal funds (containing approimately 1 278 ETH) from Uniswap  s ETH/imBTC Uniswap liquidity pool. REKT: Hackers deployed two reentrancy attacks. made possible by a known vulnerability found in the ERC777/token of Uniswap. to steal $300.000 and $1.1 million in imBTC tokens. Tokenlon. the company behind the imBTC token that runs on the Uniswap platform. provides a timeline of the events:  “8:58 SGT on April 18th. An attacker used a vulnerability with Uniswap and ERC777 to perform a reentrancy attack.  12:12 on April 18th. The Tokenlon team observed the anomaly. defined the incident as a P0/level security issue. and established an emergency response team.  12:49 on April 18th. After evaluating the situation. Tokenlon suspended the transfer of imBTC and notified imBTC partners including Lendf.Me to evaluate potential security risks.  17:00 on April 18th. imBTC transfer was resumed after receiving the confirmation from Lendf.Me and other partners that it is OK to do so.  09:28 on April 19th. Tokenlon received a message from Lendf.me about a reentrancy attack. similar to the one happened to Uniswap. resulting in a large number of abnormal borrowing on the platform.  10:12 on April 19th. In order to cooperate with the investigation of the reentrancy attack. Tokenlon suspended the transfer of imBTC.”,2020-04-18 0:00,2020,1400000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Exchange,P
1170,CryptoRom,SlowMist,,https://hacked.slowmist.io/search/,,https://threatpost.com/cryptorom/scammers/apple/enterprise/features/175474/,,The report released by Sophos stated that the crypto fraud application CryptoRom stole 1.4 million U.S. dollars through the use of super signature service and Apple's developer enterprise plan. It is reported that fraudsters gain the trust of victims through Facebook and dating platforms (such as Tinder  Grindr  Bumble  etc.)  and then lure them to install a fake cryptocurrency application CryptoRom and invest. The victim installs apps  invests  makes a profit  and is allowed to withdraw funds. After being encouraged  they were forced to invest more  but once they deposited a larger amount  they could no longer withdraw cash. To date  Bitcoin addresses related to the scam have sent more than 1.39 million U.S. dollars  and there may be more addresses related to the scam. According to the report  most of the victims are iPhone users. The report stated that CryptoRom bypassed all security checks in the App Store and remained active every day. The report also stated that Apple should warn users about installing apps through temporary distribution or through the enterprise configuration system that these apps have not been reviewed by Apple.,2021-10-14 0:00,2021,1400000,Instant user deception,Fake service,Imitation,Intermediary,Other systems,
401,Growth DeFi,REKT and ChainSec,https://de.fi/rekt-database/growth_defi,,https://chainsec.io/defi-hacks/,(1) https://rekt.news/the/big/combo/  (2) https://twitter.com/r0bster97/status/1358858462579539968?s=20. (3) https://growthdefi.medium.com/raave/farming/contract/exploit/explained/f3b6f0b3c1b3,,"“By forcing the staker contract to accept a liquidity pair containing a fake token the attacker was able to remove $1.3 million in liquidity.The attacker created a fake token called AZ and supplied rAZZ/GRO liquidity. He then staked it in the contract and pulled out the other pair.” — REKT REKT: The attacker's address:
https://etherscan.io/address/0x5e05bc89ae5f21b48500d9685526e0dab421a04b

The attacker created a fake token called AXZ and supplied rAXZZ/GRO liquidity. He then staked it in the contract and pulled out the other pair.

The attacker:
/ swapped 0.001 WETH for ~0.0148 GRO:
https://etherscan.io/tx/0x97373e454e0d5bc7b552de8075c33ea257f570bea519dc2c6220658257b304b5

/ added ~0.0148 GRO and 100.000.000.000 AXXZ into Uniswap liquidity pair:
https://etherscan.io/tx/0xa94c42b8d290369910e33c8e317bd996d8a774367fc2ba69b985a00a3dea6247

/ removed ~27.516 GRO and ~1.218 rAAVE liquidity from Uniswap:
https://etherscan.io/tx/0x2152214a6be27a904af5a25e77fdca92ae60c6a9d7d298a41f88558649a41a23

/ swapped ~27.516 GRO for ~597 WETH and ~1.218 rAAVE on ~203 WETH:
https://etherscan.io/tx/0xffef18b38096c96c1f6be784ea0ebb07964137858e38f3d65858a79e6a96797f
https://etherscan.io/tx/0xce020fabb3c56c75b23ac7d53d5259959a2b3ffe0b1a0d69aecaae9cd7757998

Stolen funds were distributed between 4 external wallets at:
https://etherscan.io/tx/0x0a6b5c92abcfbf07fb31d9e6c402b82c8756a80823c309d063a9a735d3f817eb
https://etherscan.io/tx/0xac4407bf2fa52003960449cecc92d3a9e0175f40d9bf11b9d808c3282f2ec2b4
https://etherscan.io/tx/0x0391fa91f18873566a31f5a6dd73b6ae5c4aa48146b64edf615eaacf0fece735
https://etherscan.io/tx/0xb80894d79ba238b1867ea17beb821f58084d42b52b7db24f04ca9cf1ae9b680c",2021-02-08 0:00,2021,1401772,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
1105,Rubic,REKT,https://de.fi/rekt-database/rubic,,,(1) https://twitter.com/CryptoRubic/status/1606951013449097218. (2) https://twitter.com/peckshield/status/1606937055761952770,,"Quick Summary
USDC balances of Rubic’s users have been drained. The current losses reached $1.42M.
 
Details of the Exploit
All USDC approved to the RubicProxy contract got under the risk of being drained after the USDC address was added into the list of available routers in the RubicProxy contract.
Through the routerCallNative()  function. the attacker could call safeTransferFrom() on the USDC contract inputting user addresses. which have approved their USDC balances to be spent by RubicProxy. as the “from” parameter. 
 
Block Data Reference 
The attacker address:
https://etherscan.io/address/0x001b91c794dfeecf00124d3f9525dd32870b6ee9 
 
The exploit transactions:
https://etherscan.io/tx/0x9a97d85642f956ad7a6b852cf7bed6f9669e2c2815f3279855acf7f1328e7d46 
https://etherscan.io/tx/0x6551b933b984342fd353d4b522aee7db500900e208dc1337b0c1f17647e36e56 
 
The “add available router ” transaction:
https://etherscan.io/tx/0x30679e7b6b410fb78368f5fb6e4c203e44d81c66ae9014c797e40856be1bbe66",2022-12-25 0:00,2022,1420000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
39,Omni,REKT and SlowMist,https://de.fi/rekt-database/omni,https://hacked.slowmist.io/search/,,Hacker drains $1.4 million worth of ETH from NFT lender Omni (theblock.co),," Decentralized NFT financialization protocol Omni  has been attacked and stolen funds have been transferred to Tornado.cash. The main reason for this attack is that the burn function will call the callback function Externally to cause the reentrancy problem  and the liquidation function uses the old vars value for judgment  resulting in the user's status identification even after reentrancy and then borrowing. Being set as unborrowed results in no repayments. REKT: Quick Summary
A reentrancy attack was carried out on the OMNI protocol. yielding the attacker 1300 $ETH. which were subsequently laundered through Tornado.cash.

Details of the Exploit
OMNI is a NFT finance platform that lends out cryptocurrency in exchange for staked NFTs. This platform allows users to stake NFT tokens to receive fungible tokens e.g. $ETH. The attacker deposited NFTs from the collection Doodles that were used as a collateral to borrow $WETH. Then the attacker exploited a vulnerability in order to execute a reentrancy attack by withdrawing all NFTs deposited as collateral by the attacker except for one NFT. This action triggered a malicious callback function that allowed the attacker to buy more Doodles before  liquidating the loan position: 
https://etherscan.io/tx/0x05d65e0adddc5d9ccfe6cd65be4a7899ebcb6e5ec7a39787971bcc3d6ba73996
When the position is liquidated. the remaining Doodle NFT from the collateral were returned to the attacker. The credit position is liquidated because NFT value from initial collateral is insufficient to cover the debt position. As the attacker is able to force through using the borrowed WETH to buy more NFTs before the liquidation occurs. As a result. the money received from the attack was withdrawn through Tornado.cash.",2022-07-10 0:00,2022,1430000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Lending,P
306,Helios,REKT and SlowMist,https://de.fi/rekt-database/helios,https://hacked.slowmist.io/search/,,https://rugdoc.io/project/helios/cash/,,DeFi project helios on Polygon rug pull. (08eb6ead701b7d378cf62c898a0a7b72639a89201,2021-12-07 0:00,2021,1446704,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
1032,Universe Token,REKT,https://de.fi/rekt-database/universe_token,,,(1) https://mobile.twitter.com/AnciliaInc/status/1585499893585485825 (2) https://twitter.com/BeosinAlert/status/1585535908236754944,,Quick SummaryUniverseToken <span style=\,2022-10-27 0:00,2022,1447175,Contract vulnerability,Undetermined,Technical vulnerability,Target,Exchange,P
1152,UvToken,SlowMist,,https://hacked.slowmist.io/search/,,Slow fog: The UvToken mining pool contract was hacked due to not checking the legitimacy of user parameters. and the attacker profited more than 5000 BNB-News-ODAILY,,The UvTokenWallet Eco Staking mining pool contract was hacked. The key reason for the vulnerability is that the mining pool contract withdrawal function does not strictly judge the user input. so that the attacker can directly pass in the malicious contract address and use the malicious contract to empty the relevant funds. SlowMist MistTrack conducted a traceability analysis of the funds: so far. hackers have transferred a total of 5.011 BNB of profit to Tornado Cash. In addition. the source of the attack fee is also Tornado Cash.,2022-10-27 0:00,2022,1447590.21,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Staking,CP
3,GERA,REKT and SlowMist,https://de.fi/rekt-database/gera,https://hacked.slowmist.io/search/,,https://twitter.com/GeraCoin/status/1567538962410995713,,The security of the GERA token was compromised due to private key leakage. Hackers transferred the ownership of the smart contract deployer of GERA tokens to another address 0510E4d61663bE6a24D600AaF90F892dd8c8C61dC. REKT: Quick SummaryGera Coin project was hacked through a private key leak. The $GERA token price dumped by over 98% on both Ethereum and BSC DEes. Details of the exploitGera Coin is a crypto payment platform. $GERA is a token. which is trading on Ethereum and Binance chains. As said on the official projectsTwitter. the private key of the token deployer was leaked. so the hacker was able to transfer ownership to himself. and mint unlimited $GERA tokens. Consequently. the hacker minted 2.179.340.915 ERC20 GERA tokens on the Ethereum network and 275.900.000 GERA BEP20 tokens on the Binance network. The minted tokens were partially sold which led to a token price dumping of more than 98%. The total profit the hacker made is unknown. Block Data ReferenceAttacker address: https://bscscan.com/address/0510e4d61663be6a24d600aaf90f892dd8c8c61dcMint transactions: https://bscscan.com/t/0621f7b50a93e9ddea938c8dac33ab207088dc69b4889166c8e35762a0b8e9676 https://bscscan.com/t/0c80fb9358cb1bd0b194174758e89c5830a5b89a8a36574741a355dc480937eac,2022-09-07 0:00,2022,1480000,Undetermined,Accessing private keys/data,Undetermined,Target,FT,CA
238,OlympusDAO,SlowMist,,https://hacked.slowmist.io/search/,,https://www.theblockcrypto.com/post/125170/olympusdao/mistake/lets/user/spend/50000/to/buy/1/43/million/in/ohm,,According to the new algorithmic stablecoin protocol OlympusDAO  the administrator of Discord said that yesterday  someone bonds OHM/DAI bonds that are considered to be closed so that they can get a large discount and receive 1 697 OHM (over 1.4 million U.S. dollars) instead of 59 OHM (approimately US$50 000). After OlympusDAO discovered this incident  it immediately closed the bond contract.,2021-11-23 0:00,2021,1486987.76,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
51,LV PLUS,REKT and SlowMist,https://de.fi/rekt-database/lv_plus,https://hacked.slowmist.io/search/,,https://mp.weiin.qq.com/s/a7jhb1O9mHDc4Dnw5onn/Q,, The LV PLUS (Token LVP) project has been identified as a Rug Pull project. So far  the project has resulted in losses of about $1.5 million. LV PLUS claims to be affiliated with the &quot LV Metaverse&quot   and the main reason for the loss  which is defined as a Rug Pull  is that the LV PLUS contract deployer sent tokens to certain wallets / these wallet addresses subsequently sold the project  s tokens  causing the project  s market to crash . REKT: The LV Plus token of the LV Metaverse project was rugpulled in the amount of $1.5M. The addresses that received the tokens then started exchanging them on PancakeSwap.The wallet that caused the token dump received the tokens through the contract depositor:  https://bscscan.com/tx/0xb2fca71b5bb6f8ec59308f26a6fa8635668e7b9945e79a18ff00b44b5664c307 Some of the tokens were subsequently sent to these addresses:&nbsp;1)  https://bscscan.com/address/0x1e156e7b84fd61e70e6f6d45c3ba67aeaa4fa6a6 Transaction 1:  https://bscscan.com/tx/0x9494749d663f94240c301f9efa2c5bbc615347d29a6d2b210e01017e3a32ac23 Transaction 2:  https://bscscan.com/tx/0xca877351324c32789f22d136541401810ccdd75ed93b38d7212539c1c836e8e02)  https://bscscan.com/address/0x9174297d1ffb50af9d582920ac2e57e2bd4b932bTransaction:  https://bscscan.com/tx/0x2f58f02dea396c6ef8e1fc2084a25e115937428ce56603e1ca586d7601b1efd03)  https://bscscan.com/address/0x9730bc1939faae571c601bb5222839626b0f1f034)  https://bscscan.com/address/0x4d11581887ed03d190329402e6162340d1b0b4e05)  https://bscscan.com/address/0x2c48ba8e237285671e15dddd44ef6f9fe010d1da Then they started dumping token price (transactions example):1)  https://bscscan.com/tx/0xc3b7e1559d1f9f26dc28ff9da028df86f60108692ff57fab59bace8fdf59a8052)  https://bscscan.com/tx/0x35efcc3e6367fc5965101fbbba06bd5b7479f13e5c979867fcf0fa5e899a64f33)  https://bscscan.com/tx/0x3c28da5f95db6b34cf8ae0853c15ee1666cb35de8ecbaf28f2d8fd383237cbb14)  https://bscscan.com/tx/0xf6855384439b0eaa3fd6a238e5257d57f5c0feece8f91a253ab1741000a89d485)  https://bscscan.com/tx/0xb2fca71b5bb6f8ec59308f26a6fa8635668e7b9945e79a18ff00b44b5664c307 Token address:  https://bscscan.com/address/0x5927b72440D8A8b8c6ca5A8be60e88975F9063fcDeployer address:  https://bscscan.com/address/0x7721034753ebe6f5714a7c5ebd0d188fa4a3b167,2022-06-21 0:00,2022,1500000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
104,Pragma Money,REKT and SlowMist,https://de.fi/rekt-database/pragma_money,https://hacked.slowmist.io/search/,,"(1) CertiK Alert sur Twitter : ""#CommunityAlert ?? A Rug pull scam has occurred on project @pragma_money. $PRAGMA has posted on their discord their Treasury and RFV wallets had a total of ~$1.503.506 worth of FTM and wFTM removed. #Rug pull scam Address: ftm / 0fec3a505f67136033b27618add93329256101b4b https://t.co/N2DLhyEfo"" / Twitter. (2) https://archive.is/g5QFw",," DeFi project Pragma Money on Fantom has announced that around $1.5 million in FTM has been drained from their treasury and project wallets. Appears to be done by a team member. REKT: Quick Summary

The Pragma Money team announced that the project was rug pulled for 1.500.000 $USD worth of $FTM

Details of the Exploit
Pragma Money is DeFi protocol that provides staking and other features on Fantom. The team announced on Discord that $wFTM and $FTM assets worth 1.500.000 $USD were drained from the project's Treasury and Team Wallets. The culprit in this incident appeared be a team member. Although. other team members had to sign off on the transaction.
Block Data Reference
Address of the team wallet: https://ftmscan.com/address/0x58840ef90a84302c46ce9f77daecf964187e29d5
0x81d3ec77438b4e99aa99ba25b1dbc3fea317fe3b0x81d3ec77438b4e99aa99ba25b1dbc3fea317fe3b",2022-05-06 0:00,2022,1500000,Internal theft,Unauthorized use of private key,Human risk,Target,Yield,CP
337,PolyButterfly,REKT and SlowMist,https://de.fi/rekt-database/polybutterfly,https://hacked.slowmist.io/search/,,https://u.today/beware/polygon/matic/flooded/with/rug/pulls,,"On June 5 2021 PolyButterfly a decentralized financial protocol based on Polygon disappeared. Its website has been closed and its Twitter account and Telegram chat history have been deleted. Before this mysterious disappearance it was revealed that the PolyButterfly code had a dangerous backdoor that allowed the product team to remove customer liquidity. According to RugDoc the scammers stole more than 600 ether or more than $1 500 000. REKT: The contract deployer changed the ownership of the MasterChef contract to the malicious one:
https://polygonscan.com/tx/0x0d788beecd8b2213eab7d707d654b2aec95576fb24c8d330bc073c7e680556f0

The contract deployer removed funds from the MasterChef contract at:
https://polygonscan.com/tx/0x35a8ac07c8918430638d3565d64c8abb8d0372996fafc194a03e3984ab76c563

Stolen funds were sold on ETH.",2021-06-05 0:00,2021,1500000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
394,JulSwap,REKT and SlowMist,https://de.fi/rekt-database/julswap,https://hacked.slowmist.io/search/,,"(1) To?ias Graf sur Twitter : ""Hi Community. we investigated the dump tonight on Jul. it’s seems it was the same Situation as some other projects eperienced in the last weeks due to an flash loan. There is NO hack or exploit! Flash Loan Hash: https://t.co/AVus5B2ZV More informations soon."" / Twitter. (2) https://cryptonews.com/news/another/two/binance/smart/chain/projects/suffer/flash/loan/a/10497.htm. (3) https://twitter.com/tg_cryptos/status/1398090345368408064",,"The JulSwap of the DEX protocol and the automated liquidity protocol on the BSC chain was attacked by lightning loans and $JULB fell more than 95% in a short time. REKT: The JulSwap on the BSC chain was attacked by flash loans. and $JULB fell more than 95% in a short time.

The transactions behind the attack:
https://bscscan.com/tx/0x9af2d732eae43e06c8559ed58bf082c56ad2c3a0688e30987a49a44fa2e16979
https://bscscan.com/tx/0xc7ae52ae2728948a05a64e1a7cddec878c3256c413696cb7ada43084ccf70af9
https://bscscan.com/tx/0xb0b74d6a2319d4e5917f7d4aa680af86bff3b1d7c2e948496649854b65ad3273",2021-05-27 0:00,2021,1500000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Staking,CP
715,Oyster,REKT,https://de.fi/rekt-database/oyster,,,Oyster “Hack” and What We Can Learn From It | by Kevin Wong | Coinmonks | Medium,,,2018-10-29 0:00,2018,1500000,Internal theft,Unauthorized use of private key,Human risk,Target,FT,CA
834,FEGtoken,REKT,https://de.fi/rekt-database/fegtoken,,,https://de.fi/rekt-database/fegtoken,,The lack of validation of assets in the swap function contributed to the attacker taking advantage of this vulnerability. and to pull off a flash loan attack.  Attacker address (BSC):  https://bscscan.com/address/073b359d5da488EB2E97990619976F2f004e9fF7CAttacker address (ETH):  https://etherscan.io/address/073b359d5da488EB2E97990619976F2f004e9fF7CAttacker contract address (BSC):  https://bscscan.com/address/09a843bb125a3c03f496cb44653741f2cef82f445Attacker contract address (ETH): https://etherscan.io/address/09a843bb125a3c03f496cb44653741f2cef82f445 One of the attacker transaction on BSC:  https://bscscan.com/t/0e4b03c4a0fdb6db8689e5e968d3994b145a6fe77bb9338bc4d3f86e08ee1355bAttacker transaction on ETH:  https://etherscan.io/t/003bd0cfcec668d95cadec7dedde701761f30aef6271e3d5733dc35d40a07188f  Total losses: $1.5M,2022-05-15 0:00,2022,1500000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
141,One Ring Finance,REKT and SlowMist and ChainSec,https://de.fi/rekt-database/one_ring_finance,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://medium.com/oneringfinance/onering/finance/exploit/post/mortem/after/oshare/hack/602a529db99b,,"Fantom ecological Stablecoin revenue optimizer OneRing issued a document saying that hackers stole 1 454 672.244369 USDC through flash loan attacks  and the contract has been configured to self/destruct in a specific block  so it is almost impossible to track which specific functions in the contract are called to steal funds. CRYPTOSEC: “At the time of the attack the attacker was fully prepared. Before the attack the hacker has moved funds needed for gas through the Celer Network cBridge.15 minutes later the attacker deployed the contract that was used to drain funds from OneRing. This contract has been self/destructed however we are already working with node providers in order to get the information of the block where the contract was deployed. We believe we can find the bytecode decompile it and at least have a brief idea on how this contract was structured.” — One Ring Finance | Medium REKT: The attacker's wallet:
https://ftmscan.com/address/0x12efed3512ea7b76f79bcde4a387216c7bce905e

The exploit contract:
https://ftmscan.com/address/0x6a6d593ed7458b8213fa71f1adc4a9e5fd0b5a58
The transaction behind the attack:
https://ftmscan.com/tx/0xca8dd33850e29cf138c8382e17a19e77d7331b57c7a8451648788bbb26a70145
The attack was enabled via a flash loan/assisted price manipulation of the LP tokens. which resulted in a greater quantity of OShare tokens being removed from the protocol.
After the contract deployment. the hacker borrowed $80m USDC utilizing Solidly flash loans to boost the price of our underlying LP tokens in a single block. changing the price of OShare and driving a huge number of OShare tokens out of the protocol.
Stolen funds were bridged to Ethereum and deposited into Tornado Cash mixer:
https://etherscan.io/address/0x12efed3512ea7b76f79bcde4a387216c7bce905e",2022-03-21 0:00,2022,1508300,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
1082,MetaMask Governance (fake),REKT,https://de.fi/rekt-database/metamask_governance_(fake),,,"coby.eth sur Twitter : ""How did someone make a fake $MASK token and scam hundreds of ETH by exploiting DexTools? A Thread ?? https://t.co/pUb9MRwBlT"" / Twitter",,The contract deployer:  https://etherscan.io/address/0x0f6299143d721956c7d85ba4b04bd748e32cb417  Created 2 fake MetaMask tokens (MASK and META) and 1 Bored Ape Yacht Club (APE) token:  https://etherscan.io/tx/0x43fae6c235020e772504f5dea0dfd1b22c668d1a8cf670cd0f4d8c3ebd476cc2  https://etherscan.io/tx/0x46194ca072d5ea04bb12b5092db99f5337b02ac81f6a0fd88068f17d14e072c3  https://etherscan.io/tx/0x9e9faba20180fbf2ad76a3279d2c0426c5fe71731c6347ee1dbefd4db0823674  Added initial liquidity at:  https://etherscan.io/tx/0x264e914282b5788aded6293b5c719ba0a9269747001c8f1ec0461118ad811815  https://etherscan.io/tx/0x4a1faae12f12a7f9c0faf755939159f95ef76ddc3c021015077aa2b105e1b6d1  https://etherscan.io/tx/0x09b14538c3d687303421fea866ca55ef12ccc317f3b5c0e968b7f0fb8748c8ab  https://etherscan.io/tx/0x4648a35423447c44d38b81e2c8725d561f9222285db4020fd24e8a2eb03fb3f3  https://etherscan.io/tx/0x6621b85cb498e8fd02c1c7bed2b57d0feed4777d615a7ef69a885866c439a19e  The liquidity was removed by the contract deployer:  https://etherscan.io/tx/0xb1317e0434a66be1ebfff39437bc733f9954cff5554a814a5c533cd46c3f51d4  https://etherscan.io/tx/0x32ba9db40a0f8d82c90d6a68c9599148a80872fbc48b93c73085ec8883334076  https://etherscan.io/tx/0x66373054329f1024c8be316d3c1f1744293bfc260700e229837f1b4da13078f9  https://etherscan.io/tx/0x355a36ef11ebecc7170e33c006f25b7808c533beea73ec3fdea04e2643cb9c8f  Stolen funds were deposited into Tornado Cash mixer:  https://bloxy.info/txs/calls_from/0x0f6299143d721956c7d85ba4b04bd748e32cb417?signature_id=994162&amp;smart_contract_address_bin=0x722122df12d4e14e13ac3b6895a86e84145b6967  The contract deployer possibly blocked token transfers:  https://honeypot.is/ethereum.html?address=0xd0898946E77138c9d19a727DdDA005558D57B33f  https://honeypot.is/ethereum.html?address=0xbb5d5c01e057be5caf3ce9cf3dae48dea28e5906  https://honeypot.is/ethereum.html?address=0xd696FB3C69726997DFfb904E0a3df28Ddaea3Df8,2021-12-28 0:00,2021,1548908,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
613,TAYLOR,REKT and SlowMist,https://de.fi/rekt-database/taylor,https://hacked.slowmist.io/search/,,(1) http://archive.is/Rp5Gl (2) https://medium.com/smarttaylor/updates/on/the/taylor/hack/incident/8843238d1670,,TAYLOR’ve been hacked and all of our funds have been stolen. Not only the balance in ETH (2 578.98 ETH) but also the TAY tokens from the Team and Bounty pools. The only tokens that were not stolen are the ones from the Founders’ and Advisors’ pools because there’s a vesting contract making them inaccessible for now. REKT : Taylor has been hacked for 2.578 ETH (about $1.5 million) as well as some of its TAY tokens.  The hackersaddress:  https://etherscan.io/address/0f243209d0623207fc9f2e9068084f6884a5f1053  According to a Medium blog post the company published. what truly happened isn’t yet clear. although several indicators point them towards a group of hackers that hacked another project dubbed CypheriumChain for more than 17.000 ETH (about $9.8 million). The hacker(s). according to Taylor. collected its funds from multiple sources in a single wallet. before transferring them to a larger one:  https://etherscan.io/t/0878b3b29aa0e3a216373fd72662b213beaa0921a7ecaff0314fbcd453f4c83e8 After the theft. the organization’s team managed to identify an attempt to dump its TAY tokens on the decentralized cryptocurrency exchange IDE:  https://etherscan.io/address/0f243209d0623207fc9f2e9068084f6884a5f1053#tokentns,2018-05-21 0:00,2018,1580000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
62,ApolloX,REKT and SlowMist,https://de.fi/rekt-database/apollox,https://hacked.slowmist.io/search/,,"Apollo sur Twitter : ""??Update: Investigation results from yesterday's incident Yesterday at around 11:30AM UTC. a hacker exploited a flaw in Apollo's Trading Rewards Contract to accumulate 255 signatures. and then used these signatures to withdraw 53 million AP tokens from the Withdrawal Contract."" / Twitter",, The Apollo project was attacked due to a flaw in the Apollo signature system. The attacker used the signature system flaw to generate 255 signatures  with a total of 53 946 802 $AP etracted from the contract  worth about $1.6 million.,2022-06-08 0:00,2022,2150414,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
230,Polygon,SlowMist,,https://hacked.slowmist.io/search/,,https://blog.polygon.technology/all/you/need/to/know/about/the/recent/network/upgrade/,, On December 3  a group of white hat hackers notified Polygon's vulnerability bounty agency Immunefi of a vulnerability in the Polygon PoS creation contract. The Polygon core team contacted the organization and Immunefi  s epert team and immediately launched a repair procedure. Validators and the full/node community are notified to upgrade 80% of the network without interruption within 24 hours. The upgrade was performed on December 5th at block #22156660  which did not affect the activity and performance of the network. The vulnerability has been fied and the damage has been mitigated  with no substantial damage to the agreement and its end users. All Polygon contracts and node implementations remain fully open source. Polygon paid a total of approimately $3.46 million in bounty to the two white hats who helped discover the vulnerability. Despite our best efforts  malicious hackers were able to use this vulnerability to steal 801 601 MATIC before the network upgrade took effect. The foundation will bear the cost of the theft.,2021-12-04 0:00,2021,1631256.04,Contract vulnerability,Undetermined,Technical vulnerability,Target,Blockchain,DLT
151,Paraluni,REKT and SlowMist,https://de.fi/rekt-database/paraluni,https://hacked.slowmist.io/search/,,"PeckShield Inc. sur Twitter : ""1/ The @paraluni was exploited in a series of ts (one hack t: https://t.co/isehpJCd1N). leading to the gain of ~$1.7M for the hacker."" / Twitter",,The metaverse financial project Paraluni on the BSC chain was hacked  and the hackers made more than $1.7 million in profits. The problem lies in the depositByAddLiquidity method of the MasterCheif contract of the project side. This method does not check whether the token array parameter address[2] memory _tokens matches the LP pointed to by the pid parameter  and does not add lock when the LP amount changes. REKT: The Exploiter:  https://bscscan.com/address/094bc1d555e63eea23fe7fdbf937ef3f9ac5fcf8f  The eample transaction behind the exploit:  https://bscscan.com/t/070f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54  The hack is made possible due to a reentrancy bug (introduced by the use of a crafted token contract) in the <u>depositByAddLiquidity</u>() function. which somehow doubles the credits the hacker is able to claim. The result gains were swapped via PancakeSwap.  Stolen funds were bridged via cBridge and deposited into Tornado Cash mier:  https://etherscan.io/address/094bc1d555e63eea23fe7fdbf937ef3f9ac5fcf8f,2022-03-12 0:00,2022,1661107,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Exchange,P
459,ETC,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/etherchain_org/status/1291216063628226562,,Bitfly officially tweeted that  ETC encountered another large/scale Governance issue today. The attack has resulted in the reorganization of more than 4000 blocks. Bitfly reminded that unless the official notified further  the current mining pool payment is invalid. At the same time  the government encourages all miners to switch ETH pools on the official website. Blockchain data analysis company Bitquery released an investigation report on the second Governance issue of ETC. The report shows that the initiator of this attack and the initiator of the first attack were the same miner. The attackers profited at least 1.68 million US dollars from this attack.,2020-08-06 0:00,2020,1680000,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
42,Crema Finance,REKT and SlowMist,https://de.fi/rekt-database/crema_finance,https://hacked.slowmist.io/search/,,(1) https://twitter.com/Crema_Finance/status/1543416225622941696. (2) https://twitter.com/solanafm/status/1543559788897808385?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1543559794677518336%7Ctwgr%5E87e28ffd7e0f536163adf3b4dad75cabe4d20b3e%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Ftherecord.media%2Fnearly/9/million/stolen/from/defi/platform/crema/finance%2F,,The centralized liquidity DeFi application Crema Finance on the Solana chain announced its shutdown due to a hacker attack. The official Twitter of the protocol quoted information from the on/chain browser SolanaFM  saying that the value of the lost encrypted assets was $8.782 million. Early this morning  Crema Finance disclosed the attacked thread  saying that hackers bypassed contract checks by creating a fake price change data account (Tickaccount)  and then used fake price data and flash loans to steal huge fees from the fund pool. On July 7  Crema Finance said on Twitter that after a long negotiation  Crema Finance attackers agreed to collect 45 455 SOL (about $1.682 million) as a white hat bounty  and had returned 6 064 Ethereum and 23 967.9 SOL (approimately $8.1 million). REKT: Quick SummaryCrema Finance was attacked by a white hat hacker for ~$8.8M who then returned the majority of stolen funds. leaving the attacker with 45455 $SOL as a reward for finding the exploit. The Solana network became the place of the exploit. and all funds were transferred by the attacker through the Wormhole Bridge to the ETH network and swapped to 6K $ETH. Details of the exploit >Crema Finance is a concentrated liquidity protocol that provides superior performance for both traders and liquidity providers on Solana network.&nbsp;The hacker took advantage of the vulnerability of the Crema Finance protocol to withdraw funds from this platform. but after negotiations between Crema Finance and the attacker. they came to an agreement that the hacker would keep 45455 SOL as a reward for finding the vulnerability. and return the remaining funds back to their ETH network address. exploit step by step:1) The hacker created a fake Tick account. Tick Account is a special account that stores price tick data in the Crema Finance platform.2) After creating a fake Tick account. the attacker bypassed the standard check for the owner of the Tick account. The fraudster wrote the initialized address of the Pool Tick to a fake account in this transaction:  https://solscan.io/t/5kfoGgEvhBiHz1MBVn8rfJh3cf98m3D64YHE2Q1SsLiaahvdK4hCJfkMA7jQFLjP9YdNSTMSor3obKrLTev3) Net. the hacker deployed the contract and used it to provide a flash loan from Solend to add liquidity to Crema to open positions. Contract creations transaction:  https://solscan.io/t/JdorRBPfKNWnZNhWcjwc9Uz5yYaA15CVjT8kLM12tVUqZUu28CqtVEuJ5KpjWHJmVtL7j7sQVhPHHrByhNEKqej4) Then the hacker used smart contract to lend a flash loan from Solend to add liquidity on Crema Finance to open positions:&nbsp; &nbsp;A)  https://solscan.io/t/5B4QpMfpDpa8dg2GF5DVLz9dAiZz1sjPL45wgP71o9fpdgCvYKi2FHEosSQBS63uDsos37AyrKC1a4YbKohGv&nbsp; &nbsp;B)  https://solscan.io/t/4FaMTKqha9Uw6hvg5TQc5W7vRDKVkfPn5GDMThGYSj3tgyCYSzzQsAsT3dDY6yZ26iYieV6bcV7bFDkTZ83W5) After that. the hacker exchanged tokens for $SOL. some of which are on the Solana account. and the rest was transferred to the ETH blockchain through the Wormhole. Block Data ReferenceAttacker addresses:&nbsp;Solana:  https://solscan.io/account/Esm2QjmDZMjJ15yBJ2nhqisjEt7Gqro4jSkofdoVsvYETH:  https://etherscan.io/address/08021b2962db803b73aa874030b0b42c202e8458fAttacker\ssmart contract:  https://solscan.io/account/CiDw4eMS7hfit1oMHK6MCrgve9HVvgm2PAp7Cz6BckContract creation transaction:  https://solscan.io/t/JdorRBPfKNWnZNhWcjwc9Uz5yYaA15CVjT8kLM12tVUqZUu28CqtVEuJ5KpjWHJmVtL7j7sQVhPHHrByhNEKqejVictim address:  https://solscan.io/account/Ej4KUz73edQzjfsPVWvYT5eyhQoWopo7BYm2Ejhj Attacker returning funds transactions:1)  https://etherscan.io/t/0b5935f1fc30921733644de621bb64589f57c650a1985cc5d01c9d24ce03a95bb2)  https://etherscan.io/t/0e7bda58d0d0e7ffdbdfd13326da8d26312442e078a86d6458c276ecbfc3a3d3a3)  https://solscan.io/t/5BSYVzfaNaKT3HsHGrSze2R4Ue5121e2zJH67u7ncFHqauCzpfm92yk3ULDrtHwt46dF44NwyDC3mY2cVJDtrS4)  https://solscan.io/t/5sN74N2Mb9TrbU5LZ5Vqye5roeLSakWdzzNVbA1sYw7EumvDKBTiRinUdf7esCCz81quoEpGQzsjs6uLWYjJ,2022-07-02 0:00,2022,1682000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
23,Reaper farm,REKT and SlowMist,https://de.fi/rekt-database/reaper_farm,https://hacked.slowmist.io/search/,,https://twitter.com/PeckShieldAlert/status/1554423041232629761,, Reaper Farm  s ReaperVaultV2 contract was maliciously exploited  resulting in more than $1.6 million worth of damage. Attackers exploited a vulnerability in the ReaperVaultV2 contract that could destroy other users   vault shares and withdraw tokens  thereby withdrawing large amounts of tokens from multiple vaults. REKT: Quick Summary The Reaper Farm protocol was hacked due to the lack of validation checks. as a result of which user funds were withdrawn to the attacker\saccount.  Details of the exploit  data/v/51e0c2ec=  ><span lang=>Reaper is an auto/compounding yield farm that maimizes users\yields by leveraging the power of compound interest.The Reaper Farm protocol had a lack of validation check. which the attacker took advantage of. stealing $1.7M.The attacker created a smart contract ( https://ftmscan.com/t/0e7635f32b7e073186445d6400c83d429f130b34921a32347afbce10eefbdc607 ) which was used to withdraw funds from the protocol to the attacker address (B).Eample transactions:1)  https://ftmscan.com/t/0c929f3b9312ff26be0adb1c3ff832dbdafdcbcaad33d002744effd515e53c9d52)  https://ftmscan.com/t/024770e104ae1f8f47d1c095046379557ba3d17e49d3186e5f46f22d1067a57e93)  https://ftmscan.com/t/07f79934a9c2fb01e3f7af57939746cfdc4b3854ecfff712b84a593e60d8e3754Full list of transactions:  https://ftmscan.com/token/004068da6c83afcfa0e13ba15a6696662335d5b75?a=02c177d20b1b1d68cc85d3215904a7bb6629ca954Then all stolen tokens were bridged from FTM to ETH.Example transactions:1)  https://ftmscan.com/t/02fa4eb1813a77a143b72006c682733a54eddef43fb1a0ec2b85b448a830a89132)  https://ftmscan.com/t/0345b6f910bd318f1ab5df7c67effd4e808a202ac1f9c186bf69af7c6f49d55043)  https://ftmscan.com/t/0551f875e2a9bf101f52e8138248ed74bc5201d9029ca7171c6c0a605c9a12e9d Then all funds were laundered via Tornado.Cash. Block Data ReferenceAttacker addresses:&nbsp;(FTM) scammer address(A):  https://ftmscan.com/address/05636e55e4a72299a0f194c001841e2ce75bb527a(FTM) scammer address(B):  https://ftmscan.com/address/02c177d20b1b1d68cc85d3215904a7bb6629ca954(ETH) scammer address(B):  https://etherscan.io/address/02c177d20b1b1d68cc85d3215904a7bb6629ca954 Attacker\scontract address:  https://ftmscan.com/address/08162a5e187128565ace634e76fdd083cb04d0145,2022-08-02 0:00,2022,1700000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
796,DePo,REKT,https://de.fi/rekt-database/depo,,,"PeckShieldAlert sur Twitter : ""#Slippage @DePo_io $DEPO price dropped /63.08% #ETH https://t.co/qwHdbzvN89 https://t.co/2SfD64tudI"" / Twitter",,,2022-02-04 0:00,2022,1723632,Internal theft,Unauthorized use of private key,Human risk,Target,FT,CA
335,EvoDeFi,REKT and SlowMist,https://de.fi/rekt-database/evodefi,https://hacked.slowmist.io/search/,,https://medium.com/@Knownsec_Blockchain_Lab/knownsec/blockchain/lab/evodefi/attack/event/analysis/e1cba8a789ce,,"EvoDefi the project revenue farm on the BSC chain was attacked and the price of its token GEN dropped from US$2.1/piece to US$0.9/piece a short/term drop of 57%. Loss of 455 576.85 GEN worth approimately USD 1 million. Due to the design flaws in the update logic of the function in the MasterChef contract the part of the reward that needs to be deducted is not updated which leads to arbitrage by the attacker. REKT: Quick Summary
EvoDefi was exploited by attackers using a flash loan. The attacker made away with 455 $GEN roughly worth $1.8 million.

Details of the Exploit

EvoDefi. a cross/chain platform offering a large suite of products on the BSC chain. Polygon and the multi/chain bridge was attacked. and the price of its token GEN fell from $3.81 to $1.28. A total of 455.576.855 GEN was lost. which is about $1M. Due to design faults in the update logic of the function in the MasterChef contract. the part of the reward that must be subtracted is not updated. allowing the attacker to arbitrage.

Block Data Reference
Attacker address: https://bscscan.com/address/0x8a0a1eb0bae23e4e95608e3aad7fa25b0d907c6c
Attacker contract: https://bscscan.com/address/0x1cb6d29c52fd993103eadd0c01209ba000e92459
Attack transaction: https://bscscan.com/tx/0x7c3b7f082a5c92b03a878ff5d7c7e645ce3bcd37901808b936b318c4f3cc3880",2021-06-10 0:00,2021,1735747,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Bridge,INT
614,Verge,SlowMist,,https://hacked.slowmist.io/search/,,https://paper.seebug.org/609/,, The attacker discovers and manipulates errors in the Verge code  causing false timestamps to be set on the block and then dig out new blocks quickly. The protocol of Verge is uses five mining algorithms in turn  and the attacker increases control over two of them: scrypt and lyra2re. The attack should be between block 2155850 and block 2206272. Within a few hours of the attack  the 35 million VGs  which cost about $1.75 million  were stolen at the prevailing exchange rate.,2018-05-22 0:00,2018,1768112.5,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
362,PancakeSwap,REKT and SlowMist,https://de.fi/rekt-database/pancakeswap,https://hacked.slowmist.io/search/,,https://cryptopwnage.medium.com/1/800/000/was/stolen/from/binance/smart/chain/pancakeswap/lottery/pool/ca2afb415f9,,According to sources since April 12 2021 a person who has access to Binance Smart Chain account 035f16a46d3cf19010d28578a8b02dfa3cb4095a1 (PancakeSwap administrator account) has stolen 59 765 Cakes (approimately US$1 800 000) from the PancakeSwap lottery pool. After hackers exploited the vulnerability several times PancakeSwap banned the account. REKT: Since April 12th. 2021 a person who had access to a Binance Smart Chain account 035f16a46d3cf19010d28578a8b02dfa3cb4095a1 (PancakeSwap admin account) has stolen from PancakeSwap lottery pool 59.765 Cakes (equivalent of about $1.800.000). He used the exploit a few times. Shortly after the last theft. the lottery game was suspended. and this account was banned by PancakeSwap.  The admin of PancakeSwap used his opportunity to manually call lottery contract methods such as:  / function drawing(uint256 _ExternalRandomNumber) External onlyAdmin  / function enterDrawingPhase() External onlyAdmin  He eecuted a few calls simultaneously (buy. enter drawing. draw) and put them all into the same block. That created for him an opportunity to predict jackpot numbers. since the random number generator. based on the previous block hash. was no longer random.,2021-04-12 0:00,2021,1800000,Contract vulnerability,Random number attack,Technical vulnerability,Target,Exchange,P
424,Ledger,REKT and SlowMist,https://de.fi/rekt-database/ledger,https://hacked.slowmist.io/search/,,(1) https://nairametrics.com/2020/11/06/crypto/owners/robbed/of/1150000/rp/. (2) https://coingeek.com/phishing/scam/targets/ledger/wallet/users/again/. (3) https://twitter.com/ndeet/status/1320307663427768320,,"Phishing and scams targeting Ledger wallet owners are increasing and one of the scam websites obtained more than 1 150 000 RP from victims. This scam uses phishing emails to direct users to a fake Ledger website. On this fake website the victim was tricked into downloading malware that pretended to be a security update resulting in the theft of all Ledger wallet balances. According to the fraud identification website rplorer operated by the community the RP obtained from the scam was sent to Bittre through 5 deposits but the exchange cannot freeze RP in time. REKT: Hackers launched a phishing attack targeting users of the Ledger hardware wallet.

The attackers allegedly sent Ledger users an email informing them that their wallets had been hacked in a security breach impacting thousands of users. They stated that the incident occurred on October 24 and that the Ledger security team is unable to estimate the extent of user harm.
""In order to protect your assets. please download the latest version of Ledger Live and follow the instructions to set up a new PIN to your wallet."" the email said. The user is then sent to a download link on a bogus website designed to steal the user's credentials.",2020-11-02 0:00,2020,1800000,Instant user deception,Phishing emails,Imitation,Intermediary,Other systems,
509,CoinTiger,REKT and SlowMist,https://de.fi/rekt-database/cointiger,https://hacked.slowmist.io/search/,,US DoJ lays claim to stolen cryptocurrencies / (enterprisetimes.co.uk),, The cold wallet of the CoinTiger exchange was stolen  and the 400 million PTT of the Proton chain disappeared. According to the exchange announcement  they discovered that the cold wallet storing PTT was hacked during their regular cold wallet verification work recently  resulting in the theft of 401 981 748 PTT from the wallet. REKT: In July 2019. Singapore/based CoinTiger exchange admitted that cybercriminals had stolen a cold wallet. that contained over 400 million Proton Tokens (PTT). It was subsequently able to lock the wallet that contained the stolen PTT. &nbsp;Unfortunately. by the time it located the wallet. 120 million PTT had already been traded out.,2019-07-01 0:00,2019,1800000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
169,KLAYswap,SlowMist,,https://hacked.slowmist.io/search/,,https://medium.com/klayswap/klayswap/incident/report/feb/03/2022/f20ba2d8e4dd,, A South Korean DeFi project  KLAYswap stated it was hacked and lost over 2.2 billion won  or about $1.83 million  in the incident. The hacker modified the third/party JavaScript link on the front end of KLAYswap  causing the user to download malicious malware when accessing the KLAYswap page. This enabled funds to be transferred to the hacker's wallet address when conducting token/related transactions . During this time  407 suspicious transactions were found in 325 wallets linked to this incident.,2022-02-03 0:00,2022,1830000,Instant user deception,Front-end attack,Imitation,Intermediary,Exchange,
380,BT.Finance,REKT and SlowMist and ChainSec,https://de.fi/rekt-database/bt.finance,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://twitter.com/btdotfinance/status/1358989066814033920. (2) https://btfinance.medium.com/bt/finance/exploit/analysis/report/a0843cb03b28,,DeFi revenue aggregator BT.Finance tweeted &quot It was hacked. The attacked strategies include ETH USDC and USDT. Other strategies are not affected. BT.Finance withdrawal fee protection has reduced the loss of this attack by nearly 140 000 US dollars.&quot BT.Finance epressed the hope that hackers can return the funds and will use BT tokens to thank its bug test. According to ICO Analytics the affected funds are approimately US$1.5 million. CRYPTOSEC: “In this exploit the Exploiter(s) made a total profit of 31.87renBTC and 211 ETH and used REN and Tornado.Cash to transfer assets anonymously.” —\a0BT Finance | Medium REKT: The transaction behind the attack:  https://etherscan.io/t/082f95242963ac274d63e78234cb71c156f3135c32037e7e5b4424a6043da2a9a  The attackersaddress:  https://etherscan.io/address/0358abccb4f5bb715482271890929fdabb3015878  The Exploiter made a total profit of 31.87renBTC and 211 ETH. and used REN and Tornado.Cash to transfer assets anonymously. Deposits into Tornado Cash mier:  https://bloy.info/ts/calls_from/0358abccb4f5bb715482271890929fdabb3015878?signature_id=994162&amp;smart_contract_address_bin=0905b63fff465b9ffbf41dea908ceb12478ec7601  Ren BTC Gateway:  https://etherscan.io/t/0a1821af44f6dc6ea4b1ea64a3b49640b9cb791d5e4bccf57cdcfdb3d173323c3  The address of the stolen BTC fund:  https://btc.com/btc/transaction/7c849b024e7f3a56287b52bc7f55db5425a4204efcd2c117f5621ef821fbe0cd,2021-02-09 0:00,2021,1867271,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
126,CF,SlowMist,,https://hacked.slowmist.io/search/,,"PeckShield Inc. sur Twitter : ""The $CF token contract is fundamentally flawed by allowing anyone to drain others' $CF balance. So far. the loss is about ~$1.9M and the @pancakeswap $CF / $USDT pair is already affected. https://t.co/49iDHGdzJa"" / Twitter",,There is a fundamental vulnerability in the CF token contract that allows anyone to transfer someone else  s CF balance. The losses so far are around $1.9 million  while the CF/USDT trading pair on pancakeswap has been affected.,2022-04-11 0:00,2022,1900000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
206,KlaySwap,REKT and ChainSec,https://de.fi/rekt-database/klayswap,,https://chainsec.io/defi-hacks/,(1) https://therecord.media/klayswap/crypto/users/lose/funds/after/bgp/hijack/  (2) https://medium.com/klayswap/klayswap/incident/report/feb/03/2022/70ff124aed6b,,“Hackers have stolen roughly $1.9 million from South Korean cryptocurrency platform KLAYswap after they pulled off a rare and clever BGP hijack against the server infrastructure of one of the platform’s providers.” — The Record,2022-02-03 0:00,2022,1900000,Hacked/exploited infrastructure,BGP Hijacking,Technical vulnerability,Target,Exchange,P
425,Percent Finance,REKT and SlowMist,https://de.fi/rekt-database/percent_finance,https://hacked.slowmist.io/search/,,https://twitter.com/PercentFinance/status/1324104920727982080,,DeFi lending platform PercentFinance wrote in a blog on November 4 that some currency markets encountered problems that could cause users   funds to be permanently locked. The team frozen currency markets specifically for USDC  ETH  and WBTC. A total of 446 000 USDC  28 WBTC and 313 ETH have been frozen  valued at approimately US$1 million. The article stated that half of these fied funds belonged to PercentFinance's community improvement team.  Withdrawals in other markets have already begun  but the team urges users not to borrow money from any of PercentFinance's markets during this period. It is reported that PercentFinance is a fork of Compound Finance. REKT: The problem was that the old interest rate contracts have different signatures for `<u>getSupplyRate</u>` and `<u>getBorrowRate</u>`. They return 2 uint values. the first one being an error code. So. after the swap. they were unable to call these functions on the new interest rate contracts. as the signatures do not match. Making the problem worse. these functions are checked before every interaction with these contracts (supplying. borrowing. redeeming. repaying. etc). They are also checked before changing the interest rate contract again. So. because the current interest rate contract does not work. it is impossible to change to a new one.This meant that these 3 contracts were no longer usable. and the user funds in them were permanently locked. These amounted to: 446.813 USDC. 28 wBTC and 313 ETH.,2020-11-04 0:00,2020,1900000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Lending,P
775,Coinis,REKT,https://de.fi/rekt-database/coinis,,,CoinEase hacking accident caused damage of 21.<> billion won. service temporarily suspended (cryptocoin.kr),,In September 2017. there was an accident where coins stored in the hot wallet of the Coinis service were withdrawn by External hacking. After recognizing the situation. an emergency convened all employees to additionally prevent withdrawals due to External hacking. and security measures such as changing the system access password were implemented. The total amount of damage due to this hack is about 2.1 billion won as of the closing price of September 22. about 508 BTC were withdrawn in total.,2017-09-21 0:00,2017,1930000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
162,Titano Finance,REKT and SlowMist,https://de.fi/rekt-database/titano_finance,https://hacked.slowmist.io/search/,,https://titano.medium.com/important/update/2018edb0a0b1,, On February 14  the Titano Finance project on the BSC chain was attacked. The attackers made a total of 4 828.7 BNB  or about $190w. According to the official Titano Finance investigation The problem arose when we trusted a contractor to deploy the PLAY contract. Although ownership was transferred back to us after deployment  it was the same deployer wallet that allowed two days ago from our PLAY Hacking that steals all Titano in the protocol. REKT: The contract owner of MultipleWinners called <u>_awardTickets()</u> function to mint 32.000.000 TicketTitano at:  https://bscscan.com/t/0848280d0e054b0f1a04356bdf29cff390d9a982a6f709ae5df45a6f32f5bce6c  The owner called <u>StakePrizePool.withdrawInstantlyFrom</u>() to burn TicketTitano tokens and withdraw Titano tokens.  The owner sold the withdrawn Titano tokens for 4.828 BNB in several transactions:  https://bscscan.com/address/0ad9217e427ed9df8a89e582601a8614fd4f74563#internalt,2022-02-14 0:00,2022,1949111,Internal theft,Backdoor,Human risk,Target,Staking,CP
255,Pancake Hunny,REKT and SlowMist,https://de.fi/rekt-database/pancake_hunny,https://hacked.slowmist.io/search/,,https://medium.com/pancakehunny/pancakehunny/incident/report/b5b74557b0ad,,Pancake Hunny  the DeFi protocol on BSC  was attacked by lightning loans  and HUNNY tokens fell by about 70% in a short time. The hacked transactions included 513 transfers  and Gas consumption reached 19 million  of which a large number of transfers were related to Alpaca tokens. REKT: The attackersaddress:  https://bscscan.com/address/0731821d13414487ea46f1b485cfb267019917689  The contract used for the attack:  https://bscscan.com/address/0a5312796dc20add51e41a4034bf1ed481b708e71  The attacker: / took a 53.25 BTC flash loan from Cream Finance  / used 53.25 BTC to get a 2.717.107 TUSD loan from Venus  / manipulated the price of BNB/TUSD Pool on PancakeSwap  / used 50 different contracts. deployed earlier to deposit 38.250 TUSD into HUNNY TUSD Vault  / redeemed 2842.16TUSD and minted 12.020.40 Hunny  / sold minted Hunny for 7.78 WBNB  &nbsp;/repeated with 50 wallets 26 times.  The hack is made possible by a profit inflation flaw that transforms a little number of harvested ALPACA into a big sum of TUSD for staking. These converted TUSDs are then counted as profit. which is subsequently inflated to produce a big quantity of HUNNY.  Stolen funds were bridged on Ethereum blockchain and deposited into Tornado Cash mier:  https://etherscan.io/address/0731821d13414487ea46f1b485cfb267019917689,2021-10-20 0:00,2021,1984749,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
73,Mirror Protocol,REKT and SlowMist,https://de.fi/rekt-database/mirror_protocol,https://hacked.slowmist.io/search/,,(1) https://www.theblockcrypto.com/post/149361/mirror/protocol/suffers/new/exploit/and/could/be/drained/in/hours. 92) https://www.theblock.co/post/149361/mirror/protocol/suffers/new/exploit/and/could/be/drained/in/hours,," According to The Block  Mirror Protocol  a synthetic asset protocol developed by Terraform Labs  was attacked again  with more than $2 million in capital losses. The capital pools of Bitcoin  Ethereum and Polkadot have been ehausted  and the remaining capital pools are linked to stocks. If the vulnerability is not fied before the market opens at 4:00 EST (16:00 GMT)  all of its token asset pools will be at risk. REKT: Quick Summary

Terra's Mirror Protocol was exploited for ~$2 million. This exploit was made possible through validators' usage of outdated oracle software.

Details of the Exploit
The Mirror Protocol was a synthetic assets protocol that allowed users to deposit $USTC or $LUNAC with a lockup period in order to mint synthetic stocks and commodities. It is noteworthy that the new Terra Network was launched within days after the collapse of the Terra Classic Network. The protocol suffered an exploit in the amount of $2 million caused by outdated oracle price feeds. The price feeds used the price of the new Luna Coin instead of the LunaC. While the new Luna coin was trading at a price around 5$ at the time. the $LUNAC coin was practically worthless at a price point of fractions of a cent. This meant that for $1k in $LUNC an attacker could deposit $1.3 million in deposit and borrow against it. 
Due to this mechanism. attackers drained several pools on the platform.
Block Data Reference
Example Transaction: https://finder.terra.money/classic/tx/F830681D8FEACC4DA67E84D40C49F0FF805609F2BB5CCC39A0EFE66257F2D791",2022-05-29 0:00,2022,2000000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
106,MM.finance,SlowMist,,https://hacked.slowmist.io/search/,,https://medium.com/@MMFinance/dns/hi/jacking/post/mortem/compensation/3e2b5bb21183,, According to the official release  the MM.finance website was hit by a DNS attack  and the attacker managed to inject malicious contract addresses into the front/end code. The attacker exploited the DNS vulnerability to modify the router contract address in the escrow file  and digital assets worth more than $2 000 000 were stolen  bridged to the Ethereum network through multi/chain  and then laundered through Tornado Cash.,2022-05-04 0:00,2022,2000000,Instant user deception,DNS attack,Imitation,Intermediary,Exchange,
134,Revest Finance,REKT and SlowMist,https://de.fi/rekt-database/revest_finance,https://hacked.slowmist.io/search/,,https://twitter.com/RevestFinance/status/1507968623792607233,, DeFi protocol Revest Finance has been hacked. Hackers stole nearly 7.7 million ECO  579 LYe  nearly 715 million BLOCKS  and over 350 000 RENA. According to SlowMist analysis  this attack is because the handleMultipleDeposits function in the tokenVault contract does not determine whether the newly minted NFT exists  so the attacker uses this point to directly modify the information of the NFT that has been minted  and in the Revest contract. The key functions in this are not restricted by reentrant locks  which lead to being used by callbacks. REKT: An eample of the transaction:  https://etherscan.io/t/0613b2de3bb9043884a219296eeb1ada8c47b5a0262b9c68ca06ffd2de3a5d9f5  The Exploiter\saddress:  https://etherscan.io/address/0ef967ece5322c0d7d26dab41778acb55ce5bd58b  The attacker minted a massive amount of FNFT with no cost and used the minted FNFT to drain assets in the vault.  The attacker: / flashloaned 2 ECO tokens from Uniswap / called <u>mintAddressLock</u> in the Revest contract twice to get 2 FNFT[ID 1036] tokens and 7.700.00 FNFT[ID 1037] tokens  / during the second FNFT minting process. the attacker exploited the reentrancy issue and called the function “<u>depositAdditionalToFNFT</u>” to cause the minted FNFT can be used to drain assets in the vault  / called <u>withdrawFNFT</u> to drain assets from the vault by burning 7.700.001 FNFT[ID 1037] tokens and repaying the flashloan.  Stolen funds were deposited into the Tornado Cash mier:  https://bloy.info/ts/transfers_from/0ef967ece5322c0d7d26dab41778acb55ce5bd58b?currency_id=1,2022-03-27 0:00,2022,2000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
248,AutoShark Finance,REKT and SlowMist,https://de.fi/rekt-database/autoshark_finance,https://hacked.slowmist.io/search/,,https://twitter.com/peckshield/status/1454026801869590529,,The DeFi protocol AutoShark Finance on the Binance Smart Chain was attacked by hackers in a series of transactions  and the hackers made a profit of US$2 million (the protocol loss may be even greater). Previously  AutoShark was attacked by a flash loan in May  and the currency price crashed. AutoShark responded that it would issue a new token  JAWS  to compensate damaged users. Since then  AutoShark was attacked by lightning loan again in early October  and hackers made a profit of approimately US$580 000.,2021-10-29 0:00,2021,2000000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Exchange,P
314,Circle,REKT and SlowMist,https://de.fi/rekt-database/circle,https://hacked.slowmist.io/search/,,https://www.coindesk.com/business/2021/07/08/circle/says/it/lost/2m/to/email/fraudsters/in/june/,,Circle Internet Financial the issuer of the US dollar stable currency USDC reported in a regulatory filing with the US Securities and exchange Commission (SEC) that Circle Internet Financial lost US$2 million in email fraud last month. Circle stated that the email fraud incident did not affect customer funds and accounts Circle s information system is still safe and the US$2 million is the company's own funds. REKT: Circle Internet Financial. the issuer of the US dollar stable currency USDC. reported in a regulatory filing with the US Securities and exchange Commission (SEC) that Circle Internet Financial lost US$2 million in email fraud. Circle stated that the email fraud incident did not affect customer funds and accounts. Circlesinformation system is still safe. and the US$2 million is the companysown funds.,2021-06-09 0:00,2021,2000000,Instant user deception,Phishing emails,Imitation,Intermediary,CeFi,
492,Akropolis,REKT and ChainSec,https://de.fi/rekt-database/akropolis,,https://chainsec.io/defi-hacks/,https://www.theblockcrypto.com/linked/84490/defi/project/akropolis/exploited/for/over/2/million,,“Decentralized finance (DeFi) protocol Akropolis lost $2 million in DAI in an exploit on Thursday morning.” — The Block REKT: The attacker created a token contract with the malicious logic. which called deposit again (reentrancy):  https://etherscan.io/address/0e2307837524db8961c4541f943598654240bd62f  The attacker: / created a fake token  / deposited the fake token  / got a callback to the fake token. deposited 25k DAI  / got credited for 25k DAI of deposits  / got credited for 25k DAI of deposits  / withdrew 50k DAI  The attacker address:  https://etherscan.io/address/0e2307837524db8961c4541f943598654240bd62f  The stolen funds were transferred to some External wallet:  https://etherscan.io/t/0f15623567231c67df2b8bcc5540236fbda2c3ac11ecbec427048f11b582cb869,2020-11-12 0:00,2020,2000000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Lending,P
706,Mad Meerkat Finance,REKT and SlowMist,https://de.fi/rekt-database/mad_meerkat_finance,https://hacked.slowmist.io/search/,,Mad Meerkat Finance Lost $2M to a DNS exploit  / CoinCodeCap,,>On May 4. 2022. the front/end of the MM Finance protocol was hacked. which allowed the hacker to change the router address and redirect all the funds of users who somehow interacted with the protocol through the front/end to their wallet.&nbsp; dir= >The exploit lasted approimately three hours. then the team turned off the front/end.&nbsp; >Team members advised users on Discord not to interact with the site. >Attacker address: >Attacker fundings address: https://cronoscan.com/address/03fbaf5eeb4850af492a66807ff7fd7210deee7e3. Then they were mapped to: >600+ transactions were redirected. and the profits were exchanged for USDT and transferred through the bridge back to ETH before being deposited (743 ETH so far) in Tornado Cash. dir= https://crypto.org/eplorer/account/cro1ukvuw3qzjtt8wg5hsze4f2c3c8qvtwgcnah2. Actual fundings transaction: https://crypto.org/eplorer/t/0C7193F9E2D8FAE789A4B21DBC554D942329A5DA8734541563F339867740527B. This fundings were mapped the 0 address to the underlying address: https://crypto/org/chain.github.io/cronos/address/webtool/ dir= https://cronoscan.com/address/0b3065fe2125c413e973829108f23e872e1db9a6b dir= >Total number of losses: $2M,2022-04-05 0:00,2022,2000000,Instant user deception,DNS attack,Imitation,Intermediary,Exchange,
736,AFKSystem,REKT,https://de.fi/rekt-database/afksystem,,,Telegram: Contact @rugsteemer (archive.is),,The EOA address deployed unverified smart contract at: https://polygonscan.com/t/0371b8da1ef6fae5613025d6d3ac85b4eb989cabf91909ace8a7aaa81ec341eb5 This smart contract interacted with different MasterChef contracts: https://polygonscan.com/t/0a4dafd21de907f594344876dd43977e2f03ab541085495ea5010a0c5d53fe470 https://polygonscan.com/t/05a27947b4af14f897d35bc4457c4a00a1a3b3002db1b7552d680b7bb0e028de9 https://polygonscan.com/t/0758ca2462da1fba081c50e5e82abcf26225321ad409d9f2b0ae8623d61541e8b https://polygonscan.com/t/0cb729d6c84ba291799a3bb9da4bef704a62f0608c178aa1230cbcd44d9d5038f https://polygonscan.com/t/080fc64a240a67f6eea8bd57367bc088b80ccfd5236c4cebcd46e7c24a147860f The bytecoded contract had approval for spending LP tokens. as a result. funds were transferred to the External address: https://polygonscan.com/address/00a301bdf8c02d19d8204712d9ef10fa38c6109e7 Withdrawn LP tokens were used to remove liquidity at: https://polygonscan.com/t/0f68759da53b71917b87ef8ee0bfb4db1cb612ce993378b7c51e86c4840099dc8 https://polygonscan.com/t/09f4d43f13df89109b10d181e24f2f28ddf88c9b8ea3c761b9f4600cf3b91a155,2021-09-10 0:00,2021,2017053,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
61,GYM NETWORK,REKT and SlowMist,https://de.fi/rekt-database/gym_network,https://hacked.slowmist.io/search/,,"(1) GYM NETWORK sur Twitter : ""There was an attack on our recently deployed Claim &amp; Pool function for our Single Pool that caused a massive price drop. The source was quickly identified and we already fied the issue. We will host an AMA session later today to answer all your questions! #GYMNET #BSC"" / Twitter. (2) https://twitter.com/peckshield/status/1534423219607719936",,GYM NETWORK Hacked  Lost $2.1M  Stolen Funds Moved to Tornado Cash. According to the official Twitter account  the attack was caused by an attack on the Claim &amp  Pool function  which resulted in a significant price drop. REKT: Gym Network has been exploited for $2.1M. The <em>depositFromOtherContract()</em> function is a wrapper for the <em>_autoDeposit()</em> function. where there is no <em>transfer()&nbsp;</em>function to transfer a user’s deposit to the contract. so a user can call <em>deposit()</em> and �create deposit record’ without actually transferring tokens.&nbsp;Now function is resolved adding <em>onlyBank()&nbsp;</em>modifier. Exploiter address (BSC):  https://bscscan.com/address/0b2c035eee03b821cbe78644e5da8b8eaa711d2e5 Exploiter contract (BSC):  https://bscscan.com/address/07cbfd7bccd0a4a377ec6f6e44857efe42c91b6ea Victim contract:  https://bscscan.com/address/00288fba0bf19072d30490a0f3c81cd9b0634258a Repaired contract:  https://bscscan.com/address/07df0bc661b6a239ae2f41f9548f6b17f7bd8328b  Exploiter transactions eample:1)  https://bscscan.com/t/0171a448161f2c438cca0502599a6784561d11099c9218e2125c5f3c7a6705dd32)&nbsp; https://bscscan.com/t/091f5e625447da3e7d0d409d5c7762c94c4d5793ab34430b81a9889e5ef9f37dd 3)  https://bscscan.com/t/012970f3962b4bacd01bb4e3dc086804e4e5861134db5dd80d7e4671aa7f23d16  The attacker has created several contracts to perform these steps:The attacker calls the <em>depositFromOtherContract() &nbsp;</em>function with the deposit amount set to 8M GYMNET. without transferring money because there is no transfer function.Net attacker calls <em>withdraw()</em> function to withdraw 8M GYMNET.Then attacker swaps GYMNET tokens to BNB and sends them to this address:  https://bscscan.com/address/0b2c035eee03b821cbe78644e5da8b8eaa711d2e5     https://bscscan.com/address/0b2c035eee03b821cbe78644e5da8b8eaa711d2e5   All funds were laundered via TornadoCache.,2022-06-08 0:00,2022,2100000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
1102,Dictum Exchange,REKT,https://de.fi/rekt-database/dictum_exchange,,,(1) https://twitter.com/olimpiocrypto/status/1609183982821818369. (2) https://twitter.com/DeDotFiSecurity/status/1609273620039090176,,"Quick Summary
Dictum Exchange has rugged pulled. On the 31st of Dec 2022. just after airdropping its $DIC token. the project shut down all of its social networks and performed hard rug from unverified proxy liquidity pool contracts.

Details of the Exploit
The protocol built on the Arbitrum network Dictum Exchange performed hard rug from its LPs. 
Most of the contracts of the protocol are built using a proxy upgradeability pattern. In this case. it allows deploying new implementations with any malicious logic. Currently. the source code of all LPs is not verified and includes malicious logic in the burn() function. 
This function was called on each LP contract to drain a huge share of liquidity from them.
Currently. all stolen funds are bridged to the Ethereum Mainnet as ETH and stored in the account: 0xaF8f284e93c5bF5795ccA636D8AeE62a2616e21d

Block Data Reference
Scammer addreses:
https://arbiscan.io/address/0xaf8f284e93c5bf5795cca636d8aee62a2616e21d
https://etherscan.io/address/0xaF8f284e93c5bF5795ccA636D8AeE62a2616e21d

Liquidity draining TXs:
https://arbiscan.io/tx/0xbe0e8d8304f1057a19cb15e1bbb8917d1e3dac60e9b779ab628d9a4c1ce17112
https://arbiscan.io/tx/0xe7275b599228ffe565a9894011c949c3037a2ad90dc1b1adee14284bfe02b307
https://arbiscan.io/tx/0xe197f911e263ee6079db65398b3a7e4dbf2fdff5cce9dbe79c43137eed4c187f
https://arbiscan.io/tx/0x874e189e44ef1d378a0c94bf9a2df2102444f55e7c08dde658fa72cf05667f66
https://arbiscan.io/tx/0xf3b3099021a657383c5af009ffa0fdbabb062d7cc360c2de96b018299533540a
https://arbiscan.io/tx/0x4812d74fd976e42798f4b61e6a008fcec0f89ba1cf51ffab94051bfdd651c7bc
https://arbiscan.io/tx/0x67ac2279d9ac0cb49bc5269c8edc79f4a999fcffa08eb2ddcbb0a196470723b1
https://arbiscan.io/tx/0xb0f0bc34f36c12cf32c94a1965999e400bb84ce3bc56eb3d8e3303eca2e8effc
https://arbiscan.io/tx/0x48805ffac3d061aff5d96b115e2991a01be87083432d900f725575e3c7123876",2022-12-31 0:00,2022,2100000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
541,BitoPro,REKT and SlowMist,https://de.fi/rekt-database/bitopro,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/93091.htm. (2) https://twitter.com/BitrueOfficial/status/1123992201015509002,,Taiwan exchange BitoPro s RP suffered an attack that caused a price crash and is thought to have lost about 7m RPS.,2019-05-02 0:00,2019,2170000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,CeFi,
798,Deriswap,REKT,https://de.fi/rekt-database/deriswap,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: $DWAP (Deriswap) 0846d152216146c77c81af3a1657790ed8ba69281 Big whale buy his own token up. don't fall in the trap. AC not release token yet."" / Twitter",,The anonymous team developed a bogus token / DWAP / and issued it on the Uniswap when Andre Cronje announced not released project named Deriswap.,2020-11-23 0:00,2020,2170264,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
216,Monkey Kingdom,REKT and SlowMist,https://de.fi/rekt-database/monkey_kingdom,https://hacked.slowmist.io/search/,,https://twitter.com/MonkeyKingdom_/status/1473312369556213769,, The NFT project Monkey Kindom stated that hackers stole $1.3 million in SOL from the community through a security breach in discord. The hacker first attacked Grape  the solution to authenticate users on Solana  and took advantage of the vulnerability to take over an administrative account that posted a phishing link in the announcement channel of Monkey Kindom discord. REKT: The attacker\saddress:  https://solscan.io/account/HuiYfmAceFkmhu3yP8t3a6VMYfw3VS2Ymqqj9M2k9ib  Monkey Kingdom\sDiscord was flooded with thousands of bots impersonating the Monkey Kingdom or Baepes announcements. They DM/ed users directing them to suspicious websites that require them to connect their wallets.  When the NFT presale began. the project\sannouncement channel on Discord was hijacked by the bot named Monkey Kingdom. A Discord webhook got compromised and posted a phishing link to the Announcement channel.  The attacker was able to steal 316.8 WETH. Stolen funds were bridged through the Wormhole:  https://solscan.io/t/oUbHMm158RtzoGD3k5ys3y9SiBovQ1smKWANo1Qm144ovmz9bDsUWyhr3Yp9uEnUVZnnLMgSDjFvAVJtBs1  https://solscan.io/t/47YY62nvoeuVenY5iT4GA4LYiiNHd9nYmi69rVw4DZU3FycQWbPy6ePWirMBEDEFfH3a5jW9wjzsuHFtzz3D  https://solscan.io/t/2pM5asqypGSjJSZjNf6m6MjoQWsc9vFg91UosukpSbZbwN3BwmaFRnSa3vFERyZBzGDjTTKD1h1dKkiaPfsjBt  https://solscan.io/t/4MrJuHeJLH2cBTzYT9Gjbe8pcvHsRnF5E5ZnpGVkQ7v3gvDEchWVijMSWjwkF1FyJV1yjABs4HWh9tcDqaoM,2021-12-21 0:00,2021,2197448.32,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
218,Bent Finance,SlowMist,,https://hacked.slowmist.io/search/,,https://bentfi.medium.com/bent/update/12ae69a41dc6,, The staking and yield farming platform Bent Finance tweeted that the Bent Deployer wallet upgraded the curve pool contract from November 30  2021 to 2021 01:09:27 PM +UTC  and the Exploiter added a malicious contract that made cvcrv and cvcrv and The mim pool is able to hardcode user balances and then deploy another contract to mask it. The attackers stole a total of 513 000 cvcrv LP tokens. Bent Finance later updated the incident report saying that with the help of two white hat hackers  the team analyzed the incident and concluded: This was actually the work of an   inside member. After several days of hacking  the attackers finally agreed to return the funds to the following multisig address: 0aBb8B277F49de499b902A1E09A2aCA727595b544. The attackers sold off (now bounced back) and sent us ETH and DAI  there was a slight shortfall in returning funds  but we've fied that. So far  we have raised another 200 000 cvcrv (~$1 million) from the community to help fill the gap. The official said that the vulnerability has been fied to ensure that such incidents do not occur again.,2021-12-21 0:00,2021,2197448.32,Internal theft,Malicious code injection ,Human risk,Target,Yield,CP
384,Popcornswap,REKT and SlowMist,https://de.fi/rekt-database/popcornswap,https://hacked.slowmist.io/search/,,https://www.btchangqing.cn/187817.html,,"Another DeFi project popcornswap on Binance Smart Chain has gone. It is reported that some users said in the community that the project used cake s LP the contract was open source but there was no audit and the LP was run in less than two hours. Currently there are more than 40 000 BNB in ​​the wallet and no action is taken. REKT: The address behind the exit scam:
https://www.bscscan.com/address/0xFd6042Df3D74ce9959922FeC559d7995F3933c55

This address. marked as Phishing. got an unlimited allowance for transferring users' LP tokens from the Master Chef contract. The phishing address has withdrawn LP tokens onto his wallet by calling transferFrom() function into the Master Chef contract at:
https://www.bscscan.com/tx/0xe214c0f71b5f270eff6006b05a469178425dc2e38de0123c16c16074b769cfb3
https://www.bscscan.com/tx/0x4bdb3728b94c69deb612e7877b68c6e300a9329fc830fc1e45fafb20c0cecbb5
https://www.bscscan.com/tx/0xe7f5168518f9f1c40ff845a121b670796d41e09ebf82a8fe823c1539bf225803
https://www.bscscan.com/tx/0x4f7685b08ae0fb7e8681db480c757744dc3ac3ef76ff8287df1ddb0a894db465
https://www.bscscan.com/tx/0xaa277c446a55f96e088b08fd42cffb191dcf785403ddcda97d292f31efc05394

The liquidity was removed multiple times by the Phishing address at:
https://www.bscscan.com/tx/0xa4593c08d512d3dff9e077a27aadf337c1edd335f8c6553f9954d7a5f9d6634f
https://www.bscscan.com/tx/0x6659c11578c444d26aec93f7d6dcb4c7637a01774fceca2b6b3d1f26f0c3b7e1
https://www.bscscan.com/tx/0x6c09b231bc9bafc1a70e75875014d80bfae0c33005d9e7c516d583a39ef62a87
https://www.bscscan.com/tx/0x9c218c10efeddffeb37a1771722ed85cdc547091ed0506e3ac0efa7a1dc2df74
https://www.bscscan.com/tx/0x24f8004e7feb5d5c1f3e2340cb8a60e36b8d18b2e9a96daf2bb4d02f83366ddd

Stolen funds are still holding on to the Phishing address.",2021-01-31 0:00,2021,2241690,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
830,Fairmoon,REKT,https://de.fi/rekt-database/fairmoon,,,Crypto Watchdog Group Has Exit Scammed You For Your Own Good. It Claims / Decrypt,,Anti/scam vigilance War on Rugs. a self/described collection of smart contract auditors and blockchain developers. offered itself as a resource for verifying the credentials of a DeFi project. warning of projects it deemed insecure.  Later. War or Rugs created their own token / Fairmoon. which is the clone of the Safemoon. After the token launch. some insider wallets bought FAIRMOON before War on Rugs audit on some over $40k. which later were dumped and brought $1.800.00 of profit:  https://bscscan.com/token/0fe75cD11E283813eC44B4592476109Ba3706cef6?a=0485d2f761089b01623d3d6d31fd06e7c75d0373c  To calm down the community. the project announced migration to a new token. However. Shappy aka WarOnRugs completed his 2nd eit scam and again ran away with at least 1.170 BNB ($500.000 at this point). The total amount by which the community was defrauded thus amounts to at least $2.300.000.  The transaction of the second rug pull:  https://bscscan.com/t/0ef7cff7b64bde0ab53f62ba0b9fc367c38167fcf8401f35fbcff00d20d4fccc3,2021-09-20 0:00,2021,2300000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
1154,FriesDAO,REKT and SlowMist,https://de.fi/rekt-database/friesdao,https://hacked.slowmist.io/search/,,"friesDAO (??.??) sur Twitter : ""It has come to our attention that the refund deployer contract was exploited and managed to obtain FRIES tokens which were subsequently refunded for USDC and sold into the Uniswap pool. This is an ongoing investigation; exploiter is invited to contact us for dialogue."" / Twitter",,FriesDAO was attacked and lost about $2.3 million. An attacker gained control of the FriesDAO protocol operator's wallet through the Profanity wallet generator vulnerability. which would force the use of the private key of the address generated by the tool. FriesDAO stated in the official Discord channel that the official developers are currently trying to negotiate with the attackers to negotiate a white hat bounty in exchange for the return of the stolen funds.,2022-10-28 0:00,2022,2300000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Dapp,P
365,Turtle.dex,REKT and SlowMist,https://de.fi/rekt-database/turtle.dex,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/binance/smart/chain/s/turtlede/Rug pull scams/shortly/after/launch,,According to BSC news  Turtle.dex has run away  taking away about 9 000 BNB  worth more than 2 million U.S. dollars  and the website and telegram group have been deleted. BSC news refers to this as a well/thought/out and planned running behavior. At present  part of the funds have been converted into ETH to enter the Binance exchange  and investors are urging Binance to freeze related accounts. On March 15th  in response to the question of whether it would run away  Turtle officially stated: No  because the turtles have short hands. Note: Turtle means sea turtle. REKT : The project announced a fundraising event on their website. This fact can be verified by the link:  https://web.archive.org/web/20210314092242/ https://turtlede.io/private/sale  Funds receiver was the official crowd/sale smart contract which gathered 8.999.99 BNB in total. but raised funds were automatically transferred to the bytecoded contract and then transferred to the last recipient finally / EOA wallet:  https://www.bscscan.com/t/0ba8c0e937aa6fa49cfff96b51235f7ca1725327a43bcc94b36a17138ec0f927b  Stolen funds were distributed between some External addresses:  https://eplorer.bitquery.io/bsc/ts/transfers?sender=078aff3b8b1de9242cc2dc8f19930c83454f1ff82&amp;currency=BNB,2021-03-20 0:00,2021,2324610,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
258,Evolved Apes,REKT and SlowMist,https://de.fi/rekt-database/evolved_apes,https://hacked.slowmist.io/search/,,(1) https://finance.yahoo.com/news/another/nft/rug/pull/evolved/084902519.html. (2) https://www.vice.com/en/article/y3dyem/investors/spent/millions/on/evolved/apes/nfts/then/they/got/scammed,,The official Twitter account and website of the NFT project Evolved Apes the project developer Evil Ape disappeared last week  and took away 798 ETH worth US$2.7 million. REKT: A week after the project launch. the anonymous developer is known as Evil Ape vanished along with the project’s official Twitter account and website.  Funds gathered on the NFT sale:  https://etherscan.io/address/0x233a65b06ef83ccf2fd58832086dd782f9da1642#internaltx  798.07 ETH was distributed between external wallets at:  https://etherscan.io/tx/0x573da368dee59749f25868f846473e2344b05684945465d65185832c89f803e9  https://etherscan.io/tx/0xa966f3a36a5fd55a668ffe97600d7f26459e756280d894aab25baf1404957be5,2021-10-06 0:00,2021,2339031,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,NFT,CA
726,TempleDAO,REKT,https://de.fi/rekt-database/templedao,,,(1) TempleDAO exploit results in $2M loss (cointelegraph.com). (2) https://www.coindesk.com/business/2022/10/11/defi/protocol/temple/dao/struck/by/23m/exploit/,,Quick SummaryTempleDAOsstaking contract was exploited due to a vulnerable migration functionality. The hacker took away FraLP tokens and swapped them for 1830 $ETH. Details of the exploitTempleDAO is a DeFi yield aggregator. The exploit happens due to stake migration functionality on the StaLPStaking contract. The attacker was able to transfer FraTempleLP liquidity tokens to his address and took $TEMPLE and $FRA tokens from the pool. Consequently. the hacker swapped them for 1830 $ETH and transferred the stolen funds to another EOA address. The total profit of the attacker reached 2.376.872 $USD. An interesting detail is that the attackersaddress was linked to Binancesaddress. TempleDAO is investigating the accident with Binance and Sta said that a white hat bounty will be initialized for the Exploiter. Block Data ReferenceAttacker address: https://etherscan.io/address/09c9Fb3100A2a521985F0c47DE3B4598dafD25B01 Malicious transaction: https://etherscan.io/t/08c3f442fc6d640a6ff3ea0b12be64f1d4609ea94edd2966f42c01cd9bdcf04b5 Liquidity removal transaction: https://etherscan.io/t/04b119a4f4ba1ad483e9851973719f310527b43f3fcc827b6d52db9f4c1ddb6a2,2022-11-10 0:00,2022,2376872,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
301,PancakeBunny,REKT and SlowMist,https://de.fi/rekt-database/pancakebunny,https://hacked.slowmist.io/search/,,PolyBUNNY Post/Mortem & Compensation | by Bunny Finance | Medium,,"DeFi revenue aggregator PancakeBunny tweeted that its version on Polygon was attacked by outsiders and has suspended all Polygon Sushi Vaults. According to officials Polygon vaults BSC PancakeBunny vaults and BUNNY are currently safe. The attacker made a profit of 1281 WETH. REKT: The attacker's address:
https://polygonscan.com/address/0xa6021d8c36b2de6ceb4fe281b89d37d2be321431

The transaction behind the attack:
https://polygonscan.com/tx/0x25e5d9ea359be7fc50358d18c2b6d429d27620fe665a99ba7ad0ea460e50ae55
The attacker:
/ deposited 0.000000009416941138 SLP (~19.203 USD) into the polygon.pancakebunny USDT/USDC Vault
/ deposited 0.000023532935903931 SLP (~47.990.975 USD) to the USDT/USDC MiniChefV2 contract on SushiSwap
/ this resulted in a performance fee of 14284.950 SLP (0.000007006743943544 SLP)
/ 2.136.672.974656942582870591 polyBUNNY tokens were minted onto the attacker's address
/ repaid the flash loan on AAVE and gained 1.281.702952074137533313 ETH
/ funds were bridged on Ethereum and deposited into Tornado Cash mixer at:
https://etherscan.io/address/0xa6021d8c36b2de6ceb4fe281b89d37d2be321431",2021-07-16 0:00,2021,2395931,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
677,Boy X Highspeed,REKT,https://de.fi/rekt-database/boy_x_highspeed,,,Eplained: The Boy  Highspeed (BH) Rug Pull (September 2022) (halborn.com),,Quick SummaryBoy  Highspeed exploit happened using privileged access. 1865 $ETH was stolen and transferred using Tornado Cash Details of the exploitBoy  Highspeedsstaking pool contract on the Binance and the AVA chain was exploited for the total amount of various assets worth 2.584.890 $USD. All funds were withdrawn from the staking contract using the privileged function inCaseTokensGetStuck(). Consequently. the stolen funds on both chains were bridged to the Ethereum chain and transferred using Tornado Cash. Block Data ReferenceAttackersprivileged address: https://bscscan.com/address/0afc6e88c90334618e73eadc04b0f9dc0482f7be3Attackersaddress used for transfer assets: https://bscscan.com/address/0158f5cb7ab88e1c2418d5509d3fe43ae548ce345 https://etherscan.io/address/0158f5cb7ab88e1c2418d5509d3fe43ae548ce345 BH Staking contract: https://bscscan.com/address/0cc47dac5f1a6881d9fd277e005d19e6309c3a474 Withdraw transaction: https://bscscan.com/t/0632fc37c4c1418a465e9f032e7375866de0c95e3f02c4afd6725a9df0d56d871 Tornado Cash transfers: https://etherscan.io/t/011d407d92806acbc92a8dec4dae192755b443b39f4d1dbaa5b537f7207eb035b,2022-09-20 0:00,2022,2433665,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
427,EtherCrash,SlowMist,,https://hacked.slowmist.io/search/,,https://itwire.com/security/ethereum/gambling/game/loses/us$2/5m/in/alleged/inside/job.html,,Recently  AlonGal  the chief technology officer of the cybercrime intelligence company HudsonRock  tweeted that on October 27  the EtherCrash cold wallet that claimed to be the most mature and largest gambling game in Ethereum was stolen  with a loss of about 2.5 million U.S. dollars. for. It is reported that EtherCrash has issued a notice on Discord in which it mentioned that the EtherCrash cold wallet was stolen and there were two large withdrawals. EtherCrash stated that it will compensate users for their property losses  but it will take some time because the losses are more serious.,2020-10-30 0:00,2020,2500000,External factor,Deceiving personnel,Human risk,Target,Dapp,P
697,FLiK,REKT,https://de.fi/rekt-database/flik,,,(1) SEC.gov | SEC Charges Film Producer. Rapper. and Others for Participation in Two Fraudulent ICOs. (2) https://fullycrypto.com/flik-creator-pleads-guilty-to-2-5-million-ico-fraud,,,,2017,2500000,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
1140,BXH,SlowMist,,https://hacked.slowmist.io/search/,,Security team: Suspected BXH The stolen funds changed on September 9. and 21 ETH was transferred to Tornado Cash| Anue Juheng - News (cnyes.com),,According to the SlowMist security team. according to the BXH Stupid Kids team’s announcement on September 23. a total of $2.5 million worth of assets and 38 million BXH tokens were stolen the night before yesterday (September 21). According to the analysis and evaluation of SlowMist MistTrack. the private key of the original owner of the BXH VaultPool contract is suspected to be stolen. and the inCaseTokensGetStuck function is called to transfer the funds in the contract to the hacker's address. The hacker's address is 0x158f...e345. Up to now. the hacker has exchanged the stolen funds to the ETH chain across the chain. and further transferred all the stolen funds to Tornado Cash. with a total transfer amount of 1865 ETH.,2022-09-21 0:00,2022,2500000,Undetermined,Accessing private keys/data,Undetermined,Target,Exchange,P
759,BNB42,REKT,https://de.fi/rekt-database/bnb42,,,(1) BNB42 DeFi Rugged for $2.8 Million. CetriK Eplains How. (2) https://twitter.com/CertiKCommunity/status/1493614458144448513?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1493614458144448513%7Ctwgr%5Ece189cab37ac0c90b6c9a16c256f6000408538e3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fu.today%2Fbnb42/defi/rugged/for/28/million/cetrik/eplains/how,,The address involved in the scam: https://bscscan.com/address/09b74fde50f3fcd3a02fafea6a187092630d6eb8f The address involved in the scam deployed the unverified contract which contained <u>withdraw</u>() function that allows only the owner to withdraw the entire total BNB (eth.balance(this.address) wei) to the owner’s address. The contract deployer invoked withdraw() to transfer 6.445.42 BNB onto own address at: https://bscscan.com/t/0749215ebe457aa681194684401257fe8fb44daecb9f50a077b12c71e83cf9414 Stolen funds were distributed to a bunch of External addresses and deposited into the Tornado Cash mier.,2022-02-15 0:00,2022,2602079,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
152,Fantasm Finance,REKT and SlowMist and ChainSec,https://de.fi/rekt-database/fantasm_finance,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://twitter.com/fantasm_finance/status/1501569232881995785. (2) https://www.coindesk.com/tech/2022/03/10/fantom/based/algo/protocol/fantasm/exploited/for/26m/ (3) https://halborn.com/eplained/the/fantasm/finance/hack/march/2022/ (4) https://medium.com/@fantasmfinance/fantasm/finance/post/mortem/exploit/09/march/2022/daf48ead016f,, Fantom's on/chain synthetic asset protocol  Fantasm Finance  posted on social media that its FTM collateral reserves had been exploited and called on users to exchange their FTM immediately. After exploiting the vulnerability  the hacker exchanged all the profits for ETH  and used Tornado.cash to mi coins across the chain to the Ethereum main network. According to statistics  the hacker made a profit of 1 007 ETH (about 2.73 million US dollars). CRYPTOSEC: “Fantom/based algorithmic assets protocol Fantasm Finance was exploited for over $2.6 million worth of crypto early on Thursday with the stolen tokens swapped for ether using privacy protocol Tornado Cash.” — CoinDesk REKT: The Exploitersaddress:  https://ftmscan.com/address/047091e015b294b935babda2d28ad44e3ab07ae8d  The Exploiter: / deployed contract to trigger the exploit  https://ftmscan.com/address/0944b58c9b3b49487005cead0ac5d71c857749e3e  / minted FTM by input only FSM token without entering any FTM / collected FTM token / sold FTM token to FTM / bought more FSM and repeated the first step to get a larger amount of FTM / sold all his FTM for ETH and bridged these ETH to Ethereum via Celer Bridge / deposited stolen funds into Tornado Cash mier:  https://etherscan.io/address/047091e015b294b935babda2d28ad44e3ab07ae8d  That contract exploited the error in Fantasm’s Pool contract where the developer missed the condition checking for the minimum amount of input FTM when minting FTM.,2022-03-09 0:00,2022,2622097,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Derivatives,P
880,IDO rug pulls,REKT,https://de.fi/rekt-database/ido_rug_pulls,,,"(1) PeckShieldAlert sur Twitter : ""#RugPull PeckShield has detected 7 IDO protocol rugged! $GOTEM(gotEM) $ONEP (HarmonyPad) $HBARP (HbarPad) $MPLAY (MetaPlay) $ELIT (Electrinity) $PEE (MicroPee) $QDrop (QuizDrop) rugged. more than 5.744 WBNB! The funds have been deposited to @TornadoCash https://t.co/TyvfsKTz4x"" / Twitter. (2) https://twitter.com/RugDocIO/status/1481107278841270274",,The address behind several rug pulls:  https://bscscan.com/address/04edcf70d3ac8cacb658d43017fc114a0e5875d9a  Stolen funds were transferred to the other External address:  https://bscscan.com/t/0c9940a062d9b767fa84a03836b779cd83cf79bf225f0a1dbeac8cece7b88c2f2  Stolen funds were deposited into Tornado Cash mier:  https://bscscan.com/ts?a=0c43b1f4e7e47be5d5663c3b26e4fb3fe7e217f90&amp;p=1,2022-01-12 0:00,2022,2661699,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Exchange,P
182,Multichain,REKT and SlowMist,https://de.fi/rekt-database/multichain,https://hacked.slowmist.io/search/,,https://twitter.com/MultichainOrg/status/1483110393543544832,,The cross/chain bridge Multichain said that an important vulnerability affecting si tokens of WETH  PERI  OMT  WBNB  MATIC  and AVA was officially discovered. Now the vulnerability has been successfully repaired  and all users   assets are safe and cross/chain. Transactions will not be affected. However  if the user has authorized these si assets  he needs to log in as soon as possible to revoke the authorization  otherwise the assets may be at risk. According to the official announcement on the 19th  because some users did not cancel the authorization in time  the stolen funds were about 445 WETH  worth about 1.43 million US dollars. REKT: On Jan 18. Multichain urged users to remove approvals for si cross/chain tokens (WETH. PERI. OMT. WBNB. MATIC. AVA). while the users haven’t revoked WETH approval were exploited (WETH 602.69 total affected).  The whitehat hacker returned 259 ETH at:  https://etherscan.io/t/02bbd6a6a0d4d56db0b231465f56c5fca9d11e874109277a576b69f2acf1ee7a9,2022-01-17 0:00,2022,2726413,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
1081,MetaDAO,REKT,https://de.fi/rekt-database/metadao,,,"PeckShieldAlert sur Twitter : ""#RugPull PeckShield has detected that @METADAO rugged. the stolen funds (800 Ether) are transferred to @TornadoCash (#Ethereum). DO NOT STAKE in this contract and if you've approved it. REVOKE https://t.co/82FREIL8Fu"" / Twitter",,Quick SummaryThe MetaDao Honeypot caused investors approx. $ 2.8 million in damages. Details of the ExploitMetaDAO claimed to be the DAO of DAO´s. building a new decentralized universe when in fact the project was a Honeypot all along. The $META token was configured in such a way that it could not be sold on decentralized exchanges. meaning investors funds were trapped. The contract deployer added initial liquidity at:  https://etherscan.io/tx/0x2322e3e288216d450ff24bf3ea8f6d0524b0425cde75675572ee620ea7a52ac9Once the project took on steam. the contract deployer unlocked liquidity and removed $ETH from the pair in the following example transactions:  https://etherscan.io/tx/0xfb75d381d5ea9037c578fbcd49f39740fed2fa4d62000ce6b3b6f9f3749303c2  https://etherscan.io/tx/0xfb684e20924fcb9e877c8c29355373cc0d8ba155ba006f3bc50d320c6efb7c26 The Stolen funds were funneled through the Tornado Cash mixer. example transactions:1)  https://etherscan.io/tx/0xaaccf3a1727f1b91a579a020b6d44428cd1fde35c246917420768591feff76db2)  https://etherscan.io/tx/0x998014eeeaba30addd68428aae0a3114775960e21b0856289ee59b048fd095783)  https://etherscan.io/tx/0xe1693a0786eeb7290d192faca43480f7cd401ea7b48fe3a4fe9cf655e3953292 Block Data ReferenceThe contract deployer possibly blocked token transfers:  https://honeypot.is/ethereum.html?address=0x6795a9603e9992417560479b07ba04c5f0dd79e4,2021-12-27 0:00,2021,2826509,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,Dapp,P
1040,Wallstreetswap Finance,REKT,https://de.fi/rekt-database/wallstreetswap_finance,,,https://github.com/Rug pull scamvigilante/wallstreetswap.finance,,Quick SummaryWallstreetswap Finance rug pulled its investors by introducing a backdoor into its smart contracts. granting the project deployer to transfer of all LP positions at will. The exploit cost investors appro. $2.9 million in damages. Details of the exploitWallstreetswap Finance was a DE on the Binance Smart Chain that offered the typical DE services such as staking. farming. and swapping. The factory contract contains a line that approves both tokensbalances to the malicious actor in every created LP inside initialize() function. This means that the malicious actor can perform liquidity withdrawal from the pools anytime.&nbsp; Block Data ReferenceLP creation contract WallStreetSwapFactory: https://bscscan.com/address/0d395ce2bbc62eeb612bd4c41d51ef4b6bf611d6c#codeContract deployer (scammer) address: https://bscscan.com/address/0a7524ec326d81dd26765f1bb17ad976d04778304Some eample of token draining: https://bscscan.com/t/0b8fb142aa94092de2ccf4749a70400f6a91f8365e9ee53ed4d38512e2ec0a5a3 https://bscscan.com/t/0b05480336ed4c099f42fde746abb74a370c2ffb4ea1a7850f5be9ee335ca6d26In this last transaction the contract deployer transferred &nbsp;all stolen $BNB to a third seemingly unrelated address: https://bscscan.com/t/092d301e06107cf524101a12ea3540bae85c87b154dcb470f19a88bbf5952d7e7,2021-02-15 0:00,2021,2905021,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
488,IOTA,REKT and SlowMist,https://de.fi/rekt-database/iota,https://hacked.slowmist.io/search/,,https://www.zdnet.com/google/amp/article/iota/cryptocurrency/shuts/down/entire/network/after/wallet/hack/?__twitter_impression=true,, IOTA has shut down its entire network this week after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds.Estimated loss of 850000 MIOTA (valued at us $2.3 million). REKT: IOTA Foundation has shut down its entire network after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds. The hackers were stealing funds from user wallets. the IOTA Foundation shut down Coordinator. a node in the IOTA network that puts the final seal of approval on any IOTA currency transactions.  IOTA members said hackers used an exploit in a third/party integration of Trinity. a mobile and desktop wallet app developed by the IOTA Foundation.  The hackers targeted at least 10 high/value IOTA accounts and used the Trinity exploit to steal funds.,2020-02-12 0:00,2020,2910000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
98,Fortress Protocol,REKT and SlowMist,https://de.fi/rekt-database/fortress_protocol,https://hacked.slowmist.io/search/,,https://twitter.com/Fortressloans/status/1523495202115051520,, Fortress Protocol  a lending protocol on BNB Chain  was suspected of being attacked. Token FTS fell by 42% in a short time. Currently  1 048 Ethereum and 400 000 DAI have been transferred to Tornado.cash. REKT: Quick SummaryFortress Loans was attacked due to oracle vulnerability. An attacker was able to manipulate the project\soracle which allowed them to borrow differrent number of tokens for the amount of ~$3m (~1k ETH and 400k DAI). Details of the exploitFortress Protocol is a <span lang=>decentralized marketplace for Lenders and Borrowers with Borderless Stablecoins. Fortress Loans became a victim of attacker that manipulate with the price oracle. which made possible to get about $3m and launder them through the TornadoCache. <span lang=>Attack flow:Attacker created unverified smart/contract<span lang=>&nbsp;( https://bscscan.com/t/04800928c95db2fc877f8ba3e5a41e208231dc97812b0174e75e26cca38af5039) which was later used to send a series of transactions ( https://bscscan.com/t/013d19809b19ac512da6d110764caee75e2157ea62cb70937c8d9471afcb061bf). A series of transactions allowed them to propose Fortress Governor Alfa contract with a malicious proposal. for which they themselves voted to set the FTS etremely valuable. The attacker then borrowed a huge amount of tokens that exchanged for ETH and DAI. Then all stollen funds were transferred across the bridge to the Ethereum network and laundered via TornadoCache.<br\ >As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data Reference  dir=>Attacker address on BSC:  https://bscscan.com/address/0A6AF2872176320015f8ddB2ba013B38Cb35d22Ad&nbsp;  dir=>Attacker address on ETH. Here all the stolen funds were laundered through TornadoCache:  https://etherscan.io/address/0A6AF2872176320015f8ddB2ba013B38Cb35d22Ad  dir=>Bridging transaction from BSC to ETH:  dir=>BSC:  https://bscscan.com/t/036fd458defec69875a1908a464c09f59899abaf09350059ce7f75b9c1a7e9eea  dir=>ETH:  https://etherscan.io/t/0cf852b0231e2c5a2361cbd71cb0288bc6a0e460925e1efe9054f7d4f5b543af5  dir=> Attacker\ssmart/contract (BSC):  https://bscscan.com/address/0cd337b920678cf35143322ab31ab8977c3463a45   dir=>Attack transaction:  https://bscscan.com/t/013d19809b19ac512da6d110764caee75e2157ea62cb70937c8d9471afcb061bf,2022-05-08 0:00,2022,2976004,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
194,Tinyman,REKT and SlowMist and ChainSec,https://de.fi/rekt-database/tinyman,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://tinymanorg.medium.com/technical/report/1/first/insights/cbc12109ef08. (2) https://beincrypto.com/algorand/based/tinyman/amm/exploited/for/3/million/ (3) https://tinymanorg.medium.com/official/announcement/about/the/incidents/of/01/01/2022/56abb19d8b19,, An attack occurred at Tinyman Pools on January 1 /2  algorand/based automated market maker (AMM) Tinyman tweeted. The attack exploits a previously unknown hole in the contract and allows the attacker to etract assets from a pool to which he has no access. So far  attacks have been eecuted on multiple pools  but not all of them have been attacked. CRYPTOSEC: “Decentralized trading protocol Tinyman built on Algorand was the victim of a smart contract exploit. The protocol is estimated to have lost $3 million after all was said and done.” —\a0BeInCryptoREKT: The attackersaddress:  https://algoeplorer.io/address/RJROFHHDTCMDRCPYSBKN2ATSKZAPOPEV3KWR3IQEOIZMMZCPMMCEUTGG4  The account’s first attack was this transaction group:  https://algoeplorer.io/t/group/KbOlFc02lRAonvc4yfgpI%2FfkNrlP2FDHG1ESAF2lvs%3D  A weakness in the projectssmart contract code permitted the Tinyman hack. When a user invokes the protocolsburn function. they should be rewarded with two different tokens: https://docs.tinyman.org/design/doc  The value of each token is determined by the quantity contained in the protocol.  The attacker took use of a flaw in the Tinyman poolscontract code. which enabled them to obtain the same token twice after a burn instead of two separate tokens. This worked in their favor since it allowed the attacker to take twice as many gobtc rather than a miture of gobtc and ALGO tokens. Because gobtc is far more valuable than ALGO. the attacker was able to profit significantly and drain nearly $3 million in gobtc and goeth from the Tinyman pool across numerous transactions. These tokens were then exchanged for stablecoins in pools and withdrawn to various exchanges and wallets.  The original attackersvulnerability was copied by other wallets that utilized it to attack the protocol. As a result. the Tinyman team advised all users to remove their funds from impacted pools.,2022-01-01 0:00,2022,3000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
363,Polkatrain,REKT and SlowMist,https://de.fi/rekt-database/polkatrain,https://hacked.slowmist.io/search/,,https://polkatrain/com.gitbook.io/polkatrian/en/the/response/for/hacker/attack/incident/from/polkatrain/team,, Polkatrain  an ecological IDO platform of Polkadot  had an accident this morning. According to SlowMist analysis  the contract in question is the POLT_LBP contract of the Polkatrain project. This contract has a swap function and a rebate mechanism. When users purchase through the swap function When the PLOT token is used  a certain amount of rebate will be obtained  and the rebate will be forwarded to the user in the form of calling transferFrom by the _update function in the contract. Since the _update function does not set the maimum amount of rebates for a pool  nor does it determine whether the total rebates have been used up when rebates are made  malicious arbitrageurs can continuously call the swap function to exchange tokens to get the contract. Rebate reward. The SlowMist security team reminds DApp project parties to fully consider the business scenario and economic model of the project when designing the AMM exchange mechanism to prevent unepected situations. REKT: Around 3:00 a.m. UCT + 8 on April 5. 2021. the smart contract of Polkatrain was attacked by hackers during the LBP auction. 57000 DOT were stolen in the contract and turned away.  The LBP contract has a swap function and a rebate mechanism. When users buy PLOT tokens through the swap function. they get a certain amount of rebates. and the rebates will be It is sent to the user by calling <u>transferFrom</u> in the <u>_update</u> function in the contract. Since the <u>_update</u> function does not set the maimum amount of rebates in a pool. nor does it determine whether the total rebates are used up when rebates. malicious arbitrageurs can continue to call the swap function to exchange tokens to get the contract. ,2021-04-05 0:00,2021,3000000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Exchange,P
712,OKEX,REKT,https://de.fi/rekt-database/okex,,,Chinese Bitcoin exchange OKE Hacked For $3 Mln. Police Not Interested (cointelegraph.com),,On Aug. 28. a user reported that his OKE account was logged in by a German IP and participated in BTC/ETC trading. The hacker sold all the Bitcoins and canceled all the pending orders within one hour. Such behavior has resulted in a loss of 200 Bitcoins. which are worth more than five mln yuan. At the same time. a few other users reported similar attacks. All victims have lost about si hundred Bitcoins in total. worth over 20 mln yuan (about three mln dollars). Based on the current situation. OKE has made an announcement. OKE claimed that the theft was performed by hackers. and it has nothing to do with the platform. The victims were directed to call the police by themselves.,2017-02-10 0:00,2017,3000000,Undetermined,Undetermined,Technical vulnerability,Target,CeFi,
1115,BTC.com,REKT,https://de.fi/rekt-database/btc.com,,,(1) https://cointelegraph.com/news/bitcoin-mining-pool-btc-com-reports-3m-cyberattack. (2) https://twitter.com/Forkast_News/status/1607599200224817154,,"Quick Summary
BTC.com - one of the biggest mining pools -  has been attacked. Although the hack happened on December 3d. BIT Mining Limited. the parent company. officially announced the attack on December 26th. 
 
Details of the Exploit
The cyberattack is reported to law enforcement authorities in China. They started an investigation. which already helped to recover some of the stolen assets.",2022-12-03 0:00,2022,3000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
244,Vesper Finance,REKT and SlowMist,https://de.fi/rekt-database/vesper_finance,https://hacked.slowmist.io/search/,,On the Vesper Lend Beta / Rari Fuse Pool #23 exploit | by Vesper Finance | Vesper Finance | Medium,, According to official sources  the No. 23 loan pool VesperLendbeta on the DeFi protocol RariFuse was attacked. The attacker consumed a large amount of VUSD liquidity in Uniswapv3  and created a VUSD/USDC liquidity pool to manipulate the oracle VUSD price feed function and raise the VUSD price. After lending a large amount of assets on VesperLend  the final profit was 3 million US dollars. At present  Vesper has officially suspended the borrowing of the functions of VUSD and vVSP on the RariFuse platform  and is working closely with Rari  Year and Uniswap to investigate the full impact of the attack. The investigation results and response measures will be updated in the future. REKT: The attacker\saddress:  https://etherscan.io/address/0a3f447feb0b2bddc50a44ccd6f412a5f98619264  The attacker: / received ~100 ETH from Tornado Cash to ensure his privacy:  https://etherscan.io/t/01423391a93b283e9a001d5faee292cb82c55d04f021c53f7eda0f600665f8cba  / swapped 56.81 ETH to 254.783 USDC  /swapped 232.509 USDC to 222.403 VUSD on the Uniswap v3  / added liquidity into  infinity price range using 0 VUSD and 0.1 USDC:  https://etherscan.io/t/089d0ae4dc1743598a540c4e33917efdce24338723b0fabf34813b79cb0ecf4c5  / deposited VUSD as collateral into the Vesper Rari Fuse pool #23 and was able to borrow all available assets:  https://etht.info/mainnet/08527fea51233974a431c92c4d3c58dee118b05a3140a04e0f95147df9faf8092/  / The Rari lending market received the VUSD price using Rari\sprice oracle:  https://etherscan.io/address/0b3c8ee7309be658c186f986388c2377da436d8fb . and valued VUSD collateral at a price of “infinity”  / swapped stolen assets on ETH:  https://etherscan.io/t/070d6ff9fcccb190fe49c9b364b7aeb69873a68fcf7aa81626a47f7c68019bc7d  / deposited ETH into Tornado Cash mier:  https://bloy.info/ts/calls_from/0a3f447feb0b2bddc50a44ccd6f412a5f98619264?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967,2021-11-03 0:00,2021,3003942,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Yield,CP
268,MISO,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/sushi/s/token/launchpad/miso/hacked/for/3m,,The DONA token auction of the Jay Pegs Auto Mart project on the SushiSwap Launchpad platform MISO was attacked. The attacker inserted malicious code into the MISO front end and changed the auction wallet address to his own wallet address. The loss has now reached 865 ETH (approimately 3.07 million). Dollar). Joseph Delong  CTO of SushiSwap  said on Twitter that the vulnerability has been fied and that FT and Binance have been asked to provide the attacker  s KYC information  but both exchanges refused to cooperate. In addition  Joseph Delong also stated that he has reported the case to the FBI through his lawyer and reminded the project party to check whether there are similar front/end vulnerabilities. According to the Ethereum block explorer Etherscan  the attacker returned all ETH to SushiSwap. The operation was divided into two transactions  the first return 100 ETH  the second return 700 ETH  and the third return 65 ETH.,2021-09-17 0:00,2021,3008874.39,Instant user deception,Front-end attack,Imitation,Intermediary,Exchange,
147,Deus Finance,REKT and SlowMist,https://de.fi/rekt-database/deus_finance,https://hacked.slowmist.io/search/,,"(1) PeckShield Inc. sur Twitter : ""1/ @deusdao Deus Finance was exploited in https://t.co/bfYCQcz5rZ. leading to the gain of ~$3M for the hacker (The protocol loss may be larger). including 200.000 DAI and 1101.8 ETH"" / Twitter. (2) https://lafayettetabor.medium.com/deus/post/mortem/3c65df12927f. (3) https://rekt.news/deus/dao/rekt/",,DeFi protocol Deus Finance was attacked by a flash loan  and hackers manipulated the price of the oracle machine and stole about $3 million  including 200 000 DAI and 1101.8 ETH through Tornado miing. REKT: The attackersaddress:  https://ftmscan.com/address/01ed5112b32486840071b7cdd2584ded2c66198dd  The transaction behind the attack:  https://ftmscan.com/t/0e374495036fac18aa5b1a497a17e70f256c4d3d416dd1408c026f3f5c70a3a9c  The hack is made possible due to the flash loan/assisted manipulation of the price oracle that takes the price from the pair of StableV1 AMM / USDC/DEI.  The attacker: / flash loaned 9.739342 DEI via SPIRIT/LP_USDC_DEI  / flash loaded 24.772.798 DEI out of the sAMM/USDC/DEI pair (used as price oracle to calculate the collateral value)  / liquidated users  / repaid the borrowed 24.772.798 DEI to the sAMM/USDC/DEI pair  / burnt the liquidated LP token to get 5.218.173 USDC + 5.246.603 DEI  / swapped 5.218.173 USDC to 5.170.594 DEI  / repaid the flash loan with 3.001.552 DEI as hack profit.  The attack profit was bridged via Multichain to Ethereum:  https://ftmscan.com/t/009dc3a1afd1dae211c31d7ad4b5cd6f68c9350727fa5d4c7c63efb9d287e3210  Then funds were deposited into Tornado Cash mier to hide traces:  https://etherscan.io/address/01ed5112b32486840071b7cdd2584ded2c66198dd,2022-03-15 0:00,2022,3024325,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,FT,CA
157,Opensea,REKT and SlowMist,https://de.fi/rekt-database/opensea,https://hacked.slowmist.io/search/,,(1) https://twitter.com/dfinzer/status/1495302784689704966. (2) https://coincodecap.com/opensea/investigating/exploit/rumors/as/users/complain/of/missing/nfts. (3) https://twitter.com/opensea/status/1495211277097996290,, According to OpenSea's official tweet  hackers sent phishing emails to all users  mailboes at the same time as the OpenSea contract was upgraded. Many users mistakenly thought it was an official email and authorized the wallet  which resulted in the wallet being stolen. OpenSea co/founder and CEO Devin Finzer confirmed the phishing attack in a tweet. REKT: The malicious actor sent emails to OpenSea users. which contained information about fake migration to the new contract. In total. 17 users became victims of email fishing.  The malicious actorsaddress:  https://etherscan.io/address/0x3E0DeFb880cd8e163baD68ABe66437f99A7A8A74  Stolen NFTs list:  https://docs.google.com/spreadsheets/d/1XQNIXuAl2E1XO_cP8pm_vbzskI_Pka4E5sizfcrLITM/edit#gid=0  Stolen NFTs were sold out on LooksRare marketplace. the example transactions:  https://etherscan.io/tx/0xd910c67a55618e0db6fdbcd9647b7eedebed0bbb098bdffc2a3276856f989221  https://etherscan.io/tx/0x9a9bb48a9a9b6c3bbd98f4786b85ec15e4fe78acf946c8ff09201c1a8371e8ee  https://etherscan.io/tx/0x70c8622cea709c551de8135b71ce9ec0cb15a3cb835957d42937edf44ee360f9  Stolen funds were deposited into the Tornado Cash mixer:  https://bloxy.info/txs/transfers_from/0x3e0defb880cd8e163bad68abe66437f99a7a8a74?currency_id=1,2022-02-19 0:00,2022,3056651,Instant user deception,Phishing emails,Imitation,Intermediary,CeFi,
464,Cashaa,REKT and SlowMist,https://de.fi/rekt-database/cashaa,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/hacker/stole/336/btc/from/crypto/exchange/cashaa,,Cashaa  a UK/based cryptocurrency exchange  said hackers stole 336 Bitcoins from a wallet on the exchange. The company has now stopped all transactions related to cryptocurrency. REKT: On July 10. 2020. one of the OTC Transaction managers in East Delhi. India. was involved in an incident. On the 8th of July 2020. the employee reported a machine malfunction with the systems provided to him by the company. As a result. he requested to work from his own computer and created many alternative online wallets on platforms like Blockchain.com. Huobi. and others. The team made an eception and authorized him to do so while keeping the current OTC deals/transactions in mind.  Hackers gained access to the employeesPC while active browser sessions were open. The hackers employed a number of methods. including phishing. malware. and other attacks. The Bitcoins were sent to 14RYUUaMW1shoCav4znEh64nTtL3a2Ek. from where they are being distributed to other wallets:  https://www.blockchain.com/btc/address/14RYUUaMW1shoCav4znEh64nTtL3a2Ek,2020-07-10 0:00,2020,3090000,External factor,Exploiting operational mistake,Human risk,Target,CeFi,
177,Blockverse,SlowMist,,https://hacked.slowmist.io/search/,,https://www.pcgamer.com/unofficial/minecraft/nft/game/blockverse/disappears/with/more/than/dollar1m/,, Blockverse is a Minecraft/based NFT game. Through OpenSea  investors can buy Blockverse characters and a cryptocurrency called $Diamond. Unfortunately  investors withdrew all real money invested in Blockverse  shutting down and deleting the project's official website  Discord  and Twitter. After three days of silence  the Blockverse founders resurfaced on Twitter  apologizing and eplaining their actions. More than three weeks later  the Blockverse team's promise to get back on track  has not materialized. The Blockverse Twitter account has not been updated further  its website remains offline  and the Medium account hosting the Blockverse white paper has disappeared.,2022-01-24 0:00,2022,3133340.12,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
270,Zabu Finance,REKT and SlowMist,https://de.fi/rekt-database/zabu_finance,https://hacked.slowmist.io/search/,,https://www.coindesk.com/tech/2021/09/13/avalanche/based/zabu/finance/exploited/in/32m/hack/,,The Zabu Finance project on the Avalanche chain suffered a flash loan attack. Officially  the attackers withdrew 4.5 billion ZABU tokens from the Zabu Farm Contract  bringing the supply to 5 billion and dumping all of it to ZABU’s Pangolin LPs and Trader Joe LPs. According to DeFi analytics provider DeFiprime  the total was estimated at $3.2 million in exploits. REKT: The attacker:  https://cchain.eplorer.ava.network/address/09ed2D048e90CfFa5e4A778678CBc3acb8A3Abf86/transactions  The transaction behind the attack:  https://cchain.eplorer.ava.network/t/08b3042e55a63f39bb388240a089cf4d51e59abe7cb0bff303c6dbb19eaeb75ac/token/transfers  The hack was due to the lack of deflationary token support in the MasterChef contract. By repeated deposits and withdrawals with the MasterChef. the attacker frequently triggers the ta collection. which led to the exploit.  The attacker deployed the contract with the malicious logic at:  https://cchain.eplorer.ava.network/t/0771c4454e2681f46bfb04e20acde021127e912b8a345baa98e3502761665c319/internal/transactions  Further. he interacted with that contract to successfully pulled out 4.5 billion ZABU tokens in Zabu Farm Contract.  The list of stolen assets: / WETH: 402.9 / WAVA: 23.157 / PNG: 21.501 / AVE: 106.848 / USDT: 361.267 / JOE: 23.958.93&nbsp;,2021-09-12 0:00,2021,3200000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
607,COINSECURE,REKT and SlowMist,https://de.fi/rekt-database/coinsecure,https://hacked.slowmist.io/search/,,(1) http://archive.is/AZnGe (2) https://www.coindesk.com/markets/2018/04/16/coinsecure/may/refund/in/rupees/not/bitcoin/after/34/million/heist/,,A failed cold storage restoration exercise seems to have exposed private keys intended for offline storage (effectively making them online). However the CEO has expressed an insider’s involvement. Police found private keys exposed online for more than 12 hours. REKT: Coinsecure announced the heist. valued at $3.3 million. The CEO of the bitcoin exchange. Mohit Kalra. has accused his Chief Strategy Officer (CSO) of stealing 438 Bitcoin from the operator’s main wallet.  The issue was reported by the exchange after consumers complained about difficulty withdrawing funds from the platform. The exchange notified users through email and issued an official statement clarifying the incident: “We regret to inform you that our bitcoin funds have been exposed and seem to have been siphoned out to an address that is outside our control”.  Coinsecure added a scanned copy of a police complaint CEO Mohit Kalra filed with the New Delhi police. Kalra filed an FIR (First Information Report) with the Cyber Cell of Delhi. According to the exchange. Chief Strategy Officer Amitabh Saena is at the center of the incident. The company claims the funds were lost while he was etracting Bitcoin Gold to distribute to their customers.,2018-04-12 0:00,2018,3200000,External factor,Exploiting operational mistake,Human risk,Target,CeFi,
284,Ref.Finance,REKT and SlowMist,https://de.fi/rekt-database/ref.finance,https://hacked.slowmist.io/search/,,https://twitter.com/finance_ref/status/1426649258812448774,,The NEAR ecological decentralized exchange Ref.Finance team tweeted that at around 2 pm UTC on August 14th  the Ref team noticed the abnormal behavior of the REF/NEAR trading pair  and then discovered that the patch of the recently deployed contract An error  which has been exploited by multiple users  affected approimately 1 million REFs and 580 000 NEARs. REKT: On August 14 at around 11 am UTC. the Ref Finance dev team deployed a hotfi to an issue surrounding the Ref Finance contracts. Prior to the fi. users that unstaked all of their tokens from the farm contract were unable to remove the deposited liquidity from the pool. This occurred due to the users’ NEAR account being unregistered from the LP token contract. a feature unique to NEAR tokens that generally aids the user eperience.  While the hotfi solved that issue. it contained a new issue that did not debit users’ LP token balances when they removed liquidity. This allowed a small number of users to continuously remove tokens. receiving far more tokens than they should have.  In total. 507.000 NEAR and ~1 million REF tokens were withdrawn using this exploit. Over 400.000 of the NEAR were sent to Binance and Huobi.,2021-08-14 0:00,2021,3202539,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
215,MetaDAO,SlowMist,,https://hacked.slowmist.io/search/,,https://cryptobriefing.com/metadao/makes/off/with/3/2m/in/rug/pull/,, MetaDAO took a Rug Pull  took away the funds (800 ETH  about 3.2 million US dollars)  and has been transferred to Tornado.cash mied currency. MetaDAO's website is currently unavailable due to suspension.,2021-12-27 0:00,2021,3252358,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
869,HoneySwap.Fi,REKT,https://de.fi/rekt-database/honeyswap.fi,,,The Honeytrap (A Story about a Migrator behind Timelock) | by Goose Finance | Goose Finance | Medium,,The attack description: 1. Deploying MasterChef 2. Setting MasterChef ownership to the unverified smart contract:  https://bscscan.com/t/0dc7478ace40fdeca8791fb2a85ebc903f6b2d9a881d0b066280cb5a02d7ca13b 3. Unverified contract was set as the migrator:  https://bscscan.com/address/0f5b2f301d5936a4f72b5a6a159c20432cc9f563f 4. Calling migrate function on each pool. even without any tokens already staked. this call still grants an infinite amount of allowance to the current migrator. which is the unverified contract. 5. Setting migrator back to 00000000 (this covers up their tracks that something fishy already happened) 6. Transfering MasterChef ownership to the Timelock contract 7. Eecuting rug pull method in the unverified contract:  https://bscscan.com/t/0aab125fa61d88e9086cdbcde2cc4010eb768fbeab0fd32184bca63b8cda969da,2021-02-28 0:00,2021,3280848,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Staking,CP
419,Cheese Bank,REKT and SlowMist,https://de.fi/rekt-database/cheese_bank,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/cheese/bank/s/multi/million/dollar/hack/eplained/by/security/firm,,Cheese Bank a decentralized autonomous digital banking platform based on Ethereum suffered a loss of USD 3.3 million due to a hacker attack. Hackers conducted a series of malicious lending operations on platforms such as dYd and Uniswap by using automatic market maker (AMM)/based oracles resulting in a total loss of over US$3.3 million including US$2 million in USDC. REKT: Addresses. related to the flash loan attack: The attacker / 0882d72aaae187f54e85c7a0cb19dfec5316cd9aa Smart contract with the malicious logic / 09e0259437804c7bf175421a451bc80611a0b93c3  Transaction behind the attack:  https://etherscan.io/t/0600a869aa3a259158310a233b815ff67ca41eab8961a49918c2031297a02f1cc  The attacker: / took a flash loan of 21k ETH from dYd  / swapped 50 ETH to 107k CHEESE at UniswapV2  / added 107k CHEESE and corresponding 78 ETH into the liquidity pool at UniswapV2 and got UNI_V2 LP tokens back  / minted sUSD_V2 tokens with all LP tokens got from Step 3. This allowed the exploit contract to use those LP tokens as collateral for borrowing crypto assets from Cheese Bank  / raised the CHEESE price at UniswapV2 by swapping 20k ETH to 288k CHEESE. making the UNI_V2 LP tokens more valuable as collaterals Cheese Bank. This is the crucial step in this incident since the Cheese Bank uses the amount of WETH in a liquidity pool to estimate the price of the corresponding LP token. The manipulated UNI_V2/CHEESE/ETH pool (with 20k+ WETH) allowed the attacker to drain all the USDC. USDT. and DAI withheld by Cheese Bank by legit <u>borrow</u>() calls  / refreshed the price feeds of Cheese Bank. The attacker intentionally invoked the <u>CheesePriceOracle::refresh</u>() function to refresh the price of the UNI_V2/CHEESE/ETH LP token which is derived from the amount of WETH in the liquidity pool and the ETH price derived from the UNI_V2/USDT/ETH pool. Specifically. the <u>CheesePriceOracle::fetchLPAnhorPrice</u>() function gets the <u>wEthBalance</u> of UNI_V2/CHEESE/ETH contract. With the passed in <u>ethPrice</u>. the <u>totalValue</u> is derived by<u>&nbsp;wEthBalance  2  ethPrice</u>. Therefore. the unit price of the UNI_V2/CHEESE/ETH LP token is computed by <u>totalValue / totalSupply of LP tokens</u>. It means if the attacker could somehow increase the amount of WETH in a pool (e.g.. <u>addLiquidity</u>() with flash loan ether). the price of the LP token would be increased  / drained the USDC. USDT. DAI withheld by Cheese Bank by <u>borrow</u>() calls. Besides the 2M USDC. 1.23M USDT and 87k DAI are borrowed from Cheese Bank. The eact balance of USDC/USDT/DAI is borrowed by the exploit contract  / swapped 288k CHEESE back to 19.98k ETH at UniswapV2  / swapped 58k USDC to 132 ETH at UniswapV2  / collected assets into  https://etherscan.io/address/02b7165d0916e373f0235056a7e6fccdb82d2255  / repaid 21k ETH flashloan to dYd.,2020-11-06 0:00,2020,3300000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
702,Hundred Finance,REKT and SlowMist,https://de.fi/rekt-database/hundred_finance,https://hacked.slowmist.io/search/,,Latest DeFi bridge exploit results in $4.4M losses for Meter (cointelegraph.com),,Hundred Finance lending protocol was affected due to the Meter bridge exploit. The Exploiter of Meter.io dumped BNB.bsc assets several times at: https://moonriver.moonscan.io/t/014dc9ed2bd8f2e6e2aef00d82001eccdc07037373adb6de7f14e5e45469be504 https://moonriver.moonscan.io/t/04afa30ee32b139918b02aa0932b89ca3d27d71e08bcb243cd508c48848ab63bf https://moonriver.moonscan.io/t/05a87c24d0665c8f67958099d1ad22e39a03aa08d47d00b7276b8d42294ee0591 https://moonriver.moonscan.io/t/09d6623969cf711a8327c7e966568870b583c0b9b900173e5f6a5746196cf966d https://moonriver.moonscan.io/t/04e2a54f3b3035573ffdafecdf7cd7837b6672d498bf3a560a4f8dd57322a2156 https://moonriver.moonscan.io/t/0be0610f89e1b1a705d2524016f3b577293f51911d08a56a0149a37fb57f601ad That resulted in the local depreciation in the price of BNB.bsc. Different External addresses were able to purchase BNB.bsc at a reduced price and use these tokens as collateral at the global Chainlink price to borrow uncompromised assets on Hundred Finance. As a result. MIM and FRA tokens were impacted.,2022-06-02 0:00,2022,3300000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Lending,P
107,Babylon Finance,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://medium.com/babylon-finance/babylon-finance-is-shutting-down-b58abf1bc251. (2) https://medium.com/babylon-finance/babylon-lending-markets-fuse-fei-exploit-d8daa02c40b9,, In April  attackers exploited a vulnerability to steal $80 million from Rari Capital  and the asset management project Babylon Finance  Rari  s main lending pool  lost $3.4 million as a result. On Aug. 31  Babylon Finance founder Ramon Recuero published a blog post announcing that Babylon would be shutting down and pledging to distribute remaining project funds to holders.,2022-04-30 0:00,2022,3400000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Lending,P
76,Pokemoney,REKT and SlowMist,https://de.fi/rekt-database/pokemoney,https://hacked.slowmist.io/search/,,(1) PeckShield: NFT game project Pokemoney takes place with Rug Pull. the token PMY is nearly zero / PANews (panewslab.com). (2) https://mobile.twitter.com/PeckShieldAlert/status/1530122357125181441,, A Rug Pull occurred in the NFT metaverse game project Pokemoney on BNBChian  its Token PMY has dropped by 99.98%%  and about 11 800 BNB (about 3.5 million US dollars) have been withdrawn and transferred. REKT: ,2022-05-27 0:00,2022,3500000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
812,Dragoma,REKT,https://de.fi/rekt-database/dragoma,,,(1) https://www.coindesk.com/business/2022/08/08/polygon/based/web3/game/dragoma/supporters/fall/victim/to/35m/rug/pull/peckshield/. (2) https://www.cryptotimes.io/web3/game/dragomas/supporters/fall/victim/to/3/5m/rug/pull/scam/. (3) https://cryptopotato.com/polygon/based/dragoma/rug/pulled/dma/dumps/99/,,Quick SummaryPlay/to/earn game Dragoma was rug pulled by its team. for $3.5M. Details of the exploit  data/v/51e0c2ec=  >Dragoma is an application with built/in GameFi and SocialFi elements. In the game. users were invited to form dragon training teams and receive rewards for their breeding. training. competitions.  data/v/51e0c2ec=  >The project team drained the funds of its investors. and withdrew the funds to a centralized exchange. As soon as they closed the project without announcing their community. they doubled the suspicion that the project is a scam by deleting their website. as well as all social networks. As the news about the scam spread among the community. the price of the token itself also collapsed. falling to 99%.,2022-08-07 0:00,2022,3500000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
25,Nirvana Finance,REKT and SlowMist,https://de.fi/rekt-database/nirvana_finance,https://hacked.slowmist.io/search/,,(1) https://twitter.com/nirvana_fi/status/1552635546626818058. (2) https://www.coindesk.com/tech/2022/07/28/solana/defi/protocol/nirvana/drained/of/liquidity/after/flash/loan/exploit/?utm_medium=referral&utm_source=rss&utm_campaign=headlines. (3) https://www.yahoo.com/now/solana/defi/protocol/nirvana/drained/114118646.html. (4) https://www.theblock.co/post/159975/solana/stablecoin/nirvana/sinks/90/amid/3/5/million/flash/loan/exploit,,According to SlowMist Intelligence  Nirvana  a stablecoin project on the Solana chain  was attacked by a flash loan. The attacker used a flash loan to borrow 10 250 000 USDC from Solend by deploying a malicious contract  and then called the Nirvana contract buy3 method to buy a large amount of ANA tokens. Nirvana contract swap method to sell part of ANA  get USDT and USDC  after repaying the flash loan  a total profit of 3 490 563.69 USDT  21 902.48 USDC and 393 230.32 ANA tokens  then the hacker sold ANA tokens and passed all the dirty money through the cross/chain bridge transfer. REKT: ,2022-07-28 0:00,2022,3574635,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,FT,CA
128,Ola Finance,REKT and SlowMist,https://de.fi/rekt-database/ola_finance,https://hacked.slowmist.io/search/,,https://ola/finance.medium.com/ola/and/voltage/lending/exploit/on/fuse/post/mortem/214c13d88443,, Ola Finance on the Fuse chain published a blog post on the hacking incident  stating that the attack lost approimately $4.67 million  including 216 964.18 USDC  507 216.68 BUSD  200 000 fUSD  550.45 WETH  26.25 WBTC  and 1 240 000.00 FUSE. The attack uses a reentrancy vulnerability in the ERC677 token standard. REKT: The attackersaddress:  https://eplorer.fuse.io/address/0371D7C9e4464576D45f11b27Cf88578983D63d75/transactions  The eample transaction behind the exploit:  https://eplorer.fuse.io/t/01b3e06b6b310886dfd90a5df8ddbaf515750eda7126cf5f69874e92761b1dc90/token/transfers  The hack is made possible by the incompatibility between the Compound fork and ERC677/ERC777/based tokens. which have the built/in callback functions exploited to allow for reentry in <u>doTransferOut</u>() function and draining of the loan pool.  The attacker was initially funded by Tornado in Ethereum:  https://etherscan.io/t/098c46fc95b196ca35b2acb2e02bb9b6901df6a9a2e356629e9cbb42017a24efb  After the exploit eecution. funds were delivered back into Ethereum and transferred to the following wallet:  https://etherscan.io/address/0bcdb800d77ccaac6597830b026d6af78a1118f42,2022-03-31 0:00,2022,3600000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Lending,P
1101,Luke Dashjr,REKT,https://de.fi/rekt-database/luke_dashjr,,,(1) https://cointelegraph.com/news/bitcoin-core-developer-claims-to-have-lost-200-btc-in-hack. (2) https://twitter.com/LukeDashjr/status/1609613748364509184?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1609613748364509184%7Ctwgr%5E200b0e15ba6ef8fdb91c3b6132ff04181495acdd%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcointelegraph.com%2Fnews%2Fbitcoin-core-developer-claims-to-have-lost-200-btc-in-hack,,"Quick Summary

Luke Dashjr's PGP key was compromised. leading to losses worth 3.6M USD.



Details of the Exploit

Luke Dashjr's bitcoin cold wallet was compromised. Potentially it could be malware inside some downloaded app like Bitcoin Knots or Core. The hacker's profit is about 216.93 BTC  or $3.6M USD.



Block Data Reference

Some of the bitcoin transfers tx:

https://www.blockchain.com/explorer/transactions/btc/432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930

https://www.blockchain.com/explorer/transactions/btc/c38a3210fbb758cfc41d9a64b7534b83aecca96f051231f15545e8e5c7365190

https://www.blockchain.com/explorer/transactions/btc/4b3cde50e2bce3d02e15b61957d2452e29f53d9a99e1ab14e83b6ec0f87fd851

https://www.blockchain.com/explorer/transactions/btc/50df1eab0bf2bd01999cea4fc531a65c17e1a285823c9ae4eab0feb7e21a11b6",2022-12-31 0:00,2022,3600000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
345,Bogged Finance,REKT and SlowMist,https://de.fi/rekt-database/bogged_finance,https://hacked.slowmist.io/search/,,https://boggedfinance.medium.com/bog/flash/loan/attack/what/happened/and/whats/net/token/migration/192a9d96b9b7,,The DeFi protocol Bogged Finance officially stated that hackers carried out a lightning loan attack on the staking function vulnerability of BOG token contracts and withdrew 3 million US dollars from the liquidity pool. The hackers used the Pancake Pair Swap code to withdraw the pledge before the contract verification was completed. income. The official team stated that the remaining 8 million US dollars in the current liquidity pool is safe. The vulnerabilities used by hackers have been blocked and cannot be reused. The tools provided by Bogged Finance are still safe to use and the team is repairing the front end. Display the problem. REKT: The attackersaddress:  https://bscscan.com/address/04622a1f3d05dcf5a0589c458136c231009b6a207  The transaction behind the attack:  https://bscscan.com/t/0a9860033322aefa39538db51a1ed47cfae7e4b161254d53dbf735f1f16502710  The attacker: / took nine flash/swaps and added liquidity into the WBNB / BOG pool. Each flash/swap led to 47.770 BOG and the entire process consumed 88.159.43 WBNB with 83.440.57 LP tokens minted  / staked the minted 83.440.57 WBNB / BOG LP tokens into the BOG token contract for profit sharing  / performed 434 self/transfers in the total transfer amount of 18.74M BOG. resulting in an increased balance of 151K BOG  / sold the etra BOG on WBNB and then exchanged on anyETH  / removed the added liquidity in the first step and completed the flash/swaps.,2021-05-22 0:00,2021,3642100,Contract vulnerability,Undetermined,Technical vulnerability,Target,Exchange,P
371,DODO,REKT and SlowMist,https://de.fi/rekt-database/dodo,https://hacked.slowmist.io/search/,,https://dodoehelp.zendesk.com/hc/en/us/articles/900004873746//3/1/million/assets/recovered/Crowdpooling/to/be/re/enabled/after/new/audits/net/week,,The decentralized exchange DODO announced the progress of the attack on some fund pools. The main reason for this attack was that the crowdfunding fund pool contract initialization function did not prevent repeated calls  which led to hackers reinitializing the contract and completing the attack through lightning loans. In this incident  there were three participants  a hacker and two trading robots. A total of approimately US$3.8 million worth of funds were attacked. At present  the owners of the two trading robots have returned approimately US$3.1 million in tokens. In addition  funds worth approimately US$200 000 are frozen on the centralized exchange  and the remaining value of approimately US$500 000 is borne by the DODO team  and all funds will be returned within 24 hours. At the same time  security companies Chengdu Lian  an and SlowMist Technology have been invited to conduct a new round of code audits  and it is epected that the crowdfunding pool building function will be restored within a week. REKT: The exploits targeted several DODO V2 Crowdpools. namely the WSZO. WCRES. ETHA. and FUSI pool.  The DODO V2 Crowdpooling smart contract has a bug that allows the <u>init</u>() function to be called multiple times. This means that an Exploiter can perform an attack with the following steps:  1. Exploiter creates a counterfeit token and initializes the smart contract with it by calling the <u>init</u>() function. 2. Exploiter calls the <u>sync</u>() function and sets the “reserve” variable. which represents the token balance. to 0. 3. Exploiter calls <u>init</u>() again to re/initialize / this time with a “real” token (i.e. tokens in DODO’s pools)Exploiter uses a flash loan to transfer all real tokens from the pools and bypass the flash loan check.  The Exploiter 1: / interacted with a centralized exchange  / withdrew 0.46597 ETH from Binance:  https://etherscan.io/t/0970b32a8c81dd3fc47fa118621726fc418ec3526c4379470a4000ed7b448360f  / eecuted. in quick succession. 7 BUSD withdrawal transactions (see the link for one eample). possibly involving the Binance Bridge:  https://etherscan.io/t/0300de107cbca466abe121112848daaf7f5f0d15625d54773dd0bbbff4e276e93  / transferred 67.416 BUSD to 0a305fab8bda7e1638235b054889b3217441dd645 twice:  https://etherscan.io/t/0306d08f3d8af85dfdea7a6edb336d7504e8ecc7c609e4b940d188ba68e11cab5  https://etherscan.io/t/056dbf6421c6e6bd779ab0c12fd49e1f7714dd85023aa74abae1940f8d88669cf  / transferred 59.245.324743 USDT to 0a305fab8bda7e1638235b054889b3217441dd645 twice:  https://etherscan.io/t/0bee2f507b2f4b4321927a9762dac757df12fe1ba2d6f85314273b9ea542a5c13  https://cn.etherscan.com/t/0af80cf58c88f0e0f2f44e3902e4c7cd2c17122511fbc6c2d9b2cd43fbc4199b9  / eecuted two exploits against DODO smart contracts. The first one was against the DODO/USDT test contract. and funds were transferred to 0a305fab8bda7e1638235b054889b3217441dd645:  https://etherscan.io/address/0328410f276d4fe83fc78fa56ad32d9821a5e5c1c#tokentns  / second one was against the WCRES/USDT contract. and funds were transferred to 056178a0d5f301baf6cf3e1cd53d9863437345bf9:  https://cn.etherscan.com/address/0910fd17b9bfc42a6eea822912f036ef5a080be8a#tokentns  The Exploiter 2:  / eecuted 3 exploits against DODO contracts:  1. ETHA/USDT:  https://etherscan.io/t/00b062361e16a2ea0942cc1b4462b6584208c8c864609ff73aaa640aaa2d924282. WSZO/USDT:  https://etherscan.io/t/0ff9b3b2cb09d149762fcffc56ef71362bec1ef6a7d68727155c2d68f395ac1e  3. vETH/WETH. with 93.148 gwei:  https://etherscan.io/t/0561f7ccb27b9928df33fa97c2fb99ea3750593e908f9f0f8baf22ec7ca0c5c4a,2021-03-09 0:00,2021,3800000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Exchange,P
318,Haven Protocol,SlowMist,,https://hacked.slowmist.io/search/,,Haven Protocol: Technical Overview of June 2021 exploits | by Haven Protocol | Medium,,Based on Moneros privacy/centric DeFi protocol Haven Protocol (HV) it released analysis reports and measures for three serious attacks related to it in late June. The chain rollback plan will be initiated and a hard fork will be implemented. Fi the known vulnerabilities in protocol minting. Regarding specific attacks on June 24 203 000 USD and 13.5 BTC were minted in two attacks on June 27 an unknown amount of HV was minted due to a vulnerability in the conversion verification of Asset June 29 The attacker exploited a vulnerability that allowed the minting of 9 million USD.,2021-06-24 0:00,2021,3813658.36,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
46,XCarnival,REKT and SlowMist,https://de.fi/rekt-database/xcarnival,https://hacked.slowmist.io/search/,,(1)https://twitter.com/Carnival_Lab/status/1541060630748479488. (2) https://www.coindesk.com/business/2022/06/27/ethereum/lending/protocol/carnival/hit/with/38m/exploit/recovers/50/,, The NFT liquidity solver Carnival was attacked  the hacker made a profit of 3 087 ETH (about 3.8 million US dollars)  and the hacker has returned 1 467 ETH after the negotiation. The core of this vulnerability is that when borrowing  there is no judgment on whether the NFT in the order has been withdrawn. REKT: Quick SummaryCarnival was attacked by a hacker for 3.087 $ETH of which 1.467 $ETH was returned to the creator address of the vulnerable contract. Details of the exploitThe attacker created a contract. with the help of which it was just the same that managed to carry out the attack and pump out 3k $ETH from the victim\scontract.Contract creation transaction:  https://etherscan.io/t/0e4f99b2fb86a317eb16f7f288fda74ab07f0ffcbf645fb3b1a6490ca23206d09The attacker called the pledgeAndBorrow() function. which creates an orderID and calls Token.borrow. The function marks that the order has been borrowed. However. an attacker can control Token. so an attacker can transfer an NFT with a fake Token. and then borrow all the assets.<span data/complaint/target=  when the attacker received $ETH 2.967 was sent to another address where some of the tokens were withdrawn via Tornado.cash. Transfer transaction to another address : > https://etherscan.io/t/07687857bbb7501741bbe00ddabd6ee3f0a3a61fbc4260608a984e7f2862a2f49Half of the tokens were returned to the creator of the Carnival contract in this transaction:  https://etherscan.io/t/0cc3fda1e5540486de15f707ccc82a6f9c8c78e0ef3ef02e4318b3bea24ace701<br\ >As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceAttack transaction where $3.087 $ETH was withdrawn:  https://etherscan.io/t/051cbfd46f21afb44da4fa971f220bd28a14530e1d5da5009cfbdfee012e57e35Carnival Exploiter address:  https://etherscan.io/address/0b7cbb4d43f1e08327a90b32a8417688c9d0b800aExploiter contract address:  https://etherscan.io/address/0f70f691d30ce23786cfb3a1522cfd76d159aca8dVictim address:  https://etherscan.io/address/039360ac1239a0b98cb8076d4135d0f72b7fd9909 Eample transactions of funds withdrawal via Tornado.cash:1)  https://etherscan.io/t/0f8eb760b44ab8fff8fd385ed0fe013b776c10b47271335b754dbbdf5aab21eb02)  https://etherscan.io/t/0f6ffbc99369865d703b8b949b668123fef9ca3fcdb43919a6b524b39d401ca873)  https://etherscan.io/t/0d6be8d7fead1a0901e70697ffbffa96ab687208f5eef986bc6e9e29415668a0d The transaction of the return of 1.467 $ETH to the Carnival creator:  https://etherscan.io/t/0cc3fda1e5540486de15f707ccc82a6f9c8c78e0ef3ef02e4318b3bea24ace701,2022-06-26 0:00,2022,3837110,Contract vulnerability,Undetermined,Technical vulnerability,Target,Lending,P
272,DAO Maker,REKT and SlowMist,https://de.fi/rekt-database/dao_maker,https://hacked.slowmist.io/search/,,https://www.coinfirm.com/blog/dao/maker/hack/,, The Vesting contract of DAO Maker was attacked by hackers. DeRace Token (DERC)  Coinspaid (CPD)  Capsule Coin (CAPS)  Showcase Token (SHO) all use Dao Maker's distribution system  and the DAO Maker contract is attacked when the holder is issued (SHO) in DAO Maker   That is  there is a loophole in the distribution system of SHO participants: init is not initialized protection  the attacker initializes the key parameters of init  and changes the owner at the same time  and then steals the target token through emergencyEit and exchanges it into DAI  attacking The final profit of nearly 4 million U.S. dollars. REKT: The attackersaddress:  https://etherscan.io/address/02708cace7b42302af26f1ab896111d87faeff92f  DAO Maker vesting smart contracts had vulnerability that allowed a hacker to take ownership of the contract and withdraw the tokens from it. Tokens of DeRace. Showcase. Ternoa. Coinspaid were affected. The attacker initialized the key parameters of init() and changed the owner at the same time.  The attacker invoked <u>emergencyEit</u>() function to withdraw tokens at:  https://etherscan.io/t/0cb5be97496995d58da6f97491845040547b878e53a7b71f907a13408f3a54e5f  https://etherscan.io/t/04c273c2403aafd97e4b553f0e381cf1c63e5f2efebbe2ded7642a06f2b68c879  https://etherscan.io/t/01692a57f19b5e8e4bc6a372ac3c83c77cd4a1ea78414377ea66d3d59f4a7d2b7  https://etherscan.io/t/0dd0176475165b83c702d49a876d4dc888b73477ad8833582c72aa6ca5e0bacc3  The attacker sold tokens at:  https://etherscan.io/t/0bf38346aacf261f5e169a87ed874c33c21efb060c4a393e2b1443a3ac5d6e3fd  https://etherscan.io/t/03436af2c84d67254a4b81adc350c91d1b98ae52b2ff84645d14d4245c2d08c27  https://etherscan.io/t/0c586a6b94e09556abf46ae3aa8cffa8e46dfcb0c22bce0b024d5e01743ceba9e  https://etherscan.io/t/076163daf6cf0c815c02fb1a98f5c6283ee7a922cbad41218eb7a6452c91824c8,2021-09-03 0:00,2021,4000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
285,Maze protocol,REKT and SlowMist,https://de.fi/rekt-database/maze_protocol,https://hacked.slowmist.io/search/,,https://blog.mazeprotocol.com/neko/hacking/incident/report/e46cdf179fd9,,The Neko Network  a lending protocol on the Binance Smart Chain (BSC)  was attacked. The attacker used vulnerabilities in the protocol to mortgage assets in the name of the user and sent the borrowed funds directly to the attacker’s own address. All asset pools on the Neko Network have been frozen to avoid changes. Multiple attacks occur. Due to the setting of the time lock  it takes 24 hours to develop the fund pool and allow users to raise funds in the pool. Neko Network is a product developed by the Zero Coupon Money Market Protocol Maze Protocol team. REKT: The attackers exploited a leak inside the lending protocol that allowed them to initiate loans under users’ collateral.The eamples of the attacker’s transaction: https://www.bscscan.com/t/02a389d058977f0327839ddf5fc3a56b025e937fed67137e0259dce1eb02f1355  https://www.bscscan.com/t/0636c682937831ce4585ab8bb547801508688393070bd03010485f8fc86935fc8 The project’s contract was attacked by the following addresses:1. 0330bF950Ab2Fb1f8Ed039a50b1a92478714a6c7c2. 04f5BC3866858bF892118aC675e015286C37bBEfd3. 0dAF38D906A94a20B07Aef895A2cDE34877f9da7f4. 03551fD337471a8C6374D2F9c97519cA94BA1D59a5. 079391843A5EfF373A20e9F93096B41ff38f380136. 06666666C0765744193F48255717f05A0105D2401,2021-08-13 0:00,2021,4000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Lending,P
307,ChainSwap,REKT and SlowMist,https://de.fi/rekt-database/chainswap,https://hacked.slowmist.io/search/,,(1) https://chain/swap.medium.com/chainswap/exploit/11/july/2021/post/mortem/6e4e346e5a32. (2) https://twitter.com/chain_swap/status/1414019554603307017,,The cross/chain bridge Chainswap announced the details of the stolen incident on its official blog. A total of 20 project assets were stolen with a total value of approimately US$4 million. At present the ChainSwap team has reached a consensus with the affected projects and initially formulated and implemented a compensation plan. According to the project investigation due to the error in the token cross/chain quota code the on/chain swap bridge quota is automatically increased by the signature node the purpose of which is to be more decentralized without manual control. However due to a logical flaw in the code this led to a vulnerability that automatically increases the number of invalid addresses that are not whitelisted. REKT:The attackersaddress:  https://etherscan.io/address/0Eda5066780dE29D00dfb54581A707ef6F52D8113  On the Ethereum network. each token to be bridged has its own proy Factory contract. The attacker was able to exploit the contract. minting tokens directly into different addresses. before reaccumulating them into the wallet from which the transactions were initially sent.  The attacker: / called <u>receive</u>() function to the Factory minting contract  / dodged the sloppy auth check system using a new address as signature each t  / paid 0.005 ETH <u>chargeFee</u>  / set to parameter to the desired address. which receives the minted volume  / repeated  times.  Using the NFT platform WilderWorld as an eample. this is one of 40 repeated transactions. each of which produced 500.000 $WILD tokens.  These 20M WILD were subsequently sold for 650 WBNB. or little more than $200.000 USD. using PancakeSwap. essentially emptying the WILD/WBNB pool.  The eample transaction:  https://bscscan.com/t/083b4adaf73ad34c5c53aa9b805579ed74bc1391c5297201e6457cde709dff723  Projects which got harmed: / Wilder Worlds / Antimatter / Optionroom / Umbrella Blank / Nord / Razor / Peri / Unido  / Oro / Vorte / Blank / Unifarm,2021-10-07 0:00,2021,4000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
399,Dao Maker,REKT and ChainSec,https://de.fi/rekt-database/dao_maker,,https://chainsec.io/defi-hacks/,https://twitter.com/Mudit__Gupta/status/1434059922774237185,,“DaoMaker was exploited for ~$4m. They left the `init` function unprotected. The attacker re/initialized the contract with malicious data and then called `emergencyEit` to get away with the funds.” — @Mudit__Gupta,2021-09-03 0:00,2021,4000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
687,Cover protocol,REKT,https://de.fi/rekt-database/cover_protocol,,,(1) Cover Protocol Attack Perpetrated by 'White Hat.' Funds Returned. Hacker Claims / CoinDesk. (2) https://cointelegraph.com/news/cover/protocol/suffers/infinite/minting/attack/price/tanks/97,,The exploit affected the mining contract and the $COVER token. Timeline for Exploiter 1: / a new Balancer pool was added to the Blacksmith contract from the team’s multisig via a transaction for the new coverage epirations: https://etherscan.io/t/0e5173fffaed3342b53d41319dc538e7923e287e962df2d27f5e425c633db45d4 / an attacker eecutes the first deposit to the contract. depositing 1.326.880 BPT tokens: https://etherscan.io/t/0d721b0ef2886f14b75548b70d2d1fd82bea085ca24f5de29b833a64cfd8f7a50 / the same attacker then called <u>withdraw</u>(). exploiting the contract for ~703.64 $COVER and withdrawing 1.326.878.99 BPT: https://etherscan.io/t/0adf27f5dd052482d46fdf69a5208a27cc7352522c7c19bbde5aee18f6ea4373b / the first sell of the exploited $COVER tokens: https://etherscan.io/t/066128a1685605b1798c852e14db0b0232a56e3bebf7f3f35b168642801754beb / the attacker continues minting and while the attack vector is still present: https://etherscan.io/t/0f81fb72ee096e0d7afe4b99a55b723110604fb26ec82846043cfc396e1fa79da In total. Exploiter 1 stole around $4.4 million of user funds and transferred them to the External address: https://etherscan.io/address/085abf036ca922e56fed670f4d3ce53fc4ea52b95#tokentns Timeline for Grap Finance: / Grap Finance Deployer deposited 15.255.552810089260015362 BPT (DAI/Basis pool) into the Blacksmith farming contract: https://etherscan.io/t/077490baee41a9b35a6e87d49453c7329c7517c10ce6ce26b4c142692a2877e65 / Grap Finance Deployer withdraws their 15.255.552810089260015361 BPT (DAI/Basis pool). leaving just 1 wei in their balance in the Blacksmith farming contract: https://etherscan.io/t/088ce99fc1cb695db82d83ce5fe587396744841d3a123687f95b18df6a3106818 / Grap Finance Deployer deposited back 15.255.552810089260015361 BPT (DAI/Basis pool) on the Blacksmith farming contract: https://etherscan.io/t/0bd1fcda7006ddd58b18cb3bfbd01ef2d1a979be596e1c73be1d7d65fd7eb8215 / Grap Finance Deployer claimed the rewards. and because of only 1 wei of balance combined with the storage/memory issue. this led to the minting of 40.796.131.214.802.500.000.212114436030863813 $COVER: https://etherscan.io/t/0ca135d1c4268d6354a019b66946d4fbe4de6f7ddf0ff56389a5cc2ba695b035f / Grap Finance Deployer starts to sell as many tokens as possible through 1inch.exchange in multiple transactions: https://etherscan.io/t/0af94d9b537a13819e873b37160594af2b1cc70b420d0b160a02e341566866a6b https://etherscan.io/t/001b3517845ed9c6b7b40d57bd71ac1a89fec080c5b8988f764d8226ac5caa959 / Grap Finance Deployer burns minted tokens: https://etherscan.io/t/0e6c068ca3605228b2435a414f2b372057340f77d3fe9f1d3967eb1ad128cb5d2 / Grap Finance Deployer sends the 4351 (1 + 4350) ETH they have etracted by selling $COVER to the deployer account. which accounts for 34% of the total exploit damage: https://etherscan.io/t/023cb9bdf14eed955a84da3f3cfcf296356c0f897dec0b99e85151a7f084a3051 https://etherscan.io/t/0c2fd5094c1e108f83222a86bd46b35fc0da35616385d681964b22003643f982e,2020-12-28 0:00,2020,4000000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Yield,CP
1159,Webaverse,REKT and SlowMist,https://de.fi/rekt-database/webaverse,https://hacked.slowmist.io/search/,,"0xngmi (llamazip arc) sur Twitter : ""a crypto scam stole 4m by just taking a photo of a trust wallet screen. with no seed phrases or any private info on sight https://t.co/yOQGbReF1I"" / Twitter",,For several weeks last year. Webaverse was targeted by a skilled scam gang posing as investors. Webaverse reported. The Webaverse team and the crooks met in Rome at the end of November 2022. and approximately $4 million was stolen. They reported the theft to the local Rome police station the same day. and then to the FBI a few days later on Form IC3.,2022-11-26 0:00,2022,4000050,External factor,Deceiving personnel,Human risk,Target,Dapp,P
176,SolFire Finance,REKT and SlowMist,https://de.fi/rekt-database/solfire_finance,https://hacked.slowmist.io/search/,,https://coincodecap.com/solfire/finance/rugged,, The SolFire Finance project owner stole all investor funds and moved them to the ETH chain via a cross/chain bridge. The project  s GitHub account and Twitter account have been deleted and the site is no longer accessible. REKT : Solfire eecuted rug pull by withdrawing assets from the Solfire hot wallet.,2022-01-25 0:00,2022,4055803,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
1125,DeFiAi,REKT,https://de.fi/rekt-database/defiai,,,(1) https://twitter.com/DeFiAiOfficial/status/1591783217040064513. (2) https://misttrack.io/s/b4Dm0. (3) https://web3isgoinggreat.com/?id=over-4-million-drained-from-defiai,,"Quick Summary
DeFiAi protocol was rugged by using a backdoor in the farm contract with a profit of more than 4M $USD.
Details of the Exploit
DeFiAI is a yield aggregator and the first DEX run by AI. The project was rugpulled for 4.173.646 $USD. The funds were drained from the project's contract with unverified source code and distributed between 10 EOA addresses and then transferred through FixedFloat and MexcGlobal. The project announced on Twitter that they were ""hacked"" and will rebase the remaining funds and reopen the project's smart contracts.

Block Data Reference
Unverified contract with malicious logic:
https://bscscan.com/address/0x042a97c650aff20e4c8c62cd3e0513fc9fcdf722

Withdraw example:
https://bscscan.com/tx/0x39462d567d360feca6ebbb061959ce4f3cbbb6c6723e2f77f852b218aac248ce
Rug pull TXs were selected by Mist:
https://misttrack.io/s/b4Dm0",2022-11-13 0:00,2022,4173646,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
118,Terra,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/SlowMist_Team/status/1516961806509563904,, The SlowMist security team found that funds from about 52 addresses were maliciously transferred to terra1fz57nt6t3nnel6q77wsmdesn7rgy0h2730 from April 12 to April 21  with a total loss of about $4.31 million. The SlowMist security team stated that this attack was a phishing attack on batches of Google keyword advertisements. When a user searches for the well/known Terra project on Google  the first advertisement link (the domain name may be the same) on the Google search result page is actually a phishing website. When a user visits this phishing website and connects to the wallet  the phishing website will remind you to directly enter the mnemonic phrase. Once the user enters and clicks submit  the assets will be stolen by the attacker.,2022-04-12 0:00,2022,4310000,Instant user deception,Fake ads/pop ups,Imitation,Intermediary,Blockchain,
300,THORChain,REKT and SlowMist,https://de.fi/rekt-database/thorchain,https://hacked.slowmist.io/search/,,(1) https://twitter.com/THORChain/status/1415813696857591813. (2) https://www.runebase.org/news/thorchain/suffers/exploit/,,The decentralized cross/chain transaction protocol THORChain (RUNE) updated the attack situation claiming that the amount of lost assets was about 4000 ETH. The initial assessment is that the attack was a logical vulnerability when Eth Bifrost used the routing contract to capture ERC/20 tokens. The attacker use. Not long ago THORChain updated Eth Bifrost to allow the routing contract to be encapsulated by the contract. The attacker uses this to send a transaction with msg.value = 200 ETH and immediately uses the contract to transfer it back to itself while Bifrost will report msg. value = 200 instead of depositAmount = 0 so as to realize the profit of calling the routing contract with the amount of 0 ETH. REKT: THORChain Exploiter 1 Address:  https://etherscan.io/address/04b713980d60b4994e0aa298a66805ec0d35ebc5a  THORChain Exploiter 2 Wallet:  https://etherscan.io/address/03a196410a0f5facd08fd7880a4b8551cd085c031  Contract attacker address:  https://etherscan.io/address/04a33862042d004d3fc45e284e1aafa05b48e3c9c  According to ThorChain’s preliminary incident report. the bug was located within the ETH Bifrost (bridge) code:  https://gitlab.com/thorchain/thornode///blob/develop/bifrost/pkg/chainclients/ethereum/ethereum_block_scanner.go#L794  The code contains an over/ride loop. designed only for use in <u>vaultTransferEvent</u> transactions. which the hacker was able to manipulate. The hacker was able to wrap the router with their own contract. allowing them to access this over/ride.  The attacker drained liquidity in various coins:/ 2.500 ETH/ 57.975.33 SUSHI/ 8.7365 YFI/ 171.912.96 DODO/ 514.519 ALC/ 1.167.216.739 KYL/ 13.30 AAVE  Ether were sent to the External address:  https://etherscan.io/address/0ace2d948fc7ea3bc49eee5526786d66d19bc470e&nbsp;,2021-07-15 0:00,2021,4364612,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
168,Meter.io,REKT and SlowMist and ChainSec,https://de.fi/rekt-database/meter.io,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://twitter.com/Meter_IO/status/1490103308421255168. (2) https://blog.chainsafe.io/breaking/down/the/meter/io/hack/a46a389e7ae4 (3) https://twitter.com/peckshield/status/1490121762847092736?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1490121762847092736%7Ctwgr%5E5c76b40e4b9c813baabb25e2f1b572a4e8d24141%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Ftype%3Dtet2Fhtmlkey%3Dd04bfffea46d4aeda930ec88cc64b87cschema%3Dtwitterurl%3Dhttps3A%2F%2Ftwitter.com%2Fpeckshield%2Fstatus%2F1490121762847092736image%3Dhttps3A%2F%2Fi.embed.ly%2F1%2Fimage3Furl3Dhttps253A252F252Fabs.twimg.com252Ferrors252Flogo4638.png26key3D4fce0568f2ce49e8b54624ef71a8a5bd,, Meter.io's cross/chain bridge was hacked  resulting in a loss of around $4.3 million ( 1391.24945169 ETH and 2.74068396 BTC). The hacker was able to exploit a vulnerability in the deposit function  which allowed them to fake BNB or ETH transfers. Meter.io announced that Meter Passport (a cross/chain bridge etension) automatically wraps and unwraps Gas Tokens (such as ETH and BNB) for user convenience. However  the contract did not prohibit the wrapped ERC20 Token from interacting directly with the native Gas Token  nor did it properly transfer and verify the correct amount of WETH transferred from the caller address. CRYPTOSEC: “With teams now using independently modified forks of ChainBridge without auditing their changes it was only a matter of time before costly mistakes were made. In the case of Meter their modifications to the ChainBridge code introduced a bug in the automatic wrap and unwrap of native tokens like BNB and ETH which created an opening for a hacker to exploit.” — ChainSafe REKT: The attacker\saddress:  https://etherscan.io/address/08d3d13cac607B7297Ff61A5E1E71072758AF4D01  The attacker minted a substantial amount of BNB and WETH tokens. draining the bridge reserve of its BNB and wETH before all bridge transactions could be halted by Meter. This case also impacted the Hundred Finance on Moonriver.  Meter_io Passport is a fork of ChainSafe\sChainBridge. but with one change introduced to the deposit method of the ERC20 Handler.  The etended code had a wrong trust assumption which allowed the hacker to call the underlying ERC20 deposit function to fake a BNB or ETH transfer.  exploit scenario:/ the Meter Bridge Contract provided by ChainSafe Systems has a vulnerability in <u>deposit</u>() function/ <u>deposit</u>() function doesn\ tcheck <u>calldata</u>  data  parameter to be matched with the message value in the function call/ this vulnerability allows anybody to call this function with fake deposit data and not be revertedthe attacker exploited this vulnerability and make a few deposits from the Ethereum network: https://etherscan.io/t/0dfea6413c7eb3068093dcbbe65bcc9ba635e227c35e57fe482bb5923c89e31f7 https://etherscan.io/t/02d3987963b77159cfe4f820532d729b0364c7f05511f23547765c75b110b629c/ the attacker exploited this vulnerability and made a few deposits from the BSC network: https://bscscan.com/t/0c4d7e160c7652f2db22681aa2777c5b37937bf30375c5b2c6b2bd172ae984950 https://bscscan.com/t/063f37aff7e40b85b0a6b3fd414389f6011cc09b276dc8e13b6afa19061f7ed8e https://bscscan.com/t/0c7eb98e00d21ec2025fd97b8a84af141325531c0b54aacc37633514f2fd8ffdc/ the attacker called <u>swapOut()</u> to withdraw a fake deposited amount from another chain: https://moonriver.moonscan.io/t/0b3298f62504423a97db6a6fc4132e6bf1f4225b1e7deb33260495254280d7050/ the attacker used AnySwap and cBridge to collect all funds in the Ethereum address  Stolen funds were deposited into Tornado Cash mier on Ethereum:  https://bloy.info/ts/transfers_from/08d3d13cac607b7297ff61a5e1e71072758af4d01?currency_id=1,2022-02-05 0:00,2022,4400000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Bridge,INT
397,ChainSwap,REKT and ChainSec,https://de.fi/rekt-database/chainswap,,https://chainsec.io/defi-hacks/,(1) https://decrypt.co/75698/chainswap/exploit/leads/to/multi/million/loss/for/defi/tokens (2) https://chain/swap.medium.com/chainswap/exploit/11/july/2021/post/mortem/6e4e346e5a32,,“crypto projects that had used ChainSwap to launch Ethereum tokens on Binance Smart Chain lost millions to an attacker whose address now holds about $4.4 million.” —\a0Decrypt,2021-07-10 0:00,2021,4400000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
1107,Raydium,REKT,https://de.fi/rekt-database/raydium,,,(1) https://twitter.com/osec_io/status/1603763023151509505. (2) https://twitter.com/RaydiumProtocol/status/1604251722351710211?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet,https://raydium.medium.com/detailed-post-mortem-and-next-steps-d6d6dd461c3e. https://bartubozkurt35.medium.com/raydium-protocol-exploit-analysis-5-5-million-hacked-5e8b916ff1fa,"Quick Summary
The private key of the Pool Owner account  was compromised.
The attacker drained nine Raydium’s constant product liquidity pools having stolen crypto worth around 4.4m USD. 

Details of the Exploit
The affected pools are ETH-USDC. RAY-SOL. RAY-USDC. RAY-USDT. SOL-USDT. SOL-USDC. stSOL-USDC. UXP-USDC. ZBC-USDC. 
The funds draining was performed through repeatedly calling the  withdrawPNL function that allows to withdraw fees from the pools.  The expected fees to be withdrawn were increased with the SetParams and AmmParams::SyncNeedTake functionality. 
 
Block Data Reference
The pool owner account: 
https://solscan.io/account/HggGrUeg4ReGvpPMLJMFKV69NTXL1r4wQ9Pk9Ljutwyv ",2022-12-16 0:00,2022,4400000,Undetermined,Accessing private keys/data,Undetermined,Target,Exchange,P
622,Fomo 3D,SlowMist,,https://hacked.slowmist.io/search/,,https://mp.weiin.qq.com/s/MCuGJepr_f18rZsImBQ,,Ethereum Fomo 3D was hacked and hacker used special attack techniques to take the bonus.,2018-08-01 0:00,2018,4451018.9,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
26,DRAC Network,SlowMist,,https://hacked.slowmist.io/search/,,PeckShieldAlert: DeFi Project DRAC Network Appeared Rug Pull / TokenInsight,, DeFi project DRAC Network appeared Rug Pull  with the price of the token $TEDDY dropping 99.4%. 10 000 $BNB and 2 million $BUSD have been slowly transferred to Binance. It is said that the deployer deployed the contract and transferred a large quantity of $TEDDY to 0dbe8ef79a1a7b57fbb73048192edf6427e8a5552  then pump and dump the price of $TEDDY.,2022-07-25 0:00,2022,4500000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Blockchain,DLT
276,XToken,REKT and SlowMist,https://de.fi/rekt-database/xtoken,https://hacked.slowmist.io/search/,,https://medium.com/token/sn/post/mortem/666d35071f38,,The DeFi pledge and liquidity strategy platform XToken  which suffered a lightning loan attack  released an analysis report on the vulnerability of the SN contract. At 4:43 UTC on August 29th  a vulnerability in the SN contract was exploited  and the holder  s loss was estimated to be 4.5 million U.S. dollars. Token believes that it is best to stop providing SN products at this time. Token stated that it will no longer use the SN contract for SN pledge. REKT : The attacker:  https://etherscan.io/address/01dcc7f61c24a91eb00e26a56730c0879c275958a  The transaction behind the attack:  https://etherscan.io/t/0924e6a6288587b497f73ddcf6ae3c184f15ab35dfcb85f3074b55266974029ef  The attacker: / flash loaned 25.000 ETH from dyd  / borrowed ~1m SN from Aave V1 and V2  / swapped of 6.8k ETH to 519k SN on Bancor  / holds ~1.5m SN at the moment of this step in total  / swapped of 1.5m SN on Kyber for ~6.5m USDC. lowering SN price considerably  / swapped of ~6.5m USDC for ~6.5m sUSD on Curve  / transferred of ~2m sUSD to SNAdmin contract (the contract holds assets managed by SN). with the intention of repaying the contract’s sUSD debt in order to unlock SN  / called the <u>callFunction()</u> function on SNAdmin contract. burning sUSD debt and swapping ~614k SN for ~811k sUSD debt at an artificially depressed price  The <u>callFunction</u>() should only have been callable from dyd’s SoloMargin flash loan contract. An erroneous require statement allowed the function to be publicly callable.  Mistakenly used: <u>require(sender==address(this)</u>  Should have used: <u>require(msg.sender==soloMarginAddress)</u>  / swapped of ~811k sUSD for ~811k USDC. which remains in the contract.  The attacker then reverses all actions. swapping back to ETH and repaying loans. The source of the value etraction was that the attacker used SN assets to pressure SN price and create profitable External arbitrage opportunities.,2021-08-29 0:00,2021,4500000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Staking,CP
329,Eleven Finance,REKT and SlowMist,https://de.fi/rekt-database/eleven_finance,https://hacked.slowmist.io/search/,,https://elevenfinance.medium.com/eleven/finance/nrv/vault/exploit/and/loss/of/funds/a/post/mortem/437a79ded743,,Nerve Finance a stablecoin trading platform based on the Binance Smart Chain (BSC) tweeted that the Nerve/related machine gun pool in the revenue aggregator Eleven Finance have been attacked by sparks. After analysis the reason for the exploit is that the emergencyBurn() function does not calculate the balance correctly and does not execute the destruction. On September 30th hackers have returned approimately $4.5 million in stolen funds. REKT: The attackersaddress:  https://bscscan.com/address/0c71e2f581b77de945c8a7a191b0b238c81f11ed6  The transaction behind the attack:  https://bscscan.com/t/06450d8f4db09972853e948bee44f2cb54b9df786dace774106cd28820e906789  The attacker: / borrowed a flash loan from PancakeSwap with 953.869.62 BUSD. which is returned at the last step with the necessary fee to cover the flash loan cost  / swapped 340.631.23 BUSD for 474.378.75 NRV via PancakeRouter  / added liquidity with 474.378.75 NRV and 366.962.02 USDT into NRV+BUSDT pool via PancakeRouter and minted in return 411.515.29 Pancake LP tokens  / deposited 411.515.29 Pancake LP tokens into Eleven Finance via <u>ElevenNeverSellVault</u> and obtained 411.515.29 11 nrvBUSD LP tokens  / called <u>emergencyburn</u>() to withdraw 411.515.29 Pancake LP tokens without burning any 11 nvrBUSD LP token. Then called <u>withdrawAll</u>() to get etra 411.515.29 Pancake LP tokens with the related 11 nvrBUSD LP tokens burned.,2021-06-23 0:00,2021,4500000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
1011,TEDDY DOGE,REKT,https://de.fi/rekt-database/teddy_doge,,,(1) https://cryptoslate.com/teddy-doge-developers-pull-out-4-5-million-in-alleged-soft-rug-pull/ (2) https://www.coindesk.com/tech/2022/07/25/memecoin-teddy-doge-soft-rug-pulls-45m-worth-of-tokens-peckshield-says/,,The TEDDY DOGE project has been Rug pull scamed by the admin wallet. The sell-off amounts to roughly $4.5m USD (2m $BUSD and 10k $BNB).,2022-07-25 0:00,2022,4500000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Exchange,P
699,GALA token,REKT,https://de.fi/rekt-database/gala_token,,,Report: GALA token exploit resulted from public leak of private key on GitHub (cointelegraph.com),,Quick SummaryGala was exploited on the Binance chain. The attacker used a privileged function to mint 55.628.400.000 $GALA &nbsp;tokens to an EOA address. Details of the exploitGala is a metaverse including Gala Games. Gala Music. and Gala Films. The project\stoken smart contract on the Binance chain was used to mint large an amount of $GALA tokens. The total worth of the newly minted tokens reached 1.156.000.000 $USD. The attacker managed to swap the part of tokens for 4.540.655 $USD worth of $BNB. All the stolen funds remain at the initial EOA address at the moment. <span style=\>Funds on the Ethereum chain and collateral of the bridges were not affected.The Gala team calls for calm. claiming that the incident was just a drain of the liquidity pool to safeguard potential vulnerabilities. And there was no hack or rug.&nbsp; Block Data ReferenceAttacker address: https://bscscan.com/address/0e8710dad8ff08fbee62e2fe77315caecb59bd20f Wallet holding the funds: https://bscscan.com/address/06891A233Bca9E72A078bCB71ba02aD482A44e8C1 Malicious transactions: https://bscscan.com/t/04b239b0a92b8375ca293e0fde9386cbe6bbeb2f04bc23e7c80147308b9515c2e https://bscscan.com/t/0439aa6f526184291a0d3bd3d52fccd459ec3ea0a8c1d5bf001888ef670fe616d,2022-03-11 0:00,2022,4540655,External factor,Exploiting operational mistake,Human risk,Target,FT,CA
24,ZB exchange,REKT and SlowMist,https://de.fi/rekt-database/zb_exchange,https://hacked.slowmist.io/search/,,ZB hot wallet or hacked. selling token after a profit of 2224 ETH. about $3.68 million | Anue Ju Heng / News (cnyes.com),,"The ZB exchange was hacked with a total loss of around $4.3 million. ZB has notified the community on August 2 that deposits and withdrawals will be suspended due to a &quot sudden failure&quot . The reason is &quot Sudden failure of the core application&quot . It  s worth noting that the attack actually happened on August 1  but it was overshadowed by the overwhelming news of the Nomad exploit. REKT: Quick Summary

An attack was carried out on ZBExchange during which a hacker managed to steal approximately $4.8M.


Details of the Exploit

The ZBExchange provides cryptocurrency exchange services for both cryptos to fiat and crypto to crypto trading pairs.
The hacker took advantage of a vulnerability. which allowed him to steal $ETH and $ERC20 tokens from the ZB Hot Wallet. Since the ZBExchange hot wallet was compromised. it is possible that the hacker managed to obtain a private key. which allowed the tokens to be withdrawn to the scammer address (A). In this transaction. scammer address(A) sends 2k $ETH to scammer address (B): 

https://etherscan.io/tx/0x740261cecb74aacd00b0523095208fb2ba393b7e3ace2e705ae40ca493494f64

some of the stolen funds are located at scammer address (B).



Block Data Reference
Victim address: https://etherscan.io/address/0xe019d99f9fe03dc5661ad4bb19f9db88d9fa0a62

Hacker addresses:
1) https://etherscan.io/address/0x67c67b5a3c4009cf849f86be37e79db3923f1055
2) https://etherscan.io/address/0x26446c1658b036a6fa3efb805f8fc538451d3fc2",2022-08-02 0:00,2022,4767945,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Exchange,P
506,Fusion,SlowMist,,https://hacked.slowmist.io/search/,,https://fusionprotocol.medium.com/fusion/foundation/update/28/9/6479cd0a982d,https://www.coindesk.com/markets/2019/09/30/fusion-network-loses-millions-in-private-wallet-hack/. https://decrypt.co/9766/the-fusion-network-hacked, Fusion released According to an official announcement  the Fusion transaction wallet (08e6bDa71f3f0F49dDD29969De79aFCFac4457379) was attacked on September 28  resulting in the theft of 10 million native FSN and 3.5 million ERC20 FSN tokens  worth about 5.57 million U.S. dollars. It is reported that the wallet was attacked because the private key was stolen. In response to the theft  Fusion Foundation officials have also transferred all remaining funds to the cold wallet. At the same time  Fusion officials are also tracking abnormal transactions  and uncertain evidence indicates that the theft may be caused by Fusion Foundation personnel.,2019-09-28 0:00,2019,4823550,Undetermined,Accessing private keys/data,Undetermined,Target,FT,CA
665,Yapizon,REKT and SlowMist,https://de.fi/rekt-database/yapizon,https://hacked.slowmist.io/search/,,https://www.hackread.com/south/korean/bitcoin/exchange/yapizon/hacked/,,Yapizon a South Korean Bitcoin exchange announced last week it lost 3831 Bitcoin (over $5.5 million) after an unknown hacker breached its system and stole funds from its server. REKT: South Korean exchange Yapizon has become the victim of hackers. reportedly losing 3.800 BTC in customer funds.  The exchange confirmed the theft of 3.831 Bitcoins. “equivalent to 37.08% of the total assets.”  “After many discussions. legal and accounting consultations and reviews. We have come to the conclusion that it should be applied fairly to all members. It is also the most common way to go through the liquidation process. The loss of 37.08% will have the same effect on all membersassets.” /Yapizon said.,2017-04-22 0:00,2017,4980000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
60,Osmosis,REKT and SlowMist,https://de.fi/rekt-database/osmosis,https://hacked.slowmist.io/search/,,https://cointelegraphcn.com/news/attackers/loot/5m/from/osmosis/in/lp/exploit/2m/returned/soon/after,, Osmosis  the decentralized exchange (DE) built on the Cosmos network  was shut down just before 3 a.m. ET on Wednesday after attackers exploited a liquidity provider (LP) vulnerability to steal around 5 million Dollar. About an hour after Osmosis tweeted about the attack  4 hackers accounted for 95% of the total  according to a tweet from Osmosis  Cosmos ecosystem validator FireStake admitted on Twitter  A &quot momentary error of judgement&quot  led to two members of their team who exploited the vulnerability for roughly $2 million  and they decided to voluntarily return the funds and &quot fi the problem.&quot. REKT: Osmosis has been rugged by liquidity pool providers. Size of loss is ~$5M. One of the attackers added liquidity USDC and OSMO. The attacker then received GAMM LP tokens in return. which represented his share in the pool. They immediately revoked GAMM LP tokens. thereby receiving 50% more than the amount of USDC and OSMO that were added as liquidity. Token address:  https://www.mintscan.io/osmosis/account/osmo1w444ek799hvg970mfwu6gg5dww2r8fhkgrgjEample transaction:  https://www.mintscan.io/osmosis/account/osmo1hq8tlgq0kqz9e56532zghdhz7g8gtjymdltqer Attack eample step by step:1. Add liquidity to a pool&nbsp;2. Remove liquidity from the pool allowing 50% etra. No bonding needed.&nbsp;3. Rinse and repeat,2022-06-08 0:00,2022,5000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
226,ONUS,SlowMist,,https://hacked.slowmist.io/search/,,https://cystack.net/research/the/attack/on/onus/a/real/life/case/of/the/log4shell/vulnerability,,The payment system of ONUS  the largest cryptocurrency trading platform in Vietnam  running a vulnerable version of Log4j suffered a cyber attack. Cyclos notified ONUS to repair the system on December 13  but it was too late. Although ONUS has fied the security loopholes in the Cyclos instance  the window of loopholes allowed attackers to successfully steal data from sensitive databases. The stolen database contained nearly 2 million user data  including KYC (Know Your Customer) data  hashed passwords  etc. Subsequently  the attacker asked ONUS to pay a ransom of 5 million otherwise the stolen data would be made public. On December 25  because ONUS did not pay the full ransom  the attackers sold customer data on the dark web data exchange market.,2021-12-09 0:00,2021,5000000,Hacked/exploited infrastructure,Ransomware,Technical vulnerability,Target,Dapp,P
320,XDX Swap,REKT and SlowMist,https://de.fi/rekt-database/xdx_swap,https://hacked.slowmist.io/search/,,https://www.tuoniao.com/newsflash/p/507462.html,,The XDX Swap (DDE) on the Heco chain s cross/chain decentralized exchange DDE was attacked. The attacker made a profit of 85.17 ETH (approimately $176 000) and cross/chained it to Ethereum. The DDE code appears to have a backdoor. With the support and cooperation of DDE Star Labs and HECO White Hat Security Alliance D Swap has successively recovered most of the funds involved in this attack with a total value of more than 5 million US dollars. REKT: The D Swap (DDE) on the Heco chain’s cross/chain decentralized exchange DDE was attacked on July 2. The attacker received 85.17 ETH (about $176.000) and transferred it to the Ethereum network. There appeared to be a backdoor in the DDE code. With the help and collaboration from DDE. Star Labs. and the HECO White Hat Security Alliance. D Swap has recovered the majority of the funds involved in this incident. totaling more than $5M.,2021-07-02 0:00,2021,5000000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Exchange,P
403,Pizza DeFi,ChainSec,,,https://chainsec.io/defi-hacks/,(1) https://u.today/eos-defi-platform-hacked-5-million-in-users-funds-stolen (2) https://halborn.com/explained-the-pizza-defi-platform-hack-december-2021/ (3) https://twitter.com/PizzaProFi/status/1468869822389768192?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1468869822389768192%7Ctwgr%5E7a2444c171f6dd86e05792a9a7b4aa05e7e58cbf%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fu.today%2Feos-defi-platform-hacked-5-million-in-users-funds-stolen (4) https://pizza-finance.medium.com/a-brief-review-on-the-12-08-spiderman-hacking-incident-8739c23322ab,,“By using a large number of Tripool tokens the hacker was able to open over/collateralized positions and drain real valuable assets and withdraw them to his or her own wallet. The lost tokens are valued at $5 million.” — U.Today,2021-12-08 0:00,2021,5000000,Contract vulnerability,Integer overflow,Technical vulnerability,Target,CeFi,
526,Bitrue,REKT and SlowMist,https://de.fi/rekt-database/bitrue,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/104224.htm,, At approimately 1am June 27 (GMT+8)  a hacker exploited a vulnerability in Bitrue  s Risk Control team  s 2nd review process to access the personal funds of about 90 Bitrue users. The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million RP and 2.5 million ADA to different exchanges. REKT: Singapore/based crypto exchange Bitrue has suffered a major hack. losing 9.3 million RP and 2.5 million cardano (ADA) from its hot wallet.  At the time of the breach — 1 a.m. GMT+8 June 27 — the stolen funds would have been worth over $4.5 million in RP (valued at $0.488) and $237.500 in ADA (valued at $0.095). according to CoinMarketCap data.  The exchange states that a purportedly single hacker first “exploited a vulnerability in our Risk Control teams2nd review process to access the personal funds of about 90 Bitrue users.” subsequently using this first eperience to access the exchange’s hot wallet and steal the cryptocurrency.  Any user accounts that were affected by the breach have had their assets replaced,2019-06-27 0:00,2019,5000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
1116,Ankr,REKT,https://de.fi/rekt-database/ankr,,,(1) https://twitter.com/BeosinAlert/status/1598514702849826817. (2) https://twitter.com/CertiKAlert/status/1598547948958371841. (3) https://twitter.com/PeckShieldAlert/status/1598527823224111104,,"Quick Summary
Ankr protocol was exploited by private key compromisation. The attacker replaced contract implementation and was able to mint aBNBc tokens infinitely. 
Details of the Exploit
Ankr is a decentralized infrastructure with a rich ecosystem. The staking contract of the protocol on the Binance Smart Chain was exploited using access control vulnerability. The attacker replaced the implementation for the staking proxy with an unverified malicious contract. Consequently. the malicious contract was used to mint 10.000.000.000.000 $aBNBc which were exchanged for 5.500 $BNB and 5.340.000 $USDC. $aBNBc token price dropped nearly 99% and almost all the liquidity was drained from PancakeSwap and ApeSwap pools. The stolen amount almost completely was transferred through TornadoCash. AnySwap. and CelerBridge. There is just 100 $BNB left in the attacker's original address at the moment.
At this moment proxy implementation was replaced with the new unverified one.

Block Data Reference
Attacker address:
https://bscscan.com/address/0xf3a465C9fA6663fF50794C698F600Faa4b05c777

Malicious transaction:
https://bscscan.com/tx/0x61e0f3f0dc5cc84f0547799ebb19515ce5f5d20c0b57442135263bcb1b506812
https://bscscan.com/tx/0xcbc5ff4a6c9a66274f9bde424777c3dc862ab576e282fbea3c9c2609ca3e282b",2022-12-02 0:00,2022,5000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Exchange,P
21,Solana,REKT and SlowMist,https://de.fi/rekt-database/solana,https://hacked.slowmist.io/search/,,Slow Fog: The massive theft of solana wallets involved a major asset value of approimately $4.5 million / Foresight News,, A large/scale incident of currency theft occurred on the Solana public chain  and a large number of users were transferred SOL and SPL tokens without their knowledge. According to SlowMist MistTrack statistics  more than 8 000 Solana wallets have been stolen so far. Assets are valued at approimately $4.5 million. REKT: Quick Summary Solana was subjected to a major exploit due to which approimately 8k Slope wallets were robbed in the amount of ~ $5.2M.  Details of the exploit  data/v/51e0c2ec=  >Slope is a web/based. non/custodial crypto wallet and browser etension that allows users to manage assets on the Solana blockchain.Wallets on the Solana chain were compromised by a hacker who managed to gain access to users\private keys. thanks to which the hacker managed to withdraw funds to his address.The hacker used a proxy to track network requests. Slope Wallet developers used Sentry to transfer data to the network. By default. Sentry does not use 2FA from which it can be concluded that most likely the Sentry Slope account was compromised. and since the data storage period in Sentry is 90 days. and it is possible to track the data of users who created their accounts in this period of time. the hacker gained access to the clean data of users\wallets such as mnemonic and private key. The vulnerability was also noticed in mobile devices based on android and iOS. most likely the application was written using the Flutter framework. which contains a bug. so the hacker also had access to private user data. Block Data ReferenceHacker account address:(SOL) 1)  https://solscan.io/account/GeEccGJ9BEzVbVor1njkBCCiqJbVeDHaDCrBDbmuy(SOL) 2)  https://solscan.io/account/5WwBYgQG6BdErM2nNNyUmQfcUnB68b6kesBywh1J3n(SOL) 3)  https://solscan.io/account/CEzN7mqP9on2HdyW6fjEJ73t7qa9Rp2zyS6hb3iEu(SOL) 4)  https://solscan.io/account/Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wVAddress that received 0.5 $SOL from the Binance Hot Wallet on Solana:  https://solscan.io/account/HYaQcKPcWgLe7gpA99EUbDSGuzJCupNVCRmP37Yv#solTransfers (ETH)  https://etherscan.io/address/0c611952D81E4ECbd17c8f963123DeC5D7BCe1c27,2022-08-02 0:00,2022,5200000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Blockchain,DLT
411,Aeternity,SlowMist,,https://hacked.slowmist.io/search/,,https://forum.aeternity.com/t/how/to/prevent/51/attack/on/aeternity/as/pow/blockchain/8516,,Aeternity (AE) was attacked by 51% yesterday. According to core members of the Aeternity community  the Governance issue caused a loss of more than 39 million AE tokens. The official team is solving the problem. The main damages are exchanges and mining pools. exchanges are concentrated in OKE  Gate  and Binance. In this regard  Aeternity Chaohua Community Moderator February Honghong said that Governance issues will not create new tokens. He can understand it as copying a fake token from the attacker and sending it to exchange withdrawals are often the unlucky ones  and mining pools are the same. Therefore  Governance issues are not technical vulnerabilities. POW itself is such an operating mechanism  so the team will not settle claims.,2020-12-06 0:00,2020,5201240,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
404,Roll,"REKT, SlowMist and ChainSec",https://de.fi/rekt-database/roll,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://www.theblockcrypto.com/linked/98261/roll-social-token-platform-exploit (2) https://medium.com/dapp-com/how-does-the-on-chain-data-reflect-the-5m-tokens-hacked-the-next-victim-is-7ecd81b671ad (3) https://twitter.com/FrankResearcher/status/1371039886657085445?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1371039886657085445%7Ctwgr%5Ea7dfc93ef4bbe6ca0d65972406b95f0a2aececb5%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.theblock.co%2Flinked%2F98261%2Froll-social-token-platform-exploit,https://techcrunch.com/2021/03/16/5-7m-stolen-in-roll-crypto-heist-after-hot-wallet-hacked/. https://www.immunebytes.com/blog/social-tokens-crash-after-a-reported-security-breach-at-roll/,“Roll a platform for issuing social tokens on the Ethereum network suffered an apparent exploit on Sunday resulting in the theft and subsequent sale of tokens.” — The Block REKT : The attackersaddress:  https://etherscan.io/address/05fe4e7124d1da9046edc67a6499b565241be0167  The attackersdeployed smart contract:  https://etherscan.io/address/0eaa86ddd49d8907c939413e92888536e4587bd9a  The attacker was able to gain access to the private keys of Roll’s hot wallet and steal social money stored in that address. The attacker then sold all the tokens on Uniswap for ETH and transferred the ETH to Tornado Cash.  The list of tokens that were affected: WHALE. FWB. KARMA. JULIEN. 1337. MORK. CHERRY. FAMILY. BEAR. SKULL. LADZ. RARE. ALE. PICA. BAEPAY. SWAGG. KERMAN. CAMI. HUE. OSINA. ATS. GOB. ARKE. SCOTT. JAMM. FIRST. PAUL. DSGN. JOON. CALVIN. WGM. BPC. ALO. YUMI. PIEL. RDR. BONES. GCASH. FORCER. PYGOZ. TING. HERO.  The transactions of the token withdrawals:  https://etherscan.io/t/0c4b1d59c0ca5d2b0ff9d153fbcaffd3a583c792532bd13c7e93b0d1110b55d9a  https://etherscan.io/t/05ebcf5b1ff3b5bf8988668b8ec89a4d3cbfcd2c10308f8b16fb44c0b7bccce3c  https://etherscan.io/t/0b35f41c32f278bc4decd415b3112e3f354c2668ee1248086743fa27f89d21f9e  Stolen funds were deposited into Tornado Cash mier at:  https://bloy.info/ts/calls_from/05fe4e7124d1da9046edc67a6499b565241be0167?date=clear&amp;signature_id=994162&amp;smart_contract_address_bin=0905b63fff465b9ffbf41dea908ceb12478ec7601,2021-03-14 0:00,2021,5389203,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
148,Agave,REKT and SlowMist,https://de.fi/rekt-database/agave,https://hacked.slowmist.io/search/,,(1) https://twitter.com/Agave_lending/status/1503725275917565954. (2) https://twitter.com/HundredFinance/status/1503754916300476420,,The Agave contract on Gnosis Chain was attacked due to an untrusted External call. The attacker calls the liquidateCall function to liquidate himself without any debt. During the liquidation process  the liquidation contract called the attacker contract. During the process  the attack contract deposited 2728 WETH obtained through the flash loan and minted 2728 aWETH. And use this as collateral to lend out all available assets in the Agave project. After the External call ends  the liquidateCall function directly liquidates the 2728 aWETH previously deposited by the attacker and transfers it to the liquidator.,2022-03-15 0:00,2022,5400000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Lending,P
442,ETERBASE,REKT and SlowMist,https://de.fi/rekt-database/eterbase,https://hacked.slowmist.io/search/,,(1) https://www.zdnet.com/article/slovak/cryptocurrency/exchange/eterbase/discloses/5/4/million/hack/. (2) https://t.me/eterbasenews/639. (2) https://twitter.com/ETERBASE/status/1303229581814640640. (4) https://medium.com/@ETERBASE/eterbase/hack/investigation/and/security/audit/is/ongoing/ecb825208850,,"European encrypted exchange ETERBASE has been hacked resulting in the theft of some hot wallets and the loss of more than $5.4 million in assets. REKT: ETERBASE hot wallets were compromised. stolen funds were moved to the following addresses:

ETH Address: 0x7860F7b2874e77E80bE0fC6EbfB9414f89781aD9

TRX Address: TPdhhbCHqXzrDyUiQnHApS7VL2UxB8Qhna

XTZ Address: tz1hnoxVgc8Z1DUa6D18EUkPCXmNbaHwmLRc

BTC Address: 1ANLZZ2YFGumRXaD3EMii92zWQgvX2CK9c

ALGO Address: PDVFO5SDJMOJ6MC7KAD27DDGQ5YQD4IUTDJR2QRCPENT5A5T6CGT2VAAEI

XRP Address: rNwgkFj6QadEXUyS1jgTD2XEsi8HanKzDX

Stolen funds were withdrawn to centralized exchanges wallets of Binance. Huobi. HitBTC. ""Due to the fact that Eterbase has lost several important partners and financial providers. we are unfortunately forced to stop temporarily all our operations beginning April 19th 2021. Please. withdraw all your funds immediately.EBASE claims will be converted to EUR claims."" / ETERBASE stated on April 8:
https://twitter.com/ETERBASE/status/1380191015915679750",2020-09-08 0:00,2020,5400000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
13,Bribe protocol,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/zachbt/status/1560307514381459456,,The Bribe Protocol promised a DAO infrastructure tool where &quot token holders get paid to govern&quot   and raised $5.5 million in funding in January to work on their etensive roadmap. However  the project leaders have effectively disappeared. There are no posts on the project 's Twitter account since May  their Medium page has been untouched since March.,2022-05-18 0:00,2022,5500000,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Dapp,P
283,XSURGE,REKT and SlowMist,https://de.fi/rekt-database/xsurge,https://hacked.slowmist.io/search/,,https://twitter.com/SURGEDEFI/status/1427359459102404609,, On August 17  the DeFi project SURGE on BSC suffered a lightning loan attack. On August 16  local time  SURGE officially issued a statement about the SurgeBNB vulnerability before the attack. Since the SurgeBNB contract cannot be changed and has been abandoned  the vulnerability cannot be patched. SURGE said that it did not disclose any specific details about the nature of this vulnerability  but strongly recommends that users migrate out of SurgereBnb as soon as possible. The vulnerability may be triggered by an attacker at any time. After the announcement  SURGE was subsequently attacked  and the attacker stole $5 million from SurgeBNB. REKT : The transaction behind the attack:  https://bscscan.com/t/07e2a6ec08464e8e0118368cb933dc64ed9ce36445ecf9c49cacb970ea78531d2  The hacker made a flash loan of 10.000 BNB and purchased 202 trillion SURGEs. net <u>sell</u>() 202 trillion SURGEs within reentrancy to <u>purchase</u>(). where the price is calculated before updating <u>_totalSupply</u> to a smaller one. thus gaining more SURGEs.  The hacker exploited five times in five different transactions and gained 13.112 BNBs in total (with ~$5.57M). The funds were transferred to Ethereum via Binance Bridge.,2021-08-17 0:00,2021,5570000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,FT,CA
454,OKEX,SlowMist,,https://hacked.slowmist.io/search/,,https://www.coindesk.com/markets/2020/08/17/oke/mulls/etc/delisting/after/losses/from/two/51/attacks/,,OKE has confirmed that the latest Governance issue caused ETC losses of approimately $5.6 million. Out of concerns about the security of the ETC mainnet  it is considering removing ETC from the exchange. According to a report released by OKE on Saturday  OKE will repay all the ETC lost by users.,2020-08-17 0:00,2020,5600000,Decentralization issue,51% attack,Technical vulnerability,Target,CeFi,
1113,Lodestar Finance,REKT,https://de.fi/rekt-database/lodestar_finance,,,(1) https://twitter.com/LodestarFinance/status/1601686921566375936. (2) https://twitter.com/BowTiedPickle/status/1601657332227657728. (3) https://twitter.com/CertiKAlert/status/1601855328366346242,,"Quick Summary
Lodestar protocol was exploited via price feed oracle vulnerability. plvGLP price was manipulated which led to the protocol liquidity draining.
Details of the Exploit
Lodestar Finance is a borrowing and lending protocol. based on the Compound fork. initially built and launched on the Arbitrum network. Lodestar aims to bring the critical DeFi primitive of decentralized money markets to Arbitrum communities. The protocol was exploited by manipulating the plvGLP oracle price using flashloans to create a large plvGLP collateral position. The attacker increased the plvGLP/GLP rate and created the ability to change the price immediately. which was then compounded through the loops and led to significant borrowing ability. The main vulnerability that allowed such exploit flow was in GLPOracle price logic. 

Block Data Reference
Attacker contract:
https://arbiscan.io/address/0x7596ACadf6c93f01b877F5A44b49407ffFC53508

Attacker  address:
https://arbiscan.io/address/0xc29d94386ff784006ff8461c170d1953cc9e2b5c

Exploit TX:
https://arbiscan.io/tx/0xc523c6307b025ebd9aef155ba792d1ba18d5d83f97c7a846f267d3d9a3004e8c",2022-12-10 0:00,2022,5800000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
632,Maplechange,REKT and SlowMist,https://de.fi/rekt-database/maplechange,https://hacked.slowmist.io/search/,,(1) https://www.ibtimes.com/cryptocurrency/exchange/maplexchange/hacked/eit/scam/allegations/surface/2728232 (2) https://bt.net/blog/canadian/exchange/maplexchange/hacked/for/8/btc/50000/refund/in/progress/,,Maplechange based in Canada announced on Twitter the exchange &quot sustained a hack&quot and was investigating the issue. The post also said the exchange had turned off users accounts temporarily. About refunding its customers it opened a Discord server (a platform for users to chat) so customers could post there about their missing funds based on which it would initiate refunds. The exchange s website was down.,2018-10-28 0:00,2018,5880000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
81,Kronos DAO,REKT and SlowMist,https://de.fi/rekt-database/kronos_dao,https://hacked.slowmist.io/search/,,https://www.pinpointnews.co.kr/news/articleView.html?idno=117157,, According to Pinpoint News  Klaytn/based DeFi project Kronos DAO misappropriated users’ DAI pledged in its vaults to invest in Kairos Cash and lost 6 million DAI. The 6 million DAI staked by users turned into 6 million Kairos Cash in the Kronos Dao Vault  which Kronos Dao eplained was “used as a strategic investment.” Investors  however  questioned that the eplanation was insufficient and that no advance notice was given. At present  Kronos Dao has closed Kakao Talk and Telegram communication channels  leaving only Discord as a communication channel. REKT: Quick SummaryKronos DAO misappropriated users funds locked into their vaults without informing the investors beforehand. Investors suffered a combined loss of $DAI 6 million.&nbsp; Details of the exploitKronos Dao was the first decentralized reserve currency protocol on the Klaytn network. The platform offered vaults with investment strategies for specific coins such as the $DAI stablecoin. The team used $DAI 6 million pledged to their vault in order to invest into a Kronos chain based stablecoin called Kairos Cash in the pursuit of higher yields for its investors. This change in investment strategy was not communicated beforehand and the various transactions to the Binance central exchange made the redirection of investment strategies even less transparent. Cheated investors have filed charges against the Kronos management team. ,2022-05-19 0:00,2022,6000000,Internal theft,Undetermined,Human risk,Target,Yield,CP
593,DragonEx,REKT and SlowMist,https://de.fi/rekt-database/dragonex,https://hacked.slowmist.io/search/,,(1) https://www.coindesk.com/markets/2019/03/26/singapore/based/crypto/exchange/dragone/has/been/hacked/ (2) https://www.quadrigainitiative.com/casestudy/dragonehackingtheft.php,,DragonE announced the news on its official Telegram channel on Monday stating that on Sunday March 24 it had suffered a cyberattack that saw cryptocurrency funds owned by users and the exchange “transferred and stolen.” In updates on the hack today DragonE’s Telegram admin provided wallet addresses for 20 cryptocurrencies to which the stolen funds had apparently been transferred. The list included the top five cryptos by market capitalization: bitcoin (BTC) ether (ETH) RP litecoin (LTC) and EOS as well as the tether stablecoin (USDT) for which si destination addresses were provided. REKT: DragonEx announced on their official Telegram channel. stating that. on Sunday. March 24. it had suffered a cyberattack that saw cryptocurrency funds owned by users and the exchange transferred and stolen.  20 cryptocurrencies in total were stolen. The list included the top/five coins by market capitalization: Bitcoin (BTC). Ether (ETH). XRP. Litecoin (LTC). and EOS. as well as the Tether (USDT).,2019-03-24 0:00,2019,6030000,External factor,Deceiving personnel,Human risk,Target,CeFi,
1119,Safuu Protocol,REKT,https://de.fi/rekt-database/safuu_protocol,,,"PeckShieldAlert sur Twitter : ""#PeckShieldAlert #slippage $SAFUU has dropped -99.55%?? https://t.co/7kK9mY3Bel https://t.co/d1QkkPxIzr"" / Twitter",,"Quick Summary
Safuu Protocol was rugpulled by the project-related EOA address. 6.000.000 $USD worth of $SAFUU tokens were swapped to $BUSD and transferred to another EOA address.
Details of the Exploit
Safuu Protocol is a Yield Aggregator providing compounding opportunities. The project-related EOA addresses labeled ""Safuu: Auto Liquidity"" and ""Safuu: Insurance Fund"" started transferring $SAFUU tokens to ""Safuu: Treasury"" address on 21 November. The transferred tokens were swapped to $BUSD and sent to an EOA address. 6.073.084 $BUSD was accumulated in the Treasury address. Consequently. 5.030.437 $BUSD was already transferred to an EOA address at the moment.
Block Data Reference
Scammer addresses:
https://bscscan.com/address/0xa9c6d0cc785569b450393a69599e97faed5d9dd9

Funds transfer transactions:
https://bscscan.com/tx/0x16f570b1bf00fffc886a9e59bd93ebe40abaee0d4d7d9217fbea582c8050073b
https://bscscan.com/tx/0xa280cbb3c830e9fde51b7c4e56d20fb795030dd9a4c8f9dc410e8fe59a367f42
https://bscscan.com/tx/0x32b6f1b40b5a90e7566be853c3e9d0222b0ce090b6a0a33a60ff9c041004b1b8
https://bscscan.com/tx/0x31d8200f47b44be79437d7b14467d9703d751ded204a97432c56cb3f00cd51ab
https://bscscan.com/tx/0x20e8b6b344ffb635e0961a5312512dbef70cb45cfaa2eb990a71989d9755f884
https://bscscan.com/tx/0x791272edbf61a70bbe034596fca821736b9614a5bf1cafd8ad1dc85f66b1f7f3

Funds holder address:
https://bscscan.com/address/0xe964e707321aa626fce933bc6c30ad2bbc8bac99",2022-11-21 0:00,2022,6073083,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Yield,CP
146,Hundred Finance,REKT and SlowMist,https://de.fi/rekt-database/hundred_finance,https://hacked.slowmist.io/search/,,https://twitter.com/HundredFinance/status/1503754916300476420,, Hundred Finance  the Compound fork project on the Gnosis chain  tweeted that it suffered a hacker attack and lost more than $6 million. REKT: The attackersaddress:  https://blockscout.com/dai/mainnet/address/0D041Ad9aaE5Cf96b21c3ffcB303a0Cb80779E358/transactions  The attacks were made possible due to the DAI tokensarchitecture. which includes the function <u>callAfterTransfer</u>(). which creates a reentrancy vulnerability.  Using flash loans as collateral. the attacker(s) layered multiple borrow functions within one another. increasing the amount borrowed before the protocol could update the debt balance. Repeating this approach resulted in borrowing assets that were significantly more valuable than the collateral provided.  Stolen funds were bridged to Ethereum and deposited into Tornado Cash mier:  https://etherscan.io/ts?a=0d041ad9aae5cf96b21c3ffcb303a0cb80779e358,2022-03-16 0:00,2022,6200000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Lending,P
69,Animoon,REKT and SlowMist,https://de.fi/rekt-database/animoon,https://hacked.slowmist.io/search/,,(1) https://twitter.com/zachbt/status/1532390797479403521. (2) https://beincrypto.com/jake/paul/promotes/yet/another/nft/rug/pull/founders/make/off/with/6/3m/,, The work of Animoon with 9999 NFTs is taken from Pokémon. They claim to have signed a non/disclosure agreement (NDA) with Pokémon partner TopDeck. But with no evidence of an actual P2E game being developed  the Animoon team disappeared  deleting their Twitter account and website. REKT: Quick SummaryAniMoon. a play/to/earn NFT project has been rug pulled by its team. exploiting its investors and users for $6.3 million. Details of the exploit  data/v/51e0c2ec=  >AniMoon is a P2E game based on the famous Pokemon cartoon series.  data/v/51e0c2ec=  >The NFT project AniMoon was a collection of 10k NFTs for 0.2 $ETH that was scammed by its team. The project claimed to have a cooperation with PokĂ©mon. but in fact this was not the case.  data/v/51e0c2ec=  >Nevertheless. the project managed to raise funds from investors who were attracted by the appeal of the project.  data/v/51e0c2ec=  >Transactions of the $ETH theft from the collection to the scammer addresses can be seen here:  data/v/51e0c2ec=  >1)  https://etherscan.io/t/0043ca64013f654053e239c9c1c19bb59a93d95f081ce0e2baafff65978670a75  data/v/51e0c2ec=  >2)  https://etherscan.io/t/09fc895ed8f66469148d8db894c6188b627072d72038303ed178e50abc4fa0149  data/v/51e0c2ec=  >   data/v/51e0c2ec=  >Then all stolen funds were transferred to Binance Hot Wallet.  data/v/51e0c2ec=  >Eample transactions:  data/v/51e0c2ec=  >1)  https://etherscan.io/t/012a6eb67083092ac75a5625727ccf10911e193999b250926cad6b80c7e533422  data/v/51e0c2ec=  >2)  https://etherscan.io/t/09aecb0b65429e5646fa054b26f068cebf1a59eba762a315ba7a10cd394ea6dad  data/v/51e0c2ec=  >3)  https://etherscan.io/t/04e31f03f5322eebf8a28bc8542173165a97a9db8a2e2424ed0d97f6281b2b9b2 Block Data ReferenceInvolved addresses:/ Scammer address (A). token creator:  https://etherscan.io/address/081d3ec77438b4e99aa99ba25b1dbc3fea317fe3b/ Scammer address (B):  https://etherscan.io/address/07c60e48234ffc524993421885a1e8efcb4feb6eb<span style=\   >/ Scammer address (C): https://etherscan.io/address/02098145e7d5572828209f89fb972568b765605c7<span style=,2022-06-02 0:00,2022,6300000,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Dapp,P
340,Belt Finance,REKT and SlowMist,https://de.fi/rekt-database/belt_finance,https://hacked.slowmist.io/search/,,https://twitter.com/Mudit__Gupta/status/1398885049987043329,,According to official sources Belt Finance on the Binance Smart Chain (BSC) suffered a lightning loan attack and lost US$6.2 million. The attacker used flash loans to obtain more than 6.2 million US dollars of funds from the Belt Finance agreement through 8 transactions and has converted most of the funds into anyETH and withdrawn to Ethereum. REKT: The attacker: / used 8 flash loans on $385M BUSD from PancakeSwap  / deposited 10M BUSD in bEllipsisBUSD strategy (only for the first transaction. where it was the Most Undersubscribed Strategy)  / deposited 187M BUSD to bVenusBUSD strategy (Most Undersubscribed Strategy)  / swapped 190M BUSD to 169M USDT through Ellipsis  / withdrew more BUSD from bVenusBUSD strategy (Most Oversubscribed Strategy)  / swapped 169M USDT to 189M BUSD through Ellipsis  / deposited BUSD to bVenusBUSD strategy (Most Undersubscribed Strategy)  (Steps 4 / 7 were repeated 7 times)  / repaid flash loans and withdrew profit.  Transaction list:  https://bscscan.com/t/0f598e092ab82ce08798f9dab7ea6ade64f152aa91db897f3449b23ab591baa1d   https://bscscan.com/t/050b0c05dd326022cae774623e5db17d8edbc41b4f064a3bcae105f69492ceadc   https://bscscan.com/t/0c4d4156aab1fca85c99e85352b836274d3c53bafe98a2c9867b68950e1eafde9   https://bscscan.com/t/0b57acfeab13d52664416aa2ada9b490e340292731fced049fc8c4a730b7af700   https://bscscan.com/t/0cca1ebf01e694bb4c447f6018eebb34a3b829cff9ea1ec5fce236eb3cc2ef99c   https://bscscan.com/t/07719e1bae25dbe80539edea37c962e941ec4141145e6eabe63540b7178ffd0d0   https://bscscan.com/t/0d790026feda9a16646647e9df0779dc4a7b173053369847691b8f3f678da1f66   https://bscscan.com/t/0f598e092ab82ce08798f9dab7ea6ade64f152aa91db897f3449b23ab591baa1d   https://bscscan.com/t/07b3b727a56d1649ee325c42416a1199f4a9b4f4eb024a60b5848a7b1485953b1,2021-05-30 0:00,2021,6300000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
497,VeChain,SlowMist,,https://hacked.slowmist.io/search/,,https://medium.com/@vechainofficial/vechain/foundation/announcement/8459492ee039,,The VeChain Foundation  a non/profit organization supporting the VeChain public blockchain platform  announced that their repurchase address was leaked at 12:27 PM Eastern Time on Friday (ie 1:27 AM Beijing time) . The company stated in the announcement: The security breach is most likely due to the improper behavior of a member of our finance team who created a repurchase account without fully complying with the standard procedures approved by the foundation  and due to human error. Our audit team did not find such inappropriate behavior. We want to emphasize that the incident has nothing to do with the actual standard process or the effectiveness of VeChain's hardware wallet solution. ,2019-12-13 0:00,2019,6500000,External factor,Exploiting operational mistake,Human risk,Target,Blockchain,DLT
334,Alchemix,REKT and SlowMist,https://de.fi/rekt-database/alchemix,https://hacked.slowmist.io/search/,,https://twitter.com/DefiantNews/status/1405152562110599171,,The DeFi lending agreement Alchemi alETH pool is suspected to have a loophole and users can raise collateralized ETH when they have outstanding alETH debts. Alchemi released an alETH pool accident report stating that due to an error in the deployment of the alETH pool script users have borrowed alETH at a 4:1 mortgage ratio but have no debt to be repaid and the debt ceiling of nearly 2000 ETH has been released and new ones can be minted again. alETH combined with Alchemi s use of the wrong inde in the vault array forced the transmuter to support the agreement mechanism to completely send the funds to repay the user s debt. The team has stopped the mortgage lending of the pool. As of the time of the report alETH currently has a gap of /2 688.634 which is about 6.53 million U.S. dollars. Alchemi stated that there was no loss of user funds and Yearn did not suffer any loss.,2021-06-16 0:00,2021,6530000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Derivatives,P
393,Luna Yield,REKT and SlowMist,https://de.fi/rekt-database/luna_yield,https://hacked.slowmist.io/search/,,(1) https://coingeek.com/solana/sees/first/rug/pull/luna/yield/disappears/with/6/7m/in/digital/currency/. (2) https://www.coindesk.com/markets/2021/08/20/solanas/luna/yield/goes/dark/with/some/fearing/a/rug/pull/involving/67m/. (3) https://decrypt.co/79098/solana/defi/protocol/luna/yield/goes/dark/with/6/7/million/in/crypto. (4) https://finance.yahoo.com/news/solana/luna/yield/goes/dark/013219855.html,,"The Solana chain has experienced its first carpet pull. Luna Yield ($LUNY) is a revenue aggregator launched through the Solana launchpad &quot SolPad&quot which has disappeared and is a variety of digital currencies worth about 6.7 million U.S. dollars. Luna Yield advertises itself as a legal project that can aggregate and optimize yield agriculture for its users it is even supported by the famous Solana/based project launchpad &quot SolPad&quot which enables projects that submit &quot qualified documents&quot Raise funds through its initial DE product (IDO) on the Solana/based decentralized platform. Although Luna Yield submitted &quot qualified documents&quot its attitude towards investors was indifferent. Before the August 16 fundraising Luna Yield appeared to be legitimate. Three days after its IDO Luna Yield sent the funds it raised to the hybrid service Tornado Cash to make it untraceable and then it closed its website and all social media accounts/no one was able to contact the Luna Yield team. REKT: SolPAD was holding the IDO event for the Luna Yield project on their platform. That was only the 2nd IDO event of SolPAD's fundraising platform.

Luna Yield token sale announcement:
https://archive.is/Q0WJB

Luna Yield's website was taken down after the finalized fundraising event. Funds were stored at this address:
https://solscan.io/account/EiySftqENviEh339R1UhXN2Yxg9wi4ZpVHiRd99SXap7
Stolen Wrapped Ether was distributed between different wallets:
https://solscan.io/account/EiySftqENviEh339R1UhXN2Yxg9wi4ZpVHiRd99SXap7#splTokenTxs
List of stolen assets:
/ SOL/USDC LP $382.648
/ LUNY/USDC LP $22.13
/ LUNY $89.504
/ USDC $1.166.959
/ RAY $463.100
/ SOL $923.239
/ ETH $1.483.732
/ USDT $1.686.679
/ YFI $490.834
Solpad Finance announced that they have already refunded 60% of the stolen funds to the investors:
https://archive.is/bQpun",2021-08-19 0:00,2021,6709834,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Yield,CP
304,Bondly Finance,REKT and SlowMist,https://de.fi/rekt-database/bondly_finance,https://hacked.slowmist.io/search/,,https://bondlyfinance.medium.com/bondly/attack/july/14th/2021/postmortem/beb7cf02e9ba,,The digital collectibles market platform Bondly Finance released an analysis report on the previous attack. Bondly Finance believes that the attacker obtained access to the password account belonging to Bondly CEO Brandon Smith through a carefully planned strategy. The password account contains the assistance of his hardware wallet. Recalling the phrase to restore the phrase after copying allowed the attacker to access the BONDLY smart contract and the company wallet that was also leaked resulting in the minting of 373 million BONDLY tokens. REKT: The attacker\saddress:  https://etherscan.io/address/0c433d50dd0614c81ee314289ec82aa63710d25e8  The owner (058a058ca4b1b2b183077e830bc929b5eb0d3330c) of <u>StakingReward</u> contract (06bee9387bb670a7f3e3b355d0389419c2aa598d1) was compromised and the owner had an allowance on sending BONDLY tokens:  function send(address to. uint256 amount) onlyOwner nonReentrant External {&nbsp; &nbsp; &nbsp; &nbsp; require(sent.add(amount) &lt;= maCap capitalization eceeded);&nbsp; &nbsp; &nbsp; &nbsp; sent = sent.add(amount);&nbsp; &nbsp; &nbsp; &nbsp; bondToken.transfer(to. amount);&nbsp; &nbsp; }  The contract owner sent tokens to the attacker\saddress at:  https://etherscan.io/t/0c2b339468b23cc8b98d6d4534e87d8ec3b85a0d26f8c169a22efe14d221cfaae  The attacker used received tokens to mint 200.460.00 zenBONDLY on the MANTRA DAO ZENTEREST platform and proceeded to use the funds as collateral to borrow a series of other cryptocurrency assets that were then stolen:  https://etherscan.io/t/046526cbfbb14b0bb914d35d5b0f32b0e40e9783b67c0a000e8431f698924795f  The owner of <u>StakingReward</u> contract sent etra tokens to the External wallet owned bt the attacker:  https://etherscan.io/t/0bcea5abcb1b446b971eb67b6dd69736e68d273097774284ca5f257df2a31c3c7  A series of Bondly/held wallets were compromised and the funds immediately transferred to the Attacker’s wallet address. In addition. hundreds of small transfers of 10.000. 20.000. and 200.000 BONDLY were made to numerous wallet addresses. which we believe were owned by the Attacker. In addition to Bondly tokens. the transfers included 271.790.246 $BONDLY BSC tokens and 6.620.128 $BONDLY Polygon tokens.  The attacker moved 3.569 Uniswap V2 liquidity tokens from compromised Bondly wallets to the Attacker’s wallet. Later it was identified that Attacker removed liquidity from Uniswap:  https://etherscan.io/t/06a8f9d1e686bb226e0ef387923b527dc20c700249df14b42ae0cfc5a9c426d9d  501 Ether. stored at the following Ethereum address. which included Bondly assets. were sent to Tornado Cash through a series of transactions by the attacker:  https://etherscan.io/address/0a465e908abbda0ba0da598cced8abd4901b2f634   https://bloy.info/ts/calls_from/0a465e908abbda0ba0da598cced8abd4901b2f634?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967  The attacker sent 5.2m DAI and 202 ETH to the Tornado Cash mier:  https://bloy.info/ts/calls_from/0c433d50dd0614c81ee314289ec82aa63710d25e8?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967,2021-07-14 0:00,2021,6800987,External factor,Deceiving personnel,Human risk,Target,Dapp,P
202,Bored Bunny,SlowMist,,https://hacked.slowmist.io/search/,,Investors lose $20.7 million in Bored Bunny NFT promoted by multiple celebrities (cryptoslate.com),,,2022-01-06 0:00,2022,6926605,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,NFT,CA
286,DAO Maker,REKT and SlowMist,https://de.fi/rekt-database/dao_maker,https://hacked.slowmist.io/search/,,https://www.newsweek.com/dao/maker/hack/7m/stolen/defi/heist/1618785,,DAO Maker issued an announcement stating that at around 1:00 UTC on August 12th  hackers maliciously used a DAO Maker wallet and obtained administrator rights. After initially testing this vulnerability and successfully stealing 10 000 USDC  the cybercriminal made another 15 transactions quietly. In this way  hackers embezzled approimately $7 million before the security team was able to track  control  and prevent the outflow of funds. A total of 5 251 users were affected  and each user lost an average of $1250. Fortunately  users who hold up to $900 in funds are not affected at all.,2021-08-12 0:00,2021,7000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,FT,CA
348,FinNexus,REKT and SlowMist,https://de.fi/rekt-database/finnexus,https://hacked.slowmist.io/search/,,https://medium.com/phoeni/finance/finneus/statement/regarding/the/may/2021/hack/d69e1b7617dc,,According to an official statement from on/chain options protocol FinNeus part of FinNeus’ hardware has been attacked by malware and an unknown hacker infiltrated the FinNeus system and managed to recover the private key of the ownership of the FN token contract. FN was minted transferred or sold in large numbers in a short period of time involving more than 300 million FNX tokens (about 7 million US dollars) in BSC and Ethereum.,2021-05-17 0:00,2021,7000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,FT,CA
400,Dao Maker,REKT and ChainSec,https://de.fi/rekt-database/dao_maker,,https://chainsec.io/defi-hacks/,(1) https://cointelegraph.com/news/dao/maker/crowdfunding/platform/loses/7m/in/latest/defi/exploit (2) https://www.coindesk.com/markets/2021/08/12/crypto/fundraising/dao/loses/over/7m/in/latest/crypto/exploit/ (3) https://blocksecteam.medium.com/the/analysis/of/the/daomaker/attack/32365c37e7fc,,“According to a report from DAO Maker CEO Christoph Zaknun hackers were able to remove roughly $7 million in USD Coin (USDC) from 5251 user accounts.Despite the name DAO Maker has no apparent connection to MakerDAO the decentralized finance or DeFi protocol behind the stablecoin Dai (DAI).” — Cointelegraph,2021-08-12 0:00,2021,7000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,FT,CA
418,OUSD,REKT and SlowMist,https://de.fi/rekt-database/ousd,https://hacked.slowmist.io/search/,,https://medium.com/originprotocol/urgent/ousd/has/hacked/and/there/has/been/a/loss/of/funds/7b8c4a7d534c,,OUSD has been hacked. and there has been a loss of user funds.,2020-11-16 0:00,2020,7000000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,FT,CA
1036,Value Defi,REKT,https://de.fi/rekt-database/value_defi,,,(1) https://twitter.com/FrankResearcher/status/1327649421492957184?s=20 (2) https://rekt.news/value-defi-rekt/,,The attacker: - flash loaned 80k ETH from Aave - flash swapped 166M DAI from Uniswap - swapped 80k for 31M USDT on Uniswap (effective 76.6k remaining 3.3k ETH) - deposited 25M DAI on ValueMultiVaultBank - swapped 91M DAI to 90.2M USDC on Curve - swapped 31M USDT to 17M USDC on Curve - withdrew 33M 3CRV from ValueMultiVaultBank - swapped 17.3M USDC to 30.9M USDT on Curve - swapped 90.2M USDC to 90.9M DAI on Curve - removed liquidity with 33M 3CRV for 33.1M DAI on Curve - swapped 30.9M USDT for 76k ETH on Uniswap - repaid flash swap 116M DAI to Uniswap - swapped 283k DAI to 606.9 ETH on SushiSwap - repaid flash loan 80.072k to Aave - transferred 2M DAI to Value deployer - transferred 5.4M DAI to the EOA. The transaction. where the flash loan attack was performed: https://etherscan.io/t/046a03488247425f845e444b9c10b52ba3c14927c687d38287c0faddc7471150a,2020-11-14 0:00,2020,7000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
341,BurgerSwap,REKT and SlowMist,https://de.fi/rekt-database/burgerswap,https://hacked.slowmist.io/search/,,https://twitter.com/burger_swap/status/1398161871778115586,, BurgerSwap  an automatic market maker on the BSC chain  suffered a lightning loan attack and lost nearly 7 million U.S. dollars. This attack is a problem in the BurgerSwap architecture. Since the Pair layer completely trusts the data of the PaltForm layer  it did not perform another check on its own  which led to the attack. REKT: The attacker obtained $7.2 million using flash loans in the following transactions:  https://bscscan.com/t/0f598e092ab82ce08798f9dab7ea6ade64f152aa91db897f3449b23ab591baa1d  The attacker: / flash swapped 6k WBNB ($2M) from PancakeSwap  / swapped almost all WBNB to 92k BURGER on BurgerSwap  / created its own fake token (a non/standard BEP/20 token) and formed a new trading pair with $BURGER of 100 fake tokens and 45k BURGER  / swapped 100 fake tokens to 4.4k WBNB through the pool from step 3  / made another swap from 45k BURGER to 4.4k WBNB  / received 8.8k WBNB for the two latest steps in total  / swapped 493 WBNB to 108.7k BURGER on BurgerSwap  / repaid flash swap.,2021-05-28 0:00,2021,7200000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
667,Coindash,REKT and SlowMist,https://de.fi/rekt-database/coindash,https://hacked.slowmist.io/search/,,https://www.zdnet.com/article/hacker/steals/7/4m/in/ethereum/during/coindash/ico/launch/,,Hacker steals $7.4 million in ethereum during CoinDash ICO launch. At the time of the ICO in which CoinDash posted a string of characters which represented its wallet address for investors to send funds to it appears that the hacker compromised the website and changed this tet to a wallet they control. It was a matter of minutes before the platform realized the security breach had taken place and warned investors but it was too late // and now the stolen funds intended for CoinDash are simply sitting in a wallet awaiting collection. REKT: Israel/based CoinDash. a cryptocurrency portfolio management platform due to formally launch within the net 24 hours. was one such victim of a compromised ICO.  The attacker changed the CoinDash wallet address posted on the CoinDash website to one they owned during the event. leading to the theft of millions in Ethereum. At the time. losses were estimated at $7 million. and investors were promised their funds. not in their original cryptocurrency. but in the CoinDash event token.  Compromised address:  https://etherscan.io/address/06a164122d5cf7c840d26e829b46dcc4ed6c0ae48  In September. as the price of Ethereum continued to soar. the attacker believed to be behind this attack ineplicably returned 10.000 ETH. Now. CoinDash has announced that a further 20.000 ETH has been returned to the platform.  Both of the transactions can be viewed through the CoinDash public wallet and are linked to one of the wallet addresses of the attacker:  https://etherscan.io/t/039ae8444634d679c6618fd28439c80a4a1913e6752008fb88a46bb27d6520aea,2017-07-18 0:00,2017,7400000,Instant user deception,DNS attack,Imitation,Intermediary,CeFi,
1137,DFX Finance,REKT,https://de.fi/rekt-database/dfx_finance,,,(1) https://www.theblock.co/post/185796/polychain-dfx-finance-hacked?utm_source=rss&utm_medium=rss. (2) https://twitter.com/DFXFinance/status/1590858727070273536. (3) https://twitter.com/spreekaway/status/1590804841261305856?s=46&t=oKKN-0DnuU0JRLt8jtjwAg. (4) https://twitter.com/DFXFinance/status/1593705258038935553?s=20&t=DGJwAI_DRC0jNC4UjkkP7Q. (5) https://docs.google.com/spreadsheets/d/1MTaFBpNZe_YeRLhh2NGTLPy-lswcSTJ3aIvM-vFc4Ew/edit#gid=0,,,2022-11-10 0:00,2022,7645284,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
408,Warp Finance,REKT and SlowMist,https://de.fi/rekt-database/warp_finance,https://hacked.slowmist.io/search/,,(1) https://warpfinance.medium.com/warp/finance/exploit/summary/recovery/of/funds/5b8fe4a11898. (2) https://rekt.news/warp/finance/rekt/,,DeFi portal DefiPrime said on Twitter this morning that at 06:34 on December 18th Beijing time the liquidity LP token mortgage loan DeFi agreement Warp Finance suffered a lightning loan attack and about 8 million US dollars were stolen. In addition Warp Finance officials also tweeted that they are investigating illegal stablecoin loans that were lent in the last hour and recommend not to deposit stablecoins until the official finds out the violation.Afterwards Warp Finance issued a statement regarding the lightning loan attack. It is said that lightning loan attackers can steal up to US$7.7 million worth of stablecoins but the Warp Finance team has formulated a plan to recover approimately US$5.5 million worth of stablecoins still in the mortgage vault. The US$5.5 million will be The proportion is distributed to users who have suffered losses. REKT : The smart contract which was used to perform the attack:  https://etherscan.io/address/0df8bee861227ffc5eea819c332a1c170ae3dbacb  Transaction:  https://etht.info/mainnet/08bb8dc5c7c830bac85fa48acad2505e9300a91c3ff239c9517d0cae33b595090  https://etherscan.io/t/08bb8dc5c7c830bac85fa48acad2505e9300a91c3ff239c9517d0cae33b595090  The attacker: / took four different flash loans of 2.9M DAI + 344.8K WETH from dYd and UniswapV2; WETH/WBTC 90k WETH WETH/USDC 82k WETH WETH/USDT 96k WETH dYd 76k WETH dYd 2.9m DAI  / deposited the dYd flash loan (of 2.9M DAI + 76K WETH) to UniswapV2 pair (WETH/DAI) and minted in return 94.349K LP tokens  / transferred minted tokens to WarpVaultLP as collateral to the credit of the EOA; (current price of UniswapV2 pair WETH/DAI LP token is 58.815.427)  / swapped 341K WETH for 47.6M DAI via UniswapV2 so that DAI becomes very epensive. which cascadingly at least doubles the LP token price to 135.470.392  / with the higher LP token price and the higher computed collateral value. the attacker is able to borrow 3.86M DAI and 3.9M USDC from WarpFinance (valued at about $~7.8 million)  / returned the flash loans in step 1 back to dYd and UniswapV2.,2020-12-17 0:00,2020,7800000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
484,MakerDao,REKT and SlowMist,https://de.fi/rekt-database/makerdao,https://hacked.slowmist.io/search/,,https://coingape.com/was/makerdao/mkr/free/fall/because/of/a/system/exploit/that/saw/8/million/of/eth/stolen/,,Due to the congestion of Ethereum the gas soared and the liquidated ETH was sold at a price of 0 US dollars using the MakerDao auction loophole.,2020-03-12 0:00,2020,7900000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
308,Anyswap,REKT and SlowMist,https://de.fi/rekt-database/anyswap,https://hacked.slowmist.io/search/,,https://medium.com/multichainorg/anyswap/multichain/router/v3/exploit/statement/6833f1b7e6fb,,The cross/chain bridge project Anyswap issued an announcement stating that the newly launched V3 cross/chain liquidity pool was hacked in the early hours of yesterday with a total loss of 2.39 million USDC and 5.5 million MIM. According to Etherscan the hacker has sold all MIMs and obtained 548 Million DAI which means that Anyswap s total loss is more than 7.87 million U.S. dollars. According to the eplanation of the reason for the theft in the Anyswap announcement two v3 router transactions were detected under the V3 router MPC account on the BSC. These two transactions have the same R value signature and the hacker reversed the private key of this MPC account. At present the team has fied the code to avoid using the same R signature. Multi/chain router V3 will restart in about 48 hours. There is no security risk for v1 and v2. Anyswap stated that it has taken remedial measures to provide full compensation. Anyswap will refill the stolen liquidity within 48 hours and the liquidity provider will be able to withdraw assets from the fund pool again without any loss. REKT: he attack was performed on Anyswap cross/chain liquidity pools v3 after the hacker deduced the private key to this MPC account in reverse.  The attackersaddress:  https://etherscan.io/address/00aE1554860E51844B61AE20823eF1268C3949f7C  The transactions behind the attack:  / Ethereum:  https://etherscan.io/t/0c80e7cfeb16143cba4d5fb3b192b7dbe70e9bcd5ca0348facd20bf2d05693070   https://etherscan.io/t/0ecaaf8b57b6587412242fdc040bd6cc084077a07f4def24b4adae6fbe8254ae3  / BSC:  https://bscscan.com/t/0a8a75905573cce1c6781a59a5d8bc7a8bfb6c8539ca298cbf507a292091ad4b5  / Fantom:  https://ftmscan.com/t/07312936a28b143d797b4860cf1d36ad2cc951fdbe0f04ddfeddae7499d8368f8  2.398.496.02 USDC and 5.509.222.73 MIM were stolen in total.,2021-10-07 0:00,2021,7907718,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
189,LCX,REKT and SlowMist,https://de.fi/rekt-database/lcx,https://hacked.slowmist.io/search/,,(1) https://www.lc.com/hot/wallet/incident/report/. (2) https://twitter.com/lcx/status/1479976459766833152. (3) https://twitter.com/peckshield/status/1479975560743129092. (4) https://rekt.news/lcx/rekt/,,"The LC exchange tweeted that LC's technical team detected an unauthorized access on the LC platform. In total  approimately $7.94 million in crypto assets were stolen. $700 000 has been frozen. All other LC wallets are unaffected. REKT: LCX hot wallet:
https://etherscan.io/address/0x4631018f63d5e31680fb53c11c9e1b11f1503e6f

The hacker's address:
https://etherscan.io/address/0x165402279f2c081c54b00f0e08812f3fd4560a05
According to the official incident report. LCX claims that their private key to the hot wallet was compromised and the hacker was able to steal users' assets.
The list of stolen assets and their USD value:
/ 162.68 ETH (502.671 USD)
/ 3.437.783.23 USDC (3.437.783 USD)
/ 761.236.94 EURe (864.840 USD)
/ 101.249.71 SAND Token (485.995 USD)
/ 1.847.65 LINK (48.557 USD)
/ 17.251.192.30 LCX Token (2.466.558 USD)
/ 669.00 QNT (115.609 USD)
/ 4.819.74 ENJ (10.890 USD)
/ 4.76 MKR (9.885 USD)
A total of approximately $7.94M of crypto/assets were moved out of one LCX Ethereum wallet by an unauthorized party. Approx. 611.000 EURe have been frozen due to the assistance of Monerium. Other LCX wallets such as Bitcoin. HBAR. ADA. DGB. TIA. or DGMV are not impacted.
Stolen funds were deposited into Tornado Cash mixer:
https://bloxy.info/txs/calls_from/0x165402279f2c081c54b00f0e08812f3fd4560a05?signature_id=994162&smart_contract_address_bin=0x722122df12d4e14e13ac3b6895a86e84145b6967",2022-01-08 0:00,2022,7940000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
38,Uniswap,REKT and SlowMist,https://de.fi/rekt-database/uniswap,https://hacked.slowmist.io/search/,,https://twitter.com/sniko_/status/1546535668247060481,, More than 70 000 addresses connected to Uniswap were airdropped tokens that tricked users into approving transactions that would allow attackers to control their wallets. The airdrop links users to a phishing site that resembles the real Uniswap site. Users are tricked into signing contracts  and cryptocurrencies and NFTs are stolen from wallets. One of the wallets lost more than $6.5 million worth of ether and bitcoin  and the other lost about $1.68 million worth of cryptocurrency. REKT : Quick Summary A Uniswap liquidity provider was subjected to a phishing attack. which incurred losses of $8M. <em>Uniswaps smart contracts were not involved in any shape or form in this phishing attack.&nbsp;</em>  Details of the exploitThe victim received a fake airdrop of a lp token from the attacker disguised as a transaction coming directly from Uniswap. The attacker manipulated the trade log in order to make Uniswap appear as the sender of the transaction on blockscan.The attacker set up a fake airdrop claim website upfront. When the victim tried to claim the airdrop on the phishing website. approvals were given to the attacker that enabled the hacker to gain control over the funds of the victims wallet.The hacker eited a <span style=\ >WBTC/USDC liquidity pool position the victim had established on Uniswap and exchanged assets for $ETH. which were withdrawn through Tornado.cash. Uniswap was not the target of this attack. nor were any of Uniswaps smart contracts affected in this exploit. Block Data ReferenceThe fake airdrop token address:  https://etherscan.io/address/0cf39b7793512f03f2893c16459fd72e65d2ed00cCreator of the malicious fake airdrop tokens address:  https://etherscan.io/address/024a4b33bfa8e32b3456f95381de429c11c2c6fd6Hacker wallet address:  https://etherscan.io/address/009b5027ef3a3b7332ee90321e558bad9c4447afaCallling multicall for swapping $WBTC and $USDC to $ETH transaction:  https://etherscan.io/t/049efa8a111019e6117721042bc92de0b462ee6fa8a46e775c3f688614f02ce2d,2022-07-11 0:00,2022,8000000,Instant user deception,Scam airdrops,Imitation,Intermediary,Exchange,
297,THORChain,REKT and SlowMist,https://de.fi/rekt-database/thorchain,https://hacked.slowmist.io/search/,,"THORChain sur Twitter : ""THORChain has suffered a sophisticated attack on the ETH Router. around $8m. The hacker deliberately limited their impact. seemingly a whitehat. ETH will be halted until it can be peer/reviewed with audit partners. as a priority. LPs in the ERC/20 pools will be subsidised."" / Twitter",,THORChain (RUNE) a decentralized cross/chain transaction protocol said it was attacked again and many ERC20 tokens including RUNE were affected. This attack targeted ETH routing and lost 8 million U.S. dollars. The attacker intentionally limited the impact of the attack which seems to be done by a white hat. REKT: An attacker targeted the Thorchain Bifrost component through the ETH Router contract. During the transactions. the following addresses are seen in the transactions:  Router:  https://etherscan.io/address/0c145990e84155416144c532e31f89b840ca8c2ce  Vault:  https://etherscan.io/address/0f56cba49337a624e94042e325ad6bc864436e370  Attack contract:  https://etherscan.io/address/0700196e226283671a3de6704ebcdb37a76658805  Attack wallet (spawned from Tornado Cash):  https://etherscan.io/address/08c1944fac705ef172f21f905b5523ae260f76d62  The attacker: / created a fake router (Contract Address). then a deposit event was emitted when the attacker sent ETH.  / passes <u>returnVaultAssets</u>() with a small amount of ETH. but the router is defined as an Asgard vault. On the Thorchain Router. it forwarded ETH to the fake Asgard.  / this creates a fake deposit event with a malicious memo.  Thorchain Bifrost intercepts as a normal deposit and refunds to an attacker due to a bad memo definition.  List of transactions: 1. https://etherscan.io/t/010352e6ec052771a92f05f93e037e066873f64bb502d4488726697987f054595  2. https://etherscan.io/t/01c6ef4d5122f1287085097ac37df076d43f389bfc62a1bdfcd3163254b5fe94a  3. https://etherscan.io/t/00b39a878f1bf3daa78be149222dd8e5fa3e37b54d0451872b3d7a2cbf7f070e2  4. https://etherscan.io/t/001f38f17ba838b54350f8e2a2bd54fcdd9cf3c45fa1d2a735f5311507671be9e  5. https://etherscan.io/t/0a89d90f300fed8d1d987dec86d0d628f31ffd2d8aefdd857ad90151084531d4c  6. https://etherscan.io/t/09db403ad39d3fe78de378af0b49f03d244326662f7fee230db87d12a624f564b  Last transaction of the attacker:  https://etherscan.io/address/0d95e6eab231b9f3afa24c31c7050bd84c2982072#tokentns  Stolen tokens:  / 966.62 ALC / 20.866.664.53 RUNE / 1.672.794.010 USDC / 56.104 SUSHI / 6.91 YFI / 990.137.46 USDT,2021-07-22 0:00,2021,8000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
336,Gainswap,SlowMist,,https://hacked.slowmist.io/search/,,https://www.chaincatcher.com/article/2069096,, At around 4:00 a.m. on June 8  the GainSwap project  which had been online for less than 12 hours  suddenly swept away nearly $8 million in digital assets pledged by users  closed the website access  and then entered a state of losing contact and running away. This is also Heco. One of the projects with the largest amount of running away on the show. In January 2022  according to the public security information of Chizhou City  Anhui Province  the police in Chizhou City recently cracked a case of illegally obtaining virtual currency data from a computer system using blockchain technology  involving a value of about 50 million yuan. After the cooperation of the police in Guangdong  Sichuan and Hunan  all eight suspects were arrested. The police seized and seized the assets involved in the case  such as villas and luury cars worth tens of millions purchased by the suspect with the full amount of the stolen money  and frozen about 6 million virtual assets.,2021-06-08 0:00,2021,8000000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
409,Neus Mutual's founder,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/NeusMutual/status/1338441875326427137,,DeFi insurance agreement Neus Mutual stated on Twitter that the personal address of its founder Hugh Karp was attacked by a platform user stolen 370 000 NM and lost more than 8 million US dollars. The official said that this is a targeted attack only the official name Karp used a hardware wallet the attacker obtained remote access to his computer and modified the wallet plug/in MetaMask deceived him to sign the transaction the attacker Completed KYC 11 days ago and then changed to a new address on December 3. To transfer funds to the attacker's own address.,2020-12-14 0:00,2020,8000000,External factor,Deceiving personnel,Human risk,Target,Dapp,P
494,Origin Protocol,REKT and ChainSec,https://de.fi/rekt-database/origin_protocol,,https://chainsec.io/defi-hacks/,(1) https://www.coindesk.com/origin/protocol/loses/3/25m/in/latest/flash/loan/attack/reports (2)https://blog.originprotocol.com/urgent/ousd/has/hacked/and/there/has/been/a/loss/of/funds/7b8c4a7d534c,,"“Stablecoin project Origin Dollar (OUSD) sustained a re/entrancy attack at 00:47 UTC Tuesday resulting in a loss of funds worth $7 million including over $1 million deposited by Origin and its founders and employees.” — CoinDesk REKT: The attack originated from the address:
https://etherscan.io/address/0xb77f7bbac3264ae7abc8aedf2ec5f4e7ca079f83 with the contract deployed at https://www.contract/library.com/contracts/Ethereum/0x47c3d84394043a4f42f6422accd27bb7240fdfe2

The attacker:
/ 70.000 ETH was borrowed from dYdX
/ 17.500 ETH was exchanged for 7.855.911.53 USDT on Uniswap
/ 52.500 ETH was exchanged for 20.987.772.08 DAI on Uniswap
https://etherscan.io/tx/0xe1c76241dda7c5fcf1988454c621142495640e708e3f8377982f55f8cf2a8401
The mint method. which allows the sender to use one type of stablecoin to mint OUSD. was called with 7.500.000 USDT:
https://github.com/OriginProtocol/origin/dollar/blob/master/contracts/contracts/vault/VaultCore.sol#L37/L78
/ 7.500.000 USDT was transferred to the vault
/ 7.500.000 OUSD was minted and transferred to the EOA
The attacker held a little over half of all OUSD in existence. and the vault had an equivalent amount of collateral to support a supply of roughly 14.518.200 OUSD.
The mint for multiple assets method. which allows the sender to use more than one type of stablecoin to mint OUSD. was called with 20.500.000 DAI as the first stablecoin:
https://github.com/OriginProtocol/origin/dollar/blob/master/contracts/contracts/vault/VaultCore.sol#L80/L134
The attacker used the contract with the malicious logic inside. Origin Protocol's contract failed to detect that this was not one of their three supported stablecoins.
/ 20.500.000 DAI was transferred to the vault
In an attempt to transfer the fake stablecoin. Origin Protocol's contract called safeTransferFrom on the malicious contract. This function contained its own hidden call to mint using 2.000 USDT. which Origin Protocol's contract did not anticipate. The 2.000 USDT mint triggered a rebase of the OUSD supply. which caused everyone’s OUSD balance to increase by a factor of approximately 2.41 (35.018.200 vault value / 14.518.200 OUSD supply). At this point. the attacker held approximately 18.090.156 OUSD when the vault value was 35.018.200.
",2020-11-16 0:00,2020,8000000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,NFT,CA
675,BitKeep,REKT,https://de.fi/rekt-database/bitkeep,,,(1) Hackers drain $8M in assets from Bitkeep wallets in latest DeFi exploit (cointelegraph.com). (2) https://twitter.com/CertiKAlert/status/1607253110254182401. (3) https://twitter.com/BitKeepOS/status/1607666304714158081?cxt=HHwWgsDRnZD_yc8sAAAA,,"Quick Summary
Some users of the multi/chain wallet BitKeep had downloaded a hacked APK version. This allowed the hackers to start draining their addresses. Current losses reached $8M.
 
Details of the Exploit
Users that were using the hacked version 7.2.9 of the BitKeep’s APK have been losing their funds.
 The APK has been hacked due to a vulnerability in the API server used by the wallet app. This allowed the attacker to access the app’s database. which held critical user information such as private keys of their wallets.
Funds have been stolen on BSC. Ethereum. TRON and Polygon.",2022-12-26 0:00,2022,8000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
1104,Bitkeep,REKT,https://de.fi/rekt-database/bitkeep,,,(1) https://archive.ph/it3qy. (2) https://archive.ph/N0osO. (3) https://archive.ph/2iVya,,"Quick Summary
Some users of the multi-chain wallet BitKeep had downloaded a hacked APK version. This allowed the hackers to start draining their addresses. Current losses reached $8M.
 
Details of the Exploit
Users that were using the hacked version 7.2.9 of the BitKeep’s APK have been losing their funds.
 The APK has been hacked due to a vulnerability in the API server used by the wallet app. This allowed the attacker to access the app’s database. which held critical user information such as private keys of their wallets.
Funds have been stolen on BSC. Ethereum. TRON and Polygon.
 
Block Data Reference 
The attacker addresses:
https://bscscan.com/address/0x36225a2721DCb124F3E185d3c177049813b279ba 
https://etherscan.io/address/0x9f12243d60c301d4e01a3d24bb620e8ffb40f855 ",2022-12-26 0:00,2022,8000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
582,Gamble EOS,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/81695.htm,,Tracking the blacklist account gm3dcnqgenes found that its associated account newdemobapp received 2.09 million EOS and has now transferred 50 000 EOS to its associated account guagddoefdqu. And in batches of hundreds to thousands of EOS each time transferred to the stock exchange account (huobideposit) and the remaining 2.04 million EOS has been dispersed to ftsqfgjoscma hpbcc4k42ny 3qyty1khhkhv zr2fbvwtgt myqdqdj4qbge Shprzailrazt qkwrmqowelyu lmfsoppr324 lhjuy3gdkpq4 lcunh51a1gt geydddsfkk5e pnsdiia1pcuy kwmvzswquqpb etc. there is the possibility of further turning to the exchange.,2019-02-22 0:00,2019,8025600,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
317,Haven Protocol,REKT and SlowMist,https://de.fi/rekt-database/haven_protocol,https://hacked.slowmist.io/search/,,Haven Protocol: Technical Overview of June 2021 exploits | by Haven Protocol | Medium,,Based on Moneros privacy/centric DeFi protocol Haven Protocol (HV) it released analysis reports and measures for three serious attacks related to it in late June. The chain rollback plan will be initiated and a hard fork will be implemented. Fi the known vulnerabilities in protocol minting. Regarding specific attacks on June 24 203 000 USD and 13.5 BTC were minted in two attacks on June 27 an unknown amount of HV was minted due to a vulnerability in the conversion verification of Asset June 29 The attacker exploited a vulnerability that allowed the minting of 9 million USD.,2021-06-23 0:00,2021,8186549,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
94,Blizz Finance,REKT and SlowMist,https://de.fi/rekt-database/blizz_finance,https://hacked.slowmist.io/search/,,https://medium.com/@blizzfinance/blizz/finance/post/mortem/2425a33fe28b,, Avalanche lending protocol Blizz Finance tweeted that Chainlink suspended LUNA oracles  allowing several attackers to deposit millions of LUNA and borrow all collateral at $0.1 per Chainlink oracle. Due to the timelock mechanism  the protocol assets are ehausted before the team is suspended. According to DeFi Llama data  the agreement’s TVL was $8.28 million yesterday  and it is now 0. REKT: Blizz Finance protocol has been drained for $8.3M .The exploit occurred due to a drop in the price of the LUNA token. since the minimum price for LUNA on Chainlink was capped at $0.1. when the price fell below this value. users took advantage of the opportunity and made exchanges to their advantage. Victim contract:  https://snowtrace.io/address/02c2e94ce6a4e5110fe230cc03a54efaec7c2445eToken address:  https://bscscan.com/address/00f34919404a290e71fc6a510cb4a6acb8d764b24,2022-05-12 0:00,2022,8300000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
287,Punk Protocol,REKT and SlowMist,https://de.fi/rekt-database/punk_protocol,https://hacked.slowmist.io/search/,,https://medium.com/punkprotocol/punk/finance/fair/launch/incident/report/984d9e340eb,,Punk Protocol  the decentralized annuity protocol  stated that it encountered an attack during the fair launch process  causing a loss of 8.9 million US dollars. Later  the team recovered another 4.95 million US dollars and transferred it to a secure wallet. The Punk Protocol team stated that the attacker found a critical loophole in the investment strategy and etracted more than 8.9 million U.S. dollars of three stable currency assets (USDC  USDT  DAI) from the Forge/CompoundModel module  but a white hat hacker noticed The attacker's intent was reached  so a transaction was eecuted  which was able to recover $4.95 million. The lost funds have been transferred to the Ethereum currency miing platform Tornado.cash  so it is difficult to keep track of them. REKT: The attacker\saddress:  https://etherscan.io/address/01d5a56402425c1099497c1ad715a6b56aaccb72b  The attacker\ssmart contract:  https://etherscan.io/address/01695ce70da4521cb94dea036e6ebcf1e8a073ee6  The white/hat hacker address:  https://etherscan.io/address/03aa27ab297a3a753f79c5497569ba2dacc2bc35a  white/hat hacker smart contract:  https://etherscan.io/address/000000000b2ff98680adaf8a3e382176bbfc34c8f  The missing Modifier in the initialize() function within the CompoundModel code is a root cause of the attack. Because there was no initializer Modifier. the manipulated function was performed despite being connected with an unknown contract: https://etherscan.io/address/01695ce70da4521cb94dea036e6ebcf1e8a073ee6 With the contract address now updated. the attacker was then able to call <u>withdrawToForge()</u>. sending the assets controlled by the CompoundModel directly to the malicious contract. and into their wallet:  https://etherscan.io/ts?a=01d5a56402425c1099497c1ad715a6b56aaccb72b Although the withdrawal mechanisms are protected by the <u>OnlyForge</u> Modifier. the <u>initialize</u>() function had already defined the malicious contract as the <u>forgeAddress</u>. and as such <u>OnlyForge</u> did not detect any abnormality.  Stolen funds were swapped on ETH:  https://etherscan.io/t/060c0757b82e82c9bb3e658d2d5a49e94630d04eb1bd735077ffed4e60e2403b5  Swapped ETH was deposited into the Tornado Cash mier at:  https://bloy.info/ru/ts/calls_from/01d5a56402425c1099497c1ad715a6b56aaccb72b  white/hat hacker started front running:  https://etherscan.io/t/0597d11c05563611cb4ad4ed4c57ca53bbe3b7d3fefc37d1ef0724ad58904742b  $5 million were returned to the Punk Protocol deployer\saddress by the white/hat hacker at:  https://etherscan.io/t/0008dd92f8bcfcee400aed26d13495fbfc8351f9b21289792fc2bb9e771668147  https://etherscan.io/t/0ace7c07695ec1bbf917486c3c81ee7de79c04e0309d4f6a149688463e6f83247,2021-08-11 0:00,2021,8900000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
630,TRADE.IO,REKT and SlowMist,https://de.fi/rekt-database/trade.io,https://hacked.slowmist.io/search/,,(1) https://www.zdnet.com/article/trade/io/loses/7/5mil/worth/of/cryptocurrency/in/mysterious/cold/wallet/hack/ (2) https://ethereumworldnews.com/7/8m/in/cryptocurrency/disappears/from/trade/io/cold/storage/hackers/implicated/,,Trade.io confirmed via their Medium blog that someone or some entity gained access to the assets resulting in over 50 million in Trade (TIO) tokens being stolen from the firm’s cold storage wallets. The 50 million tokens are valued at $7.5 million at the current $0.15 price per TIO. The ongoing investigation has revealed that some of the TIO tokens had made their way to cryptocurrency exchanges Bancor and Kucoin. Kucoin has suspended TIO transactions while Bancor has permanently removed TIO.,2018-10-21 0:00,2018,9000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
710,Moola market,REKT and SlowMist,https://de.fi/rekt-database/moola_market,https://hacked.slowmist.io/search/,,(1) Hackers steal ~$9M from Moola Market?? | by QuillAudits Team | Medium. (2) https://bitcoinist.com/moola/market/hacker/returns/7/8/million/,,Quick SummaryMoola Market was exploited by price manipulation for 9.100.000 USD. The benevolent hacker returned almost all the funds and took the rest as a bug bounty. Details of the exploitMoola Market is a decentralized liquidity protocol running on the Celo chain. The protocol was hacked by price manipulation for 9.100.000 $USD. The hacker used low liquidity on the projects$MOO token to raise the token price and used them and the $CELO coin as collateral to borrow a bigger amount of funds. The benevolent hacker returned all the stolen funds to Moola Marketsmulti/sig wallet and 6.9% of the funds were returned to him as a bug bounty in 700.000 $CELO coins. Block Data ReferenceAttacker address: https://celoscan.io/address/095b5579b323ddc6cd290bd4da6e56ba019588efc Bounty receiver address: https://celoscan.io/address/0562d82dafdc7fb930e040f7c4da31967ded1b1f2 Returning transaction: https://celoscan.io/t/0c3018d2e65bcd7c89d4fa2849017c6169c84c0934ca80c2c8dfd065da90d569d,2022-10-18 0:00,2022,9100000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Lending,P
764,BreedTech,REKT,https://de.fi/rekt-database/breedtech,,,BreedTech / Recherche Twitter / Twitter,,Project BreedTech being Rug pull scamed by the contract owner for ~$9.4M. Price dropped from 11.62$ to 0.0098$. Contract address: https://bscscan.com/address/060B10129E83451b974260918A7A8e5AE3C44512BOwner address: https://bscscan.com/address/020bf1fa34f6b3794455369a9a5b6f9757054b2bb,2022-05-29 0:00,2022,9400000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
192,Arbix Finance,REKT and SlowMist,https://de.fi/rekt-database/arbix_finance,https://hacked.slowmist.io/search/,,https://rekt.news/zh/arbi/rekt/,, Arbi Finance ran away  taking away more than 10 million US dollars. Arbi Finance bills itself as an arbitrage project on BSC  where users can deposit funds in a single asset vault in order to &quot get the best return with low risk&quot . Starting at around 3 am on January 4  the project siphoned users’ funds from the treasury and deleted their websites  Twitter and Telegram accounts. REKT: The addresses involved in the rug pull:  https://bscscan.com/address/04714a26e4e2e1334c80575332ec9eb043b61a2c4  https://bscscan.com/address/0161262d172699cf0a5e09b6cdfa5fee7f32c183d  1. ARB contract has <u>mint</u>() with <u>onlyOwner</u> function  2. 10M ARB were minted to 8 addresses  3. ~4.5M ARB were minted at:  https://bscscan.com/t/04707d30a8d8152eebad1cdcae1d93af24cb9a344b447412ee1d65638b5c3db6f  4. The 4.5M ARB were then dumped by the token recipient  5. Deposited usersassets were drained from several pools. the eample transaction:  https://bscscan.com/t/0fbba507c8e90a264d5e77e5db854f5697572da1681f3647d4fa4381f7ef825b9  6. Stolen funds were bridged to Ethereum on this address:  https://etherscan.io/address/0dc85c1eb22b0ece7be559a83fd788fe57f5a7a9f,2022-01-04 0:00,2022,10000000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
212,SashimiSwap,REKT and SlowMist,https://de.fi/rekt-database/sashimiswap,https://hacked.slowmist.io/search/,,https://sashimisashimi5.medium.com/statement/on/hackers/attack/322ab6a5c31d,,SashimiSwap was attacked due to a logic error in the swap function  and the attacker finally made a profit: 6 261.304 uni  4 466 096 Sashimi and 63 762 usdt  nearly $200 000. REKT : The attackersaddress:  https://etherscan.io/address/0xa8189407a37001260975b9da61a81c3bd9f55908  The transactions behind the attack :  https://etherscan.io/tx/0x713c2ce2cb424eb746083c25b7e48c368bb64f587c2d77b5c474a307a79bf069  https://bscscan.com/tx/0xdf719d2535be32e302c1670a7453bdf648101a43b412e44d9e7e3e3754cc3387  https://hecoinfo.com/tx/0xecde0b3821a8d250810db91d7ef82acced1eaf28324807bdbdfd755537366438  The attacker used a bug in the calculations that are different from Uniswap. Due to fact that all tokens sit in one contract. he escalated it by: / adding two fake tokens / adding liquidity between both tokens and WETH/fake token / swapping between UNI/WETH/fake tokens / removing liquidity  Total funds were stolen: / 80 ETH (Ethereum) / 10.000 DAI (Ethereum) / 45.000 USDT (HECO)  Stolen funds were deposited into Tornado Cash mixer:  https://bloxy.info/txs/calls_from/0xa8189407a37001260975b9da61a81c3bd9f55908?signature_id=994162&amp;smart_contract_address_bin=0x722122df12d4e14e13ac3b6895a86e84145b6967,2021-12-30 0:00,2021,10000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
213,DexTools,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/cobynft/status/1475569815821733894,,On December 28th  according to Twitter user coby.eth  a fake MetaMask governance token was created and launched on the DEXTools platform. The creator of the token used malicious code to make users browse the token information  and a pop/up interface showed that the MASK Token was verified and displayed A forged platform verification mark (blue certification symbol) is displayed. coby.eth stated that after the transaction volume eceeded US$1 million  the token was transformed into a Piiu plate  and users could only buy but not sell. According to browser data  the total transaction volume of this Piiu Pan MASK Token is close to 10 million U.S. dollars  with a total of 642 related transactions and close to 400 addresses.,2021-12-28 0:00,2021,10000000,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,Dapp,P
354,Value DeFi,REKT and SlowMist,https://de.fi/rekt-database/value_defi,https://hacked.slowmist.io/search/,,https://medium.com/valuedefi/vstake/pool/incident/post/mortem/4550407c9714,,Value DeFi stated that at 11:22 on May 5th the attacker reinitialized the fund pool and set the operator role to himself and _stakeToken was set to HACKEDMONEY. The attacker controlled the pool and called governmentRecoverUnsupported () which was ehausted. The original pledge token (vBWAP/BUSD LP). Then the attacker removes 10839.16 vBWAP/BUSD LP and liquidity and obtains 7342.75 vBSWAP and 205659.22 BUSD. Subsequently the attacker sells all 7342.75 vBSWAP at 1inch to obtain 8790.77 BNB and buys BNB and BUSD renBTC through renBridge. Converted to BTC. The attacker made a total of 205 659.22 BUSD and 8 790.77 BNB. The 2802.75 vBSWAP currently in the reserve fund and the 205 659.22 BUSD of the ValueDeFi deployer will be used to compensate all users in the pool. The remaining 4540 vBSWAP can be compensated in the following two ways. The first option is to cast 4540 vBSWAP to immediately compensate all affected users and the other option is to cast 2270 vBSWAP to immediately compensate and the rest will be returned to the contract within 3 months. Value DeFi emphasized that only the vStake profit sharing pool of vBSWAP in bsc.valuedefi.io has received the impression and other fund pools and funds are in a safe state. REKT: The attackersaddress:  https://bscscan.com/address/0ef63ad578e75d498d0723e5420fa1962b1d28764  The attackersactions:  https://bscscan.com/tokentns?a=0ef63ad578e75d498d0723e5420fa1962b1d28764  The attacker: / re/initialized the pool and set the operator role to himself and _stakeToken to HACKEDMONEY:  https://bscscan.com/t/0d3382252bc204fdc32a6b3add8c639850882b70a798399d6e00a542cdf769040  / took control of the pool and called the method <u>governanceRecoverUnsupported</u>() and drained the original stake token (vBWAP/BUSD LP)  / removed 10.839.16 vBWAP/BUSD LP. then removed liquidity and received 7342.75 vBSWAP and 205.659.22 BUSD:  https://bscscan.com/t/09ba0454c2301ad5780795ae7477e9fa7e38226be16cc282158624479e66389b6  / sold all 7342.75 vBSWAP for 8790.77 BNB at 1inch  / used both BNB and BUSD to buy renBTC and use renBridge to move the funds back to BTC. which is laundered to the address:  https://www.blockchain.com/btc/address/1Cm6WGvQ9EgvvW5dRsBE2NvFjfbcVF,2021-05-05 0:00,2021,10000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
421,SharkTron,REKT and SlowMist,https://de.fi/rekt-database/sharktron,https://hacked.slowmist.io/search/,,https://www.fxstreet.com/cryptocurrencies/news/over-400-million-trx-tokens-stolen-by-defi-protocol-sharktron-202011091401,, According to FStreet  the community accused Daniel Wood of the DeFi project based on the Tron blockchain and the anonymous developer of the JustSwap whitelist project SharkTron for running away. Although the specific losses are not yet known  Twitter users reported that they lost 366 million to 400 million TR (worth about 10 million US dollars). The TRON Foundation officially tweeted that it has contacted Binance to jointly track down the stolen funds and related personnel  and that some funds have been frozen by Binance. The TRON Foundation will also cooperate with other exchanges to track stolen funds. In addition  the TRON Foundation recommends that the victims submit a report to the local police. REKT : The contract deployer: https://tronscan.org/#/address/TJTAYhG2EwqWuMF6v1UFP3KqZXX32UBtdz The contract deployer has an ability to call function rrInfo() in staking contract which was designed for the malicious transfer of TRX from it.,2020-11-09 0:00,2020,10000000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
664,Stellar,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.sohu.com/a/304276429_100217347 (2) https://crypto/economy.com/messari/stellar/inflation/bug/2017/exploited/2/25/billion/lm/,,Messari a cryptocurrency research organization announced on the 27th that Stellar s blockchain protocol had an inflation loophole in April 2017. An attacker used the loophole to create 2.25 million LM (worth about 10 million US dollars). This bug was discovered by the Stellar Development Foundation (SDF) and patched after the accident.,2017-03-29 0:00,2017,10000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,CeFi,
672,YOUBIT,REKT and SlowMist,https://de.fi/rekt-database/youbit,https://hacked.slowmist.io/search/,,https://themerkle.com/youbit/hacked/again/closes/its/doors/,,In the wee hours of December 19 Youbit was dealt a death blow in the form of another hack. The exchange which was also hit in April is closing down in the fallout of the most recent attack. As revealed on its website they had been forced to terminate its services after suffering another hack. The hackers ran off with 17% of Youbit’s funds enough to drive the exchange into bankruptcy. REKT: DB Insurance. one of South Korea’s biggest property/and/casualty insurers. has denied the claim of 3 billion won (~USD$2.65 million) by Yapian.  The insurer asserted that Yapian “violated the �advance notice obligation’” which requires the company to disclose important information prior to obtaining insurance. Asia Today eplained. The news outlet added that this information is used to calculate premiums. and quoted a DB Insurance official saying: As the amount of insurance money is large. we epect Yapian to file a lawsuit.  The South Korean exchange filed bankruptcy after allegedly losing 17% of its assets in December of last year due to a cyber attack. The company suffered damage of 17.2 billion won (~$15.2 million) last year. Yonhap recalled. Its bankruptcy filing marked the first for a domestic crypto trading platform. which prompted the South Korean regulators to speed up the passing of regulations on cryptocurrencies.,2017-12-19 0:00,2017,10000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
851,GateHub,REKT,https://de.fi/rekt-database/gatehub,,,(1) GateHub Preliminary Statement. (2) https://cointelegraph.com/news/report/nearly/10/million/in/xrp/stolen/in/gatehub/hack,,The hackers have compromised nearly 100 RP Ledger wallets on cryptocurrency wallet service GateHub. GateHub revealed that it was notified by some of its customers and community members that funds on their wallets had been stolen.  Although the company did not initially identify any nefarious activities on its platform. it began an investigation on the matter. wherein it discovered increased application programming interface (API) calls coming from a small number of IP addresses. This could purportedly be the way the culprit got access to encrypted secret keys.  Community member Thomas Silkjær — &nbsp;one of those who warned GateHub about the breach — published a report on the hack. revealing that:  “On June 1 we were made aware of a theft of 201.000 RP … and immediately started investigation. It turned out that the account robbed was managed through Gatehub.net. and that the offending account (r9do2Ar8k64NgLD6oJoywaQhUS57Ck8k) had stolen substantial amounts from several other RP accounts. likely to be or have been managed through Gatehub.net.”  Silkjær stated that as of June 5. approimately 23.200.000 RP (nearly $9.5 million at press time) were stolen from 80–90 victims. of which around 13.100.000 RP ($5.37 million) had already been laundered through exchanges and mier services.,2019-06-06 0:00,2019,10000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
534,Kraken,REKT and SlowMist,https://de.fi/rekt-database/kraken,https://hacked.slowmist.io/search/,,(1) https://blockonomi.com/bitcoin/flash/crash/kraken/. (2) https://twitter.com/Beetcoin/status/1135199936654565376. (3) https://twitter.com/TraderZeus_/status/1135237801786478592,,"On June 2  Bitcoin flash/crashed on a major Bitcoin trading platform Kraken. The near vertical drop from $11 200 CAD to $100 CAD within moments initially appeared to have resulted from a technical glitch or a fat/fingered trading error by a whale.  In this case  the available evidence suggests a hacker compromised a whale's account  stole 1200 BTC worth $10.45 million on that date  and then dumped this huge amount of BTC into a highly illiquid BTC/CAD marke. REKT: In a matter of seconds. BTC fell to just over $101 Canadian from $11.200 — a jaw/dropping drop of over 99% in the Bitcoin/to/Canadian Dollar (CAD) pair on Kraken.

1. Hacker got access to the compromised account with 1200BTC but can't withdraw
2. Hacker put his own limit of $100 buy orders on illiquid pair BTC/CAD
3. Back to the compromised account he dumped the 1200BTC on BTC/CAD to himself
4. Hacker became a fully legit owner of 1200BTC.",2019-06-02 0:00,2019,10500000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
109,Saddle Finance,REKT and SlowMist,https://de.fi/rekt-database/saddle_finance,https://hacked.slowmist.io/search/,,"Saddle sur Twitter : ""?????? 1/ Update: / The attack has been mitigated and all affected metapools have been paused. User funds are safe. Special th to @BlockSecTeam / We’re tentatively planning to reward ~380k to blocksec for securing the 3.8m in vulnerable funds. pending gov vote"" / Twitter",, DeFi protocol Saddle Finance was attacked  causing the protocol to lose more than $10 million. REKT: >Exploiter address:  https://etherscan.io/address/063341ba917de90498f3903b199df5699b4a55ac0,2022-04-30 0:00,2022,11000000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Exchange,P
349,bEarnFi,REKT and SlowMist,https://de.fi/rekt-database/bearnfi,https://hacked.slowmist.io/search/,,https://bearndao.medium.com/bvaults/busd/alpaca/strategy/exploit/post/mortem/and/bearn/s/compensation/plan/b0b38c3b5540,,The DeFi protocol bEarnFi stated that on May 16 its bVaults BUSD/Alpaca strategy was attacked and nearly 10.86 million BUSD in the pool was ehausted. However the remaining bvault and other pools of the platform are not at risk. At the same time bEarnFi released a rough compensation plan which will create a compensation fund which will consist of the remaining savings funds development funds DAO funds and part of the epenses incurred by the agreement. After that a snapshot of the balance will be taken to deploy compensation contracts. Affected users will receive an additional 5% of their deposit amount. REKT: The attackersaddress:  https://bscscan.com/address/047f341d896b08daacb344d9021f955247e50d089  The transaction of the attack:  https://bscscan.com/t/0603b2bbe2a7d0877b22531735ff686a7caad866f6c0435c37b7b49e4bfd9a36c  The attacker: / borrowed a flash loan from CREAM with 7.804.239.111784605253208456 BUSD. which is returned at the last step with the necessary fee to cover the flash loan cost  / deposited the borrowed funds into BvaultsBank. which are immediately sent to the associated BvaultsStrategy strategy. then to Alpaca Vault for yield. Due to the above deposit. the Alpaca Vault minted 7.598.066.589501626344403426 ibBUSD back to BvaultsStrategy  / farmed with the received 7.598.066.589501626344403426 ibBUSD via the Alpaca FairLaunch  / withdrew the 7.804.239.111784605253208533 BUSD from BvaultsBank. which is interpreted as withdrawing 7.804.239.111784605253208533 ibBUSD. the equivalent of 8.016.006.09792806917101481 BUSD  / the attacker was still depositing 7.804.239.111784605253208533 BUSD into BvaultsBank. cascadingly to BvaultsStrategy. But with the previous leftover from the last step. BvaultsStrategy credited the attacker with 8.016.006.09792806917101481 BUSD. which is used for yield again via Alpaca  / repeated the above steps to continue accumulating the credit and finally eited by draining the pool  / returned the flash loan with 7.806.580.383518140634784418 BUSD.,2021-05-16 0:00,2021,11000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
353,Value DeFi,REKT and SlowMist,https://de.fi/rekt-database/value_defi,https://hacked.slowmist.io/search/,,https://thedefiant.io/22/million/was/stolen/from/three/defi/platforms/last/weekend,,DeFi protocol ValueDeFi is suspected of being hacked again after being hacked on the 5th. ValueDeFi reminds users in the community &quot All non/50/50 transaction pools of the project have been used. Please stop purchasing gvVALUE and vBSWAP until the project team provides a solution.&quot It was subsequently confirmed that more than 3 000 ETH (approimately 10 million U.S. dollars) were lost. REKT: The attack transaction:  https://bscscan.com/t/02fd0aaf0bad8e81d28d0ee6e4f4b5cbba693d7d0d063d1662653cdd2a135c2de  The attacker: / sent a small amount of a second token to pair addresses  / made a swap in which he wanted to withdraw a small amount of the first token and a large amount of the second token  / due to incorrect use of the Bancor formula. the pair contracts consider the swap to be successful (the root of the exploit)  / the attacker swapped the first tokens for the second in the same pool and repeated this operation until the exploit allows it.  Stolen funds:  / 15k BNB/ 2.7k FARM/ 1.7k BASv2/ 8.5M BDO/ 68.3k BUSD/ 41.4k MDG/ 945k VBOND/ 1.2M BAC/ 11k FIRO,2021-05-07 0:00,2021,11000000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Exchange,P
382,Yearn Finance,REKT and SlowMist,https://de.fi/rekt-database/yearn_finance,https://hacked.slowmist.io/search/,,https://twitter.com/iearnfinance/status/1357451290561937408,,Yearn v1 yDAI vault was attacked and the attackers stole 2.8 million US dollars. Banteg the core developer of Yearn finance subsequently stated that the attacker received 2.8 million US dollars and vault lost 11 million US dollars. REKT : The attacker eecuted 11 transactions:  https://etherscan.io/t/059faab5a1911618064f1ffa1e4649d85c99cfd9f0d64dcebbc1af7d7630da98b  https://etherscan.io/t/0f6022012b73770e7e2177129e648980a82aab555f9ac88b8a9cda3ec44b30779  The attacker: / flash loaned 116k ETH from dYd  / flash loaned 99k ETH from Aave v2  / borrowed 134M USDC and 129M DAI using ETH as collateral on Compound  / added 134M USDC and 36M DAI to the 3crv Curve pool  / withdrew 165M USDT from 3crv Curve pool.  Repeated five times:  &nbsp; &nbsp; / deposited 93M DAI to yDAI vault (less w/ each time)  &nbsp; &nbsp; / added 165M USDT to 3crv pool  &nbsp; &nbsp; / withdraw 92M DAI from yDAI vault (less w/ each time)  &nbsp; &nbsp; / withdraw 165M USDT from 3crv pool  / in the last time withdrew 39M DAI and 134M USDC instead of USDT  / repaid Compound debts  / repaid flash loans.,2021-02-04 0:00,2021,11000000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
407,EXMO,REKT and SlowMist,https://de.fi/rekt-database/exmo,https://hacked.slowmist.io/search/,,(1) https://www.coindesk.com/markets/2020/12/22/emo/exchange/now/says/it/lost/6/of/total/crypto/assets/in/mondays/hack/. (2) https://info.exmo.com/en/notifications/exmo/security/incident/update/,," A major security breach in the British cryptocurrency exchange Exmo has caused the platform to freeze all withdrawals. Since EMO has a separate server for each cryptocurrency  the hacking only affected si cryptocurrencies  BTC  RP  ZEC  USDT  ETC  and ETH  and the affected assets were equivalent to 6% of the company  s total assets. According to The Block research analyst Igor Igamberdiev  EMO seems to have lost $10.5 million in funds. The exchange provided a list of stolen coins and their addresses  and analysis showed that most of the funds had been sent to Polonie. The lost coins include Bitcoin (BTC)  Ethereum (ETH)  RP  Ethereum Classic (ETC)  Tether (USDT) and Zcash (ZEC).It was reported on December 25 that the hackers who attacked Emo had withdrawn $4 million of stolen funds through Polonie. REKT: EXMO has spotted some large withdrawals since December 21st at 2:27:02 UTC. According to the security audit report. some BTC. XRP. ZEC. USDT. ETC. and ETH in EXMO's hot wallets were moved out of the exchange. Hot wallets were re/deployed by EXMO. The impacted hot wallets account for about 5% of total assets. The hackers were able to withdraw stolen funds to these addresses:

BTC — 1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq

USDT (ERC20) — 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce

ETH — 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce

BCH — qrfrw5q9gag2vp6jc5nlx0haplm2jlhx9vsvxd9u3e

ZEC — t1StUQiw1YyHT515xDxwxjfhEcw2iGSq2yL

XRP — rwU8rAiE2eyEPz3sikfbHuqCuiAtdXqa2v (tag 2033412069)

ETC — 0x4d9EF6846126Da2867AF503448be0508542C971e",2020-12-21 0:00,2020,11700000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
350,EOS vaults.sx,SlowMist,,https://hacked.slowmist.io/search/,,https://cmichel.io/eos/vault/s/hack/,,According to previous news starting from 11:28 UTC on May 14th the flash.s flash loan smart contract suffered a re/entry attack vulnerability and approimately 1.2 million EOS and 462 000 USDT were stolen. According to official sources after EOS Nation's Lightning Loan was hacked the project party initiated a proposal to directly change the hacker's EOS account permissions and return the assets. It is reported that the proposal initiated by the project party changed the hacker address authority to BP which will be eecuted after approval.,2021-05-14 0:00,2021,11742000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Yield,CP
180,AFKSystem,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/RugDocIO/status/1436440692021157895,,According to Rugdoc  AFKSystem rug all of their vaults for a combined profit of around $12 million. Although AFKSystem has severely cut their governance authority. But they still retain an important privilege / changing the routers that sell the harvested tokens.,2022-01-19 0:00,2022,12000000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
251,Saturnbeam,REKT and SlowMist,https://de.fi/rekt-database/saturnbeam,https://hacked.slowmist.io/search/,,https://www.reddit.com/r/CryptoCurrency/comments/q5byhb/sat_saturnbeam_just_got_Rug pull scamed_they_were/,,The IDO project SaturnBeam of MoonSwap  a decentralized exchange on the Moonriver chain  ran away  and MoonSwap tweeted a warning that SaturnBeam would refund the money within 24 hours.,2021-10-24 0:00,2021,12000000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Exchange,P
1106,Defrost Finance,REKT,https://de.fi/rekt-database/defrost_finance,,,(1) https://twitter.com/Defrost_Finance/status/1607382811148800001?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1607382811148800001%7Ctwgr%5E4575898ef4f70ea1616a69679701b17c45a2f36f%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcryptoslate.com%2Fdefrost-finance-says-it-has-recovered-lost-funds-worth-12-million-from-hacker%2F. (2) https://twitter.com/PeckShieldAlert/status/1606276020276891650?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1606276020276891650%7Ctwgr%5E4575898ef4f70ea1616a69679701b17c45a2f36f%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcryptoslate.com%2Fdefrost-finance-says-it-has-recovered-lost-funds-worth-12-million-from-hacker%2F. (3) https://twitter.com/peckshield/status/1606767457099993088,,"Quick Summary
Defrost has been hacked with losses reaching $12M. The protocol’s V1 and V2 have been affected.
There are suspects the attack was an insider job.


Details of the Exploit
On December 23th 2022. Defrost reported they had been exploited due to missing reentarncy lock in flashloan() and deposit() functions. As a result. the share price of LSWUSDC was manipilated and approximately $173K were gained by the attacker.
Later on. it was revealed that the protocol’s vaults have been exploited as well: a fake collateral token was added. and though calling the setOracleAddress() function. the price oracle was replaced with a malicious one leading to liquidations of user collaterals in Defrost’s vaults. The loss estimation is $12M.

The risk of user funds liquidations in case of replacing oracle to a malicious one was reported by Defiyield in its audit: 
https://defiyield.app/audit-database/defiyield/defrost_finance  
 
Block Data Reference
The attacker address:
https://snowtrace.io/address/0x7373dca267bdc623dfba228696c9d4e8234469f6
 
The exploit transaction:
https://snowtrace.io/tx/0xc6fb8217e45870a93c25e2098f54f6e3b24674a3083c30664867de474bf0212d 
 
An example transaction of the oracle replacement: 
https://snowtrace.io/tx/0x34eb46f498c418285323e6e146ae84ea836e49822fa254c865f59d650261c3dd 
 
UPD
On December 26th. the Defrost team reported the stolen funds had been returned. and they are going to check onchain what users have been affected in order to send them their funds back. ",2022-12-23 0:00,2022,12000000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
412,Compounder.Finance,REKT and SlowMist,https://de.fi/rekt-database/compounder.finance,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/209456.html,,At 3:00 pm on December 1st Beijing time the security technical team discovered through Skynet that the Compounder.Finance project located at the address of 00b283b107f70d23250f882fbfe7216c38abbd7ca has undergone multiple large/value transactions. After verification it was found that these transactions were internal operations of Compounder.Finance project owners transferring a large number of tokens to their own accounts. According to statistics Compounder.Finance eventually lost a total of about 80 million yuan worth of tokens. REKT: The contract deployer invoked <u>inCaseTokensGetStuck</u>() function to transfer funds from the StrategyController smart contract onto his wallet in the following transactions:  https://etherscan.io/t/057c61df91e46b191424bfdd9223f277457a07999b58420e3b540059aad3fc7fe  https://etherscan.io/t/010d245e61e76c7bf44257985789463ed89f624a0d5ffc45cfa671b16a7113d77  https://etherscan.io/t/00763afe207015ed7c1aa8858d2c092cf7b6a20397f2408bff20b044ef1901822  https://etherscan.io/t/0f94de5a083f16700f4d26ec8ca3e03dc01889a54f472bf630079c54a77f033e6  https://etherscan.io/t/018e0efcaabe64299666fd78bb33dae2a4b25c6f11b469fc0498db714970cacfa  https://etherscan.io/t/0744c51b4544c76be384197a8c089271dfcbd207d67bad6d2f8907dd7d4d852e5  https://etherscan.io/t/09c75f70670d94e6d37f60a585f9b57d13193998d64866f720489efbea4809056  Stolen funds were deposited into Tornado Cash mier to hide the traces:  https://bloy.info/ts/calls_from/0079667f4f7a0b440ad35ebd780efd216751f0758?signature_id=11062&amp;smart_contract_address_bin=0a160cdab225685da1d56aa342ad8841c3b53f291,2020-12-01 0:00,2020,12326985,Internal theft,Unauthorized use of private key,Human risk,Target,Yield,CP
266,pNetwork,REKT and SlowMist,https://de.fi/rekt-database/pnetwork,https://hacked.slowmist.io/search/,,https://twitter.com/pNetworkDeFi/status/1439690593211490324,,The cross/chain protocol pNetwork released an analysis report in response to the previous attack that resulted in the theft of 277 BTC  stating that at 17:20 UTC on September 19  2021  the pNetwork system was attacked by hackers who attacked multiple pToken bridges. Including pBTC/on/BSC  TLOS/on/BSC  PNT/on/BSC  pBTC/on/ETH  TLOS/on/ETH and pSAFEMOON/on/ETH. However  hackers only cross/chain bridges in pBTC/on/BSC The attack was successful and 277 BTC were stolen from the pBTC/on/BSC collateral. Other pToken bridges were not affected and the funds were safe. REKT: The attackersaddress:  https://bscscan.com/address/02bf5693dd3a5cea1139c4510fdce120cf042c934  The hacker performed the attack against multiple pTokens bridges. However. only the pBTC/on/BSC cross/chain bridge was affected. and as a result. 277 BTC were stolen from the pBTC/on/BSC collateral.  The first exploit transaction:  https://bscscan.com/t/00eb55e02bce39ec1d2d2e911eca7dcca54e74841b53412c078185e43c5a2a551  The attacker was funded with BNB from Binance exchange wallet to cover gas fees for the deployment of the contracts with the malicious logic inside:  https://bscscan.com/t/023db0ee27e10517dea0659a743fd6df92d482ad6796851c71127e5049e7bbd88  These smart contracts created a series of event logs: one of those being a legit peg/out request. while the others were faulty peg/out requests emitted by the attacker’s smart contracts rather than from the pToken ones. Due to a bug in the section of the Rust code in charge of extracting these log events. both the legitimate and the faulty logs were extracted and erroneously processed.  BTC addresses. which belong to the Exploiter:  https://pastebin.com/raw/bAquZVws,2021-09-19 0:00,2021,12700000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Bridge,INT
167,Superfluid,REKT and SlowMist,https://de.fi/rekt-database/superfluid,https://hacked.slowmist.io/search/,,https://medium.com/superfluid/blog/08/02/22/exploit/post/mortem/15ff9c97cdd,,The QI Vesting contract on the streaming digital asset protocol Superfluid has been exploited by an attacker by passing in incorrect call data. This vulnerability allows the attacker to transfer funds from Superfluid user wallets to exchanges on Polygon and exchange them for ETH. REKT: The attackerswallet:  https://polygonscan.com/address/01574f7f4c9d3aca2ebce918e5d19d18ae853c090  The transaction behind the exploit:  https://polygonscan.com/t/0f9b4a3a64861e9feb27e21f3fc9c85e6d2851b8a097c71910585e3d7f374d8d8  On February 8. 2022. an attacker exploited Superfluid’s host contract by passing in faulty calldata. which allowed them to create distribution indees spoofing several different accounts that held Super/tokens. This vulnerability enabled the attacker to move funds from Superfluid user wallets to exchanges on Polygon and swap to ETH. The funds currently sit in the attacker’s wallet.In total. 11.008 MATIC. 1.507.931 MOCA. 28 ETH. 39.357 sdam3CRV. 19.387.874 QI. 44.581 SDT. 23.653 STACK and 562.834 USDC were stolen by the attacker. At the time of writing. over 2.700 ETH is sitting in the attacker’s wallet. as well as 500.000 MOCA.   https://polygonscan.com/t/0f9b4a3a64861e9feb27e21f3fc9c85e6d2851b8a097c71910585e3d7f374d8d8  <u>callAgreement</u>() function was exploited by replacing bytes memory callData parameter. This parameter contains ct value which can be decoded to get such properties: timestamp. msgSender. agreementSelector. userData. appAllowanceGranted. appAllowanceWanted. appAllowanceUsed. appAddress. appAllowanceToken. Ct was replaced with the fake one. so the attacker was able to drain all SuperToken contract funds.  Draining funds to the attacker contract:  https://polygonscan.com/t/0396b6ee91216cf6e7c89f0c6044dfc97e84647f5007a658ca899040471ab4d67  Transferring tokens to the attackersEOA:  https://polygonscan.com/t/0dee86cae2e1bab16496a49b2ec61aae0472a7ccf06f79744d42473e96edd6af6  Tokens were swapped on WETH:  https://polygonscan.com/t/0554f5688fb8d31bcd9affc90d16f0326a8d09b0469dbb581580c7187201ef6ba  https://polygonscan.com/t/0dc38b83472b480d78186b1437a3e1c4a9154c8e1649a99fbbaeeb015aae8c770  https://polygonscan.com/t/0741908f9707d9dd3a52525380d69f9e74a26d52350308227b84c3ad2db45449f etc...,2022-02-08 0:00,2022,13000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
724,Team Finance,REKT and SlowMist,https://de.fi/rekt-database/team_finance,https://hacked.slowmist.io/search/,,Attacker Behind $14.5M Team Finance exploit Returns $7M (coindesk.com),,Quick SummaryTeam Finance was hacked for 13.073.700 $USD due to a migration functionality exploit. The stolen funds currently remain on the attackersEOA address. Details of the exploitTeam Finance is a DeFi platform providing secure token/locking opportunities. The projectsvault smart contract was exploited due to the vulnerability of a migration functionality. The hacker used a deployed smart contract with unverified source code to withdraw 13.073.700 $USD worth of assets from the projectsvault. All the stolen funds currently remain in the attackerssecond EOA address. Block Data ReferenceAttacker addresses: https://etherscan.io/address/0161cebb807ac181d5303a4ccec2fc580cc5899fd https://etherscan.io/address/0ba399a2580785a2ded740f5e30ec89fb3e617e6e Malicious contract: https://etherscan.io/address/0cff07c4e6aa9e2fec04daaf5f41d1b10f3adadf4 Malicious transaction: https://etherscan.io/t/0b2e3ea72d353da43a2ac9a8f1670fd16463ab370e563b9b5b26119b2601277ce,2022-10-27 0:00,2022,13073700,Contract vulnerability,Undetermined,Technical vulnerability,Target,Staking,CP
375,Furucombo,REKT and SlowMist,https://de.fi/rekt-database/furucombo,https://hacked.slowmist.io/search/,,Transaction batching protocol Furucombo suffers $14 million ‘evil contract’ hack (cointelegraph.com),,The agent of the DeFi platform Furucombo was attacked and the amount stolen amounted to more than 15 million U.S. dollars. The DeFi aggregation platform Furucombo officially released a tweet saying: The root cause has been found and the vulnerability has been patched. The funds are now safe. We are investigating the stolen funds and organizing follow/up actions. The follow/up will continue to be updated. Later Furucombo stated that it would issue 5 million iouCOMBO tokens to affected users. REKT: The attackersaddress:  https://etherscan.io/address/0b624E2b10b84a41687caeC94BDd484E48d76B212  The transaction behind the attack:  https://etht.info/mainnet/05af11a27e98a167b61b01fea093cf612d5ec76c20fd2032f2d1aa49c8b1ee529/  The contract with the malicious implementation:  https://etherscan.io/address/086765dde9304bea32f65330d266155c4fa0c4f04  The attacker made the Furucombo proy contract think that Aave V2 had a new implementation. The new implementation had the ability to transfer all approved tokens to addresses controlled by the attacker. as users had approved the Furucombo contracts to use their tokens on their behalf.  Stolen tokens:  / 3.9k stETH/ 2.4M USDC/ 649k USDT/ 257k DAI/ 26 aWBTC/ 270 aWETH/ 296 aETH/ 2.3k aAAVE/ 4 WBTC/ 90k CRV/ 43k LINK/ 7.3k cETH/ 17.2M cUSDC/ 69 cWBTC/ 142.2M BAO/ 38.6k PERP/ 30.4k COMBO/ 75k PAID/ 225k UNID/ 342 GRO/ 19k ND,2021-02-27 0:00,2021,14000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
883,Inverse Finance,REKT,https://de.fi/rekt-database/inverse_finance,,,"Inverse+ sur Twitter : ""We are currently addressing the situation please wait for an official announcement."" / Twitter",,Inverse Finance has been exploited for ~$14.5M worth of asset loss. The reason for the attack was the price manipulation of �External price oracle. The attacker purchased INV tokens. and with the help of price manipulation overestimated the price of it. which allowed the attacker to borrow 1588 ETH. 94 WBTC. 3999669 DOLA and 39 YFI. which significantly eceeded their initial INV investment. Attack step by step:1) Attacker deployed malicious smart/contract at this address:  https://etherscan.io/address/0ea0c959bbb7476ddd6cd4204bdee82b790aa1562. and swapped INV/INV using SushiSswap and Curve.fi to manipulate price:  https://etherscan.io/t/020a6dcff06a791a7f8be9f423053ce8caee3f9eecc31df32445fc98d4ccd83652) Due to the small liquidity of SushiSwap on the INV/ETH pair. the exchange for 300 ETH was enough to change the price of the INV token.3) Then the attacker deposits the funds in INV received at the preparation stage and mints 1746 INV tokens. The INV price is calculated of INV from SushiSwap INV/ETH pair.4) With the rise in the price of INV. the attacker was able to borrow assets using minted INV tokens. Exploiter addresses:&nbsp;1)  https://etherscan.io/address/08b4c1083cd6aef062298e1fa900df9832c8351b32)  https://etherscan.io/address/0117c0391b3483e32aa665b5ecb2cc539669ea7e9Exploiter contract:  https://etherscan.io/address/0ea0c959bbb7476ddd6cd4204bdee82b790aa1562,2022-04-02 0:00,2022,14500000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
199,Starstream Finance,REKT and SlowMist and ChainSec,https://de.fi/rekt-database/starstream_finance,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,"(1) Agora DeFi sur Twitter : ""Update on the @starstreamfin exploit and STARS being used as collateral on Agora to borrow assets. ?? / Starstream's new distributor treasury had a bug that allowed the hacker to drain treasury funds along with their blackhole vault."" / Twitter. (2) https://halborn.com/eplained/the/starstream/and/agora/hack/april/2022/. (3) https://coincodecap.com/starstream/finance/hacked/around/4m/stolen",,Agora was attacked and lost over $4 million. CRYPTOSEC: “Starstream Finance had their treasury drained in an exploit and has advised anyone holding funds in AgoraDefi to withdraw them. The Team has announced this incident on their official Discord.” — CoinCodeCapREKT: >As the time of this writing information on this case is scarce. More sources will be added if the case should develop. Block Data ReferenceAttacker addresses:ETH:  https://etherscan.io/address/0ffd90c77eaba8c9f24580a2e0088c0c940ac9c48METIS:  https://andromeda/eplorer.metis.io/address/0FFD90C77eaBa8c9F24580a2E0088C0C940ac9C48/transactions 0 exchange proy transaction:  https://etherscan.io/t/0d72b46cf015e43df4be3d1daa1685fa2ec7158dcfd121f57b6dc2279a358858d Tornado.cash deposit eample transactions: https://etherscan.io/t/04f112e1077ec4199b1f73420f3573d6f07b095cb9fa53e4d951cc3a04f28125d https://etherscan.io/t/080a3aad3b5a10317fec1d3e3d0ededb6095e50843a8ebe961461724167bf15d0&nbsp; https://etherscan.io/t/0596cdfe19961b50975b0aac8776be65d5cb92fca6ef31d9bee541acf1226aca6,2022-04-07 0:00,2022,15000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
820,Electrum (3),REKT,https://de.fi/rekt-database/electrum_(3),,,,,Two additional Electrum wallet users have reported their Bitcoin holdings as stolen. One of the wallet users reportedly suffered a 1.400 BTC loss.  In the GitHub post. the user said: “I foolishly installed the old version of the electrum wallet. My coins propagated. I attempted to transfer about 1 BTC however was unable to proceed. A pop/up displayed stating I was required to update my security prior to being able to transfer funds. I installed the update which immediately triggered the transfer of my entire balance to a scammers address.”,2020-08-30 0:00,2020,15000000,Instant user deception,Fake ads/pop ups,Imitation,Intermediary,Other systems,
823,Eminence Finance,REKT,https://de.fi/rekt-database/eminence_finance,,,https://www.coindesk.com/tech/2020/10/01/defi/degens/hit/hard/by/eminence/exploit/will/be/partially/compensated/,,The transaction behind the attack:  https://etherscan.io/t/03503253131644dd9f52802d071de74e456570374d586ddd640159cf6fb9b8ad8  The attacker:  https://etherscan.io/address/0223034edbe95823c1160c16f26e3000315171ca9  Eminence Finance (ticker EMN) is an unreleased project under construction by Yearn�s Andre Cronje. Its smart contracts were deployed without announcement and quickly discovered by the community.  For Eminence. users would deposit DAI into the smart contract and receive EMN in return. If the EMN is sent to the smart contract. it is burned and the user receives DAI in return.  You could also exchange EMN for five other tokens (eAAVE. eLINK. eYFI. eSN and eCRV. all Eminence wrapped versions of the popular tokens with the same tickers). Doing so would burn the deposited EMN. Inversely. if you deposit these tokens into their respective bonding curve contracts. it is burned and you receive newly minted EMN.  To exploit these contracts. the attacker took out a flash loan for 15 million DAI from Uniswap and used this to buy EMN. He then traded and burned half this EMN for eAAVE. driving up EMN’s price. From here. he traded the rest of his EMN for DAI. traded his eAAVE to mint more EMN and then finally traded this EMN for DAI.  This process was repeated three times to net the hacker 15.015.533 DAI.  8M DAI were returned back to the Yearn deployer at:  https://etherscan.io/t/07bc97357364222207f1f011b22ad98ba78fcd3c25d3398346caa3928cdf4a4dd,2020-09-29 0:00,2020,15113001,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Dapp,P
165,Dego Finance,REKT and SlowMist,https://de.fi/rekt-database/dego_finance,https://hacked.slowmist.io/search/,,https://degofinance.medium.com/to/dego/community/summary/of/the/event/after/a/thorough/investigation/and/efforts/5315a98d9984,https://mirror.xyz/0xaB265E6124dedE46C85336e720521209d51E403e/gnhOffpQBoD7XRepsBiG8o-hQpH-ZRIzY-KS6tby4rM,Dego Finance  an NFT and DeFi aggregator  announced that it was hacked  and now the DEGO liquidity on UniSwap and PancakeSwap has been ehausted. REKT: The hacker compromised the contract deployer's key. As a result. the hacker withdrew and transferred all funds on his External wallet and removed liquidity.,2022-02-19 0:00,2022,15444277,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
352,Rari Capital,REKT and SlowMist,https://de.fi/rekt-database/rari_capital,https://hacked.slowmist.io/search/,,https://medium.com/rari/capital/5/8/2021/rari/ethereum/pool/post/mortem/60aab6a6f8f9,,DeFi robo/advisor agreement Rari Capital stated on Twitter that its ETH fund pool had a vulnerability caused by the integration of the Alpha Finance Lab protocol which was attacked. The rebalancer has now removed all funds from Alpha. The team stated that it is still investigating and evaluating and a full report will be released in the future. Data shows that about 14 million U.S. dollars of funds were transferred by the attackers. The Alpha Finance team stated that the funds on Alpha Homora are safe. In this attack the address of Rari Capital had previously attacked Value DeFi on the Binance Smart Chain. REKT : The attackersaddress:  https://etherscan.io/address/0xcb36b1ee0af68dce5578a487ff2da81282512233  The transactions behind the attack:  https://bloxy.info/txs/calls_from/0xcb36b1ee0af68dce5578a487ff2da81282512233?signature_id=1286331&amp;smart_contract_address_bin=0x67b66c99d3eb37fa76aa3ed1ff33e8e39f0b9c7a  The attacker: / flash loaned ETH from dYdX  / deposited ETH into the Rari Capital Ethereum Pool  / manipulated the value of <u>ibETH.totalETH</u>() by pushing it artificially high  / withdrew more ETH from the Rari Capital Ethereum Pool than the attacker deposited because the Rari Capital Ethereum Pool’s balances are artificially inflated (because <u>ibETH.totalETH</u>() is artificially inflated)  / at the end of <u>ibETH.work</u>. the value of <u>ibETH.totalETH</u>() returns to its true value. leading the Rari Capital Ethereum Pool’s balances to values lower than they were before the attack as a result of the attacker withdrawing more than they deposited while their balance was artificially inflated.  Stolen funds were deposited into the Tornado Cash mixer at multiple transactions:  https://bloxy.info/txs/calls_from/0xcb36b1ee0af68dce5578a487ff2da81282512233?signature_id=994162&amp;smart_contract_address_bin=0x722122df12d4e14e13ac3b6895a86e84145b6967,2021-05-08 0:00,2021,15723948,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
257,Indexed Finance,REKT and SlowMist,https://de.fi/rekt-database/indexed_finance,https://hacked.slowmist.io/search/,,https://ndfi.medium.com/indeed/attack/post/mortem/b006094f0bdc,,Indexed Finance  a passive income agreement  was attacked  and the affected fund pools included DEFI5 and CC10. After the vulnerability was discovered  it triggered protection measures including DEGEN  NFTP  and FFF (including DEFI5 and CC10) fund pools  and was frozen. About half an hour ago  Indeed Finance officially stated that the root cause of the attack has been determined. The two inde token fund pools  DEGEN and NFTP  have resumed normal operation  while the FFF pool is still in a frozen state. Officials stated in Discord that the damage caused by this attack was about 16 million U.S. dollars. REKT: The attacker\saddress:  https://etherscan.io/address/0ba5ed1488be60ba2facc6b66c6d6f0befba22ebe  The Exploiter contract:  https://etherscan.io/address/0fbc2e6b188013fc5eacd9944e6b8ced2c467464a  The attacker\saddress was funded via Tornado Cash:  https://etherscan.io/address/0ba5ed1488be60ba2facc6b66c6d6f0befba22ebe#internalt  The attack targeted the DEFI5 inde token at:  https://etherscan.io/t/044aad3b853866468161735496a5d9cc961ce5aa872924c5d78673076b1cd95aa  and CC10 inde token at:  https://etherscan.io/t/0bde4521c5ac08d0033019993b0e7e1d29b1457e80e7743d318a3c27649ca4417  The attacker used flash loans of the other assets in the pool to buy out UNI. decreasing the etrapolated value due to the delay in updating UNI’s weight decrease.  As the pool does not enable swaps to transfer more than 1/2 of the pool\seisting balance in a token or acquire more than 1/3 of the pool\sbalance in a token. this was done gradually. The controller valued the pool at 29.851 SUSHI ($300k) after eecuting the <u>updateMinimumBalance&nbsp;</u>function with the gamed pool value. despite the pool receiving nearly a hundred million dollars worth of other assets.  Once prepared. the attacker may deposit tiny quantities of SUSHI into the pool. resulting in a massively inflated quantity of DEFI5 tokens.  Approimately $156m worth of flash swaps in UNI. AAVE. COMP. CRV. MKR. SN were used for dumping tokens in the pool. minting new DEFI5 tokens. and after that burned the DEFI5 for all of the underlying assets.  The same scenario was used for CC10 inde pool. ,2021-10-14 0:00,2021,16000000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Dapp,P
1126,Flare Token,REKT,https://de.fi/rekt-database/flare_token,,,(1) https://unchainedcrypto.com/rug-pull-or-exploit-17m-drained-from-flare-token/. (2) https://twitter.com/peckshield/status/1591855088724852737. (3) https://mobile.twitter.com/BeosinAlert/status/1593089012503547906,,"Quick Summary
Flare Token was possibly rugpulled. An EOA address was able to remove funds from the PancakeSwap pool for a total of 17.010.503 $USD after claiming roughly 4.000.000.000 $FLARE tokens from a vault contract.

Details of the Exploit
Flare Token is a BEP20 token trading on PancakeSwap and can't be confused with Flare Network with the $FLR token symbol. An EOA address called a withdrawProfit() function on a contract with an unverified source code and received 3.973.277.600 $FLARE tokens. The part of the claimed tokens was used to perform a swap and drain of liquidity. The exploiter profited 17.010.503 $USD and transferred funds to another EOA address.

Block Data Reference
Scammer addresses:
https://bscscan.com/address/0xa0a613ca05daa8e8f43130a53be09bbd1a53d898
https://bscscan.com/address/0xE55D77F74Ea9335d3a83A673f83f38527a68Eb20

Malicious transaction:
https://bscscan.com/tx/0xa09135020bb1271ff684db407783a52163c31c7255955cec1e83fc68a751c027
Liquidity drain transaction:
https://bscscan.com/tx/0x2af9b1c4f4b063a31babe75d0a7ef711e063d7ecb10cb0ecd6f572c8971c1d51",2022-11-13 0:00,2022,17010503,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
554,Cryptopia,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://thespinoff.co.nz/business/28/05/2019/how/new/zealand/company/cryptopia/lost/over/20/million/from/a/hack (2) https://www.police.govt.nz/news/release/police/making/progress/crypto/currency/investigation,,From January 13th to 14th a huge amount of unauthorized cryptocurrency transfer occurred in Cryptopia which was suspected of being stolen. On January 15 the exchange posted a tweet claiming that it was hacked and 28 773 ETH was stolen. After that on January 30th the exchange eperienced another security breach stolen 1 675 ETH. On May 15 Cryptopia announced that it would enter the liquidation process.,2019-01-14 0:00,2019,17500000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
819,Electrum (2),REKT,https://de.fi/rekt-database/electrum_(2),,,,,Reddit user u/normal_rc said that the Electrum wallet was hacked. and someone maliciously stole nearly 250 bitcoins (243.6 BTC. nearly $1 million). Electrum later confirmed that the attack involved creating a fake version of the wallet that tricked users into providing password information. Electrum responded on Twitter that this is an ongoing phishing attack against Electrum users and reminded users not to download Electrum from any source other than the official website.,2020-01-19 0:00,2020,17700000,Instant user deception,Evil twin site,Imitation,Intermediary,Other systems,
110,Deus Finance,REKT and SlowMist,https://de.fi/rekt-database/deus_finance,https://hacked.slowmist.io/search/,,(1) https://twitter.com/peckshield/status/1519530463337250817. (2) https://twitter.com/DeusDao/status/1519574219419496449,, Fantom/based decentralized derivatives protocol DEUS Finance was attacked  and the hackers made about $13.4 million in profit. The hack utilized a flash loan/assisted manipulation of price oracles read from the StableV1 AMM/USDC/DEI pair  and then used the manipulated collateral DEI price to borrow and drain the pool. REKT: DEUS Finance was exploited due to the flash loan with further Muon VWAP price oracle and on/chain oracle manipulation.,2022-04-28 0:00,2022,17900000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Derivatives,P
188,Lympo,REKT and SlowMist,https://de.fi/rekt-database/lympo,https://hacked.slowmist.io/search/,,(1) https://medium.com/lympo/official/lympo/statement/to/the/community/914d6b453b1f. (2) https://twitter.com/PeckShieldAlert/status/1480536834409054208,,"Sports NFT platform Lympo suffered a hot wallet security breach  losing 165.2 million LMT tokens worth $18.7 million in the hack. Ten different project wallets were compromised in the attack. Quotes show that the LMT price plummeted 92% to $0.0093 after hackers moved and sold the loot in the project's hot wallet. REKT: On 10 January 2022 at approximately 2:32 PM (UTC +2). hackers managed to gain access to Lympo’s operational hot wallet and stole a total of approximately 165.2 million LMT from it. The following wallets were compromised during the hack:

https://etherscan.io/address/0x5d32b87a43a2bd1f7df209d2f475b165d2c09e24
https://etherscan.io/address/0x526232f70b97938e19394e57bc5ee1d5d929074e
https://etherscan.io/address/0xb0a60eba24f6cf18cfded0672c5c7a7529dcc342
https://etherscan.io/address/0x934dd62782bfe4a8e3f096e014266e5f5adc1b2a
https://bscscan.com/address/0x877eecc3ae4bb28f048c16cd65a44cde025345a1
https://etherscan.io/address/0x36d97147cf8e1b75254748cf0a102316fcc61697
https://etherscan.io/address/0xa432c0081307733e801ea7877e725f4e0adfbbff
https://etherscan.io/address/0x4b936321b0e3e2d919412502b6ada09e9b7d484b
https://etherscan.io/address/0x75912da145ca00092af317f8c3a84073a5665256

Hackers distributed tokens to several external addresses which then sold them on different DEXs. The example transaction:
https://etherscan.io/tx/0x4e476c490e5e6c0ce1de8bffeca0121b88a7bb28d272720a294fe2af124d1742",2022-01-10 0:00,2022,18500000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Dapp,P
1138,Pando,REKT,https://de.fi/rekt-database/pando,,,"Pando sur Twitter : ""Pando Rings is hacked by someone. We hope to negotiate with the hackers to return some of the funds. here is the ETH addrs for receiving refund: 0xfB42824eda8b29873839e6d89FEc2857c1a4E2dF"" / Twitter",https://pando.im/news/2022/2022-11-06-alert-to-pando-community-hack-of-pando-rings/. https://www.immunebytes.com/blog/pando-rings-hack-nov-5-2022-detailed-analysis/,"Quick Summary
Pando Network was used to steal 18.577.305 $USD in $ETH and $BTC. It seems like the hacker compromised the private key of the project's wallets on both chains.
Details of the Exploit
Pando is a decentralized network based on MTG technology. The project was exploited to steal 5128 $ETH and 11.107.488 in stablecoins from the Ethereum chain. and 83.5 $BTC from the Bitcoin chain. It seems like the hacker compromised the private keys of the wallets. as stealing transactions were just direct transfers. The stolen funds remain at the attacker's original addresses at the moment.

Block Data Reference
Attacker addresses:
https://etherscan.io/address/0xd3f04cE2d37b182432e2f804F9913a02071CEa54
https://www.blockchain.com/btc/address/bc1qjnsx0sdxksh4w2azwu5ngr8sax46vcu52ljfcx",2022-11-05 0:00,2022,18577305,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Exchange,P
756,Bithumb,REKT and SlowMist,https://de.fi/rekt-database/bithumb,https://hacked.slowmist.io/search/,,(1) Crypto exchange Bithumb Hacked for $13 Million in Suspected Insider Job / CoinDesk. (2) https://www.zdnet.com/article/bithumb/cryptocurrency/exchange/hacked/a/third/time/in/two/years/,,Bithumb detected abnormal withdrawals through their monitoring system. The exchange noted that they have “secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service . The incident was an “accident involving insiders.” In its updated blog post. Bithumb pointed out that it was the exchange’s fault that it only focused on protection from outside attacks and did not verify its staff. The exchange’s EOS hot wallet started sending EOS to the attacker’s address yesterday until the company realized the attack was ongoing and started to move the funds to the cold storage wallet. which seemingly has not been compromised: The attacker\saddress: https://bloks.io/account/ifguz3chmamg The exchange hot wallet: https://bloks.io/account/g4ydomrhege Bithumb claimed about $14m recovery: https://www.econotimes.com/Bithumb/claims/recovery/of/14M/in/hacked/cryptocurrencies/1396613,2019-03-29 0:00,2019,19200000,Internal theft,Undetermined,Human risk,Target,CeFi,
718,Pickle Finance,REKT,https://de.fi/rekt-database/pickle_finance,,,Eplained: The DeFi Protocol Pickle Finance Hack (Nov 2020) (halborn.com),,The attack transaction: https://etherscan.io/t/0e72d4e7ba9b5af0cf2a8cfb1e30fd9f388df0ab3da79790be842bfbed11087b0 The attacker: / deployed 2 smart contracts Evil Jars with malicious logic. which were used in the attack: https://etherscan.io/address/075aa95508f019997aeee7b721180c80085abe0f9 https://etherscan.io/address/002c8364546ec849e1726fb6cae5228702b111ee6 / got the amount available to withdraw from <u>StrategyCmpdDaiV2&nbsp;</u><u>StrategyCmpdDaiV2.getSuppliedUnleveraged</u>() =&gt; 19728769153362174946836922 / invoked <u>ControllerV4.swapEactJarForJar</u>() passing the Evil Jars and the amount retrieved in the previous step / <u>ControllerV4.swapEactJarForJar</u>() doesn\ tcheck the Jars and calls them. withdrawing from StrategyCmpDAIV2 using <u>StrategyCmpDAIV2.withdrawForSwap</u>() which ultimately <u>usesStrategyCmpDAIV2.deleverageToMin</u>(). This transfers 19M DAI to pDAI. in this part of the attack Evil Jars were used just to put the funds to pDAI / called <u>pDAI.earn</u>() 3 times. This invoked a Compound deposit via <u>StrategyCmpDAIV2.deposit</u>(). leading to the contract receiving cDAI. <u>StrategyCmpdDAIV2&nbsp;</u>now has an equivalent of 19M in cDAI / deployed 3 more smart contracts with the malicious logic: https://etherscan.io/address/08739c55df8ca529dce060ed43279ea2f2e122122 https://etherscan.io/address/0a2da08093a083c78c21aeca77d6fc89f3d545aed https://etherscan.io/address/0a445e12d69e8bd60290f6935d49ff39ba31c6115 / invoked <u>ControllerV4.swapEactJarForJar</u>() passing the Evil Jars. no amount and a <u>CurveProyLogic&nbsp;</u>as target with a crafted data which allowed an injection to call the equivalent <u>FakeUnderlying</u> / <u>ControllerV4&nbsp;</u>delegated calls <u>CurveProyLogic.add_liquidity</u>() passing <u>StrategyCmpDAIV2&nbsp;</u>and a crafted signature which led to the withdrawal of cDAI and transferring them to <u>ControllerV4</u> / the funds (in cDAI) are now in the Controller. it invoked the <u>EvilJar.deposit</u>() which transferred the funds to the attacker smart contract / the attacker smart contract redeemed cDAI for DAI from Compound and transferred DAI to the attacker EOA.,2020-11-21 0:00,2020,19700000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
1112,3Commas,REKT,https://de.fi/rekt-database/3commas,,,(1) https://informationsecuritybuzz.com/3commas-confirms-report-massive-key-leaked/. (2) https://3commas.io/blog/december-10-update-on-investigation-api-key-exchange-attacks,,"Quick Summary
The 3commas crypto API key exploit refers to a security breach that occurred on the 3commas platform in 2022.

Details of the Exploit
The exploit involved hackers using stolen API keys to execute unauthorized trades and steal cryptocurrency from 3commas users. An API key is a secure code that allows one application to access the services or data of another application. and in this case. the hackers were able to use stolen API keys to access and manipulate user accounts on the 3commas platform.

The exact amount of funds stolen is not publicly known. but reports suggest that it was substantial. The 3commas team responded to the exploit by implementing security upgrades and compensating affected users. They also took steps to educate users about the importance of securing their API keys and how to protect themselves from similar attacks in the future. The 3commas crypto API key exploit serves as a reminder of the importance of security in the cryptocurrency world and the need for users to be vigilant in protecting their API keys and other sensitive information.",2022-12-11 0:00,2022,20000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
292,Popsicle Finance,REKT and SlowMist,https://de.fi/rekt-database/popsicle_finance,https://hacked.slowmist.io/search/,,https://popsiclefinance.medium.com/popsicle/finance/post/mortem/after/fragola/hack/f45b302362e0,,Popsicle Finance  a multi/chain revenue optimization platform  was attacked. The core of this vulnerability is that the same PLP certificate can bring benefits to multiple holders at the same time node due to the defect in the reward update record. REKT: The attackersaddress:  https://etherscan.io/address/0f9e3d08196f76f5078882d98941b71c0884bea52  The transaction behind the attack:  https://etherscan.io/t/0cd7dae143a4c0223349c16237ce4cd7696b1638d116a72755231ede872ab70fc  In the <u>collectFees</u>() function. <u>token0Reward</u> and <u>token1Reward</u> (rewards of the corresponding LP token pair) are calculated for the user. The whole calculation logic is straightforward. However. the function uses a modifier named <u>updateVault</u>. which is used to update the rewards accordingly.  <u>updateVault</u>:1. Invokes the <u>_earnFees()</u> function to get the accumulated fee from the pool.2. Invokes the <u>_tokenPerShare()</u> function to update <u>token0PerShareStored</u> and <u>token1PerShareStored</u>. which represent the amounts of token0 and token1 in the pool for each share.3. Finally invokes <u>_fee0Earned</u> and <u>_fee1Earned</u> functions to update the rewards for the user (i.e.. <u>token0Rewards</u> and <u>token1Rewards</u> respectively).  Note: / user’s rewards are stored in <u>token0Rewards</u> and <u>token1Rewards</u>. which are not associated with any PLP token/ the <u>collectFees()</u> function only relies on the status of <u>token0Rewards</u> and <u>token1Rewards</u>. which means that rewards can be withdrawn without holding PLP tokens.  The attacker: / created three contracts. One of them was used to launch the attack. while the other two were used to invoke the <u>collectFees()</u> function to fetch the rewards  / utilized the Flash Loan. i.e.. borrowing a large amount of liquidity from AAVE  / launched the Deposit/Withdraw/CollectFees cycle to perform the attack (there are 8 cycles in total. and lots of liquidity has been withdrawn from multiple vaults of Popsicle Finance)  / returned the Flash Loan back to AAVE  / stolen funds were deposited to the Tornado Cash mier in the following transaction list:  https://bloy.info/ts/transfers_from/0f9e3d08196f76f5078882d98941b71c0884bea52?currency_id=1  Stolen funds: / 2.56K WETH / 96.2 WBTC / 160K DAI / 5.39M USDC / 4.98M USDT / 10.5K UNI,2021-08-03 0:00,2021,20500000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
611,Bitcoin Gold,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.ccn.com/bitcoin/gold/hit/by/double/spend/attack/exchanges/lose/millions (2) https://forum.bitcoingold.org/t/double/spend/attacks/on/exchanges/1362/21,,Bitcoin Gold was Governance issueed by an unknown attacker. This type of attack allows an attacker to manipulate the blockchain ledger that records transactions. During the attack 388 000 BTG (worth approimately US$18 million) was stolen from several cryptocurrency exchanges. After the team refused to help pay for some of the losses Bitcoin Gold was subsequently delisted from Bittre.,2018-05-18 0:00,2018,20734785.9,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
29,Racoon Network and Freedom Protocol,REKT and SlowMist,https://de.fi/rekt-database/racoon_network_and_freedom_protocol,https://hacked.slowmist.io/search/,,(1) https://foresightnews.pro/news/detail/7414. (2) https://www.worldstockmarket.net/raccoon/network/and/freedom/protocol/projects/turned/out/to/be/a/scam/and/stole/20/million/. (3) https://bt/crow.com/2022/07/20/scam/projects/raccoon/network/and/freedom/protocol/withdrew/20/million/. (4) https://coingape.com/experts/reveal/two/major/protocols/as/scams/how/to/protect/your/crypto/,," Raccoon Network and Freedom Protocol are scam projects  scammers have transferred 20 million BUSD (IDO) to address 0f800...469336. REKT: Quick Summary
Raccoon Network and Freedom Protocol projects have withdrawn $20M in $BUSD tokens to a common address. having scamming their investors and the community.

Details of the Exploit
The Raccoon network is an open world that is an all/new metaverse where players can build. own and monetise their data. Freedom Protocol. is a financial protocol. makes pledges easier and more efficient. providing the highest stable return of cryptocurrency.
The Freedom Protocol platform offered users to buy a $FREE token and automatically receive a refund of the cost of tokens every 15 minutes. Thus. they promised a yield of more than 183k%. At the end of June 2022. Freedom Protocol invested in the Raccoon Network crypto project and announced the beginning of cooperation. Freedom launched its IDO. and people began to buy more and more $FREE tokens. and this was just the beginning of the scam. After the IDO. users noticed that they could no longer sell their tokens. and all funds invested in the project were sent to a third/party address: https://bscscan.com/address/0xf800f2744fde6bda11e80b7de0954ac3dc469336
Examining the transaction chain of one of the involved addresses. it is seen that tokens were withdrawn through Binance Hot Wallets:
https://bscscan.com/address/0xdcf495911dfb4266a9e3dfe906c3f6214c843762#tokentxns

Block Data Reference
Involved addresses:
Scammer address (A): https://bscscan.com/address/0xf800f2744fde6bda11e80b7de0954ac3dc469336
Scammer address (B): https://bscscan.com/address/0x56bb6513ab4dddbba9c0708b3beed8e2ef54502f
Scammer address (C): https://bscscan.com/address/0x088f4818098028d8c77b7701934374c1117f5b70
Scammer address (D): https://bscscan.com/address/0x4411e7aaca131684c33d297622f747369fbe1214",2022-07-19 0:00,2022,20800000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
275,Bilaxy,REKT and SlowMist,https://de.fi/rekt-database/bilaxy,https://hacked.slowmist.io/search/,,https://twitter.com/Bilay_exchange/status/1432103507557974016,https://www.pymnts.com/cryptocurrency/2021/crypto-exchange-bilaxy-loses-21m-in-hack/. https://www.financemagnates.com/cryptocurrency/news/crypto-exchange-bilaxy-hacked-attacker-took-control-of-erc20-wallet/,The Bilay exchange tweeted that the hot wallet was hacked and lost approimately 296 tokens (including ETH). REKT: Quick SummaryThe cryptocurrency exchange Bilay became a victim of a <span data/contrast=  >hack that compromised a hot wallet on its platform for $21M. Details of the exploit<span lang= >The Bilay exchange is a cryptocurrency trading service.&nbsp;The platform was attacked by hackers. in the amount of $21M. Hackers managed to gain access to the Hot Wallet of this company and withdraw funds from there. <span data/hs/cos/general/type=  >Approimately 295 ERC20 tokens were transferred by the hacker to this&nbsp;<span data/hs/cos/general/type=   >. The hack involved the transfer of nearly 300 cryptocurrencies. including $USDT. $USDC. $UNI. $SUSHI amongst others.  Block Data ReferenceThe address of the Bilay Hot Wallet that was the victim of hackers:  https://etherscan.io/address/0CCE8D59AFFdd93be338FC77FA0A298C2CB65Da59,2021-08-29 0:00,2021,21000000,Undetermined,Accessing private keys/data,Undetermined,Target,Blockchain,DLT
663,Titanium Blockchain Infrastructure Services (TBIS),REKT and SlowMist,https://de.fi/rekt-database/titanium_blockchain_infrastructure_services_(tbis),https://hacked.slowmist.io/search/,,Titanium Blockchain CEO pleads guilty to $21 million ICO scam / The Verge et https://www.wsj.com/articles/titanium/blockchain/ceo/pleads/guilty/to/fraud/11658795919,,CEO Michael Stollery of Titanium Blockchain Infrastructure Services (TBIS) pled guilty to securities fraud in connection to a $21 million cryptocurrency scam. The company promoted its BAR token during 2017–2018  and did not register with the SEC for its ICO. TBIS made false claims including that they had ties to companies including Apple  Boeing  and IBM  and offered various services that did not actually eist. At least 75 people participated in the ICO  giving TBIS a combined $21 million  some of which went directly to Stollery  s bank account and personal epenses like a condo in Hawaii. REKT : Quick Summary Titanium Blockchain Infrastructure Services is a project whose CEO was engaged in securities fraud. the investigation of which was handled by the SEC.  Details of the exploit  data/v/51e0c2ec=  >TBIS CEO has pleaded guilty to cryptocurrency fraud in the Central District of California related to the ICO of the project. which raised approimately $21M. He admitted that in order to attract investors. he falsified some aspects of official TBIS documents. He also posted fake customer reviews on the TBIS website and falsely claimed that he had business relationships with well/known companies in order to create a false appearance of legality. Like most blockchain projects. TBIS outlined its plans in a whitepaper. promising that its BAR token would be useful for accessing a platform offering real services. TBIS stated that there was a major hack of BAR. and issued a second coin. TBAR. to replace it. However. the original BAR coin continued to be traded on exchanges.&nbsp;  data/v/51e0c2ec=  >Titanium was one of several ICO projects that attracted fraud allegations around 2017 and 2018 during a surge in coin/based fundraising. and the SEC even created its own fake website to warn buyers about the fraud. Today. most of the alleged fraud is related to projects of non/interchangeable tokens or NFT. but the legal system is still catching up with ICOs. Stollery is due to be sentenced in November 2022. where the fraud charge carries a maimum 20/year prison sentence.,2017-01-11 0:00,2017,21000000,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,Other systems,
428,Electrum,REKT and SlowMist,https://de.fi/rekt-database/electrum,https://hacked.slowmist.io/search/,,https://www.zdnet.com/article/bitcoin/wallet/trick/has/netted/criminals/more/than/22/million/,, An investigation by ZDNet revealed that hackers stole $22 million from users of Bitcoin wallet Electrum by enticing users to install fake software updates. And this technique was highest in 2018. Since this attack was first discovered two years ago  the Electrum team has taken some measures to prevent this attack. But this attack still applies to users who use older versions of the application.,2020-10-12 0:00,2020,22000000,Instant user deception,Fake ads/pop ups,Imitation,Intermediary,Other systems,
124,Elephant Money,REKT and SlowMist,https://de.fi/rekt-database/elephant_money,https://hacked.slowmist.io/search/,,(1) https://medium.com/elephant/money/reserve/exploit/52fd36ccc7e8. (2) https://twitter.com/CertiKAlert/status/1514345918564286482. (3) https://twitter.com/peckshield/status/1514023036596330496,, Elephant Money was attacked  resulting in the loss of 27 416.46 BNB. The attacker first used WBNB to buy a large amount of ELEPHANT  and then used BUSD to mint the TRUNK stablecoin. During the minting process  the Elephant contract will convert BUSD to WBNB and then back to ELEPHANT to drive up the ELEPHANT price. The attacker then sells ELEPHANT at a profit. REKT:  The attacker exploited the $TRUNK tokensredeem mechanism. modified the price oracle to enable token return. and stole ELEPHANT from the unverified Treasury contract.  The attacker’s address was initially funded via Tornado Cash:  https://bscscan.com/tx/0xf678370cf3ee8d5df5ae319577b46bf3834ec6ffb44f2c1ebe86ed702b0b22a2  At first. using the flash loan. the attacker borrowed 131.162 WBNB and 91.035.000 BUSD The attacker then exchanged the 131.162 WBNB for 34.244 ELEPHANT Token.  The example transaction:  https://bscscan.com/tx/0xec317deb2f3efdc1dbf7ed5d3902cdf2c33ae512151646383a8cf8cbcd3d4577  In order to mint new TRUNK tokens. BUSD should be deposited in the minting contract. Once the contract receives BUSD. it swaps them to WBNB which in turn uses to buy back ELEPHANT tokens and increase their market value.  Since the attacker received ELEPHANT tokens with increased market value. he swaps them back to WBNB. resulting in 34.244 ELEPHANT exchanged on 163.782.82 WBNB  In the next step. the attacker redeems TRUNK for 36.987.33 WBNB and 66.884.140.12 BUSD. After repaying the flash loans of 131.162 WBNB and 91.035.000 BUSD. a profit of $4M was realized by the attacker.  The attack proceeded by making several cycles of the same actions.  The list of addresses where the funds were sent and now lies there:  0x8B7245C398E6a42b0475099b878D21101eF58471 472 ETH 0x21904B8C9Fa6D7da88E10Ae9e4493B1464A3D56b 472 ETH 0xfa2092b35546ef08cb736f1b4f26cc98a949e6f7 337 ETH 0x8fac3349Bc2592337bc61d419E12AE2A18Fe6577 339.9 ETH 0x2d3F27B6c8CAc4ba8B5D715D25AfcA03c05D0308 331.7 ETH 0xEB1521aEf54436F31007D4a9378e1ceBc8cB44d9 180.4 ETH 0x39C15D6dbc47F0EAB0fEE2469422E4A109352d54 473.4 ETH 0x219395018CfB8e337f2c79010Cd70144Eb16F500 472.1 ETH 0x3447d546d18a66Ab99Fe9edca23B6d8ce5c0B0a3 392.2 ETH,2022-04-12 0:00,2022,22200000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Exchange,P
600,Bancor,REKT and SlowMist,https://de.fi/rekt-database/bancor,https://hacked.slowmist.io/search/,,The crypto world’s latest hack sees Bancor lose $23.5M | TechCrunch,,A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24.984 ETH (~12.5M). The same wallet also stole: 229.356.645 NPS (~$1M) 3.200.000 BNT (~$10M)  The transaction. where Bancor Converter smart contract transfers BancorsETH into the External wallet. marked as Phishing1701. after calling the <u>withdrawTokens</u>() function:  https://etherscan.io/t/0f9fe97d642705fa016c4f8d11ea13ce581ba75c57ac455586254e15d915e9bde  Phishing1701 received additional 1.950 ETH from the External address at:  https://etherscan.io/t/0fdb8d337b4b96d186375355bc0231ad4ee04ab2556fb9628bbf382343cb2c833  BancorsETH was converted into Ether by the Phishing1701 at: ,2018-07-09 0:00,2018,23500000,Undetermined,Accessing private keys/data,Undetermined,Target,Exchange,P
351,xToken,REKT and SlowMist,https://de.fi/rekt-database/xtoken,https://hacked.slowmist.io/search/,,https://twitter.com/FrankResearcher/status/1392515198674681863,,The DeFi pledge and liquidity strategy platform Token was attacked and the BNTaBancor pool and the SNaBalancer pool were immediately ehausted causing nearly $25 million in losses. The SlowMist security team analyzed that the two modules that were hacked this time were the BNTa contract and the SNa contract in Token. The two contracts were subjected to a counterfeit currency attack and an oracle manipulation attack. REKT : The transaction behind the attack:  https://etherscan.io/t/07cc7d935d895980cdd905b2a134597fb91004b5d551d6db0fb265e3d9840da22  The attackersaddress:  https://etherscan.io/address/007e02088d68229300ae503395c6536f09179dc3e  The attacker:/ borrowed 61.8k ETH flash loan on dYd  / deposited 10k ETH to borrow 564k SN on Aave and swap 5.5k ETH to 700k SN on SushiSwap  / sold 1.2M SN for 818 ETH on Uniswap v2. significantly reducing the SN price  / used only 0.12 ETH to mint 1.2B SNa. because the protocol buys SN through Kyber. who in turn led to use Uniswap v2 for this swap  / however. within the protocol. the SNa price turned out to be normal. which made it possible to swap 105M SN into 414 ETH  / began to do reverse swaps in SushiSwap and Uniswap and repaid loans in Aave  / began to sell the eisting SNa to the Balancer SN/ETH/SNa (25/25/50) pool  / repaid the flash loan to dYd  / issued BNTa four times for 0.03 ETH. which ultimately gave them 3.9B BNTa  / swapped half of BNTa to 781k BNT.  Funds lost:  / 2.4k ETH ($10.3M)/ 781k BNT ($6.2M)/ 407k SN ($8M)/ 1.9B BNTa.,2021-05-12 0:00,2021,24000000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Staking,CP
863,Harvest Finance,REKT,https://de.fi/rekt-database/harvest_finance,,,(1) Rekt / Harvest Finance / REKT. (2) https://medium.com/harvest/finance/harvest/flashloan/economic/attack/post/mortem/3cf900d65217?source=collection_archive/////////0///////////////////////,,The attacker used flash loans to steal $33.8 million from the FARM_USDT and FARM_USDC pools at: https://etherscan.io/t/09d093325272701d63fdafb0af2d89c7e23eaf18be1a51c580d9bce89987a2dc1/advanced  Detailed transaction analysis: https://etht.info/mainnet/09d093325272701d63fdafb0af2d89c7e23eaf18be1a51c580d9bce89987a2dc1  The attacker: / swapped 11.4m USDC to USDT /&gt; USDT price up  / deposited 60.6m USDT into Vault  / exchanged 11.4m USDT to USDC /&gt; USDT price down  / withdrew 61.1m USDT from Vault /&gt; 0.5m profit  / repeated 32 times  / converted to renBTC and eited to BTC / ETH via Tornado Cash. https://app.zerion.io/03811765a53c3188c24d412daec3f60faad5f119b/history,2020-10-26 0:00,2020,24000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
495,dForce,ChainSec,,,https://chainsec.io/defi-hacks/,(1) https://www.theblockcrypto.com/amp/linked/62346/multicoin/capital/backed/defi/protocol/dforce/loses/25m/total/locked/value/in/an/exploit (2) https://www.coindesk.com/markets/2020/04/19/weekend/attack/drains/decentralized/protocol/dforce/of/25m/in/crypto/ (3) https://slowmist.medium.com/slowmist/details/of/lendf/me/reentrancy/attack/3e168ab5f2b1,,“The total value locked in the dForce ecosystem was down by 100% to $6 over the past 24 hours per DeFi Pulse data. A day ago the total value locked in the system was $24.9 million.” — The Block,2020-04-18 0:00,2020,24900000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Yield,P
479,Lendf.Me,REKT and SlowMist,https://de.fi/rekt-database/lendf.me,https://hacked.slowmist.io/search/,,https://www.zdnet.com/article/hackers/steal/25/million/worth/of/cryptocurrency/from/uniswap/and/lendf/me/,,DeFi lending protocol Lendf.Me was hacked. REKT: The attackersaddress:  https://etherscan.io/address/0a9bf70a420d364e923c74448d9d817d3f2a77822  The particular malicious transaction:  https://etherscan.io/t/0ae7d664bdfcc54220df4f18d339005c6faf6e62c9ca79c56387bc0389274363b  The deposit function. i.e.. <u>supply</u>() in Lendf.Me. is hooked by embedding an etra <u>withdraw</u>() function. which has the effect of raising the attackersinternal record of imBTC collateral amount without actually depositing the amount.  The reasoning for this is that the attacker did first deposit a specific quantity of imBTC into Lendf.Me. However. in the second <u>supply</u>(). the attacker not only supplied 0.00000001 imBTC but also <u>withdraw</u>() 290 imBTC within the hook by hijacking the <u>transferFrom</u>() function within <u>doTransferIn</u>(). As a consequence. 290 imBTC were deducted from the attackersbalance under the integrated <u>withdraw</u>(). When the eecution returned to supply(). however. the balance was reset to 290 imBTC. This is how the attacker modifies the internal record of the imBTC collateral amount in Lendf.Me. With a big enough collateral value. the attack can thus borrow all available assets from multiple liquidity pools.  The withdrawal of the funds by the attacker:  https://etherscan.io/t/09a5899d2151d84a9a8dccd1b1a03abbdf91ea83b1f78f3c631b858c20658c12d,2020-04-19 0:00,2020,25236849,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Lending,P
581,Coinbin,REKT and SlowMist,https://de.fi/rekt-database/coinbin,https://hacked.slowmist.io/search/,,(1) https://cointelegraph.com/news/south/koreas/coinbin/files/for/bankruptcy/with/26/mln/loss/cites/employee/embezzlement (2) https://www.quadrigainitiative.com/casestudy/coinbindeclaresbankruptcy.php,,Coinbin a south Korean cryptocurrency exchange is filing for bankruptcy with losses equivalent to more than $26 million after its debts grew after employees embezzled money. REKT: The employee of Coinbin allegedly had access to private keys and was able to siphon off funds from multiple accounts. As a result. Coinbin filed for bankruptcy and shut down while still owing users funds.,2019-02-20 0:00,2019,26000000,Internal theft,Unauthorized use of private key,Human risk,Target,CeFi,
327,StableMagnet,REKT and SlowMist,https://de.fi/rekt-database/stablemagnet,https://hacked.slowmist.io/search/,,(1) https://www.banklesstimes.com/news/2022/01/30/ethical/hacker/helps/recover/millions/lost/in/stablemagnet/rug/pull/. (2) https://halborn.com/eplained/the/stablemagnet/Rug pull scam/june/2021/,, The BSC on/chain project StableMagnet ran away and lost USD 24 million. On August 12  the Greater Manchester Police Department announced that it had arrested the suspects of the StableMagnet Finance team who had previously taken away $22 million of users on the BSC. The police found a large amount of stolen Ethereum in the encrypted U disk. According to statistics  this money accounted for 90%($ 22 250 000) of the stolen cryptocurrency  and it is now beginning to reconnect with the legitimate owner. REKT : Quick Summary StableMagnet was Rug pull scamed for over 27.000.000 $USD. The scammer used an unverified contract to transfer approved tokens.,2021-06-23 0:00,2021,27000000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Dapp,P
402,Paid Network,REKT and ChainSec,https://de.fi/rekt-database/paid_network,,https://chainsec.io/defi-hacks/,(1) https://www.theblockcrypto.com/linked/97411/paid-network-token-minting-exploit-eth (2) https://halborn.com/explained-the-paid-network-hack-march-2021/ (3) https://paidnetwork.medium.com/paid-network-attack-postmortem-march-7-2021-9e4c0fef0e07,,“PAID Network a crypto project that utilizes an Ethereum/based token has suffered a contract exploit resulting in the minting of nearly $160 million worth of tokens by the attacker.” — The Block. REKT: The contract deployer transferred the ownership to the External address through the ProyAdmin contract calling the <u>newOwner</u>() function at:  https://etherscan.io/t/0733dd279b3d24f3415f3850b8eceafc651c1998163dcd0352b9e83c46e2b33d9  The External wallet invoked <u>mint</u>() function to generate new tokens onto his wallet at:  https://etherscan.io/t/04bb10927ea7afc2336033574b74ebd6f73ef35ac0db1bb96229627c9d77555a0  The External wallet started to sell tokens in the following transactions:  https://etherscan.io/address/018738290af1aaf96f0acfa945c9c31ab21cd65be#tokentns  Stolen funds were deposited to the Tornado Cash mier:  https://bloy.info/ts/calls_from/018738290af1aaf96f0acfa945c9c31ab21cd65be?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967,2021-03-05 0:00,2021,27418034,External factor,Exploiting operational mistake,Human risk,Target,Dapp,P
59,Optimism and Wintermute,REKT and SlowMist,https://de.fi/rekt-database/optimism_and_wintermute,https://hacked.slowmist.io/search/,,"Optimism (???_???) sur Twitter : ""Hey folks//in the interest of transparency. we'd like to share some details about an ongoing situation: https://t.co/915vIgRIJG Summary below ????"" / Twitter",,Optimism and Wintermute both released announcements  disclosing to the community a loss of 20 million OP tokens. At the time of the release of OP tokens  Optimism entrusted Wintermute to provide liquidity services for OP in the secondary market. As part of the agreement  Optimism will provide Wintermute with 20 million OP tokens. To receive the tokens  Wintermute gave Optimism a multi/signature address  to which Optimism transferred 20 million OPs after Optimism test sent two transactions and Wintermute confirmed it was correct. After Optimism transferred the coins  Wintermute found that they had no way to control these coins  because the multi/signature addresses they provided were only deployed on the Ethereum mainnet for the time being and have not yet been deployed to the Optimism network. To gain control of these tokens  Wintermute immediately initiated remediation operations. However  attackers have already noticed this vulnerability and deployed multi/signature to this address on the Optimism network before Wintermute  successfully controlling the 20 million tokens. At present  the Optimism hacker has returned 17 million OP tokens and transferred 1 million OP to the Vitalik address  and Vitalik has returned the funds. REKT: Wintermute has been exploited for ~$27.6M.The funds were to be sent to Wintermute by the Optimism Foundation as part of an agreement to perform Wintermute functions as a market maker on the eve of the launch of the OP token. However. Wintermute provided the address of their multisig on Ethereum as the destination address for Optimism / it was an address that they did not control. Exploiter address:  https://optimistic.etherscan.io/address/060b28637879b5a09d21b68040020ffbf7dba5107 First. Optimism sent 1OP as a check transaction:  https://optimistic.etherscan.io/t/0f79ed3037b55fbfd305007da2f19fb7960d31b8410453c679313e37a6d8548f4Then 1M OP:  https://optimistic.etherscan.io/t/00c1d6166293924566ea0ca32d07379c7033a8b8f2558f667f917543e51dd474aAfter second test transaction 19M OP was sent:  https://optimistic.etherscan.io/t/08e29eef359f6c18a06e229157d44467b5e873f6e5b996baa7124b38eb6dfb1db The Exploiter was able to recreate the multisig address on Optimism:  https://optimistic.etherscan.io/t/000a3da68f0f6a69cb067f09c3f7e741a01636cbc27a84c603b468f65271d415b&nbsp;and send himself 1M tokens:  https://optimistic.etherscan.io/t/0e9491bfb9a1ad13a47f3c1f61197b097416cbed2e32e038dd3de97172ddee303Then 1M OP was sent to Vitalicsaddress:  https://optimistic.etherscan.io/t/0db693613d550e38d53d47b5fd07ce505e24e141db146fa1321710c9a86d9db6a Exploiter returned 17M OP in Jun 10/th:  https://optimistic.etherscan.io/address/04f3a120e72c76c22ae802d129f599bfdbc31cb81#tokentns,2022-06-09 0:00,2022,27600000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
797,Deribit exchange,REKT,https://de.fi/rekt-database/deribit_exchange,,,(1) https://www.coindesk.com/business/2022/11/02/crypto/exchange/deribit/loses/28m/in/hot/wallet/hack/. (2) https://twitter.com/PeckShieldAlert/status/1587707564354961409,,Deribit exchange exploited via access control. The hot wallet's private keys were compromised which lead to a loss of roughly 28.000.000 $USD.,2022-11-01 0:00,2022,28317206,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
728,Transit Swap,REKT,https://de.fi/rekt-database/transit_swap,,,Eplained: The Transit Swap Hack (October 2022) (halborn.com),,Quick SummaryTransit Swap exchange was hacked due to the smart contract vulnerability. The hacker stole 28.900.000 $USD from users who approved their assets to Transit Swap. 65% of the stolen funds were recovered by the joint effort of the security teams. Details of the exploitTransit Swap is a multichain DE. running on both Ethereum and Binance chains. The project was exploited by a hacker. and roughly 28.900.000 $USD worth of assets were stolen from usersaddresses. The hacker deployed malicious smart contracts to exploit the swap contracts of the project on both chains. Due to the vulnerability of the swap contracts. which allows the hacker to use transferFrom() function to drain the usersapproved assets and transfer them to another EOA address. Within 24 hours after the hack. Transit Finance announced about the recovery of 65% of stolen funds in collaboration with other security teams. And consequently. Transit Finance published an article with a list of addresses involved in the hack and said that the total recovered funds are from the hacker involved in the attack with the largest amount. and the team is working on recovering the remaining stolen funds and formulating Bug Bounty rules.&nbsp; Block Data ReferenceAttacker address: https://bscscan.com/address/05f0b31aa37bce387a8b21554a8360c6b8698fbef https://etherscan.io/address/05f0b31aa37bce387a8b21554a8360c6b8698fbef Address funds transferred: https://bscscan.com/address/075f2aba6a44580d7be2c4e42885d4a1917bffd46 https://etherscan.io/address/075f2aba6a44580d7be2c4e42885d4a1917bffd46 Malicious contracts: https://bscscan.com/address/08ca8fd9c7641849a14cbf72faf05c305b0c68a34 https://etherscan.io/address/017ff6c94ba3a49c72ef2f10782de8a6152f204ea Recovering transactions: https://etherscan.io/t/03da1843247070fbcfcf9c8d0e02dcd660ea882640fc842625b675aabc45e6a2a https://bscscan.com/t/0d941c6012656dae9fe16882becffdf41d91836b19bbcea659cad65f5049c5f83 https://bscscan.com/t/053495bd2fddefd179ef107e43d5d2dea922ceda4bb1c9bc183e265dcc6474e02,2022-01-10 0:00,2022,28900000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
234,Snowdog DAO,REKT and SlowMist,https://de.fi/rekt-database/snowdog_dao,https://hacked.slowmist.io/search/,,(1) https://cryptosrus.com/snowdog/rug/pull/rocks/avalanche/what/happened/. (2) https://www.mon/livret.fr/le/premier/memecoin/lance/sur/avalanche/se/termine/en/arnaque/de/30/millions/de/dollars.html,,"This weekend  the biggest rug pull in Avalanche history shocked the network and its users. SDOG is the first meme coin launched on Avalanche  with a price of up to 10 million U.S. dollars  and the team admitted that they smashed it up.  On the other hand  however  what they called a game theory eperiment went wrong. Snowdog DAO is the protocol behind the SDOG token  and as of press time  its value has lost more than 90%. This is a comple plan that involves insiders using a  key  in a smart contract that only they can access. REKT : The project planned a buyback event for their native token SDOG.
",2021-11-27 0:00,2021,30000000,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
618,Bithumb,REKT and SlowMist,https://de.fi/rekt-database/bithumb,https://hacked.slowmist.io/search/,,(1) https://www.cnbc.com/2018/06/19/south/korea/crypto/exchange/bithumb/says/it/was/hacked/coins/stolen.html. (2) https://www.zdnet.com/article/south/korean/crypto/exchange/bithumb/hacked/,,The attacker stole $30 million worth of cryptocurrency from Bithumb Korea s largest cryptocurrency exchange. According to Japanese Cointelegraph the attackers hijacked Bithumb s popular (online) wallet. REKT: Hackers have stolen cryptocurrencies worth $30 million from South Korea\sleading virtual currency exchange Bithumb. As a result. all deposits and payments have been suspended.  The exchange stated: We checked that some of cryptocurrencies valued about $30.000.000 was stolen. Those stolen cryptocurrencies will be covered from Bithumb and all of assets are being transferring to cold wallet.”  Bithumb moved a large amount of Ethereum to its cold wallet when they recently noticed abnormal access.,2018-06-19 0:00,2018,30000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
356,Spartan Protocol,REKT and SlowMist,https://de.fi/rekt-database/spartan_protocol,https://hacked.slowmist.io/search/,,(1) https://www.coindesk.com/markets/2021/05/02/binance/smart/chains/spartan/protocol/loses/30m/in/exploit/. (2) https://peckshield/94632.medium.com/the/spartan/incident/root/cause/analysis/b14135d3415f,,According to the SlowMist Intelligence the Binance smart chain project Spartan Protocol was hacked and the loss amounted to about 30 million U.S. dollars. The event was due to a flaw in the calculation of liquidity shares in the protocol. REKT : The attackersaddress:  https://bscscan.com/address/03b6e77722e2bbe97c1cfa337b42c0939aeb83671  The transaction of the attack:  https://bscscan.com/t/0b64ae25b0d836c25d115a9368319902c972a0215bd108ae17b1b9617dfb93af8  / A flash loan was taken for 10K WBNB. to be returned at the last step with 260 WBNB as the flash loan fee  / swapped WBNB to SPARTA five times through the exploited Spartan pool. with each time swapping in 1.913.172376149853767216 WBNB to get 621.865.037751148871481851 SPARTA  / the resulting total of 2.536.613.206101067206978364 SPARTA. plus 11.853.332738790033677468 WBNB. are then added into the pool. minting 933.350.959891510782264802 pool token (SPT1/WBNB)  / swapped WBNB to SPARTA ten times through the same pool. with each time swapping in 1.674.025829131122046314 WBNB to get 336.553.226646584413691711 SPARTA  / inflated the asset balance in the pool by transferring into the pool 21.632.147355962694186481 WBNB and all SPARTA from the above step 3. i.e.. 2.639.121.977427448690750716 SPARTA  / burned the 933.350.959891510782264802 pool tokens obtained from step 2 to withdraw the liquidity. Since the pool’s asset balance is inflated. the burn operation leads to 2.538.199.153113548855179986 SPARTA and 20.694.059368262615067224 WBNB  / added the liquidity into the pool with the added assets in step 4 with 1.414.010.159908048805295494 pool tokens. which is immediately burned to obtain 2.643.882.074112804607308497 SPARTA and 21.555.69728926154636986 WBNB  / the above steps were repeated to continue draining funds from the pool  / returned the flash loan with 100.260 WBNB.  The attacker used 1inch (to swap all tokens to BTCB or BETH). Spartan (to dump SPARTA). Nerve (to swap BTCB and BETH to Anyswap versions). In this way. they were eventually able to withdraw part of the profit through Anyswap.,2021-05-02 0:00,2021,30500000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Exchange,P
372,Meerkat Finance,REKT and SlowMist,https://de.fi/rekt-database/meerkat_finance,https://hacked.slowmist.io/search/,,(1) DeFi Project Meerkat Raises Eyebrows With Claimed $31M Hack a Day After Launch / CoinDesk. (2) https://rekt.news/meerkat/finance/bsc/rekt/. (3) https://www.theblock.co/linked/97082/rug/pull/defi/meerkat/31/million,,"According to the official community information of Meerkat Finance  its vault contract was hacked  and the hacker used the loophole to steal all the funds in the vault. According to reports  the BSC project Meerkat Finance is suspected of running away and swept away about 31 million US dollars  of which 14 million BUSD and the other 73 000 BNB. MKAT claims to have been hacked to steal all resources. REKT:  Quick Summary

Meerkat Finance was allegedly rug pulled by its team or an external attacker for the amount of $32 million through proxy upgradable smart contracts.

Details of the Exploit

Meerkat Finance was a fork of the successful Alpaca Finance project. Essentially. Meerkat Finance was a lending and yield aggregation protocol offering its users yield through lending assets or pledging assets to the platforms vaults. The vaults would pursuit automated investment strategies.

This rekt case gained traction when the contract deployer invoked the upgradeTo() function. setting new implementation to the BUSD Vault at:
https://bscscan.com/tx/0xf19fa4bcff4adaebeddd28c851458ba0f01ffedd52b62df56ace94e7c8842553
The contract deployer also invoked the upgradeTo() function. setting new implementation to WBNB Vault at:
https://bscscan.com/tx/0x063970f8625f250101a7da8abf914748cf8eaaaa9458041f1928501accfe5

This altered the vault logic. introducing two new functions that were not included in the earlier implementations. This is where the real danger of proxy upgradable smart contracts lies. Code is king in DeFi and rather than trusting mediators users of DeFi can trust the code. However. when the code becomes changeable and upgradable by a centralized entity without governance by the token holder. the story changes.

An external address. marked as Fake_Phishing 17. invoked init() function to the Vaults through the proxy contract at:
https://bscscan.com/tx/0xfcf48681e382e9f9cc1d6a64ff30487306f6b869924c6594075fcc86b3b21f5d
https://bscscan.com/tx/0x5050d0f2f2d4d8ea76b04f25b1ee04b04d2b7beb6dafc6921672eaa448345027

According to decompiled bytecode. this function sets the address on storage slot 0 to the address provided to the function. There’s no permission check. making this newly added function the backdoor into the vaults.

The attacker called method 0x70fcb0a7 on BUSD Vault to transfer out 13.968.039 BUSD at:
https://bscscan.com/tx/0x1332fadcc5378b1cc90159e603b99e0b73ad992b1e6389e012af3872c8cae27d

The attacker called method 0x70fcb0a7 on WBNB Vault to transfer out 73.635 WBNB at:
https://bscscan.com/tx/0xd8145dfe255a671428b9c082a006a145fe58d82175671e8bfbe02f4040ae8cd0",2021-03-04 0:00,2021,30883780,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
670,Tether,REKT and SlowMist,https://de.fi/rekt-database/tether,https://hacked.slowmist.io/search/,,(1) https://www.cnbc.com/2017/11/21/tether/hack/attacker/reportedly/steals/30/million/of/digital/tokens.html (2) https://archive.ph/ZFDBf,,Tether the issuer of USDT issued a statement stating that its system was hacked by an External attacker on the 19th of this month and stolen USDT tokens worth approimately $31 million from its Tether Treasury wallet. REKT: Tether. the company behind a dollar/pegged cryptocurrency commonly utilized in the market\sexchange trade. claimed that its systems were hacked and that $30 million in tokens were taken.  Tether accused the loss of $30.950.010 USDT on a malicious activity by an External hacker  in a post on the project\swebsite (which has since been deleted). Tether. originally known as Realcoin until being rebranded. attempts to act as a proy for the US dollar that may be moved between exchanges. most notably Bitfine. Polonie. and other marketplaces without fiat trade.  In response. Tether stated that it will act quickly to guarantee that the stolen funds are not traded or otherwise introduced back into the cryptocurrency economy.  The company stated: $30.950.010 USDT was removed from the Tether Treasury wallet on Nov. 19. 2017 and sent to an unauthorized bitcoin address. As Tether is the issuer of the USDT managed asset. we will not redeem any of the stolen tokens. and we are in the process of attempting token recovery to prevent them from entering the broader ecosystem  . ,2017-11-19 0:00,2017,30950010,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,FT,CA
232,MonoX,REKT and SlowMist,https://de.fi/rekt-database/monox,https://hacked.slowmist.io/search/,,(1) https://medium.com/monoswap/exploit/post/mortem/33921a779b43. (2) https://twitter.com/BlockSecTeam/status/1465690478414761992,, The automatic market maker protocol Mono was hacked. In this attack  approimately US$18.2 million worth of WETH and 10.5 million US dollars of MATIC were stolen. Other stolen tokens included WBTC  LINK  GHST  DUCK  MIM and IM. The total loss was approimately 31 million U.S. dollars. REKT: The attackersaddresses: Polygon  https://polygonscan.com/address/0ecbe385f78041895c311070f344b55bfaa953258  Ethereum:  https://etherscan.io/address/0ecbe385f78041895c311070f344b55bfaa953258  Deployed contracts involved in the exploit: Polygon:  https://polygonscan.com/address/0119914de3ae03256fd58b66cd6b8c6a12c70cfb2  Ethereum:  https://etherscan.io/address/0f079d7911c13369e7fd85607970036d2883afcfd  Transactions behind the attack: Polygon:  https://polygonscan.com/t/05a03b9c03eedcb9ec6e70c6841eaa4976a732d050a6218969e39483bb3004d5d  Ethereum:  https://etherscan.io/t/09f14d093a2349de08f02fc0fb018dadb449351d0cdb7d0738ff69cc6fef5f299  Because of a weakness in the <u>swapTokenForEactToken()</u> function in the Monoswap contract. the attackers were able to substantially inflate value of the MONO token. Monoswap contract: Polygon:  https://polygonscan.com/address/03826367A5563eCE9C164eFf9701146d96cC70AD9#code  Ethereum:  https://etherscan.io/address/0C36a7887786389405EA8DA0B87602Ae3902B88A1#code  The attackers used the identical token as <u>tokenIn</u> and <u>tokenOut</u> in <u>swapTokenForEactToken()</u>. The Monoswap contract utilizes the <u>_updateTokenInfo()</u> function to update the price after computing a new price. Because <u>tokenIn</u> and <u>tokenOut</u> are the same token. updating <u>tokenOut</u> would override <u>tokenIn</u>sprice update. resulting in price pumping of this token. Finally. the price of the MONO token skyrocketed. and the attackers used it to swap out practically all of the other tokens in the pool.  List of stolen funds: / 5.7M MATIC ($10.5M)/ 3.9k WETH ($18.2M)/ 36.1 WBTC ($2M)/ 1.2k LINK ($31k)/ 3.1k GHST ($9.1k)/ 5.1M DUCK ($257k)/ 4.1k MIM ($4.1k)/ 274 IM ($2k),2021-11-30 0:00,2021,31400000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
344,DeFi100,REKT and SlowMist,https://de.fi/rekt-database/defi100,https://hacked.slowmist.io/search/,,(1)DeFi100 Coin Scam: DeFi100 creators rug pull investors. disappear with $32 million | Other tech news (republicworld.com). (2) https://thedefiant.io/defi100/hack/or/rug/pull. (3) https://twitter.com/DEFI100/status/1396439014178136065,,"The official website of the DeFi protocol DeFi100 on Binance Smart Chain (BSC) is no longer accessible. Previously Twitter user Mr. Whale pointed out that the project may be a scam. About 32 million US dollars of user funds were swept away by the team. road. About 10 hours ago the words &quot We lied to you you can t do anything with us&quot appeared on the DeFi100 official website and the page was subsequently deleted. The DeFi100 project website was no longer accessible. It is not yet certain whether the website was hacked or the project team itself Close the website. DeFi100 is a decentralized fleible synthetic asset inde product on the Binance Smart Chain developed by an anonymous team. REKT: On May 22. a message materialized on the DEFI 100 website homepage reading: “WE SCAMMED YOU GUYS AND YOU CANT [sic] DO SHIT ABOUT IT HAHA…All you moon bois have been scammed and you cant do shit about it. FUCK YOU MOONBOIS.” The message was signed “DEVISIN” and has since been deleted.
On May 23. the DeFi100 Twitter account posted that their website had been hacked the previous day. and that the hacker had written the profane message:
https://twitter.com/DEFI100/status/1396361647149633537",2021-05-23 0:00,2021,32000000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
519,BitPoint,REKT and SlowMist,https://de.fi/rekt-database/bitpoint,https://hacked.slowmist.io/search/,,https://www.zdnet.com/article/bitpoint/cryptocurrency/exchange/hacked/for/32/million/,, On July 12  Japan's BitPoint Japan (BPJ) exchange was hacked  and 3.5 billion yen (32 million U.S. dollars) worth of cryptocurrency in the hot wallet was stolen. After that  BPJ shut down all services of the exchange. On the 14th  BPJ announced the recovery of some stolen cryptocurrencies from overseas trading systems  reducing the total loss to 3.02 billion yen (customer funds 2.06 billion  BPJ own funds 960 million). REKT: On July 12. 2019. Tokyo/headquartered cryptocurrency exchange Bitpoint promptly suspended its services after noticing an error in the outgoing funds transfer system. Soon. an official announcement followed. revealing that the trading platform had lost around 3.5 billion yen (roughly $32 million) as a result of a security breach.  The breach occurred due to unauthorized access to the private keys of its hot wallet,2019-07-11 0:00,2019,32000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
274,Cream Finance,REKT and SlowMist,https://de.fi/rekt-database/cream_finance,https://hacked.slowmist.io/search/,,C.R.E.A.M. Finance Post Mortem: AMP exploit | by C.R.E.A.M. | C.R.E.A.M. Finance | Medium,, The mortgage lending platform Cream Finance had a flash loan attack. In its post/mortem analysis report on the flash loan attack  it stated that a total of 460 million AMP tokens and 2804 ETH (worth approimately US$34 million at the time) were stolen from the vulnerability and promised 20% of all agreed fees will be used for repayment until it is fully repaid. This security incident has a major vulnerability attacker and an imitator. On October 4  according to a Cointelegraph report  DeFi security agency Lossless has assisted in recovering the stolen 5152.6 ETH worth nearly $16.7 million. REKT: Quick SummaryCream Finance got exploited through a vulnerability hidden in the borrow() function. which was repeatedly utilized for reentrancy attacks. The attacker made away with appro. $36 million. Details of the exploitCream (Crypto Rules Everything Around Me) Finance is a decentralized lending protocol designed for institutions. protocols and people in order to access financial services.The risk for reentrancy arose because of the way $AMP was integrated into the protocol. The $AMP token contract is based on the ERC777 standard. which utilizes the _callPostTransferHooks hook. The attack transactions started with supplying $ETH as a collateral for borrowing $AMP from the crAMP market. When transferring AMP to the attacking contract. the _callPostTransferHooks was called. which in turn triggered the eecution of a fallback function in the attack contract allowing the latter to re/enter the crETH market to borrow $ETH against the very same collateral initially supposed to be used for borrowing $AMP.The flow of an eample exploit transaction:  https://etherscan.io/t/0a9a1b8ea288eb9ad315088f17f7c7386b9989c95b4d13c81b69d5ddad7ffe61e/ The hacker creates contract A to flash loan 500 $WETH and use the funds as collateral on cream. minting 24.17k crETH;/ borrows 19.48M $AMP for the received crETH;/ exploits the reentrancy possibility by repeatedly calling borrow() during the token transfer. taking a further 355 $ETH before the state of the initial borrow() has been updated;/ uses contract B. which receives a half (9.74M) of Asborrowed $AMP;/ contract B liquidates part of Asloan. redeeming 187 $WETH and transferring it back to contract A;/ contract A uses $ETH borrowed via reentrancy to repay the remainder of the flash loan. The profits of the above eplained transaction amounted to 41 $ETH and 9.74M $AMP.In total. 17 attack transactions were conducted netting the attackers a total of $AMP 462.079.976 and $ETH 2.804.96. Block Data ReferenceAttack contract A: https://etherscan.io/address/038c40427efbaae566407e4cde2a91947df0bd22bAttack contract B: https://etherscan.io/address/00ec306D7634314D35139d1dF4A630d829475A125Exploiter address 1: https://etherscan.io/address/0ce1f4b4f17224ec6df16eeb1e3e5321c54ff6edeExploiter address 2: https://etherscan.io/address/08036EbD0Fc9C120BA0469ffCB27b204AA06aaF1F ,2021-08-31 0:00,2021,34000000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Exchange,P
668,Parity,REKT and SlowMist,https://de.fi/rekt-database/parity,https://hacked.slowmist.io/search/,,(1) https://www.coindesk.com/30-million-ether-reported-stolen-parity-wallet-breach (2) https://finance.yahoo.com/news/victims-30m-parity-wallet-hack-170550649.html,,On July 29 2017 the Ethereum multi/signature wallet company Parity issued a security alert notifying users of serious vulnerabilities in its wallet v1.5 or later. That day a black hat hacker used the vulnerability to ehaust the Parity wallets of three Ethereum projects stealing a total of 153 037 ETH from Swarm City Edgeless and Aeternity. REKT: Quick SummaryParity multisig wallet has been attacked by a hacker in two transactions. taking profit of $34M. Details of the exploitThe attacker had drained 153.037 ETH from three high/profile multi/signature contracts used to store funds from past token sales. The attackersaddress:  https://etherscan.io/address/0b3764761e297d6f121e79c32a65829cd1ddb4d32  The attacker sent two transactions to each of the affected contracts: the first to obtain eclusive ownership of the MultiSig. and the second to move all of its funds.  1st transaction (call to <u>initWallet</u>):  https://etherscan.io/t/09dbf0326a03a2a3719c27be4fa69aacc9857fd231a8d9dcaede4bb083def75ec  2nd transaction:  https://etherscan.io/t/0eef10fc5170f669b86c4cd0444882a96087221325f8bf2f55d6188633aa7be7c  This function was probably created as a way to etract the wallet’s constructor logic into a separate library. The wallet contract forwards all unmatched function calls to the library using <u>delegatecall</u>  This causes all public functions from the library to be callable by anyone. including <u>initWallet</u>. which can change the contract’s owners. Unfortunately. <u>initWallet</u> has no checks to prevent an attacker from calling it after the contract was initialized. The attacker exploited this and simply changed the contract’s <u>m_owners</u> state variable to a list containing only their address. and requiring just one confirmation to eecute any transaction:  https://etherscan.io/t/09dbf0326a03a2a3719c27be4fa69aacc9857fd231a8d9dcaede4bb083def75ec  After that. the attacker eecuted the function to send all funds to an account controlled by the attacker:  https://etherscan.io/t/0eef10fc5170f669b86c4cd0444882a96087221325f8bf2f55d6188633aa7be7c Block Data ReferenceAttacker address: https://etherscan.io/address/0b3764761e297d6f121e79c32a65829cd1ddb4d32 ,2017-07-19 0:00,2017,34000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Other systems,
116,Akutars,SlowMist,,https://hacked.slowmist.io/search/,,https://www.ccvalue.cn/article/1396448.html,,The Akutars (@AkuDreams) project auction contract was permanently unable to withdraw 11 539.5 ETH due to multiple code flaws. According to SlowMist analysis  even if the problem of users   inability to refund is solved  due to the inconsistency between the number of bidders and the number of auctions and the defects of the project party  s withdrawal function  Akutars funds will eventually be permanently locked.,2022-04-23 0:00,2022,34055862.8,Contract vulnerability,Undetermined,Technical vulnerability,Target,NFT,CA
181,Crypto.com,REKT and SlowMist,https://de.fi/rekt-database/crypto.com,https://hacked.slowmist.io/search/,,https://crypto.com/product/news/crypto/com/security/report/net/steps,, According to the Crypto.com investigation report On January 17  2022  Crypto.com learned that a small number of users had made unauthorized withdrawals of cryptocurrencies on their accounts. Crypto.com immediately suspended all token withdrawals to initiate the investigation and remained open 24/7 Work to resolve the issue. No clients suffered loss of funds. In most cases we blocked unauthorized withdrawals and in all other cases clients were fully reimbursed. The incident affected 483 Crypto. com users. Unauthorized withdrawals totaled 4 836.26 ETH  443.93 BTC and approimately $66 200 in other currencies. REKT: The hackersaddress:  https://etherscan.io/address/06e1218c55f1acb588fc5e55b721f1183d7d29d3d  On Monday. 17 January 2022 at approimately 12:46 AM UTC Crypto.com’s risk monitoring systems detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user. This triggered an immediate response from multiple teams to assess the impact. All withdrawals on the platform were suspended for the duration of the investigation. Any accounts found to be impacted were fully restored. Crypto.com revoked all customer 2FA tokens and added additional security hardening measures. which required all customers to re/login and set up their 2FA token to ensure only authorized activity would occur. The downtime of the withdrawal infrastructure was approimately 14 hours. and withdrawals were resumed at 5:46 PM UTC. 18 January 2022.  The hacker stole: / 4.836.26 ETH / 443.93 BTC / $66.200 in other currencies  Stolen funds were deposited into Tornado Cash mier:  https://bloy.info/ts/calls_from/06e1218c55f1acb588fc5e55b721f1183d7d29d3d?signature_id=994162&amp;smart_contract_address_bin=0722122df12d4e14e13ac3b6895a86e84145b6967,2022-01-17 0:00,2022,34358003,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
88,Scream,REKT and SlowMist,https://de.fi/rekt-database/scream,https://hacked.slowmist.io/search/,,https://www.theblockcrypto.com/post/147046/defi/lender/left/with/35/million/bad/debt/after/quoting/depegged/stablecoins/at/1?utm_source=cryptopanic&ut,,(DEI). Both stablecoins are still quoted at $1  according to data from the Scream dashboard. However  their trading prices have been severely de/pegged. Among them  FUSD fell to $0.69  and DEI fell to a low of $0.52. Whale players took advantage of this situation to deposit large amounts of FUSD and DEI at a discount  and siphoned all other stablecoins from the Scream platform. Stablecoins such as Fantom USDT  FRA  DAI  MIM  and USDC have all been withdrawn from the platform. As a result  users who originally had deposits in these stablecoins would not be able to withdraw from Scream. REKT : Quick Summary<span style=\ >Scream has incurred 35.000.000 $USD in bad debt after the $FUSD and $DEI stablecoins lost their peg to $USD Details of the Exploit  data/v/51e0c2ec=  ><span lang=  >Scream is a lending and borrowing protocol running on the Fantom blockchain. After $FUSD and $DEI tokens lost their peg to $USD. whales took advantage of this situation and deposited large amounts of $FUSD and $DEI to drain other stablecoins like $FUSDT. $FRAX. $DAI. $MIM and $USDC from the platforms smart contract.&nbsp;  data/v/51e0c2ec=  ><span lang= >The Lending Protocol also lost roughly 50% of the total value locked on the platform.<br,2022-05-16 0:00,2022,35000000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
201,IRA Financial,REKT and SlowMist,https://de.fi/rekt-database/ira_financial,https://hacked.slowmist.io/search/,,IRA Financial Trust filed a lawsuit against crypto trading platform Gemini | Gostake,, IRA Financial Trust  South Dakota’s self/directed retirement account provider  has filed a lawsuit against crypto trading platform Gemini Trust Company (Gemini)  alleging huge losses to the IRA as a result of Gemini’s security glitch. In February 2022  $36 million in crypto assets held by Gemini and belonging to customer retirement accounts was stolen. The lawsuit also claims that Gemini did not have adequate safeguards to protect customers’ crypto assets  failed to freeze accounts immediately after the incident  and instead allowed criminals to continue to transfer funds from customer accounts on Gemini’s trading platform after the IRA notified Gemini Middle/to/outward transfer. REKT: According to a Bloomberg article based on an unidentified source. hackers took $21 million in Bitcoin and $15 million in Ethereum from IRA Financial Trust retirement accounts on February 8.  When Chainalysis. a blockchain data platform. discovered that IRA clients were involved in a $36 million crypto hack. it discovered that the money was tied to money laundering activity.  The analytical firm later said that the operation was carried out using the Tornado mier service.,2022-06-06 0:00,2022,36000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
267,Vee Finance,REKT and SlowMist,https://de.fi/rekt-database/vee_finance,https://hacked.slowmist.io/search/,,https://twitter.com/VeeFinance/status/1440102406499356675,,According to official sources  the loan agreement Vee.Finance officially released an eplanation about the attack. The content is as follows: On September 20  the Vee.Finance team noticed multiple abnormal transfers. After further monitoring  a total of 8804.7 ETH and 213.93 BTC were stolen (total Worth more than 35 million U.S. dollars). The attacker's address is: 0eeeE458C3a5eaAfcFd68681D405FB55Ef80595BA. After investigation  the suspected attacker launched the attack through the above address and has obtained the stolen assets from this address. In order to ensure the safety of more users   assets  the team has suspended the platform contract and suspended the deposit and withdrawal functions. The stablecoin part is not affected by this attack. REKT: The attacker:  https://cchain.eplorer.ava.network/address/0eeeE458C3a5eaAfcFd68681D405FB55Ef80595BA/transactions  The contract behind the attack:  https://cchain.eplorer.ava.network/address/0490D25A327768bD5E3d2bF98B8E10419B3E70B82/transactions  The attacker deployed a smart contract with the malicious logic which interacted with one of the protocol smart contracts. Both contracts are unverified.  The list of transactions where the funds were withdrawn:  https://cchain.eplorer.ava.network/address/0490D25A327768bD5E3d2bF98B8E10419B3E70B82/token/transfers  WBTC and WETH were bridged to the Ethereum and are still held on the attackersaddress here:  https://etherscan.io/address/0eeee458c3a5eaafcfd68681d405fb55ef80595ba,2021-09-20 0:00,2021,36000000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Lending,P
379,Alpha Finance,REKT and SlowMist and ChainSec,https://de.fi/rekt-database/alpha_finance,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://medium.com/cream/finance/alpha/homora/v2/exploit/post/mortem/344d277bdea6. (2) https://blog.alphaventuredao.io/alpha/homora/v2/post/mortem/. (3) https://cointelegraph.com/news/alpha/homora/loses/37/million/following/iron/bank/exploit (4) https://twitter.com/FrankResearcher/status/1360513422689984512,,The attacker uses Lightning Loan to Alpha Finance for leveraged lending and uses Alpha Finance’s own Cream IronBank quota to return the Lightning Loan. In this process the attacker obtains a large amount of cySUSD by adding liquidity to Cream allowing the attacker to use it. These cySUSD are further borrowed in Cream Finance. Due to problems with Alpha Finance both agreements suffered losses at the same time. CRYPTOSEC: “In one of the largest exploits of the DeFi era this morning an attacker successfully drained over $37 million from Alpha Homora by leveraging Cream’s Iron Bank protocol/to/protocol lending platform.” —\a0CointelegraphREKT: The attacker: / swapped ETH for UNI. and supplied ETH + UNI to the Uniswap pool (obtaining ETH/UNI LP token). In the same t. they swapped ETH for sUSD on Uniswap and deposited sUSD to Cream’s Iron Bank (getting cysUSD)  https://etherscan.io/t/04441eefe434fbef9d9b3acb169e35eb7b3958763b74c5617b39034decd4dd3ad  / borrowed 1000e18 sUSD. deposited UNI/WETH LP to WERC20. and used as collateral (to bypass the collateral &gt; borrow check). The attacker had 1000e18 sUSD debt shares (because the EOA is the first borrower)  https://etherscan.io/t/0cc57ac77dc3953de7832162ea4cd925970e064ead3f6861ee40076aca8e7e571  / repaid 1000000098548938710983 sUSD (actual debt with interest accrued is 1000000098548938710984 sUSD). resulting in a repay share of 1 less than the total share. As a result. the attackersEOA now has 1 minisUSD debt and 1 debt share.  https://etherscan.io/t/0f31ee9d9e83db3592601b854fe4f8b872cecd0ea2a3247c475eea8062a20dd41  / called resolveReserve on sUSD bank. accruing 19709787742196 debt. while totalShare remained 1. Current state: totalDebt = 19709787742197. while totalShare = 1  https://etherscan.io/t/098f623af655f1e27e1c04ffe0bc8c9bbdb35d39999913bedfe712d4058c67c0e  / borrowed 19709787742196 minisUSD and transferred to their EOA (repeated 16 times. each time doubling the borrowed amount). Each borrow is 1 less than the totalDebt value. causing the corresponding borrow share = 0. so the protocol treats this as no debt borrowing. At the end of the t. the EOA deposited 19.54 sUSD to Cream’s Iron Bank.  https://etherscan.io/t/02e387620bb31c067efc878346742637d650843210596e770d4e2d601de5409e3  / continued the process: repeated the borrowing 10 times. each time doubling the borrowed amount). At the end of the t. the EOA deposited 1321 sUSD to Cream’s Iron Bank.  https://etherscan.io/t/064de824a7aa339ff41b1487194ca634a9ce35a32c65f4e78eb3893cc183532a4  / flash loaned from Aave (borrowing 1.800.000 USDC). swapped 1.800.000 USDC to 1.770.757.56254472419047906 sUSD. and deposited to Cream to have enough liquidity for the EOA to borrow using the custom spell. Continued doubling the sUSD borrow from 1.322.70 sUSD to 677.223.15 sUSD (total of 10 times). Swapped 1.353.123.59 sUSD to 1.374.960.72 USDC on Curve. Borrowed 426.659.27 USDC from Cream (since the EOA deposited sUSD already in step b.)  https://etherscan.io/t/07eb2436eedd39c8865fcc1e51ae4a245e89765f4c64a13200c623f676b3912f9  / repeated the previous step but with 10M USDC (no USDC borrowing at the end)  https://etherscan.io/t/0d7a91172c3fd09acb75a9447189e1178ae70517698f249b84062681f43f0e26e  / repeated with 10M USDC (no USDC borrowing at the end)  https://etherscan.io/t/0acec6ddb7db4baa66c0fb6289c25a833d93d2d9eb4fbe9a8d8495e5bfa24ba57  / borrowed 13.244.63 WETH + 3.6M USDC + 5.6M USDT + 4.26M DAI. Supplied the stablecoins to Aave (to get aTokens. so USDC &amp; USDT can’t be frozen). supplied aDAI. aUSDT. aUSDC to Curve a3Crv pool  https://etherscan.io/t/0745ddedf268f60ea4a038991d46b33b7a1d4e5a9ff2767cdba2d3af69f43eb1b  / added a3Crv LP token to Curve’s liquidity gauge  https://etherscan.io/t/0c60bc6ab561af2a19ebc9e57b44b21774e489bb07f75cb367d69841b372fe896  / the rest of the transactions are supplying to Tornado Cash. GitCoin Grants. 1k ETH is sent to each of Cream’s and Alpha’s deployer addresses.,2021-02-13 0:00,2021,37500000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Bridge,INT
220,Grim Finance,REKT and SlowMist and ChainSec,https://de.fi/rekt-database/grim_finance,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://twitter.com/financegrim/status/1472357770846519312. (2) https://twitter.com/k3mmio/status/1472315936166219777. (3) https://twitter.com/peckshield/status/1472328354942849024. (4) https://www.coindesk.com/tech/2021/12/20/fantom/defi/project/grim/finance/exploited/for/30m/ (5) https://twitter.com/FinanceGrim/status/1472357770846519312?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1472357770846519312%7Ctwgr%5Eec94c14f720cf0d1a43578f957062cf05eaca4ca%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.coindesk.com%2Ftech%2F2021%2F12%2F20%2Ffantom/defi/project/grim/finance/exploited/for/30m%2F,,"According to official sources  GrimFinance a compound income platform on the Fantom chain  suffered a lightning loan attack  and the current loss has eceeded 30 million U.S. dollars. The attacker uses the function named beforeDeposit()  in GrimFinance's vault strategy to attack and enter the malicious Token contract. CRYPTOSEC: “Yield compounding tool Grim Finance had $30 million worth of fantom tokens stolen from its protocol after an exploit on Sunday. The project took preventive measures to stop further damage.” — CoinDeskREKT: The address. involved in the attack:
https://ftmscan.com/address/0xdefc385d7038f391eb0063c2f7c238cfb55b206c

The example transaction of the attack:
https://ftmscan.com/tx/0x19315e5b150d0a83e797203bb9c957ec1fa8a6f404f4f761d970cb29a74a5dd6
Affected vault:
https://ftmscan.com/address/0x660184ce8af80e0b1e5a1172a16168b15f4136bf#code
The attacker:
/ took a flash loan from Balancer vault in WBTC and WFTM tokens
/ added liquidity on SpiritSwap and minted LP tokens
/ called depositFor() in GrimBoostVault with the malicious contract as token parameter:
     a) safeTransferFrom() create reentrancy opportunity with this token
     b) calling depositFor() with the malicious contract multiple time for minting large amount of GB/XXX/YYY tokens.
     c) in the last step on reentrancy called depositFor() with token SPIRIT/LP as token parameter to complete strategy depositing
/ withdrew GB tokens and get more SPIRIT/LP tokens back
/ removed liquidity and get more XXX and YYY tokens
/ repaid flash loan.
The attacker bridged funds on Polygon. BSC and Ethereum:
https://etherscan.io/address/0xdefc385d7038f391eb0063c2f7c238cfb55b206c
https://polygonscan.com/address/0xdefc385d7038f391eb0063c2f7c238cfb55b206c
https://bscscan.com/address/0xdefc385d7038f391eb0063c2f7c238cfb55b206c",2021-12-18 0:00,2021,40000000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Yield,CP
467,Ravencoin,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://paper.seebug.org/1275/. (2) https://cryptopotato.com/hackers/exploit/vulnerability/in/ravencoin/protocol/to/mint/315/million/fake/rvn/coins/,,Ravencoin's community member CryptoScope team discovered that there are vulnerabilities in the Ravencoin blockchain  which has been cast by unknown people. 1.5% of the total RVN is 21 billion. Tron Black  the developer of Ravencoin  said that these tokens may have been sold to the market after being mined  so the economic losses have been absorbed by the Ravencoin ecosystem. The official reminds all miners  mining pools or exchanges to upgrade the client to the latest version  just use the latest version. The community is also considering various options to reduce the subsequent impact of the incident  such as halving the time in advance to restore the total to the original planned 21 billion.,2020-07-02 0:00,2020,40000000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Blockchain,DLT
617,Coinrail,REKT and SlowMist,https://de.fi/rekt-database/coinrail,https://hacked.slowmist.io/search/,,(1) https://www.coindesk.com/markets/2018/06/11/coinrail/exchange/hacked/loses/possibly/40/million/in/cryptos/ (2) https://medium.com/pundi/pundi//assists/coinrail/to/investigate/the/breach/incident/960c6a0e2c76,,Coinrail acknowledged the eistence of “network intrusion” in its system and estimated that 40 billion won ($37.2 million) worth of coins were stolen. The police are investigating violations but have not announced further details. REKT: Coinrail. a cryptocurrency exchange located in South Korea. said that its platform had been hacked. with some reports claiming it lost up to $40 million in cryptocurrencies as a result of the incident.  According to its website. the exchange has already suspended operations following what it calls a ,2018-06-10 0:00,2018,40000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
1128,Bo Shen Wallet,REKT,https://de.fi/rekt-database/bo_shen_wallet,,,(1) https://cryptonews.com/news/hackers-steal-42-million-worth-of-crypto-assets-from-fenbushi-capital-founder-bo-shen-what-happened.htm. (2) https://twitter.com/SlowMist_Team/status/1595265365889941504,,"Quick Summary
Bo Shen's hot wallet was exploited via access control. 41.053.572 $USD worth of assets in four chains was stolen from his Trust Wallet.

Details of the Exploit
Bo Shen is the founder of Fenbushi Capital. His Trust Wallet's mnemonic keys were compromised. which led to the loss of 41.053.572 $USD in various assets. 38.233.180 $USDC. 1.606 $ETH. 719.760 $USDT. and 4.13 $BTC were transferred to various sources. Trust Wallet has no issues related to the hack because it was a mnemonic phrase compromise. 

Block Data Reference
Attacker addresses:
https://etherscan.io/address/0x24b93eed37e6ffe948a9bdf365d750b52adcbc2e
https://www.blockchain.com/btc/address/39R7sdAUWfL6JE37BWorfHFb5sgjMLNZqz",2022-11-10 0:00,2022,41053572,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
538,Binance,REKT and SlowMist,https://de.fi/rekt-database/binance,https://hacked.slowmist.io/search/,,https://binance.zendesk.com/hc/en-us/articles/360028031711-Binance-Security-Breach-Update,, Binance has discovered a large scale security breach today  May 7  2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys  2FA codes  and potentially other info. The hackers used a variety of techniques  including phishing  viruses and other attacks. And the hackers were able to withdraw 7000 BTC. Link: https://binance.zendesk.com/hc/en/us/articles/360028031711/Binance/Security/Breach/Update,2019-05-07 0:00,2019,41700000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
346,PancakeBunny,REKT and SlowMist,https://de.fi/rekt-database/pancakebunny,https://hacked.slowmist.io/search/,,https://pancakebunny.medium.com/hello/bunny/fam/a7bf0c7a07ba,,PancakeBunny the DeFi revenue aggregator on Binance Smart Chain (BSC) suffered a lightning loan attack and lost 114 631.5421 WBNB and 697 245.5699 BUNNY totaling approimately US$45 million. The price of the token BUNNY crashed from 240 US dollars at around 6:35 and once fell below 2 US dollars with the highest drop of more than 99% at one time. The official response stated that the hacker used PancakeSwap to borrow a large amount of BNB from a flash loan attack from an External developer and then continued to manipulate the USDT/BNB and BUNNY/BNB prices to obtain a large amount of BUNNY and sell it resulting in a flash crash of the BUNNY price. Hackers exchanged back to BNB through PancakeSwap.,2021-05-19 0:00,2021,45000000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Yield,CP
594,CoinBene,REKT and SlowMist,https://de.fi/rekt-database/coinbene,https://hacked.slowmist.io/search/,,(1) https://www.zdnet.com/article/cryptocurrency/platforms/dragone/and/coinbene/disclose/hacks/ (2) https://twitter.com/schteringard/status/1110535324793536513?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1110628255042818048%7Ctwgr%5E21b86096cb8809668d67810ad8d2c4eb66ef4177%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fcryptocurrency/platforms/dragone/and/coinbene/disclose/hacks%2F (3) https://www.quadrigainitiative.com/casestudy/coinbenehackcoverup.php,,Crypptocurrency epert Nick Schteringard said on Twitter yesterday that the hacker appears to have stolen roughly $6 million in Coinbene Coin and $39 million in Maimine Coin which it later dumped on the market. REKT: CoinBene admitted to being targeted by hackers. The platform said that all funds are 100% secure and promised that if any users lost funds. they\ll be compensated in full.  However. on social media. some industry eperts have contested the company\sassessment that no funds were taken.  Cryptocurrency epert Nick Schteringard said on Twitter yesterday. that the hacker appears to have stolen roughly $6 million in Coinbene Coin and $39 million in Maimine Coin. which it later dumped on the market:  https://twitter.com/schteringard/status/1110535324793536513  The attacker\saddresses:  https://etherscan.io/address/06585329751de1140d68bd6cad1b46ebec1131f75  https://etherscan.io/address/0b3df999c5dc026dea265aeb02b8519844c9b6d5e,2019-03-26 0:00,2019,45000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
243,bZx,REKT and SlowMist,https://de.fi/rekt-database/bzx,https://hacked.slowmist.io/search/,,(1) DeFi Lender bZ Suffers Hack for Reported $55M (coindesk.com). (2) https://twitter.com/SlowMist_Team/status/1456636791704850433?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1456647033826123780%7Ctwgr%5Eb5681a29c6b678b4ab6de4bbba7646fc5ed8f70a%7Ctwcon%5Es3_&ref_url=https%3A%2F%2Fwww.coindesk.com%2Fbusiness%2F2021%2F11%2F05%2Fdefi/lender/bz/suffers/hack/for/reported/55m%2F,https://portswigger.net/daily-swig/bzx-crypto-heist-results-in-reported-losses-of-more-than-55-million, The margin trading lending platform bZx tweeted that the private keys controlling Polygon and Binance Smart Chain (BSC) deployment appeared to have been leaked  resulting in a loss of funds. The bZx smart contract itself was not compromised  and the deployment  governance and DAO vault of Ethereum were not affected by this incident. REKT: The private key. controlling BSC and Polygon deployments was compromised. The attackers started transferring ownership of the core bZ contracts starting from the transaction: 1. <u>setTerget</u>():  https://bscscan.com/t/057e4aa5f2303a0ad4d1d74b1f33ba08a7ae2bf33cb1fa13870230779a3d52199  target address:  https://bscscan.com/address/08a610ab8be11ad555c358fd1dc26bb5d0bc82982  2. <u>transferOwnership</u>():  https://bscscan.com/t/09b16f5e8a648f72be3f9657880b26e525018e40e8873a14161690f8f48bf01b9  3. <u>newOwner (</u>Exploiter 2<u>)</u>:  https://bscscan.com/address/00acc0e5faa09cb1976237c3a9af3d3d4b2f35fa5  4. Exploiter 2 invoking target contract from step 1 with 055 method through fallback function with delegatecall(gas. target. add(data. 020). mload(data). 0. 0) inside  5. Step 4 allowed Exploiter 2 to withdraw usersdeposited collateral from interest iTokens into Exploiter 4 address. eample transactions: iDOGE =&gt; DOGE:  https://bscscan.com/t/0d1cff35db2583a2b3a239195c4567c8b63589079f8a1a9bdd0ef88a75b1ec18d  iETH =&gt; ETH:  https://bscscan.com/t/0a288f212bb84d0fa21274d93bc562ad4ecb4c702ff136ba897bbb65d0e50ca88  iBNB =&gt; BNB:  https://bscscan.com/t/02dbb3df6959ba95da3bec8f618a3014f0d14e16816f2502e16d21e24e2597b6a  The same method was used on the Polygon chain.  List of involved addresses (BSC. Polygon. and Ethereum):  Exploiter 1: 074487eed1e67f4787e8c0570e8d5d168a05254d4 Exploiter 2: 00acc0e5faa09cb1976237c3a9af3d3d4b2f35fa5 Exploiter 3: 0967bb571f0fc9ee79c892abf9f99233aa1737e31 Exploiter 4: 06551fb9be444987f7482012cbf7ea95a1ee8dd0e,2021-11-05 0:00,2021,47600000,External factor,Deceiving personnel,Human risk,Target,Lending,P
414,Saffron Finance,SlowMist,,https://hacked.slowmist.io/search/,,"saffron.finance sur Twitter : ""Please be aware that a bug has caused an error redeeming from epoch 1. for everyone who has liquidity waiting to be redeemed from epoch 1. we're working on a fi now A statement will be released soon with more details Thank you for your patience as we transition into epoch 2 ??"" / Twitter",,DeFi asset mortgage platform Saffron Finance issued an announcement stating that Epoch 1 redemption errors caused by contract loopholes resulted in 50 million DAI deposits deposited by Epoch 1 being locked for 8 weeks. The team is currently working on an emergency fi to solve this problem and will transition to Epoch 2. Saffron Finance is a DeFi asset mortgage platform released by an anonymous team. The token is SFI allowing liquidity providers to select customized risk eposures to obtain returns. In each cycle users can choose different risk/return combinations (A AA S) on Saffron to provide liquidity. A cycle of 14 days (LP locks within 14 days). After the cycle ends users can remove liquidity and obtain Interest and prorated SFI.,2020-11-30 0:00,2020,50000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Lending,P
604,Blockchain.info,REKT and SlowMist,https://de.fi/rekt-database/blockchain.info,https://hacked.slowmist.io/search/,,http://tech.sina.com.cn/i/2018/02/18/doc/ifyrswmt9681885.shtml,,A hacking organization in Ukraine has stolen cryptocurrencies worth more than $50 million from the Blockchain.info by purchasing keyword advertisements related to cryptocurrencies in the Google search engine and masquerading as malicious websites of legitimate websites. REKT: Quick Summary<span style=\ >The Ukrainian hacker group Coinhoarder stole more than $50 million worth of cryptocurrency from the well/known cryptocurrency wallet Blockchain.info. according to a report by Cisco’s information security subsidiary Talos. Details of the exploit The report describes how hackers used a very simple but very dangerous technique to deceive victims. Hackers buy cryptocurrency/related keyword ads on Google’s search engine. “poison” users’ search results. and then steal assets from cryptocurrency wallets. This means that when people search for keywords such as blockchain or bitcoin wallet on Google. they will see links to malicious websites masquerading as legitimate websites.  These malicious links may be  blockchien.ino/wallet or block/clain.info . After clicking on these links. the user is taken to a landing page that mimics the real website. According to Cisco\sreport. genuine websites rank lower than malicious links in Google\ssearch engine rankings.,2018-02-18 0:00,2018,50000000,Instant user deception,Fake ads/pop ups,Imitation,Intermediary,Other systems,
499,Upbit,REKT and SlowMist,https://de.fi/rekt-database/upbit,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/upbit/hack/stolen/eth/worth/millions/on/the/move/to/unknown/wallets,,South Korean exchange Upbit 342 000 ETH worth about $50 million was stolen. The exchange's alleged theft occurred while assets were being transferred between hot and cold storage wallets  leading some to speculate that the incident may have been an internal job rather than an External breach. REKT : Quick SummaryOn November 27. 2019. 342.000 ETH was transferred from the Upbit Ethereum hot wallet to an unknown wallet. Block Data Reference<br style= >The address of the unknown wallet:  https://etherscan.io/address/0a09871aeadf4994ca12f5c0b6056bbd1d343c029,2019-11-27 0:00,2019,51200000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
14,Acala,SlowMist,,https://hacked.slowmist.io/search/,,https://medium.com/acalanetwork/updates/on/the/ausd/incident/22/august/2022/997efec98b35,, The Polkadot ecological project Acala caused an additional issuance of aUSD due to an error on the chain  allowing attackers to mint aUSD. The vulnerability caused aUSD to lose its peg to the US dollar  initially falling to $0.60 and hovering around $0.90. Acala suspended the protocol shortly after the attack and disabled the transfer of the stolen aUSD and the attackers echanging Acala tokens for some of the aUSD.,2022-08-15 0:00,2022,52000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Staking,CP
1160,mgnr,SlowMist,,https://hacked.slowmist.io/search/,,Slowmist,,Quantitative trading company mgnr has deleted all tweets and quit some groups. leaving only 0.097 Ethereum in its wallet address. The address with the domain name mgnr.eth transferred 43.6 million USDC to Coinbase on November 14. and at the same time transferred 8 million USDC and 0.1 Ethereum to the Genesis Trading address.,2022-12-19 0:00,2022,52000000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
139,Cashio,REKT and SlowMist,https://de.fi/rekt-database/cashio,https://hacked.slowmist.io/search/,,https://twitter.com/i/web/status/1506571243067224064,,The stablecoin project Cashio on Solana has been hacked. According to the preliminary analysis of the SlowMist security team  hackers illegally issued 2 billion CASH tokens by bypassing an unverified account  and converted CASH tokens into 8 646 022.04 UST  17 041 006.5 USDC and 26 340 965.68 USDT/USDC through multiple applications. LP  total profit value: 52027994.22 USD (more than 50 million USD). At present  the official announcement has been issued to allow users to suspend the use of the contract  and a temporary patch has been released to fi the vulnerability. REKT: Quick SummaryCashio protocol was exploited due to incorrect collateral validation during minting. which has led to infinite minting. Details of the exploit The validation of the LP tokens is to be deposited via the <u>saber_swap.arrow</u> (USDT/USDC LP) is incomplete. as the mint field is never validated. As a consequence. the hacker was able to deploy a bogus contract that was never verified. followed by a chain of bogus accounts that all passed validation since they were only compared to one another. In addition. in order to pass the <u>common collateral</u> verification. the hacker created a fake bank and was able to instruct the program to mint the original $CASH token because there was no check that the bank\stoken matched the one being minted. After these actions. the hacker minted 2 billion $CASH tokens. and the part of $CASH was burnt to SaberLPTokens. Then another part of the tokens was withdrawn out to $UST and $USDC. The remaining $CASH was swapped for 8.600.000 $UST and 17.000.000 $USDC. Most of the stolen funds were bridged to Ethereum address.  The hacker left the message in the transaction Account with less than 100k have been returned. All other money will be donated to charity. Block Data ReferenceThe hacker\saddress:  https://solscan.io/account/6D7fgzpPZtDB6Zqg3RwfbohzerbytB2U5pFchnVuzw Validation transaction:  https://solscan.io/t/3t1zqtKk4CgCk5ZDZMGSwdfvvWPekyQ5r8Prhk9MiR5Sw8vujCnFBncAuFCttw3ozacMRH9ud3VY5virUY2Z39y Mint transaction: https://solscan.io/t/21TKidhbocN5HRLVWRUk8W1YSQH9b6VH7biAm1ad5jwTZNrPSajz2cyorrvqtUbWUAmCb52Yqk8VYF2P6H5tP Burning to SaberLPTokens transaction:  https://solscan.io/t/4g5okypEDK9dDwcootYz86uzTm41V7WosiJETGisiG2pvNgT59djDiD2vwstQtCFF9bqSnViYJGF9Z9QrUvV  Withdraw transaction:  https://solscan.io/t/pjUgAeUfWaSSJuw2Cq1cQ9gHNWs8jkJMtHqVAMuwhg3Uk9LN9Y2obfwt6Qm8bztg56idWBMytzmqyWzvbsrwH  Ethereum address funds were sent:  https://etherscan.io/address/086766247ba3405c5f15f06b895294200809e9cfbThe message hacker left:  https://etherscan.io/t/0a8394d2e55042f84d096c72dd1075fa2648faf88e248c7992273b4d50a6a647b,2022-03-23 0:00,2022,52027994.22,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
358,Uranium Finance,REKT and SlowMist,https://de.fi/rekt-database/uranium_finance,https://hacked.slowmist.io/search/,,https://cryptopotato.com/50m/drained/from/uranium/finance/hack/or/rug/pull/,,A loophole in the BSC ecosystem Uranium Finance resulted in the theft of US$50 million in funds. Research analyst Igor Igamberdiev pointed out an error in the Pair contract in Uranium v​​2. Due to calculation errors this was used to withdraw almost all tokens. The balance of these Pair contracts has also been overstated. Igamberdiev believes that the project team made a carpet pull. REKT: Quick Summary Pair contracts in Uranium v2 had a bug due to which anyone could interact with them and withdraw almost all tokens due to a calculation error. Details of the exploit Before interacting with Uranium. the attacker sent the minimum amount of each token to pair contracts. After that. they used a low/level function <u>swap</u>() whose eecution should drain both reserves.  Stolen funds: / 34k WBNB ($18M)/ 17.9M BUSD ($17.9M)/ 1.8k ETH ($4.7M)/ 80 BTC ($4.3M)/ 26.5k DOT ($0.8M)/ 638k ADA ($0.8M)/ 5.7M USDT ($5.7M)/ 112k U92  With the help of PancakeSwap. DOT and ADA were swapped to ETH. After that. the attacker withdrew 2.438 ETH via Anyswap to Ethereum (deposited into Tornado Cash mier at  https://etherscan.io/ts?a=0c61429117038a1f13881dd7410b80771f28e06ec) and 80 BTC to Bitcoin. 1M USDT and 99k DAI (bought with USDT) went to DAI. Block Data ReferenceThe attackersaddress:  https://bscscan.com/address/02b528a28451e9853f51616f3b0f6d82af8bea6ae#tokentns The transaction behind the attack:  https://bscscan.com/t/05a504fe72ef7fc76dfeb4d979e533af4e23fe37e90b5516186d5787893c37991,2021-04-28 0:00,2021,57200000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
360,EasyFi,REKT and SlowMist,https://de.fi/rekt-database/easyfi,https://hacked.slowmist.io/search/,,(1) https://twitter.com/ChainNewscom/status/1384336818959704064. (2) https://medium.com/easify/network/easyfi/security/incident/66c02a277a91. (3) https://rekt.news/easyfi/rekt/,https://medium.com/easify-network/easyfi-security-incident-pre-post-mortem-33f2942016e9,"Ankitt Gaur  founder and CEO of Layer 2 DeFi lending protocol EasyFi (EASY)  said On April 19  team members reported that a large number of EASY tokens were transferred from the official EasyFi wallet to the Ethereum network and several unknowns on the Polygon network. Wallet. Someone may have attacked the management key or mnemonic. The hacker successfully obtained the administrator key and transferred $6 million of eisting liquid funds in the form of USD/DAI/USDT from the protocol pool  and transferred 298 Ten thousand EASY tokens (approimately 30% of the total supply of EASY tokens  currently valued at 40.9 million U.S. dollars) were transferred to the wallet of the suspected hacker (083a2EB63B6Cc296529468Afa85DbDe4A469d8B37). REKT: Quick Summary
EasyFi project's admin keys and mnemonics were stolen during the sophisticated remote attack. The hacker used keys to stole user's deposits in several protocol pools.
Details of the Exploit
The admin keys of the contract deployer were compromised by the attacker remotely. The attacker withdrew the user's deposits from the protocol pools. namely from the USDT/USDC/Matic/ETH/DAI markets. In addition. around 2.98 Million EASY were stolen from the protocol's contracts.
EasyFi smart contracts were not exploited. The hacker used renBTC and WBTC to move the funds via the dark pool to hide the traces.
Block Data Reference
The attacker's address:
https://etherscan.io/address/0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37
Transaction:
https://bloxy.info/txs/transfers_to/0x83a2eb63b6cc296529468afa85dbde4a469d8b37?currency_id=548460",2021-04-19 0:00,2021,59000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Lending,P
626,ZAIF,REKT and SlowMist,https://de.fi/rekt-database/zaif,https://hacked.slowmist.io/search/,,https://prtimes.jp/main/html/rd/p/000000093.000012906.html,,Hackers with unauthorized access to the exchange’s hot wallets had stolen roughly $60 million in bitcoin cash and MonaCoin. That being said the eact amount of bitcoin cash stolen remains unknown. REKT : Quick SummaryLicensed Japanese crypto exchange Zaif was hacked. and 59.000.000 $USD worth of assets was stolen in $BTC. $BCH and MonaCoin Details of the exploitThe licensed exchange. called Zaif. is operated by the Tech Bureau. It said on Thursday that the exchange first noticed an unusual outflow of funds on the platform around 17:00 Japan time on September 14. after which the company suspended asset deposit and withdrawal services.  Tech Bureau eplained that after further investigation. it discovered that hackers with unauthorized access to the exchangeshot wallets had stolen roughly $60 million in Bitcoin. Bitcoin Cash. and MonaCoin. That being said. the eact amount of bitcoin cash stolen remains unknown.  Tech Bureau said given the nature of the unauthorized fund access. it has filed the incident as a criminal case to local authorities for further investigation.,2018-09-14 0:00,2018,59000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
249,AnubisDAO,REKT and SlowMist,https://de.fi/rekt-database/anubisdao,https://hacked.slowmist.io/search/,,https://decrypt.co/84924/anubisdao/investors/lose/60/million/in/alleged/rug/pull,,According to Etherscan data  the OHM imitation project AnubisDAO  which was launched at Copper Launch  withdrew its liquidity pool one day after it went online. It is suspected that the volume of money went off the road. A total of more than 13 556 ETH were transferred to the address @09fc  worth about 58.3 million U.S. dollars. Jayson  the founding partner of PFR Capital  pointed out that AnubisDAO is just a Twitter account that was only registered a few days ago. There is no website  white paper  medium  and no products. REKT: Quick SummaryAnubisDAO was hacked. and 13.597 $ETH was drained before the sale round ends Details of the exploitThe project was holding fundraising using the Copper fair launch auction. AnubisDAO named itself as a fork of OlympusDAO. All deposited $ETH was withdrawn from the Balancer Vault into the EOA wallet. before a couple of hours left for the sale round finish. Block Data Reference Stealing transaction: https://etherscan.io/t/0551890a877c57cf19ddcb312c0a9962029225373daf2815f3720b723bd79b7b0 The further funds flow:  https://etherscan.io/t/096756028f67fb4a5b49f0b7bc08e8c4173c388de1a7da9debb8f3033a1777fce  https://etherscan.io/t/0002724097966061607100ad99dcb991971b864ad6efa75e4f46145d6d1c904b4 Stolen funds are holding on this address:  https://etherscan.io/address/0b1302743acf31f567e9020810523f5030942e211Copper auction:<span style=\,2021-10-29 0:00,2021,60000000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Exchange,P
845,Freeway,REKT,https://de.fi/rekt-database/freeway,,,(1) Crypto platform Freeway halts services. citing ‘unprecedented volatility’ (cointelegraph.com). (2) https://gizmodo.com/freeway/crypto/bitcoin/price/staking/gold/withdrawals/1849692235. (3) https://mobile.twitter.com/FreewayFi/status/1584213309208768514. (4) https://twitter.com/FatManTerra/status/1584247387941351424,,Quick SummaryFreeway protocol halts services due to unprecedented volatility. The names and photos of the team members were deleted from the project\sofficial website. Details of the exploitFreeway is a staking platform promising 43% annual returns. The platform provided Supercharge simulations staking and collected various types of assets including $BTC. $ETH. $BNB. and popular stablecoins from users. The project halts withdrawals citing >unprecedented volatility. The names and photos of the team members were deleted from the official website after an official announcement. The $FWT token price dropped by more than 75% in 24 hours. The team tweeted on 23rd October that the project decided to diversify assets base and the project temporarily will not buy Supercharger simulations until the project\snew strategies will be implemented. The $FWT token\smarket cap dropped from 75.000.000 to nearly 15.000.000 $USD after an incident. Estimated funds lost is roughly 60.000.000 $USD.,2022-10-23 0:00,2022,60000000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Yield,CP
103,Mining Capital Coin,REKT and SlowMist,https://de.fi/rekt-database/mining_capital_coin,https://hacked.slowmist.io/search/,,https://www.justice.gov/opa/pr/ceo/mining/capital/coin/indicted/62/million/cryptocurrency/fraud/scheme,," The Justice Department released an indictment on May 5 showing that Mining Capital Coin CEO and founder Luiz Capuci Jr. was charged with orchestrating a $62 million investment fraud. Capuci allegedly misled investors about MCC's plan  which he said would use investors funds to mine new cryptocurrencies with guaranteed returns. Instead  Capuci deposited funds into his own crypto wallet and used them to fund his own Lamborghini lifestyle  real estate and yachts. Capuci also allegedly ran a pyramid scheme of promoters  promising them lavish gifts including iPads and luury cars. REKT: Quick Summary

The founder of Mining Capital Coin committed investment fraud and mislead investors about guaranteed returns from mining coins for their funds.
Details of the Exploit
Founder and CEO of Mining Capital Coin Luiz Capuci Jr. did mislead investors about MCC's plan about mining coins and using MCC Trading Bots to generate profits but instead redirected collected funds to an independent wallet under his control. He was charged with orchestrating a 62.000.000 $USD investment fraud by U.S. Department of Justice.",2022-05-06 0:00,2022,62000000,Misappropriation of funds,Embezzlement,Market manipulation,Perpetrator,Blockchain,DLT
671,Nicehash,REKT and SlowMist,https://de.fi/rekt-database/nicehash,https://hacked.slowmist.io/search/,,(1) http://archive.is/pWTbH (2) https://www.cnbc.com/2017/12/07/bitcoin/stolen/in/hack/on/nicehash/cryptocurrency/mining/marketplace.html,,Nicehash appears to have shuttered their website with a notice saying “a security breach involving NiceHash website” and “our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen”. REKT: Quick SummaryCrypto/mining marketplace NiceHash reported about a hack on their website. 64.000.000 worth $BTC was stolen. Details of the exploitNiceHash is a Slovenia/based cryptocurrency/mining marketplace. The project confirmed that its website was breached and the payment system compromised. with the contents stored in its Bitcoin wallet stolen. The losses reportedly amount to nearly 4.700 $BTC or 64.000.000 $USD.  NiceHash posted a statement on its website addressing the incident. “Unfortunately. there has been a security breach involving the NiceHash website. We are currently investigating the nature of the incident and. as a result. we are stopping all operations for the net 24 hours.” Block Data Reference The hackersaddress:  https://www.blockchain.com/btc/address/1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq,2017-12-07 0:00,2017,64000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
260,Compound Finance,REKT and SlowMist,https://de.fi/rekt-database/compound_finance,https://hacked.slowmist.io/search/,,(1) https://rekt.news/compound/rekt/. (2) https://twitter.com/compoundfinance/status/1441097386449719301,,While the decentralized lending agreement Compound tried to fix the loopholes in the liquidity mining token distribution contract through the No. 63 or No. 64 community proposal  another COMP token worth US$68.8 million (a total of 202 472 COMP) was due to The call of the drip() function was entered into the liquidity mining token distribution contract that has existing loopholes.,2021-10-04 0:00,2021,68800000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Lending,P
1168,StakeHound,REKT and SlowMist,https://de.fi/rekt-database/stakehound,https://hacked.slowmist.io/search/,,(1) Fireblocks ETH 2.0 Key Management Incident | StakeHound. (2) https://archive.is/wgthY. (3) https://archive.is/zefFz,,"According to Calcalist the cryptocurrency company StakeHound has filed a lawsuit against the institutional security company Fireblocks claiming that ETH worth 245.5 million Israeli new shekels (approimately US$75 million) was lost due to Fireblocks mistakes. StakeHound stated that as Fireblocks deleted the key for no reason without backing up the key 38 178 ETH were lost. REKT: Quick Summary

Fireblocks company lost 75.000.000 $USD due to the negligence of the security engineer

Details of the Exploit
FireBlocks is an Israeli company that offers traditional financial institutes a seamless plug into the decentralized finance ecosystem and its customers. Cryptocurrency company StakeHound has filed a lawsuit against  Fireblocks. claiming that it lost NIS 245.5 million (approximately $75 million) worth of cryptocurrencies it was entrusted with. StakeHound claims that Fireblocks. a developer of secure cross/enterprise asset transfer infrastructure. was negligent and as a result. the funds have been lost and can not be recovered. Fireblocks has denied any wrongdoing. claiming that: ""The keys were generated by the client and stored outside the Fireblocks platform."" and that ""the customer did not store the backup with a third/party service provider per our guidelines.""",2021-06-22 0:00,2021,75000000,External factor,Exploiting operational mistake,Human risk,Target,Staking,CP
347,Venus,REKT and SlowMist,https://de.fi/rekt-database/venus,https://hacked.slowmist.io/search/,,https://quillhashteam.medium.com/200/m/venus/protocol/hack/analysis/b044af76a1ae,,On the evening of May 18  the BSC/based DeFi lending platform Venus token VS was doubled by the giant whale. After that  VS was used as collateral to borrow and transfer BTC and ETH worth hundreds of millions of dollars. Since then  the price of collateral VS is large. It fell and faced liquidation  but due to insufficient liquidity in the VS market  the system failed to liquidate in time  resulting in a huge shortfall of hundreds of millions of dollars in Venus. On the 30th  Venus officially released an article that disclosed the process and results of the incident. The survey showed that the liquidator made a profit of about 20 million U.S. dollars  and the seller made a profit of about 55 million U.S. dollars  the scalper  made a profit of about 2 million U.S. dollars  the 0ef044 address account had a net loss of about 66 million U.S. dollars. Secondly  its address attribution is based on the Swipe escrow address used on Binance  so there is no insider trading. The agreement lost approimately $77 million due to market fluctuations. VGP will recover approimately US$77 million from the distribution fund  and formulate a community recovery plan for VS holders and others in the form of airdrops from the distribution fund and agreement income. REKT : Quick SummaryThe Venus Protocol eperienced a massive liquidation event. due to market circumstances and oracle problems Details of the exploitVenus Protocol is an algorithmic/based money market system. that offers lending opportunities on Binance Smart Chain. The project eperienced a big liquidation event. In comparison. the 0ef044206db68e40520 bfa82d45419d498b4bc7bf account lost about $66 million in net loss. Liquidators earned around $20 million profit; Sellers made approimately $55 million profit. and Scalpers made approimately $2 million profit.  Due to unpredictable market fluctuations and the lack of deviation controls on oracles. the protocol lost about $77 million. Block Data ReferenceToken address: https://bscscan.com/address/0cf6bb5389c92bdda8a3747ddb454cb7a64626c63 ,2021-05-18 0:00,2021,77000000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
224,AscendEX,REKT and SlowMist,https://de.fi/rekt-database/ascendex,https://hacked.slowmist.io/search/,,(1) Crypto exchange AscendE Hacked. Losses Estimated at $77M (coindesk.com). (2) https://twitter.com/_AscendE/status/1469886844787691528?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1469886844787691528%7Ctwgr%5Ee0215bd2a18ba09cdbcf3afdf1bc7c8b32093988%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcoingeek.com%2Fascende/exchange/loses/77m/in/hack/promises/full/compensation%2F,, According to the official announcement  at 6 o’clock on December 12th  Beijing time  the internal security audit report of AscendE found that some ERC/20  BSC and Polygon tokens were abnormally transferred out of the exchange’s hot wallet  and the AscendE cold wallet was not affected by this incident. . It is estimated that Pinnacle AscendE’s losses totaled US$77.7 million (of which US$60 million was on Ethereum  US$9.2 million was on BSC  and US$8.5 million was on Polygon). REKT: Quick Summary<span style=\>AscendE platform claims that one of their hot wallet\sprivate keys was compromised and led to unauthorized transfers. The total lost amount is 77.700.000 $USD.&nbsp; Details of the exploitAscendE is a digital asset platform. that provides investing. trading. and earning opportunities.On December 11. beginning at just before 8 PM UTC. AscendE identified a number of unauthorized transfers from one of their hot wallets. Funds were drained from the hot wallet across three chains. Lost funds on Ethereum are 60.000.000 $USD worth of assets. 9.200.000 $USD on Binance Smart Chain. and 8.500.000 $USD on Polygon chain.  Stolen funds are already distributed between other External wallets. The list of the transferred out assets and their amount on Ethereum is on sources Block Data ReferenceAttacker addresses:<span style=\ > https://etherscan.io/address/02c6900b24221de2b4a45c8c89482fff96ffb7e55<span style=\> https://bscscan.com/address/02C6900b24221dE2B4A45c8c89482fFF96FFB7E55<span style=\ > https://polygonscan.com/address/02C6900b24221dE2B4A45c8c89482fFF96FFB7E55&nbsp;&nbsp; ,2021-12-11 0:00,2021,77700000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
108,Fei Protocol,REKT and SlowMist,https://de.fi/rekt-database/fei_protocol,https://hacked.slowmist.io/search/,,https://twitter.com/feiprotocol/status/1520344430242254849,,"Fei Protocol officially tweeted that it has noticed multiple exploits of Rari Capital's Fuse pool  has identified the root cause and suspended all lending to mitigate further losses. And shout that hackers  if they can return user funds  will get a bounty of 10 million US dollars. According to previous news  Fei Protocol was attacked  and the loss eceeded 28 380 ETH  about 80.34 million US dollars. The attacker's address was 06162759eDAd730152F0dF8115c698a42E666157F. The Rari Capital pool was attacked due to a classic reentrancy vulnerability. Its function eitMaket has no reentrancy protection. REKT : Quick Summary Seven of Rari's Fuse pools were drained due to re/entrancy attack. The total amount of losses is ~$80m. Rari enables the creation of so/called Fuse Pools permissionless lending pools that anyone with a wallet can access from anywhere to lend or borrow ERC/20 tokens.
The attack drained Rari's pools while Rairy's pools were unaffected. Fei Rari uses a fork of the Compound code that doesn't follow the check/effect/interaction pattern which the attacker took advantage making a re/entrancy attack via CEther which uses call.value to send ETH. Attack flow: 1) Attacker flash loaned 150m USDC and 50k WETH
2) Deposited 150m USDC as collateral into fUSDC/127 contract for loans. This contract is a fork of vulnerable smart/contract of Compound protocol.
3) The attacker borrows 1.977 ETH via borrow() function
4) As the borrow() function does not follow the check/effect/interaction pattern and transfers ETH to the attacker’s contract before updating the attacker’s borrow records.
5) As the attacker’s borrow record not updated. the attacker made a re/entrant call to exitmarket() that allows the attacker to withdraw his collateral.
The attacker repeated the following actions. repaid the flash loan. and kept the remaining profit for himself.",2022-04-30 0:00,2022,79749026,Contract vulnerability,Reentrancy,Technical vulnerability,Target,FT,CA
172,Qubit,REKT and SlowMist,https://de.fi/rekt-database/qubit,https://hacked.slowmist.io/search/,,https://medium.com/@QubitFin/protocol/exploit/report/305c34540fa3,, Qubit  the lending product of QBridge  a BSC ecological decentralized lending project  is suspected to have been hacked. The hackers minted a large amount of ETH collateral and consumed about $80 million in assets in the capital pool. According to SlowMist's analysis  the main reason for this attack is that when the recharge of ordinary tokens and native tokens are implemented separately  when transferring the tokens in the whitelist  it is not checked again whether they are 0 addresses  resulting in The operation that should be recharged through the native recharge function can successfully go through the recharge logic of ordinary tokens. REKT: Quick SummaryQubit Finance lending protocol was hacked due to smart contract vulnerability. The hacker minted $ETH tokens to steal 80.000.000 worth of $BNB Details of the exploit&nbsp;Qubit Finance is DeFi protocol for lending and borrowing on both Ethereum and Binance SmartChain. The protocol confirmed a hack on Twitter. 206.809 $BNB was stolen which was worth 80.000.000 $USD up to that time. The attack flow is below: The attacker: / funded his wallet with 0.8887725 ETH from Tornado Cash/ sent 16 deposit transactions to QBridge of Ethereum/ sent 16 <u>voteProposal</u> transactions to QBridge contract of BSC by Qubit Relayer&nbsp;/ a number of $ETH tokens were minted by 16 <u>voteProposal</u> transactions. and liquidity in Qubit was withdrawn using this as collateral.  The attacker called the QBridge deposit function on the Ethereum network. which calls the deposit function QBridgeHandler. QBridgeHandler should receive the $WETH token. which is the original <u>tokenAddress</u>. and if the person who performed the t does not have a $WETH token. the transfer should not occur.  <u>tokenAddress.safeTransferFrom</u>(depositer. address(this). amount);  In the deposit function above. <u>tokenAddress</u> is 0. so <u>safeTransferFrom</u> didn’t fail and the deposit function ended normally regardless of the amount value. Additionally. <u>tokenAddress</u> was the $WETH address before <u>depositETH</u> was added. but as <u>depositETH</u> is added. it is replaced with the zero address that is the <u>tokenAddress</u> of ETH.  In summary. the deposit function was a function that should not be used after <u>depositETH</u> was newly developed. but it remained in the contract. which allows the attacker to use this to steal the funds. Block Data ReferenceAttacker address: https://etherscan.io/address/0D01Ae1A708614948B2B5e0B7AB5be6AFA01325c7,2022-01-28 0:00,2022,80000000,Contract vulnerability,Undetermined,Technical vulnerability,Target,Lending,P
207,Rari Capital,ChainSec,,,https://chainsec.io/defi-hacks/,(1) https://www.coindesk.com/business/2022/04/30/defi/lender/rari/capitalfei/loses/80m/in/hack/ (2) https://twitter.com/BlockSecTeam/status/1520350965274386433?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1520350965274386433%7Ctwgr%5Eda017c8ceaea66e3594e28fce0b97817fc5678cf%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.coindesk.com%2Fbusiness%2F2022%2F04%2F30%2Fdefi/lender/rari/capitalfei/loses/80m/in/hack%2F (3) https://certik.medium.com/fei/protocol/incident/analysis/8527440696cc#:~:tet=Incident%20Summary.borrowing%20to%20minimize%20further%20loss.,,“Decentralized finance (DeFi) platforms Rari Capital and Fei Protocol suffered a more/than/$80 million hack early Saturday. The hacker exploited a reentrancy vulnerability in Rari’s Fuse lending protocol according to a tweet by smart contract analysis firm Block Sec.” — CoinDesk,2022-04-30 0:00,2022,80000000,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Yield,CP
398,Compound Finance,REKT and ChainSec,https://de.fi/rekt-database/compound_finance,,https://chainsec.io/defi-hacks/,(1) https://www.coindesk.com/tech/2021/09/30/defi/money/market/compound/overpays/15m/in/comp/rewards/in/possible/exploit/. (2) https://www.cbsnews.com/news/compound/crypto/89/million/dollars/funds/error/free/money/. (3) https://www.coindesk.com/tech/2021/10/01/compound/founder/says/80m/bug/presents/moral/dilemma/for/defi/users/,,“DeFi Money Market Compound Overpays Millions in COMP Rewards in Possible exploit; Founder Says $80M at Risk.” — CoinDesk. REKT: Quick SummaryCompoundsnew proposal caused a loss of 237.000 $COMP tokens due to the smart contract issue Details of the exploit Compoundsgovernance Proposal 62 changed the distribution in the Comptroller contract to liquidity suppliers and borrowers from a previous 50:50 split to new governance proposed ratios:  https://compound.finance/governance/proposals/62  However. the Comptroller contract contains a bug. causing some users to receive too much COMP. The Comptroller received tokens for distribution from the Reservoir contract at:  https://etherscan.io/t/0e76167796646eb447cf53a72f1b912ad5028e64f8c8129b1a3fb71c1379f2322  84.000.000 in $COMP tokens are at risk  Approimately 237.000 $COMP tokens are already distributed between different addresses and can be calculated as a loss at the current moment. Block Data ReferenceThe eamples of transactions that trigger the bug:  https://etherscan.io/t/0c9244e5349f49f3b74a54a882e71f1ca11ba14ed74f73bf2cd091ed8be2b0001  https://etherscan.io/t/0bc246c878326f2c128462d08a0b74048b1dbee733adde8863f569c949c06422a  https://etherscan.io/t/0d77300cd5f10d835d60aa7560ab6a140887e6f84cc76b7911e83a46293492f94  https://etherscan.io/t/0c9244e5349f49f3b74a54a882e71f1ca11ba14ed74f73bf2cd091ed8be2b0001  https://etherscan.io/t/00fefe4a123e9137e7725e07166ddd0e29e8e4a2e3f71d788c6edec6bf13b45c1  https://etherscan.io/t/0f3731f0e45a2a14fa93345453f10c793b29b707a92cb50d05a7ec5a4d280a973  https://etherscan.io/t/0b6d5122afe04a9905adc5de7f708cabc5821e65fb7d6f0bfd571d35b1ddab7f2  https://etherscan.io/t/0f4bfef1655f2092cf062c008153a5be66069b2b1fedcacbf4037c1f3cc8a9f45  https://etherscan.io/t/0ee318650ae8bcf83517e77e8654d40201990080fcb888087f737aea28e70bdb1 Comptroller contract:  https://etherscan.io/address/03d9819210a31b4961b30ef54be2aed79b9c9cd3b  Reservoir contract:  https://etherscan.io/address/02775b1c75658be0f640272ccb8c72ac986009e38  List of addresses. which claimed a huge amount of tokens:  https://twitter.com/0ngmi/status/1443442885618278407 ,2021-09-29 0:00,2021,80000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Lending,P
449,Coinbit,SlowMist,,https://hacked.slowmist.io/search/,,https://www.seoul.co.kr/news/newsView.php?id=20200826500071,, South Korea's third largest digital currency exchange  Coinbit  was seized and investigated by South Korean police. Its chairman and operator were suspected of internal transactions and manipulation of market prices. The police claimed that the company was suspected of using illegal means to earn at least 100 billion won in illegal profits (approimately 85 million US dollars)  and Coinbit was also suspected of forging more than 99% of its transaction volume.,2020-08-26 0:00,2020,85000000,Misappropriation of funds,Undetermined,Market manipulation,Perpetrator,Exchange,P
416,Compound Finance,REKT and SlowMist,https://de.fi/rekt-database/compound_finance,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/208210.html,, Compound's price feed error caused the liquidation of $90 million in assets. According to DeBank founder the huge liquidation of Compound was caused by the dramatic fluctuations in the DAI price of the oracle information source Coinbase Pro. It is a typical oracle attack to manipulate the information source that the oracle relies on to perform short/term price manipulation to achieve misleading prices on the chain. REKT: Quick SummaryTwo big liquidations occurred on Compound Protocol due to the $DAI price spike.&nbsp; Details of the exploitCompound is the lending protocol that also provides yield functionality. Around $89 million was liquidated on the protocol Compound due to the oracle issue. as far as Compoundsoracle uses Coinbase for pricing data. The price of $DAI token spiked up to $1.3 on the Coinbase Pro exchange. Since many of the loans were undercollateralized. they were liquidated. Block Data Reference $46 million liquidation transaction:  https://etherscan.io/t/053e09adb77d1e3ea593c933a85bd4472371e03da12e3fec853b5bc7fac50f3e4 Address liquidated on $17.5 million in several transactions:  https://etherscan.io/address/0b1adceddb2941033a090dd166a462fe1c2029484 ,2020-11-26 0:00,2020,89000000,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
279,Finiko,REKT and SlowMist,https://de.fi/rekt-database/finiko,https://hacked.slowmist.io/search/,,https://coingeek.com/100m/btc/ponzi/scheme/finiko/founder/arrested/in/russia/,,"The founder of one of Russia  s largest cryptocurrency scams has been in jail for allegedly defrauding US$100 million from its investors. Finiko was established in Kazan in 2019 and pretended to be a legitimate BTC investment company. In December 2020  Finiko released its native digital currency FNK. According to local reports  the founders will take BTC from investors and reward them with FNK tokens. REKT: Quick Summary

Finiko company which offers Bitcoin investment opportunities and huge return fees turns out to be a Ponzi scheme. The founders of the company were arrested. Finiko accumulated funds close to 1.500.000.000 $USD due to an investigation from Chainalysis.

Details of the Exploit
The company. named Finiko. offered lucrative investment options using a network of promoters who pulled in new users for referral fees. Investors were supposed to put in bitcoin and get the native token of Finiko in return.
About 100 people reported Finiko to the police. officials said. and the amount of claims totaled around 70 million Russian rubles. or slightly less than $1 million. The project accumulated 59.645 $BTC which is valued at more than 1.500.000.000 $USD due to an investigation from Chainalysis.",2021-08-20 0:00,2021,95000000,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,CeFi,
280,Liquid,REKT and SlowMist,https://de.fi/rekt-database/liquid,https://hacked.slowmist.io/search/,,(1) https://blog.liquid.com/warm/wallet/incident. (2) https://archive.is/ncYbK,, Liquid  a Japanese/based cryptocurrency exchange  said its hot wallet was attacked and it was transferring assets to cold wallets. It is currently investigating and has suspended its deposit and withdrawal services. REKT: Quick SummaryLiquid exchange platform announced it suffered a hack and lost over 90.000.000 $USD worth funds in $BTC. $TRX. $XRP. $ETH. and some ERC/20 tokens. Details of the ExploitLiquid is a Japanese crypto/fiat exchange platform. According to the announcement on platformsTwitter. the exchange’s hot wallets were compromised and the Liquid team proceeded to move funds to cold storage:  https://twitter.com/Liquid_Global/status/1428176357515612165  The first batch of addresses initially reported by Liquid included the following 4 crypto addresses:  BTC: 1Fx1bhbCwp5LU2gHxfRNiSHi1QSHwZLf7q (received 107 BTC); ETH: 0x5578840aae68682a9779623fa9e8714802b59946 (received around $60 million in ETH and ERC/20); XRP: rfapBqj7rUkGju7oHTwBwhEyXgwkEM4yby (received more than 11 million XRP) TRX: TSpcue3bDfZNTP1CutrRrDxRPeEvWhuXbp  The hacker deposited the stolen XRP to centralized exchanges such as Huobi or Poloniex and then changed it to BTC sent on 2 identified addresses:  12PKkwoFkXp6JtN7roWRA2gSitE6nVDds4 (92 BTC) 1JW1tcBXp1vZ6KGEirFNSXb5RgZSaL63Av (100 BTC)  The hacker is also using a mixing service and sent more than 9.000 ETH from the address 0x5578840aae68682a9779623fa9e8714802b59946 to Tornado Cash mixer. Besides. the other address reported by Liquid (0xff0f573bdf4c23e41ea3ecd82efa66828706b711). the hacker is using decentralized exchanges (DEXs) such as Uniswap to swap tokens to ETH as shown below.,2021-08-19 0:00,2021,97000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
47,Harmony,REKT and SlowMist,https://de.fi/rekt-database/harmony,https://hacked.slowmist.io/search/,,https://twitter.com/harmonyprotocol/status/1540110924400324608,https://www.bleepingcomputer.com/news/security/fbi-north-korean-hackers-stole-100-million-in-harmony-crypto-hack/. https://www.certik.com/resources/blog/2QRuMEEZAWHx0f16kz43uC-harmony-incident-analysis," Harmony Horizon bridge was hacked. According to the analysis of SlowMist MistTrack  the attackers made more than 100 million US dollars  including 11 ERC20 tokens  13 100 ETH  5 000 BNB and 640 000 BUSD. On the 26th  Harmony founder Stephen Tse said on Twitter that Horizon was attacked not because of a smart contract vulnerability  but because of a private key leak. Although Harmony stored the private keys encrypted  the attacker decrypted some of them and signed some unauthorized transactions. At present  Harmony has migrated Horizon  s verification authority on the Ethereum side to 4/5 multi/signature. REKT:  Quick Summary

Harmony's Horizon Bridge was exploited by an attacker resulting in losses of roughly $100M. The bridge was secured by multisig wallet which needed 2 out of 5 wallets to confirm transaction. The hacker gained control over 2 wallets which enabled the attacker to drain the funds of the bridge and transfer said funds to his wallet.
Details of the Exploit 
For yet unspecified reasons the attacker gained access over 2 of the 5 multisig wallets.
attacker was able to enter and confirm transactions by himself. The exploit resulted in the loss of: ETH. USDC. WBTC. USDT. DAI. BUSD. AAG. FXS. SUSHI. AAVE. WETH. and FRAX. The ONE token was not affected by this attack.
For more context. bridges in DeFi are used to enable interoperability between blockchains. Through bridges a user of DeFi may pursue opportunities in an ecosystem that is not native to the coins or tokens a user is holding. For example through Harmony's Horizon Bridge a user holding $ETH on the Ethereum network could bridge $ETH over to the Harmony blockchain receiving newly minted wrapped $1ETH on a 1:1 ratio. 
Since the funds on the bridge were seized by the attacker. the receipt was no longer backed by the collateral on a 1:1 ratio. The depreciation of the wrapped assets were felt by users in the form of massive slippages on dexes and other bridges as users tried to flee the Harmony Ecosystem.
Below a breakdown of the specific function used by the attacker.
1) The multisig owner called the submitTransaction(). then to confirm owner calls confirmTransaction() from the MultiSigWallet with the input transactionId 21106.
2) The executeTransaction() function has made an external call with input that will call the unlockEth() function in the Ethmanager contract. The input specifies the amount. recipient. and receiptId to be passed to the unlockEth() function.
3) The following steps were repeated with different ids.

",2022-06-23 0:00,2022,100000000,Undetermined,Accessing private keys/data,Undetermined,Target,Bridge,INT
65,Maiar DEX and Elrond Network,REKT and SlowMist,https://de.fi/rekt-database/maiar_dex_and_elrond_network,https://hacked.slowmist.io/search/,,https://elrond.com/blog/incident/and/recovery/report/,, The blockchain network Elrond is suspected of having a security breach  and hackers &quot obtained&quot  nearly 1.65 million $EGLD &quot out of thin air&quot  and sold it through the decentralized exchange Maiar. On June 8  Elrond founder and CEO Beniamin Mincu tweeted that the previous bug has been resolved  all funds and users are safe  and almost all stolen funds have been recovered. REKT: Quick SummaryMaiar DE was the victim of an attack by hackers who found and exploited a vulnerability in order to empty the reserves of the protocol. Due to this vulnerability. when a $WEGLD contract called a Maiar contract. it allowed Maiar to perform a token transfer in the contet of the $WEGLD contract. the calling party. Maiar DE was successfully recovered by the Elrond team. and user funds were not affected Details of the exploitThe Maiar DE protocol was attacked by hackers who took advantage of a vulnerability in the WEGLD contract to steal funds from the protocol on the Elrond network. The attacker\saccounts were created almost simultaneously and tokens in the amount of 1.959 $EGLD were sent to each of them from Binance Hot Wallet: Block Data Reference1)  https://eplorer.elrond.com/transactions/ba7bcea55911973556c0c855a912c868e76a658792b62a6688c16a14c98a01022)  https://eplorer.elrond.com/transactions/27935d8bceaee5b179bddb1dcd9683a3c227055c8ac70b4bd5f3a40a2b5f6dd13)  https://eplorer.elrond.com/transactions/73f39d3edf0cf5f0893fa3a8175f614329960572e2843f6a21f60b5e1bf778f5 After the accounts were created and smart contracts as well. they called the withdraw() function and received a total of 1.650.000 $EGLD. The most important here is the wrat_egls_callback() function. This function enables the wrapping and unwrapping of the $EGLD token. In the transaction below. it can be noticed that as the new smart contract sends a small amount of $EGLD to the wrapEgId() method and this method sends $WEDLD to the wrap_edId_callback() method of the new contract: https://eplorer.elrond.com/transactions/848b5a96bd95d3537f2bb8cfc5c1ebc5ec580e72214dd75c85be718ae0bbf3fb#4159433916247dbdbfbbf31d8a4cc8ce14a3a86e5a5f7beb1cddcf5abc59b83e Deploying the wrap_egId_callback() method. was found a call of the managedEecuteOnDestContetByCaller() method. which allows attacker to ask  the victim\scontract to send funds to any other address that the attacker indicates. which happened during the attack on Maiar DE. The Elrond team paused the work of Maiar DE. they also froze stablecoins so that the hacker would not be able to withdraw funds through the bridge to another network. Having connections with other major exchanges. they handed over a blacklist with addresses so that the fraudster would not be able to withdraw funds. The eecuteOnDestContetByCaller() function was removed to avoid a repeat attack. Then the team began to restore the liquidity pool by returning all funds and restoring the price of the token. based on the price indicated by Binance. Block Data ReferenceAttacker addresses:1)  https://eplorer.elrond.com/accounts/erd1cura2qq8skel5fsrpyysjkaw6durengtkencrezkw78y6y2zhscf854j2)  https://eplorer.elrond.com/accounts/erd1yrf9qeuqkcjeh5c4n628mags7cse4r9ra2p2ggmlgfqq3l3v6pqfu9503)  https://eplorer.elrond.com/accounts/erd16syfkds2faezhqa7pn5n8fyjkst70l5qefpmc0r960467snlgycq4ww0rt Contract addresses:1)  https://eplorer.elrond.com/accounts/erd1qqqqqqqqqqqqqpgq85hhnppjcdamledp3usgkm3lm832jekw2zhsajjztn2)  https://eplorer.elrond.com/accounts/erd1qqqqqqqqqqqqqpgqqucnpav4dguh4zf6nvd48l68k2nhyu0v6pqqntgfs3)  https://eplorer.elrond.com/accounts/erd1qqqqqqqqqqqqqpgqll7yer6v67p0s8va0h09dgv730nlergycqt2qzmp Contract deployment transaction by the attacker address (erd1...854j):  https://eplorer.elrond.com/transactions/9404479926078441d8fd8844ec4787c4c35c554628abdc7605c8084f49299352&nbsp;Contract deployment transaction by the attacker address (erd1...u950):  https://eplorer.elrond.com/transactions/39c7aebfe5ebbe4bcc285ef5cc99869486705afa4ce94071c5aafc6124864fb7Contract deployment transaction by the attacker address (erd1...ww0rt):  https://eplorer.elrond.com/accounts/erd1qqqqqqqqqqqqqpgqll7yer6v67p0s8va0h09dgv730nlergycqt2qzmp Transactions of theft of funds from the Maiar DE:400k EGLD:  https://eplorer.elrond.com/transactions/8b8c332577e5b8bdd4e13450ea92b7c6b0ca15399f1f0bb38fc215cfc3ddb490450k EGLD:  https://eplorer.elrond.com/transactions/39998ab5c929fa67e95d0c64081697fc4207235dbfeaaff10fb2704a6c7716b6800k EGLD:  https://eplorer.elrond.com/transactions/41effd8536376f3a2edba7074c02776edae94bb5b464485ac414847202eebbe2 Recovered funds were send to one of Elrond addresses:  https://eplorer.elrond.com/accounts/erd1pml9k2tsqsnvtmmalglt2su0sn3cguvr8e8jq0gy69zw2ldcej2qapml9a,2022-06-05 0:00,2022,113000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
707,Mango Markets,REKT,https://de.fi/rekt-database/mango_markets,,,(1) Explained: The Mango Markets and Attempted Aave Hacks (October 2022) (halborn.com). (2) https://archive.is/6UYb0. (3) https://archive.is/3MkbT. (4) https://archive.is/zFCFp,,Quick SummaryThe Mango Markets exchange was exploited by market manipulation. The attacker profited from the total amount of 116.000.000 $USD. Details of the exploitMango Markets is a DeFi exchange on the Solana chain. The attacker used two addresses to pump the $MNGO price and used the tokens to take a loan of 116.000.000 $USD from various pools. From the first address. the attacker bought $MNGO tokens for 5.000.000 $USDC and created opened position. From the second address. the same amount of the tokens have been bought and a long position opened for hedging purposes. Consequently. the attacker was able to pump the token price due to little liquidity in the pool. After the accident. the Exploiter opened a proposal on MangoDAO for returning the usersdeposit funds for immunity. turning Mango users against the DE. Thatsalso interesting that the attackersaddress was funded by an FT address. Block Data ReferenceAttacker address: https://solscan.io/account/yUJw9a2PyoqKkH47i4yEGf4WomSHMiK7Lp29s2NqM,2022-11-10 0:00,2022,116000000,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Exchange,P
231,BadgerDAO,REKT and SlowMist,https://de.fi/rekt-database/badgerdao,https://hacked.slowmist.io/search/,,https://badger.com/technical/post/mortem,,The decentralized organization Badger DAO was attacked by hackers  and user assets were transferred without authorization. According to the developer's initial inventory of damaged assets  136 000 bcvCRV  64 000 bveCV  38 ibBTC/sBTC  13 bibBTC/sBTC  and 19 DIGG have been lost in this incident.,2021-12-02 0:00,2021,120000000,Instant user deception,Undetermined,Imitation,Intermediary,Yield,
438,Arbistar,SlowMist,,https://hacked.slowmist.io/search/,,https://news.bitcoin.com/national-court-of-spain-takes-the-investigation-of-the-alleged-ponzi-crypto-scheme-arbistar/,, According to Spanish prosecutors  they are investigating Arbistar  s alleged manipulation of a Bitcoin trading scam. The disappearance of investor funds has affected 32 000 households who cannot use their savings invested in Bitcoin trading platform Arbistar. Earlier  it was reported that crypto company Arbistar announced that it would close a trading tool called Community Bot. The operator said that all funds on the platform are currently frozen and prevent users from withdrawing funds. Allegedly  the amount stolen may eceed 100 million euros (120 million U.S. dollars)  which may be the largest scam in Spain related to cryptocurrencies.,2020-09-16 0:00,2020,120000000,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,CeFi,
250,Cream Finance,REKT and SlowMist,https://de.fi/rekt-database/cream_finance,https://hacked.slowmist.io/search/,,https://medium.com/cream/finance/post/mortem/exploit/oct/27/507b12bb6f8e,,Cream Finance  the DeFi lending agreement  was attacked and lost approimately US$130 million. The stolen funds were mainly Cream LP tokens and other ERC/20 tokens. It is reported that this is the third largest DeFi hacking in history (although the two larger hacking incidents have funds returned)  in addition  Cream Finance has suffered multiple lightning loan attacks before  and lost 37.5 million US dollars in February. Another $19 million was lost. REKT: Quick SummaryThe flash loan attack happened on CreamFinance for the third time. Funds were stolen for a total of 130.000.000 $USD. Details of the exploit The attacker: / borrowed $500m DAI from Maker/ deposited to yDAI into yUSD Curve pool (yDAI/yUSDC/yUSDT/yTUSD)/ deposited $500m yUSD into yUSD Yean Vault / minted $500m cryUSD by depositing minted yUSD Yearn Vault into Cream Finance/ flash borrowed $2b ETH using contract/ minted cETHER by depositing $2b ETH into Cream Finance/ borrowed $500m yUSD Yean Vault by using the $2b ETH as collateral/ minted $500m cryUSD by depositing the $500m yUSD Yean Vault back in Cream Finance/ transferred $500m cryUSD to his address. balance: $1b cryUSD/ borrowed $500m yUSD Yearn Vault by using the $2b ETH collateral/ minted $500m cryUSD by depositing the $500m yUSD Yearn Vault back in Cream Finance/ transferred $500m cryUSD to his address. balance: $1.5b cryUSD/ borrowed $500m yUSD Yearn Vault. debt $1.5b against a $2b collateral/ transferred $500m yUSD Yearn Vault to his address. balance: $1.5b cryUSD and $500m yUSD Yearn Vault/ bought $3m DUSD from Curve/ burnt $3m DUSD for the underlying yUSD Yearn Vault collateral. balance: $1.5b cryUSD and $503m yUSD Yearn Vault/ burnt $503m yUSD Yearn Vault shares for the underlying yUSD tokens. the total supply of yUSD Yearn Vault reduced to $8m/ transferred $8m yUSD to yUSD Yearn Vault. The yUSD balance becomes $16m while the total supply remains $8m. The price of yUSDVault share becomes $2/ contract\sdebt increased to $3b against $2b collateral / using $3b of cryUSD collateral on his balance. borrowed $2b ETH/ balance: $2b ETH. $500m yUSD. and $1b in Cream collateral ($3b cryUSD collateral minus $2b ETH debt)/ ETH and yUSD were used to pay back the flash loans and utilize the remaining $1b collateral to drain tokens from Cream Finance  When retrieving the share price of the yUSD pool. Cream\slending pool uses its pricePerShare interface directly. and this interface is supplemented by the contract\scollateral balance and the amount of collateral assets in the strategy pool. To calculate the price of a single share. divide the total number of shares by the number of shares outstanding. As a result. by simply moving the collateral to yUSD. the user can easily increase the price of a single share. allowing the collateral in the Cream loan pool to lend more funds. Block Data ReferenceThe attacker\saddresses: https://etherscan.io/address/024354d31bc9d90f62fe5f2454709c32049cf866b<span style=\> https://etherscan.io/address/0921760e71fb58dcc8de902ce81453e9e3d7fe253<br\>Attacker contract address:  https://etherscan.io/address/0961d2b694d9097f35cfffa363ef98823928a330d The transaction under the attack:  https://etherscan.io/t/00fe2542079644e107cbf13690eb9c2c65963ccb79089ff96bfaf8dced2331c92,2021-10-27 0:00,2021,130000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Exchange,P
678,Boy X Highspeed,REKT,https://de.fi/rekt-database/boy_x_highspeed,,,(1) $139M BH exchange Hack Was the Result of Leaked Admin Key (yahoo.com). (2) https://twitter.com/peckshield/status/1455095236707774469. (2) https://twitter.com/BH_Blockchain/status/1454366374353010695. (3) https://twitter.com/peckshield/status/1455095236707774469,,,2021-10-30 0:00,2021,139000000,Internal theft,Unauthorized use of private key,Human risk,Target,Yield,CP
246,SQUID,REKT and SlowMist,https://de.fi/rekt-database/squid,https://hacked.slowmist.io/search/,,Squid Game crypto coin collapses after apparent rug pull scam / The Washington Post,,According to reports  the BSC project SQUID  which has the same name as the popular Korean drama &quot Squid Game&quot   is suspected of running off or being attacked  with an estimated loss of 12 million USDT. According to the data  the official website of the project party cannot be opened at present  all the tokens in the current Pancake pledge pool have been transferred to the address: 071D934Aa2119CA3995F702f075d540f7A6b0f728 through two transactions. The hash value of one of the transactions on the BSC is: 0f7c9d0e5a81999f9e06fe78df7ce41da112d8bd4f2da7b16cfdbbe46c92cb6af. The address for initiating the token withdrawal transaction is 0614826D885FF973324a5C3f43369d7C413a88aea. In addition  traders from the address 01f5eabba9c56bca4a7828969b79bc87051125b31 sold SQUID tokens to transfer the BNB in ​​the trading pair in Pancake to: 071D934Aa2119CA3995F702f075d540f7A6b0f728. The source of the initial gas required for the above transactions comes from the currency miing application Tornado.Cash. REKT : Quick Summary  The Squid game project has been rug pulled by its team by way of blacklisting users from selling the $SQUID token. Investors were collectively alleviated of appro. $ 5.7 million. Details of the exploit&nbsp;The Squid game project was inspired by the hit Netfli show and promised to be a play to earn game. hereby resembling the actions in the series. The hype surrounding the Netfli show combined with the increased interest in crypto due to the bull market incentivized big news outlets such as BBC and CNBC to write about the rapid surge in price of the new $SQUID token. Retailers around the world pushed the price from $0.01 to $2.861 in little over a week. CoinMarketCap published a warning concerning this project from the start as early investors reported that the sell of the token on pancake swap was not possible. A look at the smart contract revealed that all 3 contracts: SQUID. Marbles. and MasterChef were upgradable. Meaning the contract deployer would change the mechanisms of the project at will. For eample a new MasterChef made it possible for the 071 EOA to withdraw all tokens from the MasterChef contract at the following transaction:  https://bscscan.com/t/0f7c9d0e5a81999f9e06fe78df7ce41da112d8bd4f2da7b16cfdbbe46c92cb6afThe Squid game project boasted two token. The $Marbels token was required in order to be eligible to sell $SQUID on the open market. $Marbles were not tradable on the market and could only be obtained by participating in the game with an entrance fee of $SQUID 456. Meaning at the all time high price of the SQUID token a withdrawal would have costed at least $1.3 million.The contract deployer also blacklisted all users that did not hold Marble\stoken to prevent from selling SQUID in this transaction,2021-11-01 0:00,2021,139195315,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,Dapp,P
247,BXH,REKT and SlowMist,https://de.fi/rekt-database/bxh,https://hacked.slowmist.io/search/,,https://twitter.com/BH_Blockchain/status/1454366374353010695,https://www.coindesk.com/tech/2021/11/01/139m-bxh-exchange-hack-was-the-result-of-leaked-admin-key/,The decentralized transaction protocol BXH tweeted that the assets of the protocol on the Binance Smart Chain (BSC) chain were hacked.,2021-10-30 0:00,2021,139195315,Undetermined,Accessing private keys/data,Undetermined,Target,Exchange,P
222,Vulcan forged,REKT and SlowMist,https://de.fi/rekt-database/vulcan_forged,https://hacked.slowmist.io/search/,,https://rekt.news/zh/vulcan/forged/rekt/,,Chain game project Vulcan Forged officially tweeted that 148 wallets holding PYR were hacked  and more than 4.5 million PYR had been stolen. It then stated: Most of the PYR has been returned from the treasury to the affected wallets. REKT : Quick SummaryVulcan Forged project was exploited. and the private keys of 96 wallets were stolen with the assets of total worth 140.000.000 $USD Details of the exploitVulcan Forged creates wallets on behalf of its users and stores private keys on their own side. As a result. the leak of access to the private keys has affected 96 wallets and based on the token price during the hack. victims suffered a $140m total loss. Assets including ETH and MATIC have also been taken out.  96 transactions. where the hacker steals PYR token:  https://eplorer.bitquery.io/matic/ts/transfers?receiver=048ad05a3b73c9e7fac5918857687d6a11d2c73b1&amp;currency=0348e62131fce2f4e0d5ead3fe1719bc039b380a9  Transactions. where PYR token was exchanged for MATIC. which later was distributed between External wallets:  https://eplorer.bitquery.io/matic/ts/transfers?receiver=048ad05a3b73c9e7fac5918857687d6a11d2c73b1&amp;currency=MATIC  Selling on Ethereum:  https://bloy.info/ts/calls_from/048ad05a3b73c9e7fac5918857687d6a11d2c73b1?signature_id=1493863&amp;smart_contract_address_bin=01111111254fb6c44bac0bed2854e76f90643097d   https://bloy.info/ts/calls_from/048ad05a3b73c9e7fac5918857687d6a11d2c73b1?signature_id=1493862&amp;smart_contract_address_bin=01111111254fb6c44bac0bed2854e76f90643097d  Part of the stolen funds was distributed between different External wallets as well as the other one was sold on Uniswap and QuickSwap. Block Data Reference<span style=\  >Attacker address on Polygon:  https://polygonscan.com/address/048ad05a3b73c9e7fac5918857687d6a11d2c73b1Attacker address on Ethereum:  https://etherscan.io/address/048ad05a3b73c9e7fac5918857687d6a11d2c73b1 2.000.000 PYR tokens are still held on this wallet:  https://etherscan.io/address/0e3cd90be37a79d9da86b5e14e2f6042cd0e53b66#tokentns,2021-12-13 0:00,2021,140000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Dapp,P
610,SmartMesh,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://dailyhodl.com/2018/04/25/ethereum/smart/contract/bug/updates/from/smartmesh/enigma/polonie/and/hitbtc/ (2) https://smartmesh.io/2018/04/25/smartmesh/announcement/on/ethereum/smart/contract/overflow/vulnerability/,,SmartMesh has a significant security like BEC.,2018-04-25 0:00,2018,140000000,Contract vulnerability,Integer overflow,Technical vulnerability,Target,FT,CA
577,QuadrigaCX,REKT and SlowMist,https://de.fi/rekt-database/quadrigacx,https://hacked.slowmist.io/search/,,(1) https://www.cbc.ca/news/business/quadrigac/cryptocurrency/1.5005236 (2) https://www.osc.ca/quadrigacreport/inde.html#eecutive/summary,,Canada s largest cryptocurrency exchange is seeking creditor protection after losing about $190 million worth of cryptocurrency after the sudden death of its founder and chief executive in December. REKT : Quick SummaryQuadrigaCS owes its customers approimately 190.000.000 $USD. Details of the exploitAccording to a court petition. the troubled Canadian crypto exchange QuadrigaC owes its clients $190 million and is unable to access the majority of the assets.  Jennifer Robertson. the widow of QuadrigaC founder Gerald Cotten. stated in a signed document filed Jan. 31 with the Nova Scotia Supreme Court that the exchange owes its clients around $250 million CAD ($190 million) in both bitcoin and cash. The firm previously declared on its website that it had filed for creditor protection. but the document itself reveals further information about its plight.  According to the petition. there were around 115.000 individuals with balances signed up on the exchange as of January 31. 2019. with $70 million CAD in fiat and $180 million CAD in crypto owing altogether.  Cotten reportedly died of Crohn’s disease in Jaipur. India in early December 2018. The exchange announced his death earlier this month. A death certificate was included in the list of ehibits. The founder seemingly had sole control or knowledge of Quadriga’s cold storage solution. Robertson wrote that after his death. “Quadriga’s inventory of cryptocurrency has become unavailable and some of it may be lost.”,,2019,147000000,Misappropriation of funds,Embezzlement,Market manipulation,Perpetrator,CeFi,
669,Control/Finance,REKT and SlowMist,https://de.fi/rekt-database/control/finance,https://hacked.slowmist.io/search/,,https://financefeeds.com/cftc/launches/action/uk/based/crypto/scheme/control/finance/,,On June 18 2019 the US Commodity Futures Trading Commission (CFTC) announced it had initiated a civil enforcement action against a now/defunct cryptocurrency trading and investment company for misappropriating $147 million worth of Bitcoin. The Complaint charges the defendants—Control/Finance Limited and its principal Benjamin Reynolds—with exploiting public enthusiasm for crypto assets by fraudulently obtaining and misappropriating at least 22 858.822 Bitcoin from more than 1 000 customers through a classic (HYIP) Ponzi scheme called the Control/Finance Affiliate Program. REKT: Quick SummaryA massive Ponzi scheme was revealed on the Bitcoin chain. Control Finance was fraudulently promoted as a cryptocurrency investment company. Details of the exploitThe regulator filed an enforcement action complaint against the United Kingdom/based company and its director for “fraudulently obtaining and misappropriating” at least 22.858.822 &nbsp;Bitcoin. then worth $147 million. Per the complaint. the scam has victimized over 1.000 customers.  The allegedly fraudulent entity claimed that the investors would receive daily trading profits of 1.5 percent and up to 45 percent in monthly profits. It also claimed to have used risk diversification methods to protect customers’ Bitcoin deposits.  However. the US regulator found out that the company did not make a single trade with the collected funds. To deceive the victims. it projected fake balances on their accounts and also published reports with false data.,2017-01-05 0:00,2017,147000000,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,CeFi,
433,Kucoin,REKT and SlowMist,https://de.fi/rekt-database/kucoin,https://hacked.slowmist.io/search/,,(1) https://www.zdnet.com/article/kucoin/cryptocurrency/exchange/hacked/for/150/million/. (2) https://web.archive.org/web/20220526165208/https://twitter.com/lyu_johnny/status/1326465021346373632. (3) https://web.archive.org/web/20220803201811/https://blog.chainalysis.com/reports/kucoin/hack/2020/defi/uniswap/,," KuCoin exchange issued an announcement stating that KuCoin detected large withdrawals of Bitcoin and ERC/20 tokens in multiple hot wallets in the early morning of the 26th  and the deposit and withdrawal services have been suspended. KuCoin stated that the total amount involved in the KuCoin platform accounts for a relatively low proportion of the total funds held on the KuCoin platform  and the assets in the KuCoin cold wallet are not affected. At the same time  KuCoin has redeployed the hot wallet for the first time. KuCoin officially stated that if any user suffers losses in this incident  KuCoin and its insurance fund will be fully borne by KuCoin. KuCoin has now started a comprehensive internal security review. During this period  the deposit and withdrawal services will be suspended. The specific opening time will be Further notice. Kucoin said it will announce more details as soon as possible. As previously reported  starting at 2:49 am Beijing time on September 26  Etherscan marked the address of the cryptocurrency exchange KuCoin to transfer a large number of tokens  including MKR  USDT  OCEN  etc.  to a new address beginning with 0eb31973e0f. Including 11 486 Ethereum  19 788 586 USDT  525 405 Gladius (GLA)  77 874 Hawala (HAT)  21 660 274 Ocean Token (OCEAN)  8 893 428 Chroma (CHR)  30 452 178 Ampleforth Network (AMPL)  198 678 Ankr (ANKR) etc. REKT: Quick Summary 

Hackers managed to obtain the private keys to KuCoin's hot wallets and drain the exchange for various crypto assets in the amount of $280 million. 
Details of the Exploit
This case lacks information with regard to the methodology hackers utilized in order to gain access to KuCoin's hot wallets. The hot wallet affected were designated for Bitcoin. Ethereum. and ERC/20 tokens.
Stolen funds included:
/ 1.008 BTC ($10.758.404.86)
/ 11.543 ETH ($4.030.957.90)
/ 19.834.042 USDT/ETH ($19.834.042.14)
/ 18.495.798 XRP ($4.254.547.54)
/ 26.733 LTC ($1.238.539.89)
/ 999.160 USDT ($999.160)
/ $147M worth of ERC/20 tokens
/ $87M of Stellar tokens
In an attempt to launder the ill/gotten funds. the attackers proceeded to use a mixture of DeFi protocols such as Kyber and Uniswap.
The CEO of KuCoin claims that through a mixture of on/chain analyses. judicial recovery. as well as contract upgrades. 84% of the stolen funds. had been recovered. The remaining losses were covered by KuCoin's own capital and insurance fund.",2020-09-26 0:00,2020,150000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
717,Parity,REKT,https://de.fi/rekt-database/parity,,,(1) Parity Hack: How It Happened. And Its Aftermath | by Christopher Durr | Solidified | Medium. (2) https://github.com/openethereum/parity/ethereum/issues/6995,,Quick Summary513.000 $ETH has been locked and maintained unreachable on Parity contracts after the user accidentally killed it. Details of the exploitOn November 6th. 2017. Github user devops199 posted the following statement under the Github issues section of the Parity Multi/Sig Library: “I accidentally killed it”: https://github.com/openethereum/parity/ethereum/issues/6995 Just moments earlier. devops199 exploited a vulnerability within the smart/contract library code. blocking funds in 587 wallets holding a total of 513.774.16 Ether as well as various other tokens. On November 6th. the transaction was sent to WalletLibrary. which called the <u>initWallet</u> method: https://etherscan.io/t/005f71e1b2cb4f03e547739db15d080fd30c989eda04d37ce6264c5686e0722c9 This transaction ended up making the 0ae7168deb525862f4fee37d987a971b385b96952 the sole owner. The transaction. which called the <u>kill</u> method of <u>WalletLibrary</u> with 0ae7168deb525862f4fee37d987a971b385b96952 as the beneficiary address: https://etherscan.io/t/047f7cff7a5e671884629c93b368cb18f58a993f4b19c2a53a8662e3f1482f690 Approimately 30 minutes later. Devops199 created Parity issue #6995 to document what had just occurred: https://github.com/openethereum/parity/ethereum/issues/6995 Devops199 posted a link to the issue in the Parity gitter channel. asking “Is this serious issue?” He then followed up by asking “Will I get arrested for this?”. It seemed as though Devops199 failed to understand the consequences of what he had done. by stating “I’m eth newbie..just learning”. About three hours later. Parity released a warning on Twitter: https://twitter.com/ParityTech/status/927850992145719296,2017-06-11 0:00,2017,155000000,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Other systems,
532,TokenStore,REKT and SlowMist,https://de.fi/rekt-database/tokenstore,https://hacked.slowmist.io/search/,,Runaway exchanges Now Moving Ethereum Allegedly Stolen from Customers. $375.852 Lands on Bittre (newslogical.com),,The TokenStore wallet was eposed as a runaway which swept away billions of investors money involving BTC RP ETH and other mainstream currencies. REKT : Quick SummaryThe team working on the Token.Store wallet decided to close and leave with the users\funds. taking $160 million.  Details of the exploitToken.Store is a decentralized cryptocurrency exchange launched in July 2017.Token.Store meant itself as a centralized exchanger like Binance. F. with a good development team. user data protection and conscientious owners. In practice. it turned out to be a scam project that at some point ran away from its users. investors. while taking a billion $CNY including $BTC. $RP. $ETH and other currencies.,2019-06-11 0:00,2019,160000000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Other systems,
1044,Wintermute,REKT,https://de.fi/rekt-database/wintermute,,,(1) https://halborn.com/eplained-the-wintermute-hack-september-2022/ (2) https://decrypt.co/110131/algorithmic-market-maker-wintermute-hacked-for-160m,,Quick SummaryWintermute\sDeFi operations have been exploited for $160m in total according to the company\sCEO. Details of the exploitWintermute is an algorithmic market maker that provides liquidity across CeFi and DeFi exchanges as well as over-the-counter deals. Wintermute\sCEO announced on the morning of the 20th of September that its DeFi operations had been hacked. CeFi and OTC services have not been affected. The company claims to be solvent despite $160m in assets taken and further states that 90 different assets were affected. Most of the assets taken were worth under $2.5m and therefore the markets should not be shaken by major sell-offs.It appears that Wintermute had suffered a brute force private key compromise. The company used Profanity\sservices for generating vanity addresses. The private keys were generated in such a way that through using enough computing power every possible combination could be tried through until the code was hacked.<span style=\>Several EOA addresses and two smart contracts have been used to attack the platform.&nbsp;The attacker gained power over Wintermute\swallet and repeatedly used a privileged function to transfer funds from the Wintermute wallet to his malicious smart contracts which then transferred the funds to the attackers EOA address. where the assets are sitting at the moment. Block Data ReferenceAttacker EOA address: https://etherscan.io/address/0e74b28c2eAe8679e3cCc3a94d5d0dE83CCB84705Attacker smart contracts: https://etherscan.io/address/000000000ae347930bd1e7b0f35588b92280f9e75 https://etherscan.io/address/00248f752802b2cfb4373cc0c3bc3964429385c26 Transfer transactions: https://etherscan.io/t/0edd31e2a949b7957a786d44b071dbe1bc5abd5c57e269edb9ec2bf1af30e9ec4 https://etherscan.io/t/0c253450fc3e0e124224aef2936c13b371a86056e82e778113fc3ce8800bbe876,2022-09-20 0:00,2022,160000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
452,Value DeFi,REKT and SlowMist,https://de.fi/rekt-database/value_defi,https://hacked.slowmist.io/search/,,https://valuedefi.medium.com/yfv/update/staking/pool/exploit/713cb353ff7d,, The DeFi project YFValue (YFV) officially released an announcement stating that the team found a loophole in the YFV pledge pool yesterday  and malicious participants used the vulnerability to reset the YFV timer in the pledge separately. There is a risk of being locked in $170 million in funds. Currently  a malicious participant is trying to blackmail the team using this vulnerability.,2020-08-24 0:00,2020,170000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Exchange,P
603,BitGrail,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://coinmarketcap.com/aleandria/article/bitgrail/hack/one/of/the/largest/crypto/hacks/in/history (2) https://techcrunch.com/2018/02/12/bitgrail/hack/nano/,,BitGrail claims that $195 million of customers have stolen cryptocurrencies in Nano (RB).,2018-02-08 0:00,2018,170000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
121,Beanstalk,REKT and SlowMist and ChainSec,https://de.fi/rekt-database/beanstalk,https://hacked.slowmist.io/search/,https://chainsec.io/defi-hacks/,(1) https://twitter.com/BlockSecTeam/status/1515683983836979201. (2) https://cointelegraph.com/news/beanstalk/farms/loses/182m/in/defi/governance/exploit (3) https://twitter.com/peckshield/status/1515680335769456640,,The protocol loss caused by the flash loan attack of Ethereum/based algorithm stablecoin project Beanstalk Farms is about 182 million US dollars. The specific assets include 79238241 BEAN3CRV/f  1637956 BEANLUSD/f  36084584 BEAN and 0.54 UNI/V2_WETH_BEAN . The attackers made over $80 million  including about 24 830 ETH and 36 million BEAN. The main reason for this attack is that there is no time interval between the voting and eecution of the proposal  so that the attacker can directly execute malicious proposals without community review after completing the voting.                                          Cryptosec: “Credit/based stablecoin protocol Beanstalk Farms lost all of its $182 million collateral from a security breach caused by two sinister governance proposals and a flash loan attack.” — CointelegraphREKT: Quick Summary&nbsp;A flash loan attack was occurred on Beanstalk Governance resulting in a theft of $77M. Details of the exploitThe attacker was initially funded through Synapse bridge at:  https://etherscan.io/t/01fb73ec5ed8c25b9ca7c9c3c465ab4bbca8554927094f939d96600271475e101  Since the $BEAN contract’s governance actions have 1 day of delay. the attacker prepared the governance proposal in advance. Proposal #18 takes the whole contract’s value. while Proposal #19 transfers $250k to the Ukraine donation address. BIP18 is the name of this Ukraine proposal (instead of BIP19)  BIP18 proposal transaction:  https://etherscan.io/t/03cb358d40647e178ee5be25c2e16726b90ff2c17d34b64e013d8cf1c2c358967  The attacker’s contract that was used to perform a flash loan:  https://etherscan.io/address/01c5dcdd006ea78a7e4783f9e6021c32935a10fb4  The transaction behind the flash loan:  https://etherscan.io/t/0cd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7  The flash loan was used to get: / 350m DAI. 500m USDC and 150m USDT from Aave; / 32m BEAN from Uniswap; / 11.6M LUSD from SushiSwap.  These tokens were used to supplement the liquidity in Curve pools with BEAN for governance voting.  At first. the attacker minted 3CRV using DAI. USDC. and USDT. After. he generated the token BEAN3CRV/f using BEANS. This was followed by a deposit of 32 million $BEAN tokens and 25 million $LUSD into yet another contract to create a new token named BEAN3LUSD/f.  BEAN3CRV/f and BEAN3LUSD/f may be transformed straight into Seeds (a special type of asset called which acts like voting power in the system). providing the attacker with sufficient voting power. In reality. the attacker was able to manage more than 70% of the total number of Seeds thanks to the flash loan and $BEAN  The BIP18 triggers the eecution of the designed code with the governance privilege to drain the pool fund:  https://etherscan.io/t/068cdec0ac76454c3b0f7af0b8a3895db00adf6daaf3b50a99716858c4fa54c  During the attack transaction. 250.000 USDC was donated to the Ukraine Crypto Donation address.  $181 million was drained from Beanstalk. but the attacker only kept $76M. which were swapped on Ether and deposited into Tornado Cash mier in a bunch of transactions:  https://bloy.info/ts/transfers_from/01c5dcdd006ea78a7e4783f9e6021c32935a10fb4?currency_id=1,2022-04-17 0:00,2022,181000000,Decentralization issue,Vote manipulation,Technical vulnerability,Target,FT,CA
22,Nomad,REKT and SlowMist,https://de.fi/rekt-database/nomad,https://hacked.slowmist.io/search/,,Slow Fog: Cross/Chain Interoperability Protocol Nomad Bridge Attack Incident Brief Analysis_Blockchain News_Gyro Technology (tuoluo.cn),,The cross/chain interoperability protocol Nomad bridge was attacked by hackers. This attack was caused by the fact that the trusted root of the Nomad bridge Replica contract was set to 00 during initialization  and the old root was not invalidated when the trusted root was modified. As a result  the attack could be Construct an arbitrary message to steal funds from the bridge. White hat hackers have returned $25.4 million to date. REKT: Quick Summary The Nomad bridge was exploited for apro. $190 million by what has to be declared as Web3`s first crowd/looting  event.  Details of the exploit  data/v/51e0c2ec=  >The Nomad bridge is an interoperability protocol that connects five different blockchains. namely Avalanche. Ethereum. Evmos. Milkomeda C1 and Moonbeam. The initial attack appears to have taken place with this transaction. where 100 (WBTC) were extracted from the protocol;  https://etherscan.io/t/061497a1a8a8659a06358e130ea590e1eed8956edbd99dbb2048cfb46850a8f17. This hack was made possible by an operational error incurred by the team. which had been found and commented upon in an audit report made by Quantstamp. Essentially. at the initialization of the contract the  function checks messages for an acceptable merkle root. The team accidentally marked the zero root (000) as acceptable. This error enabled every message to be auto/proven by default. Essentially. the attacker was able to process transactions without any proving by calling the function .This information spread within the community and all that was needed to participate in the looting of the protocol was finding a transaction that worked and copy/pasting the transaction with the wallet of desire at the receiving end. This is the reason why tokens were predominantly etracted in the eact same denomination. The initial attack was followed by hundreds of EOA`s etracting assets such as $WBTC. $FS. $C3. $DAI. $USDC from the bridge. Amongst the looters were reputable hackers from other exploits such as the Rari Capital Exploiter as well as White hat hackers who intend to return the funds. As the time of this writing appro. $32 million have been returned to the Nomad Recovery Funds Address  https://etherscan.io/address/094A84433101A10aEda762968f6995c574D1bF154 by white hat hackers and cooperating culprits.  Block Data ReferenceAttacker address:  https://etherscan.io/address/056d8b635a7c88fd1104d23d632af40c1c3aac4e3Attacker contract address:  https://etherscan.io/address/0f57113d8f6ff35747737f026fe0b37d4d7f42777Attack transactions:&nbsp;<span style=\  >1)  https://etherscan.io/t/061497a1a8a8659a06358e130ea590e1eed8956edbd99dbb2048cfb46850a8f172)  https://etherscan.io/t/029b67e0701ddd910ff6a069aa039015eb78b1ee6d99ad8da5d0ef63916f3fd573)  https://etherscan.io/t/0df6bef0d8dee8b44863ac61092a711b877dcfe3d61da93d7289e0c6285af1b454)  https://etherscan.io/t/03dbed4a1ebb2289273370ce0ef10302882927abe946299cf2ca3073f1a3dcdd9 Nomad ERC20 Bridge:  https://etherscan.io/address/088a69b4e698a4b090df6cf5bd7b2d47325ad30a3 Nomad Recovery Funds Address: https://etherscan.io/address/094A84433101A10aEda762968f6995c574D1bF154,2022-08-02 0:00,2022,190000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
229,BitMart,REKT and SlowMist,https://de.fi/rekt-database/bitmart,https://hacked.slowmist.io/search/,,https://twitter.com/sheldonbitmart/status/1467316252855226368,, BitMart founder and CEO Sheldon ia tweeted to admit that a large/scale security breach occurred on the platform  and hackers were able to etract assets worth about US$150 million. The affected ETH hot wallet and BSC hot wallet carry a small amount of assets on BitMart  and the other wallets are safe and undamaged. REKT: Quick SummaryThe BitMart exchange became a victim of a hack attended of $196 million in losses. The hack was first confirmed by a third/party security firm PeckShield. Details of the exploitBitMart is a global cryptocurrency exchange that allows users in 180+ countries to buy and sell over 1.000 digital currencies and tokens.BitMart faced a serious problem with the security of its assets. which led to etraordinary losses for the company. PeckSield noticed a suspicious transaction of $10 million to a hot wallet that was refferred to as a BitMart Hacker . The attack was carried out in two networks BSC / $96 million. Ethereum / $100 million.&nbsp;Unfortunately the scammers could not be identified as the investigation is still ongoing Block Data ReferenceThe attackersaddresses: / Ethereum: &nbsp; 1)  https://etherscan.io/address/039fb0dcd13945b835d47410ae0de7181d3edf270 &nbsp; 2)  https://etherscan.io/address/04bb7d80282f5e0616705d7f832acfc59f89f7091 / BSC:&nbsp;&nbsp; 1)  https://bscscan.com/address/025fb126b6c6b5c8ef732b86822fa0f0024e16c61 Affected hot wallets: &nbsp; 1)  https://etherscan.io/address/068b22215ff74e3606bd5e6c1de8c2d68180c85f7 &nbsp; 2)  https://bscscan.com/address/08c128dba2cb66399341aa877315be1054be75da8 Transactions: Withdrawing $SHIB tokens from BitMart:/ ETH:  https://etherscan.io/t/06afb730976b2cf39e5ea7ce8a56c3597728e4e5923f7abae7086fb53019e81e8 / BSC:  https://bscscan.com/t/0834321195283c5eafbc8a31b6a6926c9af416ee23bd4d71ab15eb9089a90d86d,2021-12-04 0:00,2021,196000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
727,Trade Coin Club,REKT,https://de.fi/rekt-database/trade_coin_club,,,SEC Charges Trade Coin Club Founding Members With Operating a $295 Million Ponzi Scheme (coindesk.com),,Quick SummarySEC charges Trade Coin Club for running a Ponzi Scheme by conning investors for a fraudulent crypto trading bot. Roughly 295.000.000 $USD worth of $BTC was scammed. Details of the exploitTrade Coin Club is an investment company. which promises minimum returns of 0.35% daily by performing millions of microtransactions per second. The company ran a Ponzi Scheme and actually had no trading bot. The funds from 100.000 worldwide investor\sdeposits were withdrawn directly by the four people to enrich themselves. Douver Torres Braga. Joff Paradise. Keleionalani Akana Taylor. and Jonathan Tetreault raised over 80.000 $BTC from investors between 2016 and 2018.,2022-04-11 0:00,2022,295000000,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,CeFi,
171,Wormhole,REKT and SlowMist,https://de.fi/rekt-database/wormhole,https://hacked.slowmist.io/search/,,(1) https://wormholecrypto.medium.com/wormhole/incident/report/02/02/22/ad9b8f21eec6. (2) https://etropy/io.medium.com/solanas/wormhole/hack/post/mortem/analysis/3b68b9e88e13,,Attackers exploited a signature verification vulnerability in the Wormhole network to mint 120k Wormhole/wrapped Ether on Solana  worth over $326 million. REKT: Quick SummaryThe Wormhole bridge was compromised by an attacker that bypassed the verification process and made away with 120.000 $WETH. Details of the exploit 1. The attacker minted 120.000 wETH on Solana:  https://solscan.io/t/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNtK5BKFn7fSq9BvrBc1rdPAeBEcD6Es  2. The attacker redeemed 93.750 wETH for ETH worth $254 million onto the Ethereum:  https://etherscan.io/t/024c7d855a0a931561e412d809e2596c3fd861cc7385566fd1cb528f9e93e5f14 3. The hacker used some funds to buy Sport ($S). Meta Capital ($MCAP). Finally Usable Crypto Karma ($FUCK). and Bored Ape Yacht Club Token ($APE). the eample transactions:  https://etherscan.io/t/08ab3c4adab6d1a21ec1fcd7dc96523e7dada92d1373ee6919aa6b10b51ebe8d1  https://etherscan.io/t/0697869218add15e019f7a1904b7c3b435f9048ec3bcb9c84cf23e64916a41add  https://etherscan.io/t/06f17f122dca10e9c894af3766d93e97c08f8925eb3a20b894b810edb3d029ed0  https://etherscan.io/t/057a48345888cbfb2d442f272c6fd9d38f57f6f5608c00c4978860eea7dc927c  4. The remaining wETH was swapped for SOL and USDC on Solana. The hacker’s Solana wallet currently holds 432.662 SOL ($44 million):  https://solscan.io/account/CegPrfn2ge5dNiQberUrQJkHCcimeR4VkeawcFBBka#splTransfers  Probably the issue was in the signature verification process. So it lead to an unverified call by the attacker.Investors were made whole by Jump Trading the mother company behind the wormhole bridge that replenished the stolen ETH. Block Data ReferenceThe attacker\saddresses:  https://etherscan.io/address/0629e7da20197a5429d30da36e77d06cdf796b71a  https://solscan.io/account/CegPrfn2ge5dNiQberUrQJkHCcimeR4VkeawcFBBka,2022-02-02 0:00,2022,326000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
602,Coincheck,REKT and SlowMist,https://de.fi/rekt-database/coincheck,https://hacked.slowmist.io/search/,,(1) https://twitter.com/nikkei_veritas/status/956904059679551488 (2) https://coinmarketcap.com/aleandria/article/coincheck/hack/one/of/the/biggest/crypto/hacks/in/history,,Unidentified assailants stole 523 million NEM coins (about $534 million) from the exchange s hot wallet. According to Coincheck NEM coins are kept on a single/signature hot wallet instead of a more secure multi/signature wallet and the stolen coins are confirmed to be Coincheck customers.,2018-01-26 0:00,2018,534000000,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
680,BSC Token Hub,REKT,https://de.fi/rekt-database/bsc_token_hub,,,(1) The Million Dollars BSC Token Hub Bridge Hack Analysis (quillhash.com). (2) https://twitter.com/samczsun/status/1578167198203289600?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1578167198203289600%7Ctwgr%5E5f1e2c68a00bae31e40e0bb841f82203de8870a6%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fblog.quillhash.com%2F2022%2F10%2F11%2Fthe/million/dollars/bsc/token/hub/bridge/hack/analysis%2F,,Quick SummaryBNB Smart Chainsnative cross/chain bridge between BNB Beacon Chain and BNB Smart Chain was exploited. which resulted in minting 2.000.000 $BNB to the hackersaddress. Details of the exploitThe native cross/chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20). also known as BNB Token Hub was exploited. The hacker used a low/level proof vulnerability and minted 2.000.000 $BNB to their address. Consequently. the hacker began bridging the funds to Fantom and Ethereum chains. The security eperts in collaboration with validators were able to save the majority of the funds. The hacker managed to bridge 89.530.887 $USD using AnySwap and Stargate bridges. with 53% of the stolen funds going to Ethereum. 33% to Fantom. and the rest to other chains. Tether blacklisted the attackersaddress. The remaining 421.000.000 $USD worth of assets were left frozen in the attackersaddress.&nbsp; Block Data ReferenceAttacker address: https://bscscan.com/address/0489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec Malicious transactions: https://bscscan.com/t/005356fd06ce56a9ec5b4eaf9c075abd740cae4c21eab1676440ab5cd2fe5c57a https://bscscan.com/t/0ebf83628ba893d35b496121fb8201666b8e09f3cbadf0e269162baa72efe3b8b Affected contracts: https://bscscan.com/address/00000000000000000000000000000000000002000 https://bscscan.com/address/00000000000000000000000000000000000001004,2022-10-06 0:00,2022,566000000,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
1143,BNBChain,SlowMist,,https://hacked.slowmist.io/search/,,"SlowMist sur Twitter : ""Since the $BNB Chain was suspended. the ~$430M on it cannot be transferred any further. In total. over $110M was moved off the BNB Chain Frozen: ~6.5M $USDT Supplied to lending pools: ~$37.5M Borrowed: ~$16.5M Still have access to: $83.3M https://t.co/zxieESGblL"" / Twitter",,BNBChain was attacked and lost more than 500 million US dollars. According to SlowMist. the hacker’s initial source of funds was ChangeNOW. and the hacker’s address has interacted with multiple DApps. including Multichain. Venus Protocol. Alpaca Finance. Stargate. Curve. Uniswap. Trader Joe. PancakeSwap. SushiSwap. etc. Analyst @samczsun posted a post explaining how hackers used Binance Bridge to steal BNB. The attackers stole 1 million BNB twice. but both used the height of 110217401. which is much lower than the normal height. Furthermore. the proof submitted by the attacker is shorter than the legitimate proof. showing that the attacker forged the proof for that particular block. The specific method is to add a new leaf node when the COMPUTEHASH function generates a hash. and then create a blank internal node to satisfy the prover. and exit early after finding a matching hash with the internal node. So far. only two fake verifications have been generated in this way.,2022-10-06 0:00,2022,579145000,Undetermined,Undetermined,Technical vulnerability,Target,Blockchain,DLT
288,Poly Network,REKT and SlowMist,https://de.fi/rekt-database/poly_network,https://hacked.slowmist.io/search/,,(1) https://en.wikipedia.org/wiki/Poly_Network_exploit. (2) https://www.cnbc.com/2021/08/23/poly/network/hacker/returns/remaining/cryptocurrency.html. (3) https://research.kudelskisecurity.com/2021/08/12/the/poly/network/hack/eplained/,, Poly Network  a cross/chain interoperability protocol  said it was attacked  and a total of more than 610 million US dollars were transferred to 3 addresses. Among them  the funds transferred to Binance smart chain addresses starting with 00D6e2 eceeded 250 million US dollars  and they were transferred to the ether starting with 0C8a65. There are over 270 million U.S. dollars in workshop addresses  and over 85 million U.S. dollars in transfers to Polygon addresses. Affected by this  the large amount of assets in the O3 Swap cross/chain pool was transferred out  and the official is investigating.With the efforts of many parties  the hackers have now returned tokens worth 342 million U.S. dollars.,2021-08-10 0:00,2021,602189570,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
131,Ronin Network,REKT and SlowMist,https://de.fi/rekt-database/ronin,https://hacked.slowmist.io/search/,,(1) Community Alert: Ronin Validators Compromised (substack.com). (2) https://medium.com/uno/re/biggest/crypto/hack/of/all/time/a/breakdown/of/the/ronin/network/hack/ef8d9e25ba6b. (3) https://cointelegraph.com/news/law/enforcement/recovers/30/million/from/ronin/bridge/hack/with/the/help/of/chainalysis,https://www.theverge.com/2022/7/6/23196713/axie-infinity-ronin-blockchain-hack-phishing-linkedin-job-offer. https://www.bleepingcomputer.com/news/security/hackers-stole-620-million-from-axie-infinity-via-fake-job-interviews/,Axie Infinity sidechain Ronin Network issued a community alert today. Ronin Network eperienced a security breach. Ronin bridge 17.36w ETH and 25.5M USDC were stolen  with a loss of more than 610 million US dollars. As stated by the Ronin developers  the attacker used the hacked private key to forge fake withdrawals  pulling funds out of the Ronin bridge in just two transactions. REKT : Quick SummaryThe Ronin bridge has been exploited for 173.600 Ethereum and 25.5M USDC. Details of the exploit &nbsp;The Ronin Network. an Ethereum/based sidechain hosts the prominent play/to/earn game Axie Infinity.The project team discovered that on March 23rd that Sky Mavis’s Ronin validator nodes and Aie DAO validator nodes were compromised resulting in 173.600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions:  https://etherscan.io/t/0c28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7  https://etherscan.io/t/0ed2c72ef1a552ddaec6dd1f5cddf0b59a8f37f82bdda5257d9c7c37db7bb9b08  The attacker used hacked private keys in order to forge fake withdrawals. The validator key scheme is set up to be decentralized so that it limits an attack vector. but the attacker found a backdoor through a gas/free RPC node. which they abused to get the signature for the Aie DAO validator. Binance managed to identify and recover $5.8 million in funds spread across 86 accounts that had been moved to their exchange. In the aftermath of the Ronin bridge hack a Binance led funding round raised $150 million in order to partially repay users and ensure that operations will be sustained Block Data ReferenceThe hackersaddress on Ethereum:  https://etherscan.io/address/0098b716b8aaf21512996dc57eb0615e2383e2f96,2022-03-29 0:00,2022,625000000,External factor,Deceiving personnel,Human risk,Target,Bridge,INT
465,BitClub,SlowMist,,https://hacked.slowmist.io/search/,,California Man Admits to Securities and Ta Offenses Related to $722 Million Bitclub Network Fraud Scheme | USAO/NJ | Department of Justice,, From April 2014 to December 2019  the BitClub network was a fraudulent scheme that solicited funds from investors in exchange for stakes in so/called cryptocurrency mining pools and rewarded their investments  according to an announcement issued by the U.S. Attorney's Office in New Jersey. to recruit new investors into the program. Over the five/year period of the program  BitClub defrauded investors of at least $722 million in bitcoin.,2020-07-10 0:00,2020,722000000,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,Blockchain,DLT
673,Bitcoin Sheikh,REKT,https://de.fi/rekt-database/bitcoin_sheikh,,,Brazil police. US authorities bust transnational crypto fraud ring led by 'Bitcoin Sheikh' (cryptoslate.com),,Quick SummaryThe Bitcoin Sheikh was arrested for running a Ponzi scheme. 766.000.000 $USD worth of assets were seized by the authorities. Details of the exploitBrazil\sFederal Police reported revealing another Ponzi scheme run by Francisco Valdevino da Silva also known as Bitcoin Sheikh. The authorities claimed that the team De Silva frauded thousands of people in the last few years for the total amount of 766.000.000 $USD. by offering 20% returns. Da Silva and his criminal gang also created their own token. which according to the authorities. lacked liquidity or backing. Interestingly. some celebrities as the model Sasha Meneghel who lost 230.000 $USD and Brazil Soccer players were on the list of investors.,2022-06-10 0:00,2022,766000000,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,CeFi,
542,Bitfinex,SlowMist,,https://hacked.slowmist.io/search/,,https://www.reuters.com/article/us-new-york-ifine-settlement-idUSKBN2AN1NM,,,2019-04-26 0:00,2019,851000000,Internal theft,Undetermined,Human risk,Target,CeFi,
598,WoToken,REKT and SlowMist,https://de.fi/rekt-database/wotoken,https://hacked.slowmist.io/search/,,(1) https://coingeek.com/operators/of/1b/ponzi/scheme/wotoken/sentenced/to/9/years/in/prison/. (2) https://fullycrypto.com/wotoken/chinese/crypto/ponzi/trial,, WOTOKEN  involved in a cryptocurrency pyramid selling case involving more than 7.7 billion yuan  has opened court and completed the trail in public and at Binhai County People's Court in Yancheng City  in which si major defendants were tried separately for organizing and leading pyramid selling activity  covering up and concealing income  harboring. REKT`:Quick SummaryWoToken scam took in roughly $1 billion worth of crypto at current prices from over 715.000 victims.  style=\Avenir Net>Details of the exploit  style=\>WoToken purported to create profits for users by deploying algorithmic trading bots and paying affiliates referral commissions. The stated proprietary trading program. however. did not eist. as with other MLM frauds.  style=\>One of the scam\skey operators is allegedly tied to PlusToken. a multibillion/dollar Ponzi scheme that is thought to have influenced the price trajectory of Bitcoin (BTC) many times during 2019.  WoToken amassed 46.000 BTC. over 2 million Ethereum (ETH). 292.000 Litecoin (LTC). 56.000 Bitcoin Cash (BCH). and 684.00 Eos (EOS) – totaling approimately $1 billion at the time of the arrest.  WoToken was operational from July 2018 until October 2019.,2018-07-01 0:00,2018,1000000000,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,CeFi,
608,BeautyChain,SlowMist,,https://hacked.slowmist.io/search/,,https://blog.csdn.net/ffzhihua/article/details/81137233,,Hacker exploited the data overflow to attack the smart contract of BeautyChain successfully transferred the BEC token to the two addresses resulted in the massive BEC being sold in the market and the value of the digital currency was almost zero which brought a crushing blow to BEC market.,2018-04-23 0:00,2018,1000000000,Contract vulnerability,Integer overflow,Technical vulnerability,Target,FT,CA
1127,FTX,REKT,https://de.fi/rekt-database/ftx,,,(1) https://twitter.com/FTX_Official/status/1591071832823959552. (2) https://twitter.com/SBF_FTX/status/1591089317300293636. (3) https://www.coindesk.com/business/2022/11/02/divisions-in-sam-bankman-frieds-crypto-empire-blur-on-his-trading-titan-alamedas-balance-sheet/. (4) https://www.bbc.com/news/technology-63612489. (5) https://twitter.com/PeckShieldAlert/status/1591268801248911361. (6) https://twitter.com/CertiKAlert/status/1592814539279454208,,"Quick Summary
FTX crypto exchange. Alameda Research trading company. and 130 other affiliated companies declared bankruptcy. Lost funds are valued at an estimated 1.000.000.000 to 2.000.000.000 $USD.

Details of the Exploit
Sam Bankman-Fried announced the bankruptcy of his two companies: FTX and Alameda Research. The accident begins with the research revealing Alameda Research's collateral was dominated by FTX's native token $FTT. For being concrete about the collateral. Alameda had 14.600.000.000 $USD worth of assets in total. where 3.660.000.000 $USD was free $FTT tokens. and 2.160.000.000 $USD in ""FTT collateral"". There were also major amounts of $SOL and $SRM tokens. Mr. Bankman-Fried was an early investor in the Solana chain and the co-founder of the Serum exchange.
It sparked a run on FTX. with panicked customers withdrawing billions of dollars from the exchange. $FTT token crashed by more than 95% in 24 hours. $SOL was also affected by the accident and by the recent on-chain activity that 49.000.000 $SOL tokens were withdrawn from the staking which caused the token price to drop by approximately 60%. FTX halted withdrawals on the exchange and declared bankruptcy. Because FTX was a major player in the crypto industry. other crypto projects that relied on the exchange were reporting fund losses one by one at the time.

Block Data Reference
Attacker address:
https://etherscan.io/address/0x59ABf3837Fa962d6853b4Cc0a19513AA031fd32b
https://bscscan.com/address/0x59ABf3837Fa962d6853b4Cc0a19513AA031fd32b",2022-11-11 0:00,2022,1000000000,Misappropriation of funds,Embezzlement,Market manipulation,Perpetrator,CeFi,
278,BitConnect,REKT and SlowMist,https://de.fi/rekt-database/bitconnect,https://hacked.slowmist.io/search/,,https://www.justice.gov/opa/pr/56/million/seized/cryptocurrency/being/sold/first/step/compensate/victims/bitconnect/fraud,, In May of this year  the SEC filed a lawsuit against five people suspected of promoting BitConnect. The SEC believes that BitConnect is an unregistered digital asset securities product  and the program has raised more than $2 billion from retail investors through the promoter network. BitConnect is a cryptocurrency investment plan with the characteristics of a Ponzi scheme launched in 2017. Its token BCC was one of the 20 most valuable cryptocurrencies at the time  with a market value of more than 2.6 billion U.S. dollars. In September  the founder of BitConnect  Glenn Arcaro  admitted to participating in a fraud scheme  which was allegedly amounting to US$2 billion. REKT: Quick SummaryBitConnect was a Ponzi Scheme that managed to raise appro. $2 billion dollars from investors before it collapsed. Details of the exploitBitConnect is a crypto lending platform. which claimed it used a trading bot for earning interest.  In fact. BitConnect was suspected of being a Ponzi scheme because of its multilevel marketing structure and impossibly high payouts (1% daily compounded interest). BitConnect interest fluctuated greatly with the volatility of Bitcoin. which its value was tied to.  The BitConnect Coin was among the worldstop 20 most successful cryptocurrency tokens until its price collapsed after traders began losing confidence. BCC rose from a post ICO price of $0.17 to an all/time high of US$463 in December 2017; it declined to US$0.40 as of March 11. 2019. BitConnect released outstanding loans at a rate of US$363.62 to the BitConnect Wallet in form of BCC. However. soon after that news the internal exchange price and liquidity collapsed resulting in a nearly complete loss of value. Prosecutors managed to seize crypto assets worth $57 million from Arcaro. BitConnectsbiggest partner in North America.,2018-01-01 0:00,2018,2000000000,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,CeFi,
1015,Thode,REKT,https://de.fi/rekt-database/thode,,,(1) https://www.dw.com/en/turkish-cryptocurrency-platform-founder-vanishes-fraud-suspected/a-57302955 (2) https://www.cnbc.com/2021/04/23/bitcoin-btc-ceo-of-turkish-cryptocurrency-exchange-thode-missing.html,,Quick SummaryThode a turkish crypto exchange went down with other $2 billion of user funds entangled in massive fraud and mismanagement.  Details of the exploitAccording to a translated statement on the website. Thode. a crypto exchange that is located in Turkey. stated its platform has been temporarily stopped to handle an abnormal fluctuation in the company accounts.  According to local media. Thode\sfounder. Faruk Fatih Ă–zer. has gone to Albania with $2 billion of investors\funds. The Demiroren News Agency published a photo of Ozer departing Istanbul Airport:  https://www.dha.com.tr/gundem/thodein-kurucusu-faruk-fatih-ozerin-havalimanindan-ayrilirken-fotografi-1822744The CEO has since declared that he has been close to committing suicide but decided against it. According to his own words. Faruk Fatih Ă–zer. plans to repay all investors before handing himself in to authorities.,2021-04-22 0:00,2021,2000000000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,CeFi,
359,Thodex,REKT and SlowMist,https://de.fi/rekt-database/thodex,https://hacked.slowmist.io/search/,,https://www.theblock.co/post/166475/ceo/of/collapsed/turkish/crypto/exchange/thode/faces/etradition/from/albania/following/arrest,,Si siblings of Turkish exchange Thode executives and CEO have been formally arrested a Turkish court said. And Thode CEO Faruk Fatih Ă–zer disappeared leaving behind a collapsed exchange with total losses estimated to range from $24 million to $2.5 billion. Faruk was arrested in August more than a year after fleeing Turkey.,2021-04-22 0:00,2021,2500000000,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,CeFi,
599,PlusToken,REKT and SlowMist,https://de.fi/rekt-database/plustoken,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/vanuatu/etradicts/si/chinese/citizens/allegedly/involved/in/crypto/scheme,,"PlusToken collapsed. Currently  PlusToken wallets can only be transferred in and cannot be withdrawn. Some investors said that 35 hours after the withdrawal of the coin  the account has not yet arrived. It is suspected that the reason given by the PlusToken promotion team is that the recent Bitcoin network transactions are busy  and the time for confirmation of the account has become longer  so you need to wait patiently. The largest MLM project in the currency circle has since collapsed. REKT: Quick Summary

The perpetrators of one of the largest digital currency frauds have been sentenced to up to 11 years in prison. In addition. the PlusToken operators were penalized up to $900.000 by a Chinese court for their participation in the $2.25 billion Ponzi scam.

Details of the Exploit
Chen Bo established PlusToken in early 2018. posing as a South Korean wallet and exchange. It enticed investors by promising speedy and guaranteed returns. In the two years afterwards. Bo has recruited numerous others and spread the fraud to other Southeast Asian nations such as China. Cambodia. Malaysia. Vanuatu. and Vietnam.

PlusToken operators had devised a pyramid scheme that managed to lure over 2.6 million investors. authorities said. The scam was organized into at least 3.200 investor levels. with more referrals and bigger investments bumping an investor up the chain. The operators also lied to investors that they were making money through digital currency investing. according to investors.",2018-04-01 0:00,2018,2900000000,Misappropriation of funds,Ponzi scheme,Market manipulation,Perpetrator,CeFi,
330,Africrypt,REKT and SlowMist,https://de.fi/rekt-database/africrypt,https://hacked.slowmist.io/search/,,(1) https://www.bloomberg.com/news/articles/2021/06/23/s/african/brothers/vanish/and/so/does/3/6/billion/in/bitcoin. (2) https://www.bbc.com/news/technology/57582805,,According to Bloomberg News the founder of the cryptocurrency investment platform Africrypt lost contact and 69 000 bitcoins (currently valued at approimately US$2.3 billion) on the platform were transferred. At 4 o clock Ameer Cajee chief operating officer of Africrypt told the client that the platform was hacked and asked them not to report the lost funds to the authorities. The investor has since hired a lawyer to conduct an investigation but the lawyer has not been able to contact the founder of the company and has notified the South African Criminal Investigation Department. In addition the lawyer found that funds on the Africrypt platform were transferred from their accounts and customer wallets and made it untraceable through the Bitcoin mier. REKT: Quick SummaryAmeer and Raees Cajee. the exchange\sfounders. were reported missing in June 2021 after alleging that almost $3.6 billion invested in the protocol was stolen in a hack.  Details of the exploitAfricrypt claimed to connect banks. payment providers and digital asset providers for seamless global money transfers. In April 2021. the Africrypt case gained traction. At the time. one of the protocol\sfounders contacted investors to notify them that the protocol had been compromised. The creator asked that investors refrain from contacting attorneys or law authorities since doing so would slow the recovery process. However. Africrypt staff lost access to the exchange\sback/end systems seven days before the claimed attack. making this report suspect. After receiving notice of the hack and its odd request not to contact attorneys or law enforcement. several investors hired a law firm Hanekom Attorneys. The investigation discovered that most of the bitcoin invested with the exchange had been withdrawn and moved through tumblers and miers to make it harder to track.&nbsp;  The founders of Africrypt are still at large and have not been found as the time of this writing.,2021-04-13 0:00,2021,3600000000,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,CeFi,
1162,Altilly,REKT,https://de.fi/rekt-database/altilly,,,Altilly Exchange Hacked - Update (publish0x.com),,Altilly was an unregulated crypto exchange. launched in mid/2018. It was announced in 2019 that Altilly was acquired by the Qredit team. While being in the phase of incorporation and acquiring the needed licenses to operate an exchange. Altilly got hacked in December 2020. Only a few months away from official company registration in Estonia. The exchange lost its funds due to an attack on its servers. Since the hack. a lot of funds were lost. unsaved. or stolen.,2020-12-26 0:00,2020,750000,Undetermined,Undetermined,Technical vulnerability,Target,CeFi,
8,Sui,SlowMist,,https://hacked.slowmist.io/search/,,"Sui by Mysten Labs sur Twitter : ""??URGENT ?? Our Discord server has been hacked. Please do not click on any links posted in the last 8 hours. Our team is working to resolve this ASAP. Thank you for your patience."" / Twitter",,Public chain project Sui tweeted that its Discord server had been hacked  and asked users not to click on any links posted on the Discord server in the past 8 hours. According to some replies to the tweet  some users have already lost money by clicking on links posted by the hackers on Sui Discod.,2022-08-27 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,Blockchain,
33,Neopets,SlowMist,,https://hacked.slowmist.io/search/,,Neopets stung by major hack (theblock.co),https://hypebeast.com/2022/7/neopets-hacker-69-million-accounts-bitcoin-ransom, The online game Neopets said it encountered a hack and is currently investigating a customer data breach. The Neopets hack may affect 69 million users  and a hacker named TarTar sold the source of the Neopets website for 4 bitcoins code and database. Neopets recently launched NFTs for its online virtual world games.,2022-07-21 0:00,2022,,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
54,LACOSTE NFT project Undw3,SlowMist,,https://hacked.slowmist.io/search/,,https://web3isgoinggreat.com/?id=lacoste/discord/among/the/latest/to/be/hacked,,Clothing brand LACOSTE's Discord was hacked  and scammers posted phishing links on the announcement channel. Recently  the Discords of several projects have been attacked  including Clyde  Good Skellas  Duppies  Oak Paradise  Tasties  Yuko Clan  Mono Apes  Ape Club  Anata  GREED  CITADEL  DegenIslands  Sphyn Underground Society  FUD Bois  and Uncanny Club etc.,2022-06-19 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
56,Known Origin,SlowMist,,https://hacked.slowmist.io/search/,,https://web3isgoinggreat.com/?id=known/origin/discord/compromised,, KnownOrigin officially tweeted that its discord had been attacked  and reminded users not to click on any links. Other servers hacked in recent days include those of Curiosity  Meta Hunters  Parallel  Goat Society  RFTP and Gooniez.,2022-06-14 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
68,Homeless Friends,SlowMist,,https://hacked.slowmist.io/search/,,https://www.tuoniao.com/newsflash/p/538934.html,,The Discord of Homeless Friends NFT was attacked  homelessfriends.net is a phishing website.,2022-06-04 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
82,Axie Infinity,SlowMist,,https://hacked.slowmist.io/search/,,"Axie Infinity???? #AxieOrigins sur Twitter : ""1/ There was a compromise of the Mee6 bot which was installed on the main Axie server. The attackers used that bot to add permissions to a fake Jiho account. which then posted a fake announcement about a mint."" / Twitter",, Aie Infinity says the Mee6 bot on its main server was hacked. Hackers use Mee6 bot to add permissions to fake Jiho account to post fake announcements about mint. MEE6 is a Discord bot that allows admins to automatically assign and remove roles and send messages. The fake announcement has now been removed.,2022-05-17 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,Dapp,
84,Lazy Lions,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/LazyLionsNFT/status/1526849605564272640,, Discord for NFT series Lazy Lions was hacked. Notably  this attack appears to infiltrate many other large NFT projects throughout the day  seemingly due to MEE6 staff being able to use MEE6 remotely to give themselves roles in any server.,2022-05-18 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
85,Alien Frens,SlowMist,,https://hacked.slowmist.io/search/,,"alien frens sur Twitter : ""We were hacked as with many others today. we’re not sure how they infiltrated yet. We believe the discord is ok now. but a reminder on WHY we NEVER share ANY MINT LINKS in discord. Only from here and our official website. Do not click links in discord frens ??????"" / Twitter",,NFT project Alien Frens tweeted that Discord had been attacked. Users are asked not to click on any MINT links.,2022-05-18 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
91,CoinGecko&amp,SlowMist,,https://hacked.slowmist.io/search/,,"CoinGecko sur Twitter : ""Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site. this is a SCAM. Don't connect it. We are investigating the root cause of this issue. https://t.co/7vPfTAjtiU"" / Twitter",,Popular cryptocurrency websites including Etherscan  CoinGecko  and DeFi Pulse have reported incidents of malicious pop/ups prompting users to connect their MetaMask wallets. CoinGecko founder Bobby Ong said he believes the culprit is a malicious ad script from a crypto ad network called Coinzilla. The ad appears to be from a website parodying the popular Bored Apes Yacht Club NFT project  which was taken down after the scam was discovered.,2022-05-14 0:00,2022,,Instant user deception,Fake ads/pop ups,Imitation,Intermediary,Other systems,
105,OpenSea,SlowMist,,https://hacked.slowmist.io/search/,,Hackers hijacked the OpenSea Discord with a fake YouTube NFT scam / The Verge,, Sentinel founder Serpent tweeted that OpenSea's official Discord was attacked. Hackers used bot accounts to post fake links in the channel and said that OpenSea has reached a cooperation with YouTube. Click the link to participate in the mint pass NFT limited to 100 pieces.  Users should be aware of the risks and do not click on links provided by hackers.,2022-05-06 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,CeFi,
111,BAYC,REKT and SlowMist,https://de.fi/rekt-database/bayc,https://hacked.slowmist.io/search/,,https://twitter.com/BoredApeYC/status/1518637579633053701,,The official Instagram of the NFT project Bored Ape Yacht Club (BAYC) was hacked  and the attackers have stolen 91 NFTs including 4 BAYC  7 MAYC  3 BAKC  1 Clone  etc.,2022-04-25 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
120,Ugly People,SlowMist,,https://hacked.slowmist.io/search/,,Ugly People NFT Server HACKED! / Scams / Crypto Scam / Scammer.info,, The Discord of NFT project Ugly People has been hacked  and attackers are spreading fake mint links.,2022-04-17 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
127,Azuki,SlowMist,,https://hacked.slowmist.io/search/,,Twitter hacker takes over verified accounts to promote fake Azuki NFT drop (forkast.news),, The Education Grants Council (UGC) of India was hacked  the hackers used the Twitter account to post a fake Azuki NFT airdrop link and changed the profile to the Azuki NFT co/creator  replacing the avatar with an Azuki/related image. The agency recovered the account after it was held hostage for si hours.,2022-04-10 0:00,2022,,Instant user deception,Scam airdrops,Imitation,Intermediary,NFT,
132,Cryptovoxel,SlowMist,,https://hacked.slowmist.io/search/,,https://www.panewslab.com/zh/sqarticledetails/1648481767086002.html,,According to reports  someone pretended to be a Cryptovoxels official to conduct a phishing attack  induced users to authorize  stole multiple NFTs (including Cryptovoels Parcel Token  Art Blocks: BLOCKS Token  Mutant Ape Yacht Club: MAYC Token  etc.)  and then sold them on opensea. It is reported that anonymous attackers used a vulnerability in the Discord bot to manage to direct community users to phishing sites on the official Cryptovoels Discord channel. The attacker  s address is: 0794ca38bc1e15e528a7991ce25707a25ad71b675.,2022-03-28 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,Dapp,
136,Maison Ghost,SlowMist,,https://hacked.slowmist.io/search/,,"ZachBT sur Twitter : ""1/ Earlier today a Twitter user (Maison Ghost) had his Discord server compromised The hackers posted a fake minting link and within minutes roughly 300 NFTs were stolen Afterwards the NFTs were sold off for 128 eth &amp; eventually sent to Tornado Address: https://t.co/VYvrNSnQMZ https://t.co/MNr0J0QY2"" / Twitter",, Maison Ghost Discord was hacked  and about 265 NFTs were transferred to hacker wallets  including Sandbo and 3landers NFTs.,2022-03-25 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,Other systems,
137,MekaVerse,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/MekaVerse/status/1506531849643991041,, NFT project MekaVerse tweeted that the official Discord was hacked. In addition  according to other users in the community  the wallets of hundreds of thousands of bots are suspected to have been stolen  and it seems that no humans have been affected.,2022-03-23 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
138,VeVe,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://twitter.com/veve_official/status/1506462178223616001. (2) https://en.cryptonomist.ch/2022/03/25/hacker-attack-veve-gems-stolen/,, The NFT project VEVE officially tweeted that the system was exploited  resulting in a large number of gems being illegally obtained.,2022-03-22 0:00,2022,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,NFT,CA
142,Hubspot,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/blockfi/confirms/unauthorized/access/to/client/data/hosted/on/hubspot,, Crypto lender BlockFi has confirmed a data breach at Hubspot  one of its third/party vendors  Cointelegragh reported. Hubspot stores BlockFi  s user data  including names  email addresses  and phone numbers. According to the announcement  hackers stole BlockFi’s customer data on March 18. Hubspot has confirmed that an unauthorized third party obtained certain BlockFi customer data deposited on its platform. BlockFi is currently cooperating with Hubspot  s investigation to clarify the overall impact of the data breach. While the eact details of the stolen data have yet to be identified and disclosed  BlockFi emphasized that data such as passwords  government/issued IDs  and Social Security numbers were never stored on Hubspot.,2022-03-18 0:00,2022,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
153,Unchained Capital,SlowMist,,https://hacked.slowmist.io/search/,,https://www.coindesk.com/business/2022/03/16/unchained/capital/discloses/data/leak/at/email/marketing/partner/,, ActiveCampaign (AC)  an External email marketing provider used by Unchained  was hacked last week  according to Joe Kelly  CEO of Bitcoin financial services firm Unchained Capital. Information shared with AC  including customer email addresses  usernames  account status  whether customers have active multi/signature vaults or loans using Unchained Capital  and possibly IP addresses may have flowed out without authorization. Kelly said no systems on Unchained were affected  meaning customer profile information that was never shared with AC was not leaked. Kelly added that while customer Bitcoin custody is protected by multi/signature cold storage  customers should still be aware of what  s going on and be wary of phishing attacks.,2022-03-10 0:00,2022,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
155,Treasure DAO,REKT and SlowMist,https://de.fi/rekt-database/treasure_dao,https://hacked.slowmist.io/search/,,(1) Stolen ‘Smol Brains’ NFTs Returned to Users Hours After Treasure exploit (coindesk.com). (2) https://twitter.com/peckshield/status/1499251425393582081?. (3) https://cryptopotato.com/hackes/exploit/arbitrum/based/marketplace/treasure/over/100/nfts stolen/ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1499251642171944960%7Ctwgr%5Eaa1313ac41d2f658134219631505fc3ba2272bbb%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fcryptopotato.com%2Fhackes/exploit/arbitrum/based/marketplace/treasure/over/100/nfts/stolen%2F,, The Arbitrum/based TreasureDAO NFT trading market was eposed and discovered a vulnerability. According to SlowMist analysis  the core of this vulnerability lies in the lack of judgment that the incoming _quantity parameter is not 0 before the ERC/721 standard NFT transfer  resulting in ERC /721 Standard NFT can be transferred directly and the cost of purchasing NFT is calculated as 0 when calculating the price. Hours after it was stolen  developers confirmed that hackers had begun returning stolen Smol Brains and other NFTs. REKT: The Exploitersaddress:  https://arbiscan.io/address/09b1acd4336ebf7656f49224d14a892566fd48e68  The eample of the transaction:  https://arbiscan.io/t/037222d3ad371dff2d3f3ae1c788d1cc4ad69e9f1839776830726485119a89269  The protocol was exploited in several transactions. leading to more than 100 NFTs being stolen from different collections of Treasure Marketplace.  The Exploiter: / called <u>buyItem</u>() with valid NFT token and NFT ID. but with the invalid 0 quantity / Treasure Marketplace sells the NFT but charges 0 MAGIC (due to 0 quantity)  The hack is made possible due to a bug in distinguishing ERC721 and ERC1155 in <u>buyItem(</u>). which miscalculates the price of ERC721 as ERC1155 with the given 0 quantity.,2022-03-03 0:00,2022,,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
163,Futureswap,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/futureswap/status/1491979618571591685,, Decentralized derivatives trading platform FutureSwap tweeted that an account with around 300 000 FST reward reserves (0.3% of supply) was compromised yesterday. The credentials for this account were compromised by human error  and the attacker was able to gain access on Arbitrum and transfer the available reward FST to himself. Currently Arbitrum FST has used the new contract to take control of the compromised FST  the FST Arbitrum bridge is currently disabled and is scheduled to be restored within 24 to 48 hours.,2022-02-10 0:00,2022,,External factor,Exploiting operational mistake,Human risk,Target,Exchange,P
166,PayBito,SlowMist,,https://hacked.slowmist.io/search/,,LockBit ransomware gang claims to have stolen data from PayBitoSecurity Affairs,https://ransomwareattacks.halcyon.ai/attacks/lockbit-ransomware-hits-paybito-cryptocurrency-platform-in-major-breach, On February 8  the LockBit ransomware group claimed to have stolen substantial customer data from cryptocurrency exchange PayBito. PayBito is a cryptocurrency exchange operated by HashCash  a global blockchain  and IT services company. Some of the stolen data is published on the group  s Tor leak site. In this cyberattack  the ransomware group successfully stole a database containing personal data information from more than 100 000 customers worldwide. In addition  the group also stole some email data and password hashes  some of which can easily be decrypted. To make matters worse  the gang also managed to steal the administrator  s personal data  claiming that the stolen data would be released on February 21  2022  if the ransom is not paid.,2022-02-03 0:00,2022,,Hacked/exploited infrastructure,Ransomware,Technical vulnerability,Target,Exchange,P
170,The Heart Project,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/HeartNFTs/status/1488743536195301377,, The official Discord server of the NFT project The Heart Project was hacked. Scammers deleted most of The Heart Project's Discord channels and posted scam links. According to The Heart Project  some users clicked on fraudulent links and said they lost assets. The Heart Project says it will reimburse users for lost ether.,2022-02-02 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
179,MetaMask,SlowMist,,https://hacked.slowmist.io/search/,,https://medium.com/@allpsc/critical/privacy/vulnerability/getting/eposed/by/metamask/693c63c2ce94,, @allpsc disclosed on medium that MetaMask has serious privacy leaks. The vulnerability mainly uses MetaMask to automatically load NFT image URLs. Basic attack idea: the attacker can set the URI of the NFT to a server URL that he can control  and transfer the NFT to the target account  when the user logs in to MetaMask  MetaMask will automatically scan the NFT owned by the account  and initiate a pointer to The HTTP request to the attacker's server  the attacker can obtain the victim's IP information from the access log.,2022-01-20 0:00,2022,,Instant user deception,Undetermined,Imitation,Intermediary,Other systems,
193,Solana,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraphcn.com/news/solana/hit/with/another/network/incident/causing/degraded/performance,,Solana was down for 4 hours on January 4th  however  Solana.Status showed no problems with the network. The Solana blockchain suffered its third incident in just a few months  resulting in network congestion and failed transactions  with users debating whether it was caused by another DDos attack or just a network issue. Anatoly Yakovenko  co/founder of Solana Labs  denied there was a DDoS attack this time around.,2022-01-04 0:00,2022,,Hacked/exploited infrastructure,Undetermined,Technical vulnerability,Target,Blockchain,DLT
198,FaceDAO,SlowMist,,https://hacked.slowmist.io/search/,,FaceDAO: Deployer | Address 0D457e2BF54548bD3e1aD335422A6478593C3e674 | Etherscan,,According to official sources a large amount of FACE tokens were dumped on/chain and the investigation turned out that one of the FACE tokens held by the team was transferred and sold by an unauthorized account.,2022-04-16 0:00,2022,,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Dapp,P
200,MOX,SlowMist,,https://hacked.slowmist.io/search/,,Binance Transaction Hash (Thash) Details | BscScan,,MOX was hacked because transferFrom did not check the authorization limit.,2022-02-19 0:00,2022,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
208,Treasure DAO,ChainSec,,,https://chainsec.io/defi-hacks/,(1) https://www.coindesk.com/tech/2022/03/03/stolen/smol/brains/nfts/returned/to/users/hours/after/treasure/exploit/ (2) https://medium.com/@slowmist/analysis/of/the/treasuredao/zero/fee/exploit/73791f4b9c14,,“In early Asian hours on Thursday hackers were able to exploit a vulnerability on the protocol that allowed them to mint NFTs for no cost. Treasure asked users to delist their NFTs from the marketplace at the time. NFTs are blockchain/based representation of a digital or real/world asset.” — CoinDesk,2022-03-03 0:00,2022,,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
242,Robinhood,SlowMist,,https://hacked.slowmist.io/search/,,https://blog.robinhood.com/news/2021/11/8/data/security/incident,https://newsroom.aboutrobinhood.com/robinhood-announces-data-security-incident-update/, Robinhood  a stock and cryptocurrency trading platform  stated that on the evening of November 3  an intruder entered the company's system and stole the personal information of millions of users. The full names of the users  the names of about 310 users  the date of birth and postal code were leaked  and the more detailed account information of about 10 users was leaked. The intruder demanded blackmail for payment. The company notified law enforcement and continued to investigate the incident with the help of the External security company Mandiant. Robinhood stated that the attack had been contained. Robinhood believed that it did not epose social security numbers  bank account numbers or debit card numbers  and did not cause any economic losses to customers due to the incident.,2021-11-09 0:00,2021,,Hacked/exploited infrastructure,Ransomware,Technical vulnerability,Target,CeFi,
252,CoinMarketCap,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/haveibeenpwned/status/1451650181552750594,, Email addresses belonging to 3.1 million CoinMarketCap users were leaked last week  according to Have I Been Pwned.Have I Been Pwned says that the website's database was breached on Oct. 12  2021. Eactly 3 117 548 email addresses  not including passwords  were stolen in the security breach.,2021-10-12 0:00,2021,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
254,Avaterra Finance,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://coincodecap.com/avaterra/finance/hacked. (2) https://www.cryptotimes.io/avaterra/faced/exploitation/on/the/day/of/its/launch/#:~:tet=AVATera%20suggested%20everyone%20to%20withdraw%20their%20Funds.&tet=It%20was%20launched%20on%2020th.and%20dumped%20thousands%20of%20tokens.,, Avalanche ecological stability income aggregation agreement Avaterra Finance was attacked by hackers. The security company Rugdoc analyzed that the contract of the agreement is a fork of Goose  but their token contains custom elements  and anyone can call its minting function. In the end  the hacker called the contract and minted and dumped thousands of tokens.,2021-10-20 0:00,2021,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
261,AutoShark Finance,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/peckshield/status/1444102942689148933,, The DeFi protocol AutoShark Finance on the Binance Smart Chain was attacked by lightning loans. The main reason was that the exchange mining function was used by hackers in a series of transactions. Hackers could use lightning loans to occupy most of the mining pool (to make up for exchange losses/fees) )  at the same time  the exchange fee reward was obtained  and a total profit of 3.18 million FINS was obtained. Afterwards  the hacker exchanged FINS for 1 388 BNB (approimately US$580 000).,2021-10-01 0:00,2021,,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,Exchange,P
262,Coinbase,SlowMist,,https://hacked.slowmist.io/search/,,(1) Coinbase Multi/Factor Authentication Hack Affects at Least 6.000 Customers (coindesk.com). (2) https://oag.ca.gov/system/files/09/24/2021%20Customer%20Notification.pdf,, According to a notification letter submitted by Coinbase to the California Attorney General's Office to affected customers  a vulnerability that allows hackers to bypass Coinbase's multi/factor authentication SMS option has affected at least 6 000 Coinbase users between March and May 2021. During the 20th day  hackers took advantage of this omission to access the accounts of affected users and transfer user funds from Coinbase. After Coinbase learned of this issue  it immediately updated its SMS account recovery agreement to prevent hackers from further bypassing the authentication process. In addition  Coinbase will deposit funds of the same value into the accounts of affected users. Coinbase has also been working closely with law enforcement agencies and is conducting an internal investigation into the incident.,2021-03-01 0:00,2021,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
263,POAP,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/poapyz/status/1443932604529614853,, POAP  the proof of attendance badge protocol  stated that its minting system was hacked on September 29  and several POAPs of COPY and Polygonal Mind were fraudulently issued and sold. At the request of the artist  POAP has burned down the relevant NFT.,2021-09-29 0:00,2021,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
291,VERA,SlowMist,,https://hacked.slowmist.io/search/,,https://www.reddit.com/r/CryptoCurrency/comments/owkokz/scam_alert_vera_tokens/,,Some Twitter users reported receiving a token airdrop named VERA (The Vera) project  but the tokens in the wallet were stolen after the official website was authorized. After inquiry  it was found that the project was suspected to be an airdrop trap. The specific method was to airdrop 80 000 tokens (worth approimately US$9 600) through a single address to attract user attention  and set up a mechanism to allow users to fail transactions on Pancakeswap  which in turn led users to the official website to cheat. Authorize the implementation of theft.,2021-08-04 0:00,2021,,Instant user deception,Scam airdrops,Imitation,Intermediary,FT,
294,BSV,SlowMist,,https://hacked.slowmist.io/search/,,BSV has been hit by a major 51 percent attack / BitcoinEthereumNews.com,,Starting at around 23:45 on August 3 Beijing time BSV suffered a “large/scale” Governance issue resulting in the simultaneous mining of three versions of the chain.,2021-03-08 0:00,2021,,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
302,Polygon Space Token (pSPACE),SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/peckshield/status/1415231793020628992,,The Polygon Space Token (pSPACE) of the Polygon platform suffered a lightning loan attack. It is reported that this is a profit/inflation bug.,2021-07-14 0:00,2021,,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,FT,CA
315,Bitcoin.org,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.coindesk.com/markets/2021/07/06/bitcoinorg/hit/with/ddos/attack/bitcoin/demanded/as/ransom/. (2) https://twitter.com/CobraBitcoin/status/1412105666106478595?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1412105666106478595%7Ctwgr%5E5321233fd2f22e9b6807fb3e1244acb98ebe7b46%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.coindesk.com%2Fmarkets%2F2021%2F07%2F06%2Fbitcoinorg/hit/with/ddos/attack/bitcoin/demanded/as/ransom%2F,,Cobra the anonymous creator and principal of Bitcoin.org  tweeted that the Bitcoin.org website is being subjected to an &quot absolutely large/scale&quot  distributed denial of service (DDoS) attack  as well as a Bitcoin ransom demand. Currently Bitcoin.org is accessible.,2021-07-06 0:00,2021,,Hacked/exploited infrastructure,Ransomware,Technical vulnerability,Target,Other systems,
319,DExTools,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/DEToolsApp/status/1411260068079845381,,The DE trading tool DExTools (DET) tweeted that it was recently hacked and affected some DET holders.,2021-07-03 0:00,2021,,Undetermined,Undetermined,Technical vulnerability,Target,Exchange,P
338,BurgerSwap,SlowMist,,https://hacked.slowmist.io/search/,,https://www.panewslab.com/zh/articledetails/P771680.html,,BurgerSwap an automated market maker on the Binance Smart Chain was once again attacked by lightning loans. The attacker took advantage of the re/entry vulnerability in the contract repeated the swap operation many times controlled the price through re/entry and counterfeit currency and finally realized the purpose of attack arbitrage.,2021-06-05 0:00,2021,,Contract vulnerability,Reentrancy,Technical vulnerability,Target,Exchange,P
355,Mask Network,SlowMist,,https://hacked.slowmist.io/search/,,https://www.8btc.com/article/6630371,,The Mask Network official stated that the contract address of the second round of ITO was attacked by robots and the address has been officially blacklisted.,2021-05-03 0:00,2021,,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
357,Hotbit,SlowMist,,https://hacked.slowmist.io/search/,,https://news.bitcoin.com/cryptocurrency/exchange/hotbit/hacked/2/million/users/,,Hotbit said that it suffered a serious cyber attack on April 29th which caused a large number of basic services to be paralyzed. At the same time the attacker tried to hack into Hotbit s wallet but this behavior was identified and blocked by the risk control system. Since the attacker could not access any cryptocurrency assets he deleted Hotbit s database. Hotbit is currently checking the authenticity and security of the backup data and will restore servers and services later. At the same time Hotbit claimed that the attackers obtained plaintet customer information stored in the database including mobile phone numbers email addresses and encrypted currency asset data. Therefore it is recommended that users pay attention to prevent phishing attacks.,2021-04-29 0:00,2021,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
361,Celsius,SlowMist,,https://hacked.slowmist.io/search/,,https://www.coindesk.com/markets/2021/04/15/celsius/suffers/third/party/data/breach/customers/report/phishing/tets/emails/,,Encrypted lending service Celsius has discovered a data breach in one of its third/party service providers  which has eposed the personal information of its customers. According to the email  the hacker gained access to the third/party email distribution system used by Celsius. Hackers use this information to send fraudulent emails and tet messages to trick them into revealing the private keys of their funds. On April 14  Celsius users started reporting a fraudulent website claiming to be the official Celsius platform. Some users also receive tet messages and emails claiming to be Celsius official  can link to the website  and prompt the recipient to enter sensitive information. It is reported that Celsius   competitor BlockFi suffered a similar data breach last spring.,2021-04-15 0:00,2021,,Instant user deception,Phishing emails,Imitation,Intermediary,CeFi,
366,SIL.Finance,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/Sil_Finance/status/1372982093471449096,,DeFi gathers reasonable financial services SIL.Finance contract has high/risk loopholes. Later SIL.Finance issued an article saying that the incident was caused by a vulnerability in the smart contract permissions which in turn triggered a general preemptive trading robot to submit a series of transactions for profit. After discovering that the smart contract could not be withdrawn due to high/risk loopholes after 36 hours of efforts such as SlowMist it has successfully recovered USD 12.15 million.SIL.Finance stated that if any user assets are damaged in this incident the team decided to use its own funds to launch a compensation plan: all users who suffered losses will receive 2 times the compensation which will be issued in SIL.,2021-03-18 0:00,2021,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
373,Tether,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/Tether_to/status/1366075544287207430,,Tether officially tweeted that forged documents allegedly &quot between Tether personnel and representatives of Deltec Bank &amp Trust and other institutions&quot are circulating online. In addition Tether officially received a ransom request for sending 500 BTC to bc1qa9f60pved3w3w0p7snplnh5t4uj95vn797a7 today. The sender stated that unless they receive Bitcoin before tomorrow they will leak documents to the public in order to &quot destroy the Bitcoin ecosystem.&quot Tether said it will not pay the ransom. And remind customers employees and the encryption community to stay vigilant and ensure operational safety. Tether stated that it has reported falsified communications and related ransom demands to law enforcement.,2021-02-28 0:00,2021,,Hacked/exploited infrastructure,Ransomware,Technical vulnerability,Target,FT,CA
378,Verge,SlowMist,,https://hacked.slowmist.io/search/,,Verge suffered a Governance issue/ The Cryptonomist,,The privacy coin Verge (VG) underwent a reorganization of 560 000 blockchains after a Governance issue on Monday. Lucas Nuzzi of CoinMetrics stated that the history of token transactions over 200 days has been deleted.,2021-02-15 0:00,2021,,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
381,KeepChange,SlowMist,,https://hacked.slowmist.io/search/,,https://keepchange.medium.com/data/breach/at/keepchange/b0770a272945,,Bitcoin trading market KeepChange stated that the exchange received a request for withdrawal from a customer s account to an address belonging to the attacker and a control subsystem of the platform suspended the request resulting in no loss of Bitcoin. However the attackers stole some customer data including email addresses names number of transactions total transaction amounts and passwords.,2021-02-07 0:00,2021,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
387,BuyUCoin,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/breach/at/indian/exchange/buyucoin/allegedly/eposes/325k/users/personal/data,,User information of BuyUCoin an Indian cryptocurrency exchange was leaked and personal data of more than 325 000 people appeared in the database of the hacker organization. According to Indian news media Inc42 a hacker group called ShinyHunters placed a database containing the names phone numbers email addresses ta identification numbers and bank account information of more than 325 000 BuyUCoin users.,2021-01-25 0:00,2021,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
388,Firo,SlowMist,,https://hacked.slowmist.io/search/,,https://twitter.com/firoorg/status/1351703001849757697,,The privacy coin project Firo stated on Twitter that it is currently under Governance issues and it is recommended that users do not trade during this period until the network returns to normal.,2021-01-20 0:00,2021,,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
389,ZKS,SlowMist,,https://hacked.slowmist.io/search/,,https://www.coinonpro.com/kuaiun/178459.html,,The ZKSwap token ZKS a decentralized exchange based on ZK Rollup has problems due to Uniswap adding liquidity. ZKSwap officially stated that the reason for this phenomenon was that someone used scripts to brush transactions resulting in a higher price for first adding liquidity. The project party can only sell a part of ZKS to return the price to normal levels. All the USDT obtained from selling ZKS has been injected into the liquidity pool and will not be withdrawn in the net 3 months,2021-01-06 0:00,2021,,Undetermined,Undetermined,Technical vulnerability,Target,FT,CA
390,Optics Bridge,SlowMist,,https://hacked.slowmist.io/search/,,"(1) James Prestwich sur Twitter : ""I have never been a keyholder on Optics recovery mode I am disappointed that cLabs and Celo have chosen to bring their bullying into public spaces. and that they chose to lie about me to attack my reputation On the advice of my lawyer. I have nothing else to say right now"" / Twitter. (2) https://coinyuppie.com/what/happened/to/celo/when/the/cross/chain/bridge/multi/signature/permission/was/replaced/",,Optics Bridge was attacked and ownership of the multi/signature wallet was transferred. cLabs engineer Tim Moreton said that the multi/signature permission of Optics  a cross/chain communication protocol on Celo  was replaced because someone activated the Optics recovery mode (recovery mode) on the Ethereum GovernanceRouter contract  which caused the recovery account to take over the Optics protocol and overwrite it. The original multi/signature permissions. Tim Moreton said that he believes that the funds on the current cross/chain bridge are not risky. Tim Moreton also said that the situation occurred within 15 minutes after cLabs epelled James Prestwich. The team is currently contacting James Prestwich to find a solution. The team is currently working to eit the recovery mode and restore the community  s multi/signature governance. James Prestwich responded on Twitter that he had never had the right to activate the recovery mode and epressed regret for cLabs and Celo  s damage to his reputation.,2021-11-21 0:00,2021,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Bridge,INT
391,Klondike Finance,SlowMist,,https://hacked.slowmist.io/search/,,Ethereum Transaction Hash (Thash) Details | Etherscan,,Klondike Finance was attacked by hackers with a total loss of approimately 35 281.71 KUSD (6.5629 WETH).,2021-09-14 0:00,2021,,Interconnected actors flaw,Arbitrage with flash loan,Technical vulnerability,Target,FT,CA
406,Livecoin,SlowMist,,https://hacked.slowmist.io/search/,,https://www.zdnet.com/article/russian/crypto/exchange/livecoin/hacked/after/it/lost/control/of/its/servers/,,According to sources  the Russian cryptocurrency exchange Livecoin previously stated that it was attacked and lost control of its server. Later  Livecoin announced its closure on Twitter and provided a link to its new domain name Livecoin.news.,2020-12-24 0:00,2020,,Hacked/exploited infrastructure,Undetermined,Technical vulnerability,Target,Exchange,P
413,BTC Markets,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/btc/markets/privacy/breach/eposes/all/customers/to/potential/phishing/attacks,,On December 1 the Australian cryptocurrency exchange BTC Markets accidentally disclosed the full names and email addresses of all its customers in marketing emails sent to customers which may epose all customers to potential phishing attacks. These emails are sent in batches of 1 000 which means that every customer has received the names and email addresses of 999 other users. BTC Markets CEO Caroline Bowler said that the company sincerely apologized for the incident and emphasized that the eecutives of the exchange are currently working around the clock to minimize the impact of violations and implement additional security features. To prevent future information leakage. Bowler advises BTC Markets customers to ensure that two/factor authentication is enabled to protect their accounts and to change the password of their email account.,2020-12-01 0:00,2020,,External factor,Exploiting operational mistake,Human risk,Target,Exchange,P
417,88mph,SlowMist,,https://hacked.slowmist.io/search/,,https://peckshield.medium.com/88mph/incident/root/cause/analysis/ce477e00a74d,, On November 18th  an attacker exploited the vulnerability to obtain $100 000 in MPH tokens. After that  88mph discovered a vulnerability in MPHinter  the MPH token minting contract  which could allow a potential attacker to steal all ETH in the Uniswap fund pool. With the help of the well/known white hat samczsun  ETH has been withdrawn into the governance multi/signature  so all funds are safe. In addition  88mph stated that because the attacker put $100 000 in the LP pool (liquidity fund pool)  the funds have been transferred to the governance wallet  and they have decided to allocate these funds to generations including MPH and ETH. Coin holders.,2020-11-17 0:00,2020,,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Yield,CP
420,Liquid,SlowMist,,https://hacked.slowmist.io/search/,,https://blog.liquid.com/security-incident-november-13-2020,, Mike Kayamori  CEO of cryptocurrency exchange Liquid  posted a notice on the official website that a data leakage security incident occurred on the exchange on November 13. A domain hosting provider that manages a core domain name mistakenly transferred control of the account and domain name to a malicious intruder  allowing it to change DNS records  thereby controlling a large number of internal email accounts  and being able to partially damage the exchange's Infrastructure and gain access to stored documents. After detecting the intruder  immediate action was taken to intercept and contain the attack to prevent further intrusions and reduce the risk of customer accounts and assets  while conducting a comprehensive review of the infrastructure. It can be confirmed that the customer's funds are safe  and the cold wallet based on MPC (Multi/Party Computing Protocol) is safe and has not been damaged. The relevant regulatory agencies have been notified of the intrusion and will continue to communicate in the net few days. The attacker may have obtained the user's email  name  address  and password. At present  Liquid is investigating whether the attacker has accessed the identity documents and photos submitted to KYC for verification  and will provide updates after the investigation. Liquid announced the final findings on January 20  2021. Liquid stated that 169 782 items of user data including email addresses  names  encryption passwords  API keys  etc. have been leaked. Among them  the personal information that may be accessed illegally is the user who went through the KYC process before October 2018  such as the user  s ID card  self/portrait picture  proof of address and other identity verification documents 28 639.,2020-11-13 0:00,2020,,External factor,Deceiving personnel,Human risk,Target,CeFi,
423,Grin,SlowMist,,https://hacked.slowmist.io/search/,,https://www.coindesk.com/markets/2020/11/08/privacy-coin-grin-is-victim-of-51-attack/,,According to reports  the Grin network has recently suffered Governance issues. An unknown entity controlled more than 57% of network computing power on Saturday. According to the Grin website  the team advises people to wait for  additional confirmation on payment finality.  According to a reminder announcement issued on the Grin website on November 9 Important notice: Grin's network computing power has increased significantly in a short period of time. It is worth noting that this coincides with the time when the Nicehash rate doubled. Currently  more than 50% of the network computing The power is outside the known pool. Considering these circumstances  it is wise to wait for additional confirmation of the transaction to ensure the finality of the payment. According to previous reports  on November 8  2Miners tweeted that Grin Network is receiving 51 % Attacked  payment has stopped. Please do so at your own risk  as new blocks may be rejected.,2020-11-08 0:00,2020,,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
443,CherryFi,SlowMist,,https://hacked.slowmist.io/search/,,Sep 2020 / CherryFi Contract Vulnerabilities / $Unknown (Global) / Quadriga Initiative,,The transfer logic of TRON's DeFi project CherryFi calls the safeTransfer function to perform specific transfer operations. However  the USDT transfer logic does not return a value  which causes the safeTransfer call to never succeed  which leads to the lockup of funds  and therefore users cannot perform USDT transfers in and out. It is understood that the CherryFi code has not been audited.,2020-09-06 0:00,2020,,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Dapp,P
445,ETC,SlowMist,,https://hacked.slowmist.io/search/,,https://www.coindesk.com/markets/2020/08/29/ethereum/classic/hit/by/third/51/attack/in/a/month/,, Bitfly tweeted that another massive Governance issue on ETC today resulted in the restructuring of more than 7 000 blocks  equivalent to about two days of mining time. All missing blocks are removed from balances that have never epired  and all ependitures are checked for missing transactions.,2020-08-29 0:00,2020,,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
446,Ledger,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/ledger/cto/discusses/wallet/s/safety/after/multiple/security/setbacks,,Encrypted wallet provider Ledger recently eperienced database leaks and wallet vulnerabilities  putting users bitcoins at risk. The chief technology officer of Ledger stated that in terms of database leakage  the attacker accessed part of our e/commerce and marketing database through a third/party misconfigured API key on our website  allowing unauthorized access to our customers contact information and Order data. Ledger fied this issue on the same day and disabled the API key.,2020-06-25 0:00,2020,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
447,Degen.Money,SlowMist,,https://hacked.slowmist.io/search/,,Degen.Money was eposed to a double authorization vulnerability. and user funds were at risk of being stolen / PANews (panewslab.com),, Twitter users reported that DeFi  s liquidity mining project Degen.Money exploited a double approval vulnerability to get users   Money. The first authorization gives the pledge contract  and the second authorization gives the right to transfer money  which will result in the user  s funds being taken away by the attacker. YFI founder Andre Cronje says the project does have risks.,2020-08-28 0:00,2020,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Yield,CP
448,Filecoin,SlowMist,,https://hacked.slowmist.io/search/,,https://www.tuoniao.com/newsflash/p/458791.html,, The Filecoin space race started  and the CDSI alliance node  t02398  suffered a large number of malicious and illegal attacks. The attacker sent a large number of messages through the filtered whitelist to block the node  consuming a lot of calculations on the Lotus node  making the node unable to complete the task normally and eventually losing computing power.,2020-08-25 0:00,2020,,Undetermined,Undetermined,Technical vulnerability,Target,Blockchain,DLT
450,BTC ERA,SlowMist,,https://hacked.slowmist.io/search/,,https://www.infosecurity/magazine.com/news/malicious/actors/bitcoin/launch/,,Some cybercriminals have been counterfeiting the BTC ERA trading platform in order to infect potential users with malware. The cybersecurity company discovered that the perpetrators had been sending emails allegedly from BTC ERA to induce users to invest and pay.,2020-08-25 0:00,2020,,Instant user deception,Phishing emails,Imitation,Intermediary,Other systems,
451,CryptoTrader,SlowMist,,https://hacked.slowmist.io/search/,,https://www.coindesk.com/markets/2020/08/24/hacker/stole/1000/traders/personal/data/from/crypto/ta/reporting/service/,, According to Coindesk  a hacker has stolen more than 1 000 user data from crypto/ta service provider CryptoTrader.Ta and is trying to sell information on dark web forums.,2020-04-07 0:00,2020,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
453,KuCoin,SlowMist,,https://hacked.slowmist.io/search/,,KuCoin Warns of Impersonator Website Offering Incentives to Deposit Crypto (cointelegraph.com),,,2020-08-19 0:00,2020,,Instant user deception,Evil twin site,Imitation,Intermediary,CeFi,
457,Nugs.space (NUGS),SlowMist,,https://hacked.slowmist.io/search/,,https://www.theblockcrypto.com/linked/74527/token/nugs/nee/eit/scam/listing/uniswap,,Two small/scale token projects  NUGS and NEE  appeared to have committed travel fraud shortly after being launched on Uniswap. The NUGS project blamed this move on a smart contract vulnerability. On its official telegram channel  NUGS stated that its smart contract is now unfiable. Another project  NEE  is also suspected to have gone and the social media account of this project has been deleted.,2020-08-11 0:00,2020,,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
460,YYFI,SlowMist,,https://hacked.slowmist.io/search/,,https://decrypt.co/37601/yfi/clones/when/one/wifey/is/not/enough,,YFII's hard fork project YYFI has completely become an exit scam in the early morning of August 1. From the very beginning  this project seems to be determined to prepare for its own run.,2020-07-28 0:00,2020,,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
461,ETC,SlowMist,,https://hacked.slowmist.io/search/,,https://www.btcfans.com/en/us/flash/id/7810,,Bitfly tweeted that today  the ETC blockchain has undergone a chain reorganization of 3693 blocks at a block height of 10904146. This causes all state construction nodes to stop synchronizing. The ETC blockchain did not produce blocks for nearly 6 hours  and then the block production returned to normal.,2020-08-01 0:00,2020,,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
466,Russian blockchain voting platform,SlowMist,,https://hacked.slowmist.io/search/,,https://www.btcfans.com/en/us/flash/id/1459,, In the recent referendum on constitutional reform  1.14 million Russians voted through the blockchain platform  but their data has been made public on the Internet and can be accessed directly from state/owned servers. Election officials Shared a ZIP file containing id card information  passport Numbers and other passport information of people who voted on the blockchain platform  sources said. The ZIP file is stored on a government website. The files are free and can be downloaded by anyone at any given time. In addition  the files are password/protected  though the passwords are not very strong. Meanwhile  there are other problems with the blockchain voting platform  such as a loophole for partial repeat votes.,2020-07-01 0:00,2020,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Dapp,P
473,Filecoin,SlowMist,,https://hacked.slowmist.io/search/,,https://mobile.twitter.com/natalie6block1/status/1266002332808024064,,6Block technical staff found a serious vulnerability in the Filecoin code  through which the unlimited issuance of Filecoin can be achieved. The 6Block stated that  for proving the effectiveness of the vulnerability  the three miner accounts t01043  t027999  and t0234783 of 6Block had completed an additional issuance of 1.6 billion Filecoin using the vulnerability  taking the top three places in the Filecoin rich list. The 6Block team independently discovered and reported the vulnerability to Filecoin official  and is currently actively assisting the Filecoin to complete the vulnerability fiing.,2020-05-28 0:00,2020,,Contract vulnerability,Undetermined,Technical vulnerability,Target,Blockchain,DLT
475,TBTC,SlowMist,,https://hacked.slowmist.io/search/,,https://www.8btc.com/article/599249,,After about 48 hours of testing on both the Ethereum and Bitcoin mainnets  the Keep team decided to trigger the 10/day emergency deposit moratorium allowed by the TBTCSystem contract  the team found that deposits were being blocked when certain types of Bitcoin addresses were used for redemption. The decision to trigger the moratorium came after a major issue with the redemption flow of the contract that put open deposit signer deposits at risk of liquidation. The team summarizes as follows: 1. First  the Keep team failed to conduct more tests after the new commit was proposed. As a result  the team missed the opportunity to catch this issue during development. 2. During the dApp/based manual QA process  the Keep team did not verify whether a successful exchange in the UI resulted in a closed deposit on/chain. As a result  the team missed the opportunity to find issues during the manual QA process. 3. The Keep team did not adequately consider input validation at the entry point of redemption. This is one of the relatively few pieces of data in the system that is completely user/controlled  and should therefore be a top consideration for input validation. 4. The Keep team did not spend enough time generating Bitcoin test vectors for unit tests.,2020-05-18 0:00,2020,,Contract vulnerability,Undetermined,Technical vulnerability,Target,Bridge,INT
476,Loopring,SlowMist,,https://hacked.slowmist.io/search/,,https://medium.loopring.io/loopring/exchange/frontend/password/bug/postmortem/cf55ce7e0150,,Loopring has appeared a serious front/end error  the private key material is set within a range of 32/bit integer  you can find all user private key pairs by brute force method  due to the user's EdDSA key pair is actually limited to a space of 32/bit integer  the hacker can find out the EdDSA key pair of all users by brute force method. Affected by this  Loopring exchange shut down for half a day for maintenance and upgrade.,2020-05-07 0:00,2020,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Exchange,P
485,Trident Crypto Fund,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/trident/crypto/fund/data/breach/266/000/passwords/stolen,, The crypto fund Trident Crypto Fund was hacked and the data of 266 000 users was leaked. The database containing email addresses  mobile numbers  encrypted passwords and IP addresses was uploaded to various file/sharing sites on February 20.,2020-02-20 0:00,2020,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
500,GateHub,SlowMist,,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/gatehub/crypto/wallet/data/breach/compromises/passwords/of/14m/users,,Gatehub Crypto Wallet Data Breach Compromises Passwords of 1.4M Users.,2019-11-19 0:00,2019,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
502,BetHash,SlowMist,,https://hacked.slowmist.io/search/,,https://cmichel.io/what/really/happened/with/the/eos/play/hack/,, BetHash's betting game mechanism allows players to guess the ratio of the number between 0/100 and the random number given by the system to win the bonus of the corresponding odds. The smaller the bet number  the greater the odds. Every time a player makes a bet  the dicereceipt() function of the BetHash smart contract will be called to notify the player's account. At this point  the hacker can control the malicious program to hijack the notification and embed the inline operation to implement the attack. Although the attacker also needs to pay a certain amount of bet for every attack  as long as it keeps 0.1 EOS and is conservative,2019-11-07 0:00,2019,,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
503,BitMEX,SlowMist,,https://hacked.slowmist.io/search/,,https://bitcoinmagazine.com/articles/bitme/compromises/user/data/in/email/gaffe,,BitME Compromises User Data in Email Gaffe.,2019-11-01 0:00,2019,,External factor,Exploiting operational mistake,Human risk,Target,CeFi,
505,Safuwallet,SlowMist,,https://hacked.slowmist.io/search/,,https://cryptonews.net/news/security/226480/,, ZenGo co/founder Ouriel Ohayon reported on Twitter that the wallet extension SAFU Wallet apparently steals large amounts of money by injecting malicious code into users. A white hat hacker said that by inspecting the SAFU code  he found that they dynamically injected this script https://safuwallet.tk/inside.js in every page being loaded. At the same time  they use obfuscation tools to make it hard to see. theless  the white hat hackers explained that they targeted MEW  Inde and Binance  using background scripts to send information to 4 different endpoints on the same domain. Therefore  the created wallet is automatically shared with them. Currently  the SAFU Wallet Google Chrome website is not available after a community request to remove the extension.,2019-10-11 0:00,2019,,Internal theft,Malicious code injection ,Human risk,Target,Other systems,
507,Coinhouse,SlowMist,,https://hacked.slowmist.io/search/,,https://www.cryptoglobe.com/latest/2019/09/french/crypto/exchange/coinhouse/suffers/phishing/attack/user/names/and/emails/compromised/,,Coinhouse Suffers Phishing Attack  User Names and Emails Accessed.,2019-09-12 0:00,2019,,Instant user deception,Phishing emails,Imitation,Intermediary,CeFi,
511,Bitstamp,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/113698.htm,, There is a vulnerability in Bitstamp  which can be used by attackers to view a large number of sensitive information such as user IDs and bank CARDS  seriously threatening the information security of users.,2019-08-13 0:00,2019,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
512,SKR EOS,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/113210.htm,,The skreosladder game has been attacked by hackers again  and hackers have now profited thousands of EOS. After preliminary analysis  hackers still use transaction crowding attacks  but the difference is that hackers control a large number of accounts to place bets at the same time  and then multiple accounts are used to push blocks due to the large number of accounts participating in the attack. The connection between accounts is not obvious  and the attack is highly concealed.,2019-08-09 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
514,LuckyClover,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/111644.htm,,Multiple hackers have launched a series of attacks on the EOS game LuckyClover  earning thousands of EOS.,2019-08-01 0:00,2019,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
515,UnicornBet,SlowMist,,https://hacked.slowmist.io/search/,,Golden Finance_Here. read the blockchain (jinse.com),,Multiple hackers have launched a series of attacks on the EOS game UnicornBet  earning thousands of EOS.,2019-08-01 0:00,2019,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
516,YouHolder,SlowMist,,https://hacked.slowmist.io/search/,,https://bitcoinexchangeguide.com/youhodler/crypto/loan/platform/affected/by/data/leak/of/customers/credit/card/details/,,The cryptocurrency lending company YouHodler was affected by a data leak that contained information about users on its platform. Some of the data that was released to the market includes bank accounts passport numbers card numbers and many other things.,2019-07-25 0:00,2019,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
517,QuickBit,SlowMist,,https://hacked.slowmist.io/search/,,https://thetradable.com/quickbit/crypto/exchange/user/data/breached/,,According to QuickBit  the breach resulted in data of users such as names  emails  physical addresses and even card information was exposed. The exchange has said it has estimated about 2% user data was left unprotected. The exchange has claimed that although data was bare and accessible to anyone who had the knowledge on how to access it   of the data has been affected or copied.,2019-07-19 0:00,2019,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Dapp,P
520,My Dash Wallet,SlowMist,,https://hacked.slowmist.io/search/,,MyDashWallet / The easy way for anyone to create DASH wallets locally,,My Dash Wallet has been embedded with a malicious script  the malicious script will upload the user's DASH currency account balance  keystore  private key  seed and other key information to https://api.dashcoinanalytics.com/stats.php.,2019-07-12 0:00,2019,,Instant user deception,DNS attack,Imitation,Intermediary,Other systems,
522,HiGold Game,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/105520.htm,,The hacker launched a continuous attack on the HiGold Game and realized the profit.,2019-07-03 0:00,2019,,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
524,Waltonchain,SlowMist,,https://hacked.slowmist.io/search/,,https://bitcoinexchangeguide.com/waltonchain-blockchain-has-been-attacked-how-is-this-affecting-the-network/,, The mainnet of Waltonchain was suffered coordinated attack  and the problem has been solved through the upgrade of the mainnet.,2019-06-30 0:00,2019,,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
528,Synthetix,SlowMist,,https://hacked.slowmist.io/search/,,The Block: Syntheti suffers oracle attack. more than 37 million synthetic ether eposed,,Syntheti  a synthetic asset issuance platform built on Ethereum  experienced an oracle attack which netted the attacker over 37 million sETH  according to Etherscan. However  the true dollar value is difficult to calculate at this time given the relative illiquidity of sETH on secondary markets.,2019-06-24 0:00,2019,,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Derivatives,P
530,SKR EOS,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/101608.htm,,Continuous attack by hackers to SKR EOS  earning thousands of EOS.,2019-06-13 0:00,2019,,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
531,BETX,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/100822.htm,,The 600 million BET tokens held by BET managers were stolen by hacker and sold on the Newde exchange. Preliminary analysis shows that the cause of this attack is that the private key of BET project is stolen  and the hacker gains the owner privilege and transfers all the eisting tokens of the contract. The selloff caused the BET token to fluctuate sharply and close to zero.,2019-06-10 0:00,2019,,Undetermined,Accessing private keys/data,Undetermined,Target,Dapp,P
533,Coinroom,REKT and SlowMist,https://de.fi/rekt-database/coinroom,https://hacked.slowmist.io/search/,,https://cointelegraph.com/news/report/polish/exchange/shuts/down/and/disappears/with/customers/funds,,Polish cryptocurrency exchange Coinroom suddenly shut down its service in April  suspected of defrauding customers and running away with funds. Although the eact amount involved in the fraud is unclear. REKT: Polish cryptocurrency exchange Coinroom has reportedly shut down its operations and disappeared with customer funds.  Money.pl. a local business news outlet. received an email from one of its readers. who stated that Coinroom — &nbsp;which was registered in 2016 — ceased operations overnight and disappeared with customers’ money in April. Some users say they had up to 60.000 zloty (around $15.790) in their accounts.  Before ceasing its operations. Coinroom reportedly sent emails to its customers. containing information about contract terminations. Coiroom customers had only one day to withdraw their money. which was in accordance with Coinroom regulations signed by users. However. customers reportedly claim that some of them got only part of the money. while most of them did not receive their funds back at all.,2019-05-31 0:00,2019,,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,CeFi,
535,GateHub,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/100522.htm,,The attacker controls some of the GateHub database account API permissions  but the user's private key is secure. GateHub officials have identified 103 wallets that were compromised and a total of 18 473 accounts that may have been affected  including 5 045 with active balances.,2019-05-30 0:00,2019,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
536,Remitano,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/98502.htm,,Due to the failure to take effective measures against user complaints RP buyers have suffered a lot of losses. The cryptocurrency exchange Remitano has announced that it has suspended all RP deposits and withdrawals to solve the problem of false RP deposits.,2019-05-29 0:00,2019,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,CeFi,
543,TronBank game BTTBank,SlowMist,,https://hacked.slowmist.io/search/,,Rashomon behind the theft of 26 million TR (qq.com),,Tron Dapp TronBank was attacked by Fake token attack at 1 am about 170 million BTT were stolen in 1 hour (worth about 850 000 yuan). Monitoring showed that the hacker created a fake token BTT to initiate the invest function to the contract and the contract did not determine whether the sender's token id was consistent with the BTT real token id1002000.,2019-04-11 0:00,2019,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
545,IseriCoin,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/89100.htm,,Hacker has used contract vulnerabilities to send a huge amount of IseriCoin tokens to his account.,2019-04-08 0:00,2019,,Contract vulnerability,Undetermined,Technical vulnerability,Target,FT,CA
548,ggeos,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/73908.htm,,The contract was attacked by a transaction rollback.,2019-01-01 0:00,2019,,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
551,uugame,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/75378.htm,,The random number was cracked.,2019-01-10 0:00,2019,,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
552,EOS.WIN,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/75547.htm,,The attacker loveforlover launched an attack on EOS.WIN and has already made a profit.,2019-01-11 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
553,BetDoge,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/75693.htm,,The attacker launched continuous attacks on the EOS game BetDoge and has successfully profited hundreds of EOS.,2019-01-12 0:00,2019,,Contract vulnerability,Undetermined,Technical vulnerability,Target,Dapp,P
557,STACK DICE,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/75813.htm,,The attacker used deferBomb to exploit vulnerability in the old/version BP nodeos.,2019-01-13 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
558,Fishing,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/75813.htm,,The attacker used transaction congestion attack to exploit vulnerability in the old/version BP nodeos.,2019-01-13 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
559,GameBet,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/75816.htm,,The attacker used transaction congestion attack to exploit vulnerability in the old/version BP nodeos.,2019-01-14 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
561,FarmEOS,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/76160.htm,,This time the attacker is the same person as the last time. Both flo******now and sil******day are the account of the hacker. The two attack methods are also the same. The attacker points to FarmEOS. After placing a bet and when the attacking contract receives a transfer notification a large number of defer transactions are initiated which delays the subsequent lottery draw of FarmEOS which is the &quot transaction crowding attack&quot .,2019-01-15 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
562,LuckBet,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/76287.htm,,The attacker uses the trade crowding attack to attack the game contract and ultimately profit.,2019-01-16 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
564,SuperMonopoly,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/76440.htm,, The attacker uses the trade crowding attack to attack the game contract and ultimately profit.,2019-01-16 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
565,21Dice,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/76440.htm,,The attacker used the transaction congestion attack to attack the game contract and ultimately profit.,2019-01-16 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
566,iDicefungame,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/77095.htm,,The attacker launched continuously attacks on idicefungame and has already made a profit and transferred to the bitfine exchange.,2019-01-19 0:00,2019,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
567,EOSLuck,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/77278.htm,,The attacker is targeting the game s random number algorithm and his winning percentage is much higher than other ordinary players.,2019-01-21 0:00,2019,,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
568,Crazy Dice,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/77473.htm,,It is consistent with the previous principles of attacking EOS.Win FarmEOS etc. but the method has changed. The attacker controls multiple accounts to cooperate to complete the transaction congestion attack.,2019-01-22 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
570,EOSABC,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/78055.htm,,It is consistent with the previous principles of attacking EOS.Win FarmEOS etc. but the technique has changed.,2019-01-25 0:00,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
571,EOSlots,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/78220.htm,,The attacker controlled multiple accounts to launch continuously attacks on the EOSlots.,2019-01-27 0:00,2019,,Transaction attack,Replay attack,Technical vulnerability,Target,Dapp,P
572,EOSABC,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/78358.htm,,Similar to the way EOSABC was attacked two days ago the problem has not been fied.,,2019,,Transaction attack,Transaction congestion attack,Technical vulnerability,Target,Dapp,P
573,EOSABC,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/78682.htm,,This is the third attack on the contract not a transaction congestion attack but the real purpose of the attack is the transaction Contract vulnerability.,2019-01-30 0:00,2019,,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
575,EOSlots,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/78811.htm,,The attacker launched continuous attacks on the EOS game EOSlots.,2019-01-30 0:00,2019,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
576,Fastwin,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/78835.htm,,The attacker deployed multiple attack contracts to attack the EOS game FASTWIN.,2019-01-30 0:00,2019,,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
580,Gameboy,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/80574.htm,,Gameboy a EOS game was attacked. Attacker cont****inop deployed a contract and attacked by calling launch function. According to the analysis of SlowMist security team and confirmed with project side by communication.The project side wrongly add a controlled seed in random algorithm which lead the attack.,2019-02-15 0:00,2019,,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
590,Mercatox,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/85139.htm (2) https://cloud.tencent.com/developer/article/1419237,,The attacker launched a hard_fail attack on the exchange and profited thousands of EOS.,2019-03-15 0:00,2019,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,CeFi,
596,TronCrush,SlowMist,,https://hacked.slowmist.io/search/,,https://blocking.net/1638/dapp/trend/list/all/vulnerability/wave/fields/on/eos/may/be/reproduced/,,The transfer does not determine that to and from cannot be the same address resulting in an attack that can create more than 15w TCC tokens without foundation.,2019-04-11 0:00,2019,,Contract vulnerability,Logical bug/custom flaw,Technical vulnerability,Target,Dapp,P
605,Electroneum,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://steemit.com/electroneum/@samdman/electroneum/under/51/attack (2) https://www.financemagnates.com/cryptocurrency/news/51/percent/attacks/appear/hit/verge/electroneum/?utm_source=daily_newsletter&utm_medium=email&utm_campaign=05.04.18amp%2F,, The attacker has a large amount of computing power to launch Governance issue,2018-04-04 0:00,2018,,Decentralization issue,51% attack,Technical vulnerability,Target,Blockchain,DLT
615,EDU Token,SlowMist,,https://hacked.slowmist.io/search/,,https://www.leiphone.com/news/201805/Wv4BygPe2A4o3LR.html,, EDU smart contract has critical vulnerability   and can transfer the EDU Token in any account.,2018-05-24 0:00,2018,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
621,KICKICO,SlowMist,,https://hacked.slowmist.io/search/,,https://thehackernews.com/2018/07/kickico/cryptocurrency.html,,KICKICO has experienced a security breach which resulted in the attackers gaining access to the account of the KICK smart contract — tokens of the KICKICO platform. The team learned about this incident after the complaints of several victims who did not find tokens worth 800 thousand dollars in their wallets. During the investigation it was found that the total amount of stolen funds is 70 000 000 KICK which at the current exchange rate is equivalent to $ 7.7 million.,2018-07-26 0:00,2018,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,CeFi,
623,EOSBET,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/48517.htm (2) https://cryptoslate.com/major/eos/bug/allows/users/to/poach/ram/eosbet/has/system/crippled/,,RAM was swallowed up by the malicious contract and the game party failed to check the caller of transfer action which led to the exchange of real token with fake token ,2018-08-26 0:00,2018,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
635,GATE.IO,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://www.jinse.com/lives/62664.htm (2) https://www.welivesecurity.com/2018/11/06/supply/chain/attack/cryptocurrency/exchange/gate/io/,,Hackers successfully sandwiched crypto/stealing code into the middle of a popular web traffic/measuring plugin from StatCounter which is now used on more than two million websites including government sites. They have determined however that the rather wide swath of infections may have been designed to eventually infect cryptocurrency trading sites and that the scheme did in fact infect popular crypto/trading site Gate.io. By situating the code in the middle of StatCounter’s downloadable javascript web traffic analysis tool hackers made it harder to detect.,2018-11-03 0:00,2018,,Undetermined,Undetermined,Technical vulnerability,Target,Exchange,P
642,LuckyGo,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/64543.htm,,EOS game contract LuckyGo has been off the line and the attacker iloveloveeos (malicious contract) was eposed in September because of attack on FairDice.,2018-11-15 0:00,2018,,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
644,vegasgame111 (EOS quiz game contract),SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/65894.htm,,The attacker (kuybupeykieh) launched an attack on the EOS quiz game contract (vegasgame111) making a total of hundreds of EOS. The data on the tracking chain found that in order to prevent the flow of funds from being tracked the hacker used dozens of operations to create sub/accounts. In order to transfer the acquired assets sequentially the attacker used the &quot fake EOS&quot vulnerability to carry out the attack.,2018-11-21 0:00,2018,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Dapp,P
645,Copay (BitPay),SlowMist,,https://hacked.slowmist.io/search/,,https://www.zdnet.com/article/hacker/backdoors/popular/javascript/library/to/steal/bitcoin/funds/,,American Bitcoin payment processor BitPay stated that the company s Copay wallet was attacked by hackers. Bitpay announced on Monday that it learned of this issue from a report on Copay GitHub. The report showed that third/party JavaScript libraries used by these applications were modified and malicious code was loaded. The malware was inserted into versions 5.0.2 to 5.1.0 of the Copay and BitPay wallet applications and may be used to obtain private keys for stealing Bitcoin and Bitcoin Cash. According to reports the attack appeared to be carried out by a developer named Right9ctrl who took over the maintenance of the NodeJS library from the left manager. About three months ago when Right9ctrl was granted access to the repository he inserted malware at this time.,2018-11-26 0:00,2018,,Hacked/exploited infrastructure,Accessing private keys/data,Technical vulnerability,Target,Other systems,
657,EosDice,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/72348.htm,,The attacker binaryfun attacked the EosDice s game contract bocai.game and transfers most of the acquired EOS to the Binance exchange account binancecleos.,2018-12-21 0:00,2018,,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
658,LuckBet,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/72463.htm,,The attacker snowredgreen attacked the LuckBet game contract luckbetadmin and transfers most of the acquired EOS to the Huobi exchange account huobideposit,2018-12-22 0:00,2018,,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
660,Lucky Nuts,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/73116.htm,,The attacker continued to attack the Lucky Nuts game contract nutsgambling and continues to profit from it. Eventually most of the stolen EOS was transferred to the Binance exchange account binancecleos.,2018-12-26 0:00,2018,,Contract vulnerability,Random number attack,Technical vulnerability,Target,Dapp,P
661, LuckyMe,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/73410.htm,, The attacker continued to attack the LuckyMe game contract luckymedice1 and had benefited thousands of EOS.,2018-12-28 0:00,2018,,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
662,GameBet,SlowMist,,https://hacked.slowmist.io/search/,,https://www.jinse.com/lives/73416.htm,,The attacker launched an attack on the GameBet game contract gamebetdices and transfer most of the acquired EOS to the FreeWallet wallet account.,2018-12-28 0:00,2018,,Contract vulnerability,Rollback attack,Technical vulnerability,Target,Dapp,P
682,BURN ONE TOKEN,REKT,https://de.fi/rekt-database/burn_one_token,,,https://twitter.com/CaptainJackAPE/status/1329058909588398083,,A review of the token contract shows low network activity. which didn tlead to significant funds loss for the user in the past. The project is considered abandoned.,2020-04-18 0:00,2020,,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
684,Cezo ,REKT,https://de.fi/rekt-database/cezo_,,,"RD Labs (Previously Rug Detectives) sur Twitter : ""Scam Warning - Cezo $CEZ (0xfebc25f4c5fc3e90a7efae0b4d436a77c9e131b3) Issues: Seems like we are in the midst of a pump and dump. @cezo_io strange movements between the deployer contract and the token. Acting as if these are a burning mechanism.. #RUGDETECTIVES https://t.co/Mfn0Ps65SL"" / Twitter",,>The team was dumping tokens into the market. The project has been inactive since January 9. after the token migration announcement.,2020-12-23 0:00,2020,,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
688,Cream Finance,REKT,https://de.fi/rekt-database/cream_finance,,,Postmortem Report of DNS Hijacking | by C.R.E.A.M. | C.R.E.A.M. Finance | Medium,,DNS hijacking was discovered at Cream Finance. Their GoDaddy account was hacked. and users were redirected to a phishing website. Incident timeline: 1. The website was down; users reported a website outage2. GoDaddy DNS CNAME record not pointing to their hosting IP. consistent with the website outage3. DNS A record was updated to the correct IP; root cause analysis began4. Noticed DNS cache pollution. consistent with user reports; Began DNS migration to Cloudflare5. Discovered that GoDaddy login credentials were compromised and could not log in6. CoinGecko. CoinMarketCap. and imToken were notified to update the website link and put up warning messages7. Two alternative websites were put for users to continue using Cream Finance8. The ownership of the domain was reclaimed with the help of GoDaddy. started to recover the service and ensure the security9. The website returned to normal. while some regions were still affected as DNS propagation continued,2021-03-15 0:00,2021,,Instant user deception,DNS attack,Imitation,Intermediary,Exchange,
689,Crocoswap finance,REKT,https://de.fi/rekt-database/crocoswap_finance,,,Telegram: Contact @rugsteemer,,The project team switched to another MasterChef contract. The new contract revomed 12h timelock on emergency withdrawal. Liquidity was drained. the website is down.>The project team switched to another MasterChef contract. The new contract revomed 12h timelock on emergency withdrawal. Liquidity was drained. the website is down.,2021-03-14 0:00,2021,,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
692,Darkwebcoin,REKT,https://de.fi/rekt-database/darkwebcoin,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT DONT BUY: Darkwebcoin $DKWC 0x9eec0ea5d267724eaa563f6568c781dcc8b7f62d CAN NOT SELL"" / Twitter",,A review of the token contract shows low network activity. which didn tlead to significant funds loss for the user in the past. The project is considered abandoned.,2020-11-13 0:00,2020,,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
700,GeoDB,REKT,https://de.fi/rekt-database/geodb,,,"(1) Wallace Wallet ($GEO ??) ? sur Twitter : ""Notice: Today at 5am CET our #eth / #btc bridge contract was attacked. 4m Geo Tokens were stolen &amp; dumped on @Uniswap &amp; @PancakeSwap Hacker's addresses on ETH &amp; BSC: 0d66a9967949ae20eb8b2c1922b84fbf69bbc76cf We have taken the necessary steps &amp; Trading $GEO is safe."" / Twitter. (2) https://insured.substack.com/p/16/million/stolen/from/geodb",,,2021-08-14 0:00,2021,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,FT,CA
703,Iron Finance,REKT,https://de.fi/rekt-database/iron_finance,,,(1) https://ironfinance.medium.com/iron-finance-post-mortem-17-june-2021-6a4e9ccf23f5. (2) https://cointelegraph.com/news/mark-cuban-calls-for-stablecoin-regulation-in-wake-of-iron-finance-bank-run. (3) https://thedefiant.io/iron-finance-implodes-after-bank-run,,On the 16th of April. TITAN reached an all/time high of $64 and some investors cashed out. As a result. the price dropped to $60. where it remained for a time. However. when TITAN fell below $60. it prompted a fresh wave of selling by big investors. commonly known as whales. driving the price down below $30. Because of the decline in the TITAN price. the IRON stablecoin lost its peg and fell to $0.90. This is where the real issues started. The price oracle. which is a smart contract that generates token prices from liquidity pools. could not keep up with the volatility since it utilizes a 10 minute Time Weighted Average Price (TWAP) to determine the CR. Users could purchase IRON tokens for $0.90 and instantly redeem them for $0.75 USDC and $0.25 TITAN. which they could then sell for a risk/free profit. Investors were ready to purchase dips in IRON and TITAN. helping IRON to briefly reclaim its peg and driving the TITAN price back up to $50. This triggered another wave of selling as additional major traders began to take advantage of the arbitrage opportunity. flooding the market with newly minted TITAN and finally dumping it as the price approached zero. As a result. IRON fell further. reaching a low of $0.58 before rebounding to $0.74 at the time of writing. The TITAN supply that was supposed to be capped at 1 billion tokens epanded without limit.,2021-06-16 0:00,2021,,Interconnected actors flaw,Oracle manipulation,Technical vulnerability,Target,Lending,P
705,Kanva,REKT,https://de.fi/rekt-database/kanva,,,"CaptainJackCryptoAPE sur Twitter : ""?SCAM ALERT? SCAM ALERT: Kanva $KNV 0x2d176650b1d3e69e80c2dd8acf4e7d590a16bda7 CAN NOT SELL"" / Twitter",,A review of the token contract shows low network activity. which didn't lead to significant funds loss for the user in the past. The project is considered abandoned.,2020-04-15 0:00,2020,,Rug pull scam,Selling restrictions,Malicious use of contract,Perpetrator,FT,CA
716,PancakeSwap,REKT,https://de.fi/rekt-database/pancakeswap,,,(1) Update on the SYRUP Incident. Following the emergency decision to… | by PancakeSwap | PancakeSwap | Medium. (2) https://www.bsc.news/post/pancakeswap-emergency-brake-on-syrup-pools,,Bad actors took advantage of a flaw in the connection between the MasterChef contract and the SyrupBar contract. Previously. when CAKE was staked. an equivalent number of SYRUP tokens were created. The SYRUP tokens would be burnt once the CAKE was unstaked and withdrawn. The eact attack here was that if a user invoked the MasterChef contractsemergencyWithdraw method to withdraw their staked CAKE. the related SYRUP tokens were not burned as planned. This enabled malicious actors to mint additional SYRUP tokens using their CAKE tokens on a regular basis. Because there were much more SYRUP tokens in circulation than was permitted. the bad actors received a larger share of Syrup Pool rewards.&nbsp;,2020-11-03 0:00,2020,,Contract vulnerability,Undetermined,Technical vulnerability,Target,Exchange,P
731,Zapper,REKT,https://de.fi/rekt-database/zapper,,,Zapper Zaps Its Own Vulnerability Before Hackers Do / The Defiant,,The team of whitehat hackers (AndreiKei and VV) identified a loophole in the old Polygon bridge smart contract. which could lead to the possible exploit and lost of the users funds. The vulnerability allows possible attacker to transfer tokens from users’ accounts. for which they had previously granted unlimited approval. via the Zap. This was possible due to a function. which eecutes External swaps and Zaps (via 0. Paraswap. etc). accepting non/validated <u>calldata</u>: (bool success. ) = swapTarget.call.value(valueToSend)(swapCallData) The Zap lacked an appropriate pause function which meant that the Zapper team was unable to prevent the vulnerability from being exploited. Zapper team together with the team of whitehat hackers (AndreiKei and VV) eecuted whitehat hack to withdraw funds from the old contract to the safe distribution contract. where users could successfully reclaim their funds. Deprecated Polygon bridge: https://etherscan.io/address/01f0d1927498fbd4f9e8558704ce5b658929527ec Smart contract used for the exploit: https://etherscan.io/address/07284e5cd49f47da42d355bcb5ab64fbb45d7eff6 Received funds were transferred to the safe smart contract for further distribution to the affected users: https://etherscan.io/address/063cd1f35063e1bdd01355fb2bee4ecee05d94b84,2021-06-15 0:00,2021,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,CeFi,
743,AutobotDefi,REKT,https://de.fi/rekt-database/autobotdefi,,,Telegram: Contact @rugsteemer,,The contract deployer added initial liquidity at: https://ftmscan.com/t/0d3bafb04c550c393cf982e2c51741091bc56a718f36519222b30b1ad6c29b83a https://ftmscan.com/t/0532d327e5193f448aae544a74458b0e5adf5ab16b63931bd1fd9d0d4bec303b2 https://ftmscan.com/t/05f0b0ff0c5df46e6752b09fbcd2320f9e0b29f402c72a02c2c622d119bb5ea68 The liquidity was removed by the contract deployer at: https://ftmscan.com/t/0ca77f2d18807ade26892121d584c4a7a7ac946088228b167fd576e95a2ca3dc6 https://ftmscan.com/t/0809820e2148e43f72cf24561665573a87d690dcaf00805e786c327179a28b8bd https://ftmscan.com/t/064a6911965b1d3f44acf1148878aacf5b16b72a6c11f2c4722ed917931ceda02,2021-12-05 0:00,2021,,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,Yield,CP
766,burn12,REKT,https://de.fi/rekt-database/burn12,,,"#WARONRUGS? on Twitter: ""We would like to apologize for those who bought $MANTLE. especially because of us. We have found that the developer behind “Joe” is a serial scammer. While the code was fine. he bought instantly after listing and dumped on everyone at the top then played the dead. See below.… https://t.co/3W2Q4GY3Ma"" (archive.ph)",,The contract deployer added initial liquidity at: https://etherscan.io/t/0c7b23c0de796bab0e026bd8092c057355dc58bceb7a4dd0d0b2a52edb80756ba The liquidity was removed by the contract deployer at: https://etherscan.io/t/049b0ca1b23264649e6064e0f44076baa4906297d863fc620351aba9ac4164e5b,2021-01-01 0:00,2021,,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
767,Cake Lock,REKT,https://de.fi/rekt-database/cake_lock,,,"#WARONRUGS? on Twitter: ""? Scam Advisory #100 - Cake Lock $LOCK (0x5f3bb338aE09a5A15CEB3D0E9E5194B404b95A1b) Reason: This project is being run by serial scammer @Techwithyani. Likeliness of losing all funds: 50% of the presale is already gone. we recommend you to move out. DYOR. #WARONRUGS?… https://t.co/QABACS6yRe"" (archive.ph)",,The project was holding a fundraising event using TokenSale smart contract: https://bscscan.com/address/0571e95084f68c3d8cca3613439c8bae2963f6846#code The contract deployer was the final recipient of the funds from the presale: https://bscscan.com/address/0d580f1de796eed2b7728c690e5e570eda336a8ec#internalt After the presale. the initial liquidity was added by the contract deployer: https://bscscan.com/t/013297002df3d72ca11574cb2279cea59de8eff65eea6cfefb3896fdeeb1a9106 The contract deployer removed a bigger part of the liquidity at: https://bscscan.com/t/0baeca20d156068721f44305f9d72a30f705de275ccabc4fa878801f7a95c9321 The final part of the liquidity was removed by the contract deployer at: https://bscscan.com/t/0614e9ea62a40688f63c4d860947923f36109b4e82bb0fa98cbce33542ccd2337,2021-03-01 0:00,2021,,Misappropriation of funds,"Scam presale, IDO and ICO",Market manipulation,Perpetrator,FT,CA
768,CAP5,REKT,https://de.fi/rekt-database/cap5,,,"#WARONRUGS? on Twitter: ""We would like to apologize for those who bought $MANTLE. especially because of us. We have found that the developer behind “Joe” is a serial scammer. While the code was fine. he bought instantly after listing and dumped on everyone at the top then played the dead. See below.… https://t.co/3W2Q4GY3Ma"" (archive.ph)",,The contract deployer added initial liquidity at: https://etherscan.io/t/0f5b2e6850fd432678d0f1ea3150c2bf21656f2585a15904d5ec756bb2673298d The contract deployer sold the part of tokens at: https://etherscan.io/t/0547a634f71f25cc5e3e62c763d4fc38fb2ac11c2e0171673e0fa59828410ce0c The liquidity was removed by the contract deployer: https://etherscan.io/t/088aff62552aa502a0880d05b98496a7209cb9b68a377b1cb01bc461fa4df3cad,2020-11-08 0:00,2020,,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
777,Compasswap Token,REKT,https://de.fi/rekt-database/compasswap_token,,,"Víđarr the Auditor (tweets ? investment advice) on Twitter: ""CompasswapToken $CPS #BSC Sneak Peek https://t.co/hDZ0OlvUzX Mint possibility by the owner which is ordinary address -> 0xbeC6A65218E0BdBd837C9FdA2986df459787378c Be vigilant !!! #cryptoredflag… https://t.co/ESiSkt94sP"" (archive.ph)",,Multiple transactions where the contract deployer sold tokens on a small amount: https://bscscan.com/tokentns?a=0bec6a65218e0bdbd837c9fda2986df459787378c&amp;p=2,2021-11-21 0:00,2021,,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,FT,CA
849,GALIL,REKT,https://de.fi/rekt-database/galil,,,"#WARONRUGS? on Twitter: ""We would like to apologize for those who bought $MANTLE. especially because of us. We have found that the developer behind “Joe” is a serial scammer. While the code was fine. he bought instantly after listing and dumped on everyone at the top then played the dead. See below.… https://t.co/3W2Q4GY3Ma"" (archive.ph)",,The contract deployer added initial liquidity at:  https://etherscan.io/t/0c93639059a5d453cbbbd033bbe6fe4f0a8ff04f659efc232e7563933437e81a7  The initial liquidity was removed by the contract deployer at:  https://etherscan.io/t/0455dbfabef864bce5d40f0120e54824b213847d8cffde6e9fbe686c5917c0bf7  A review of the token contract shows low network activity. which didn tlead to significant funds loss for the user in the past. The project is considered abandoned.,2020-11-10 0:00,2020,,Rug pull scam,Liquidity Removal,Malicious use of contract,Perpetrator,FT,CA
865,Hatch DAO,REKT,https://de.fi/rekt-database/hatch_dao,,,Crypto Exit/Scams Are Nothing New. Let's Call Them Out Before More People Get Scammed | HackerNoon,,The contract deployer added initial liquidity at:  https://etherscan.io/t/0485f0a4706998b614210d7a56d75f915be5b0390d6a460eb68a8511de2931dce  The contract deployer minted new tokens onto his wallet at:  https://etherscan.io/t/033c247cafa8a64659926a625b1b8b84774746203af745023cd3cf8d654d3fa1d  Minted tokens were sold by the contract deployer:  https://etherscan.io/t/0a67b70923abd8d75473569f0a26afcf765c7605a84ece7abbe1f161819249d15  The difference between the initial liquidity and the one that was removed is not large. losses cannot be calculated correctly.,2020-10-11 0:00,2020,,Rug pull scam,Pump-dump,Malicious use of contract,Perpetrator,Yield,CP
1027,Ultimate Set Dollar,REKT,https://de.fi/rekt-database/ultimate_set_dollar,,,https://twitter.com/CaptainJackAPE/status/1344933208832368647,,,2021-01-02 0:00,2021,,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,FT,CA
1108,Gemini,REKT,https://de.fi/rekt-database/gemini,,,(1) https://www.gemini.com/blog/protecting-our-customers-from-phishing-campaigns. (2) https://twitter.com/TheBlock__/status/1603133961978499075. (3) https://twitter.com/WuBlockchain/status/1603180031957606400,,"Quick Summary

A Third-party phishing campaign that affected some customer data was performed on the Gemini users.
Details of the Exploit
Some users have been targeted by a phishing attack.  This led to the collection of Gemini users' email addresses and phone numbers. Gemini claims that no account information or systems were impacted. and all funds and customer accounts remain secure.",2022-12-14 0:00,2022,,Instant user deception,Undetermined,Imitation,Intermediary,CeFi,
1149,Gate.io,SlowMist,,https://hacked.slowmist.io/search/,,"Cos(??)?????? sur Twitter : ""??????@gate_io ???????????????????? g?te[.]com ????????? Punycode ??????????????? Claim ??? eth_sign ??????????? ETH ????????@SlowMist_Team @MistTrack_io https://t.co/nk6y5yBEbh"" / Twitter",,"SlowMist founder Cosine tweeted that Gate.io’s official Twitter account may have been hacked. Hackers sent phishing messages to trick users into visiting g?te[.]com. Once you click ""Claim"". the eth_sign signature phishing will appear. which may lead to the theft of related assets such as Ethereum.",2022-10-22 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,CeFi,
1150,Vivity,SlowMist,,https://hacked.slowmist.io/search/,,"CertiK Alert sur Twitter : ""#CertiKSkynetAlert ?? We are seeing reports that the @Vivity_NFT Discord server was compromised. Do not click links. mint. or approve any transactions! #NFT #hacked #Discord Stay vigilant! https://t.co/UqBZO71kM5"" / Twitter",,The Discord server of NFT project Vivity was attacked.,2022-10-22 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,NFT,
1151,Blur,SlowMist,,https://hacked.slowmist.io/search/,,Blur official: Beware of phishing links posted by virtual accounts - PANews (panewslab.com),,NFT platform Blur tweeted that it noticed a phishing account with the ID @Blur_DAO and reminded users not to click on fake links. The fake account tweeted that the BLUR token query was now open. and posted a phishing URL.,2022-10-22 0:00,2022,,Instant user deception,Evil twin site,Imitation,Intermediary,CeFi,
1153,Opensea,SlowMist,,https://hacked.slowmist.io/search/,,"Pocket Universe ?? sur Twitter : ""A new exploit on the old Opensea contract is being used to steal your NFTs Signing this innocent transaction could empty your wallet Here's a simple breakdown so you don't lose everything ? https://t.co/Up1trum5a1"" / Twitter",,Browser security plug-in Pocket Universe tweeted that a new vulnerability was discovered in Opensea’s old contracts that could be used to steal users’ NFTs. potentially emptying wallets once the transaction was signed. It can steal any NFT users listed on Opensea before May 2022 (i.e. before Seaport upgrades). mainly involving the Wyvern protocol. which grants proxy contracts the right to withdraw user NFTs. and this new exploit will Trick the user into signing a transaction. giving the attacker ownership of the user's proxy contract. Cosine. the founder of SlowMist. tweeted that it is necessary to be vigilant about the new use of this old problem. which is related to the old OpenSea protocol. but many users of the old protocol have not cancelled the relevant authorization. and this use is invalid for the new OpenSea protocol (Seaport).,2022-10-28 0:00,2022,,Contract vulnerability,Access control flaw,Technical vulnerability,Target,Other systems,
1161,Kevin O'Leary,SlowMist,,https://hacked.slowmist.io/search/,,Slowmist,,The Twitter account of celebrity investor Kevin O’Leary was hacked on Thursday and used to promote a bitcoin and ethereum giveaway scam. Bitcoin.com reported. The hacker claims that Mr. Wonderful (Kevin O’Leary) is giving away 5.000 BTC and 15.000 ETH. and the tweet also provides a link so anyone can participate. The scam giveaway posts have now been removed by Twitter a few hours after they were posted.,2022-12-29 0:00,2022,,Instant user deception,Social media compromission,Imitation,Intermediary,Other systems,
1164,Hedgie,REKT and SlowMist,https://de.fi/rekt-database/hedgie,https://hacked.slowmist.io/search/,,https://decrypt.co/77404/founder/of/nft/game/loses/16/cryptopunks/and/bunch/of/eth/to/scammer,,"A crook named &quot cryptopunksbot&quot was published on CryptoPunk s Discord server providing NFT investors with the opportunity to win ten elusive NFT avatars. Stazie the co/founder of the NFT game project Hedgie accepted the false offer poster but this move eventually cost him 16 CryptoPunks which may be worth at least $1 million. Stazie inadvertently sent the wallet seed phrase to the scammer resulting in the loss of some ETH. The scammer sold 5 CryptoPunks for 149 ETH ($385 000). REKT : A fraudster known as ""cryptopunksbot"" promised NFT investors the chance to win one of ten eclusive NFT avatars on CryptoPunk's Discord server. Stazie. a co/founder of the NFT game project Hedgie. accepted the bogus offer. but it cost him 16 CryptoPunks. which might be worth more than $1 million. Stazie inadvertently sent the wallet seed phrase to the scammer. resulting in the funds' loss.",2021-02-08 0:00,2021,,Instant user deception,Social media compromission,Imitation,Intermediary,Dapp,
1167,UNIYSWAP,REKT,https://de.fi/rekt-database/uniyswap,,,https://twitter.com/peckshield/status/1450248774786318340,,The project uses forged PeckShield audit: https://uniyswap.com/assets/Audit-Report-UNIY-ERC20-v1.0.pdf The whitepaper is also forged. everything is copypasted from Uniswap whitepaper with the replaced names: https://uniyswap.com/assets/uniy_whitepaper.pdf The project is holding a pre-sale event using EOA address: https://etherscan.io/address/0370efe0dff0c30772f75158c9be7455e9d427a2a,2021-10-19 0:00,2021,,Rug pull scam,Undetermined,Malicious use of contract,Perpetrator,Exchange,P
1169,Binance,SlowMist,,https://hacked.slowmist.io/search/,,(1) https://techcrunch.com/2018/03/07/bitcoin/price/drops/10/as/hackers/exploit/binances/api/keys/ (2) https://www.quadrigainitiative.com/casestudy/binancephishingcampaign.php,,Binance security incident occurred in March 2018 when a phishing campaign impacted a large number of Binance users. At the time Binance offered a $250 000 reward for any information that would have led to the arrest of those involved in the phishing campaign.,2018-03-07 0:00,2018,,Instant user deception,Evil twin site,Imitation,Intermediary,CeFi,