1. LEVEL Finance
May 2, 2023: A smart contract vulnerability in Level Finance led to an exploit, causing a loss of approximately $1.1 million. The contract had an incorrect configuration for calculating rewards, enabling multiple referral claims within the same epoch. Exploiting this flaw, the attacker drained around 214k LVL tokens and exchanged them for 3,345 BNB.
Root cause: Contract Vulnerability
Loss: $1.1M
Reference: Twitter Announcement
Claimable event: Yes (Smart Contract Cover)
2. NeverFall
May 2, 2023: The NeverFall project, running on the BNB chain, experienced an exploit caused by price manipulation, leading to a loss of around $74,250. The vulnerability stemmed from a flawed calculation method that relied on the balance of the corresponding PancakeSwap pair.
Root cause: Price Manipulation Attack
Loss: $74.25K
Reference: Twitter Announcement
Claimable event: No
3. XIRTAM
May 3, 2023: XIRTAM, a project, has been identified as a rug pull where scammers made off with around 1909 ETH, equivalent to $3.5 million, that was raised from nearly 4000 users during the presale. The scammers transferred the funds to Binance, but the exchange has effectively seized the funds.
Root cause: Rug Pull
Loss: 1909 ETH
Reference: Online News
Claimable event: No
4. Daniel Alegre
May 3, 2023: Yuga Labs posted on Twitter that their new CEO, Daniel Alegre, had his Twitter account hacked and is currently under the control of the hacker. Yuga Labs advises users to refrain from clicking on any minting links or engaging with any Twitter accounts claiming to be Daniel Alegre until an official update is released. The Yuga Labs team is collaborating with Twitter to regain control of the account.
Root cause: Social Engineering Attack
Loss: NIL
Reference: Twitter Announcement
Claimable event: No
5. WSB Coin
May 4, 2023: One of the moderators of the well-known trading subreddit r/WallStreetBets has sold off a significant portion of the WSB Coin (WSB), a token project that presents itself as the official memecoin of Wall Street Bets. Following the large sell-off by the moderator, the price of the WSB Coin (WSB) experienced a substantial decline, plummeting from its record high of $0.00067279 to an all-time low of $0.00004827 within a span of two days. Community members advised caution and urged people not to purchase the token at its reduced price, citing concerns that the moderators still possessed 10% of the total supply.
Root cause: Rug Pull
Loss: $635K
Reference: Online News
Claimable event: No
6. YODA
May 4, 2023: PeckShield has reported that the Yoda project executed a rug-pull scam, resulting in the scammers successfully laundering 68 ETH, equivalent to approximately $130,000, through FixedFloat. Following the incident, the Yoda team has deleted their social media accounts and other associated groups.
Root cause: Rug Pull
Loss: $130K
Reference: Announcement by PeckShield
Claimable event: No
7. REI Network
May 6, 2023: REI Network, a public chain, made an announcement on Telegram stating that its official Twitter account was compromised. They advised users not to trust any information regarding airdrops and to await further updates. Subsequently, the Twitter account removed the airdrop-related content, but a new tweet was posted 2 hours ago. The official representatives in the Telegram group have not yet confirmed whether the latest tweet contains a phishing link or not.
Root cause: Social Engineering Attack
Loss: NIL
Reference: Online News
Claimable event: No
8. Deus Finance
May 5, 2023: Deus Finance’s stablecoin DEI was subjected to exploitation on various blockchain networks. The exploit occurred as a result of an incorrect allowance mapping, leading to a loss of funds amounting to approximately $6.38 million.
Root cause: Contract Vulnerability
Loss: approx. $6.38M
Reference: Twitter Announcement
Claimable event: Yes (Smart Contract Cover)
9. FREDDIE
May 6, 2023: PeckShield’s findings reveal that the FREDDIE token was subjected to a rug pull. The scammer initially received 2.96 ETH from the Orbiter Finance Bridge and contributed 2 ETH to the liquidity pool. Subsequently, they exchanged 4,999 trillion HIS tokens for 28 ETH, equivalent to approximately $52,344. As a result of the exploit, the token’s price plummeted by 100%.
Root cause: Rug Pull
Loss: $52.3K
Reference: Announcement by PeckShield
Claimable event: No
10. Art Coin
May 7, 2023: The encrypted art platform, Art Coin, launched a liquidity pool (LP pool) on Uniswap V3 on May 7. A user identified a loophole in the pre-sale process of Art Coin’s ART token on Uniswap V3, allowing them to sell the purchased ART tokens at 0.01 ETH immediately. This action resulted in the user acquiring 181 ETH in liquidity, equivalent to approximately $331,000. Some individuals have raised concerns about the legitimacy of the user’s actions, suggesting that it may be a case of a Rug Pull. In response, the founder of Art Coin released a statement attributing the bug to miscommunication.
Root cause: Operational Failure
Loss: $331K
Reference: Online News
Claimable event: No
11. HIS
May 8, 2023: PeckShield’s report indicates that the HIS token experienced a rug pull. The scammer initiated the exploit by acquiring 2.76 ETH from the Orbiter Finance Bridge and contributing an additional 2 ETH to the liquidity pool. Subsequently, they exchanged 4,999 trillion HIS tokens for 13 ETH, amounting to approximately $24,568. As a consequence of the exploit, the token’s value experienced a complete decline of 100%.
Root cause: Rug Pull
Loss: $24.5K
Reference: Announcement by PeckShield
Claimable event: No
12. HAKUNA
May 8, 2023: PeckShield’s findings reveal that the HAKUNA token fell victim to a rug pull. The scammer initially obtained 2.76 ETH from the Orbiter Finance Bridge and contributed an additional 2 ETH to the liquidity pool. Subsequently, they exchanged 4,999 trillion HAKUNA tokens for 17 ETH, which was valued at approximately $31,683.11. As a result of the exploit, the token’s price plummeted by 100%.
Root cause: Rug Pull
Loss: $31.6K
Reference: Announcement by PeckShield
Claimable event: No
13. MChainCapital
May 9, 2023: MChainCapital suffered a flash loan attack and lost about $18,871. TX: https://etherscan.io/tx/0xf72f1d10fc6923f87279ce6c0aef46e372c6652a696f280b0465a301a92f2e26
Root cause: Price Manipulation Attack
Loss: $18.8K
Reference: Announcement by Numen
Claimable event: Yes (Smart Contract Cover)
14. PEPG
May 9, 2023: Pepega ($PEPG) experienced a rug pull resulting in the loss of 30 ETH ($55,609.2). The scammer initially received 3.58 ETH from Binance and contributed 2.8 ETH to the liquidity pool.
Root cause: Rug Pull
Loss: $55.6K
Reference: Analysis by QuillAudits
Claimable event: No
15. GNS
May 9, 2023: GeniusMeme ($GNS) was subjected to a rug pull, leading to the loss of 33.6 ETH ($62,180.81). The scammer received an initial amount of 4 ETH from Binance and contributed 3 ETH to the liquidity pool.
Root cause: Rug Pull
Loss: $62.1K
Reference: Transaction Address
Claimable event: No
16. DMAN
May 9, 2023: PeckShield has reported that the DMAN token was subjected to a rug pull. The scammer initially received 4 ETH from Binance and contributed 3 ETH to the liquidity pool. Subsequently, they swapped 1,200 trillion DMAN tokens for 48.55 ETH, which amounted to around $89,611. As a consequence of the exploit, the token’s price experienced a complete decline of 100%.
Root cause: Rug Pull
Loss: $89.6K
Reference: Announcement by PeckShield
Claimable event: No
17. SNOOKER
May 9, 2023: The Snooker’s Project SNK token, operating on the BNB Chain, suffered an exploit that led to a loss of around $197,725. The underlying reason for this vulnerability was a flawed invitation-reward mechanism.
Root cause: Contract Vulnerability
Loss: $197K
Reference: Analysis by Neptune Mutual
Claimable event: Yes (Smart Contract Cover)
18. FLOKI
May 10, 2023: FLOKI was hit with a flash loan attack with a loss of $50K. Ancilia has detected the victim and attacker’s address.
Root cause: Price Manipulation Attack
Loss: $50K
Reference: Twitter Announcement
Claimable event: No
19. WEEB
May 10, 2023: The WEEB project experienced an attack involving price manipulation. The attacker exploited the performUpkeep function in the WEEB token, leading to the burning of a significant number of WEEB tokens in the pair. This action caused the price of WEEB to rise, allowing the hacker to generate a profit of 16 ETH.
Root cause: Price Manipulation Attack
Loss: approx. $7M
Reference: Online News
Claimable event: No
20. LW
May 11, 2023: Hexagate discovered an exploit on the $LW token paired with $BUSD on PancakeSwap, which led to a total theft of approximately $48k. The attacker utilized a flashswap on the contract to carry out the exploit. It is worth noting that the exploiting contract was deployed approximately 10 hours prior to the actual attack.
Root cause: Price Manipulation Attack
Loss: $48.4K
Reference: Announcement by Hexagate
Claimable event: No
21. Sell Token
May 13, 2023: SellToken’s SELLC token on the BNB chain experienced an exploit, leading to a loss of around $87,000. The primary cause of this vulnerability was price manipulation arising from an incorrect calculation of the token’s price within the project.
Root cause: Price Manipulation Attack
Loss: $87K
Reference: Analysis by BlockSec
Claimable event: Yes (Smart Contract Cover)
22. land
May 14, 2023: $LAND project experienced a hack caused by a vulnerability known as Missing Access Control. This security flaw led to a significant loss of 149,616 $BUSD. The project allowed multiple miner addresses to mint NFTs, and one particular address, identified as 0x2e599883715d2f92468fa5ae3f9aab4e930e3ac7, was involved in the exploit.
Root cause: Contract Vulnerability
Loss: $149.6K
Reference: Analysis By Beosin
Claimable event: Yes (Smart Contract Cover)
23. SatoshiSwap
May 15, 2023: SatoshiSwap project fell victim to an exit scam, leading to a significant loss of around $300,000. Analysis of on-chain data indicates that the scammer initially obtained access to the liquidity pool and subsequently executed a rug pull, resulting in the complete draining of the protocol’s liquidity.
Root cause: Rug Pull
Loss: $300K
Reference: Transaction History
Claimable event: No
24. EOS Network Foundation
May 16, 2023: The EOS Network Foundation announced on Twitter the release of version v0.4.2 for the EOS EVM. This update addresses a critical security vulnerability that was identified in the EOS EVM. It is necessary to upgrade the EOS EVM contracts, EOS EVM nodes, and EOS EVM RPC components utilized by the EOS mainnet to ensure security.
Root cause: EOS EVM Vulnerability
Loss: NIL
Reference: Release Notes
Claimable event: No
25. OpenSea
May 16, 2023: Alexpf.eth, the co-founder and CEO of NFT exchange EZswap, expressed concerns on Twitter about a potential royalty loophole in OpenSea. According to the tweet, OpenSea has apparently modified the criteria for identifying NFT owners, which has resulted in NFT projects being unable to set or modify royalties. This issue has been ongoing for a duration of two days and is regarded as a significant and serious error.
Root cause: Unknown
Loss: NIL
Reference: Twitter Announcement
Claimable event: No
26. Swaprum
May 18, 2023: Swaprum, a project running on the Arbitrum One chain, was exposed as a rug pull scheme. The individual responsible for deploying the contract created a new token contract implementation exclusively for the Swaprum token, enabling them to generate 200 million SAPR tokens. These ill-gotten SAPR tokens were utilized by the scammer to drain liquidity pools through various transactions. Subsequently, the scammer transferred the accumulated funds into ether by leveraging platforms like Multichain, Across Protocol, and Celer Network. The assets, amounting to 1620 ether, were then laundered into Tornado Cash. Following the incident, the project’s Twitter profile was promptly deleted.
Root cause: Rug Pull
Loss: 1620 ETH
Reference: Analysis by Hacken
Claimable event: No
27. WDZD Swap
May 19, 2023: A known exploiter targeted and successfully exploited the BNB Chain-based decentralized finance (DeFi) project WDZD Swap, resulting in the theft of approximately 609 Binance-Pegged ETH, which is equivalent to around $1.1 million. This attacker had previously carried out similar exploits on another project called Swap X.
Root cause: Contract Vulnerability
Loss: $1.1M
Reference: Online News
Claimable event: Yes (Smart Contract Cover)
28. Stacks
May 19, 2023: Blockworks Research highlighted several challenges faced by the Bitcoin Layer 2 network, Stacks, in recent months. These challenges include a significant vulnerability in the STX “stacking” mechanism, frequent occurrences of confused review during Stacks mining, and a higher frequency of block reorganization within the Stacks chain.
Root cause: Block Re-organisation
Loss: Unknown
Reference: Analysis by Blockworks Research
Claimable event: No
29. Tornado Cash
May 20, 2023: Tornado Cash’s governance contract was subjected to exploitation through a series of transactions. The attacker started by submitting a seemingly legitimate proposal that received sufficient user votes to be passed. Subsequently, the attacker triggered the self-destruction of the contract, deployed a malicious contract in its place, and executed the code within the malicious contract. By doing so, the attacker gained control over 1.2 million votes through a malicious proposal. With these votes surpassing the valid vote count of 700K, the attacker assumed complete control of the DAO and proceeded to drain the tokens held within it.
Root cause: Governance Attack
Loss: $2.77M
Reference: Analysis by SlowMist
Claimable event: No
30. Swap-LP
May 20, 2023: Beosin EagleEye, a platform that monitors security risks and provides early warnings, reported that Swap-LP, a project on the BNB Chain, was targeted in an attack. The attack resulted in a loss of approximately $1 million, and the funds remain in the possession of the attacker’s address.
Root cause: Rug Pull
Loss: $1M
Reference: Online News
Claimable event: No
31. CoinDeal
May 20, 2023: A Nevada man has been charged by the U.S. Department of Justice for his involvement in the CoinDeal investment fraud scheme. The scheme defrauded over 10,000 victims of more than $45 million. The man, along with others including Neil Chandran, conspired to defraud investors in companies controlled by Chandran, such as Free Vi Lab, Studio Vi Inc., ViDelivery Inc., ViMarket Inc., and Skalex USA Inc. These companies are involved in developing virtual world technology and their own cryptocurrency. Chandran misled investors by promising high returns and falsely claiming that his company was about to be acquired by wealthy buyers. The man served as the nominal owner and director of ViMarket and facilitated the transfer of investor funds into the company’s bank accounts.
Root cause: Scam
Loss: $45M
Reference: Online News
Claimable event: No
32. Aave
May 20, 2023: Approximately $110 million worth of WETH, USDT, WBTC, and WMATIC in Aave V2 on Polygon are currently inaccessible for withdrawal and borrowing. This issue arises from the interest rate strategy contract’s incompatibility with Polygon, as it is designed for Ethereum. Aave has recognized the problem and has submitted a patch to address the issue, which will be deployed after the voting process. While the funds are not in danger, it will take at least a week for the funds to become accessible again.
Root cause: Governance Bug
Loss: NIL
Reference: Online News
Claimable event: No
33. Fintoch
May 22, 2023: The Fintoch project’s team executed an exit scam, resulting in the loss of around $31.6 million on the BNB chain. The funds were transferred to various addresses on the Ethereum and Tron networks. Fintoch had promoted a daily return on investment of 1% and falsely claimed to be affiliated with Morgan Stanley. However, both the Singapore government and Morgan Stanley had cautioned against this fraudulent investment scheme.
Root cause: Rug Pull
Loss: $31.6M
Reference: Online News
Claimable event: No
34. LunaFi
May 19, 2023: LunaFi, a decentralized finance (DeFi) protocol on the Polygon chain, experienced an exploit that led to a loss of around $35,000. LunaFi is a unique DeFi betting protocol that offers users a secure and decentralized platform for gambling, investing, and other activities. The vulnerability arose from the absence of a time lock feature for the user’s staking balance, allowing the exploit to occur.
Root cause: Contract Vulnerability
Loss: $35K
Reference: Analysis by Neptune Mutual
Claimable event: Yes (Smart Contract Cover)
35. Local Traders
May 23, 2023: Local Traders, a P2P exchange on the BNB chain, experienced an exploit leading to the loss of around 379.32 BNB. The exploit occurred due to a permission check missing in one of the contract functions, enabling anyone to modify the owner. The attacker took advantage of this vulnerability by setting themselves as the owner and obtaining admin rights over the Oracle price feed. With control over the token price, the attacker manipulated it to an extremely low value of 1 wei. Subsequently, the attacker purchased LCT tokens at this artificially low price and sold them at a higher price, generating profits from the scheme.
Root cause: Contract Vulnerability
Loss: 379 BNB
Reference: Analysis by Neptune Mutual
Claimable event: Yes (Smart Contract Cover)
36. CS Token
May 23, 2023: CS Token experienced an exploit on the BNB chain, leading to a significant loss of around 714,285 BUSD. The vulnerability originated from the transfer function’s implementation, specifically in the calculation of the burn amount parameter, which relied on the sell amount parameter without real-time updates. The attacker capitalized on this flaw, converting the exploited funds to ETH and transferring them across different chains before ultimately routing them through Tornado Cash.
Root cause: Contract Vulnerability
Loss: $715K
Reference: Analysis by Neptune Mutual
Claimable event: Yes (Smart Contract Cover)
37. Celer Network
May 24, 2023: Celer Network, a cross-chain interoperability protocol, has addressed a code vulnerability that was initially identified by Jump Crypto. The vulnerability was found in Celer’s State Guardian Network (SGN), which operates on a proof-of-stake (PoS) blockchain. If exploited, the vulnerability could have allowed a malicious validator to submit fraudulent “votes” that could impact the network’s state. Celer reassured that no financial losses occurred due to this breach, as the vulnerability was not publicly accessible and funds were not directly at risk. In recognition of Jump Crypto’s discovery, Celer intends to propose a bug bounty for their efforts.
Root cause: Contract Vulnerability
Loss: NIL
Reference: Online News
Claimable event: Yes (Smart Contract Cover)
38. Multichain
May 25, 2023: Multichain recently posted a tweet acknowledging that while most cross-chain routes on their protocol are functioning normally, there are some routes that are currently unavailable due to unforeseen circumstances. The timeline for restoring these services is uncertain at the moment. Once the services are reinstated, any pending transactions will be credited automatically. Multichain has committed to compensating users affected by this disruption, and the details of the compensation plan will be communicated at a later stage. Several community members have reported experiencing delays in the arrival of Multichain cross-chain funds. As a result, the Multichain token MULTI has experienced a 24.1% decrease in value over the past 24 hours, with its current trading price at $5.36.
Root cause: Unknown
Loss: NIL
Reference: Twitter Announcement
Claimable event: No
39. Trezor
May 25, 2023: According to a report from The Block, cybersecurity firm Unciphered has claimed that it successfully hacked into hardware-encrypted wallets powered by Trezor T models. In a demonstration on YouTube, Unciphered showcased how it exploited a vulnerability in the wallet to extract the mnemonic private key, noting that the attack can only be carried out if the attacker has physical access to the hardware wallet. In response, Trezor’s CTO, Tomáš Sušánka, stated that the vulnerability appears to be an RDP downgrade attack, which requires advanced technical knowledge and sophisticated equipment. Sušánka further emphasized that even under the aforementioned conditions, Trezor’s strong passphrase security measure renders RDP downgrade attacks ineffective. Trezor has taken proactive steps to address future challenges by developing a new secure element for hardware wallets in collaboration with their sister company, Tropic Square.
Root cause: RDP Downgrade attack
Loss: NIL
Reference: Online News
Claimable event: No
40. SeaSwapSui
May 25, 2023: SeaSwapSui has been exposed as a rug pull, resulting in the theft of user and investor funds amounting to around $32,000. The individual who deployed the protocol initiated an emergency withdrawal, taking approximately 32,787 SUI tokens and 250 million SEA tokens from the token sale contract. In the aftermath of the exit scam, the team deleted their Twitter account and abandoned other social media channels.
Root cause: Rug Pull
Loss: $32K
Reference: Announcement by Beosin
Claimable event: No
41. Patricia
May 26, 2023: Nigerian gift card and cryptocurrency trading platform Patricia announced that its retail trading app had been breached by hackers, as reported by News.bitcoin. An undisclosed amount of BTC and naira assets were compromised as a result. However, the platform assured its customers that other cryptocurrency balances remained unaffected and that the assets belonging to both customers and merchants remained secure. Patricia has taken immediate action by halting withdrawal processing and is currently undergoing internal restructuring to address the situation.
Root cause: Unknown
Loss: NIL
Reference: Online News
Claimable event: No
42. Arthur Madrid
May 26, 2023: The Sandbox shared on Twitter that the CEO and co-founder, Arthur Madrid, had his Twitter account compromised by hackers. The attackers proceeded to post a scam or phishing link promoting a fake airdrop for the SAND token. The Sandbox urged users not to click on the link and instead report the post for immediate blocking.
Root cause: Social Engineering Attack
Loss: NIL
Reference: Twitter Announcement
Claimable event: No
43. Jimbos Protocol
May 28, 2023: The Jimbos Protocol fell victim to a price manipulation attack, resulting in a substantial loss of approximately $7.5 million. The attacker utilized a flash loan of 10,000 ETH to acquire a significant number of JIMBO tokens from the ETH/JIMBO pool, causing a sudden increase in the token’s price. By transferring around 100 JIMBO tokens to the JimboController contract and triggering the shift function, the exploiter manipulated the token balance of the pool. This process was repeated multiple times, with the excess JIMBO tokens being returned to the pool and the flash loan repaid, resulting in substantial profits for the attacker.
Root cause: Price Manipulation Attack
Loss: $7.5M
Reference: Twitter Announcement
Claimable event: No
44. Polygon zkEVM
May 29, 2023: A vulnerability was discovered in Polygon zkEVM, and blockchain security researcher iczc received a bug bounty from Immunefi L2 for identifying it. The vulnerability affected the asset migration process from Layer 1 (L1) to Layer 2 (L2) on Polygon zkEVM. It prevented the proper claiming of assets bridged from L1 to L2. By exploiting a code logic related to claim transaction pre-execution checks, malicious attackers could bypass the “isReverted” check by setting a non-zero gas fee. This allowed them to launch low-cost denial-of-service (DoS) attacks on sequencers and validators, creating increased computational overhead. Additionally, transactions were not immediately removed from the transaction pool after execution, causing them to persist in the PostgreSQL database with their status updated to “Selected” from “Pending.” Since there was only one trusted sequencer responsible for fetching and executing transactions, another vulnerability emerged where a malicious actor could mark any deposit amount by sending a failed transaction. This resulted in the rejection of valid claim transactions that used credits, rendering the L2 network unusable for new users. The Polygon zkEVM team addressed this vulnerability by removing the specific gas logic for claiming transactions. No funds were at risk during this process.attacker.
Root cause: Contract Vulnerability
Loss: NIL
Reference: Twitter Announcement
Claimable event: No (Smart Contract Cover Exclusion)
45. Aleo
May 29, 2023: Fede’s Intern, a contributor to venture capital studio LambdaClass, discovered an inflation loophole in Aleo, a programmable privacy network. They utilized this loophole to halt block production and reached out to the Aleo team via email. The issue was subsequently discussed openly on the Zero Knowledge Podcast, where Aleo CEO and Zero Knowledge Podcast contributor Alex Pruden intervened to address the bug. As a result, the vulnerability has been resolved and fixed.
Root cause: Inflation Vulnerability
Loss: NIL
Reference: Twitter Announcement
Claimable event: No
46. EDE
May 30, 2023: El Dorado Exchange (EDE), a perpetual DEX, experienced a suspected attack resulting in a loss of approximately $580,000. The attacker utilized an address to send small amounts of funds to Arbitrum’s ELP-1 pool and promptly withdrew large sums of funds. Monitoring efforts revealed that the attacker has already returned 334,000 USDC.
Root cause: Unknown
Loss: $580K
Reference: Twitter Announcement
Claimable event: No
47. BlockGPT
May 30, 2023: BlockGPT has been exposed as a fraudulent scheme. The project collected funds amounting to 816 BNB, equivalent to around $256,000, through a presale contract, which have now been illicitly transferred to Tornado Cash for the purpose of money laundering.
Root cause: Rug Pull
Loss: 816 BNB
Reference: Twitter Announcement
Claimable event: No
48. MoveCash
May 30, 2023: MoveCash, a project on the BNB Chain, has been exposed as an instance of rug pulling, resulting in the loss of approximately $134,000. The individual responsible for deploying the protocol locked 784 BNB on May 17, 2022. Subsequently, the liquidity from the pool was unlocked and completely drained.
Root cause: Rug Pull
Loss: $134K
Reference: Twitter Announcement
Claimable event: No
49. Pixel Penguin
May 31, 2023: Pixel Penguin, a project associated with Hopeexist1, has been exposed as a rug pull, resulting in the theft of approximately 61.686 ETH, equivalent to around $117,000, from users and investors. The project claimed to be a charity initiative aimed at raising funds for an individual allegedly fighting cancer. Following the incident, both the social media accounts of Pixel Penguin and Hopeexist1 were deleted.ained.
Root cause: Rug Pull
Loss: 61.86 ETH
Reference: Twitter Announcement
Claimable event: No
50. unshETH
May 31, 2023: Following the compromise of one of the deployer private keys for unshETH contracts, the team has taken immediate action by suspending withdrawals to mitigate any further harm to the protocol. The exploit has affected additional ancillary protocol contracts, including farms and bridges. However, unshETH ether deposits, totaling $35 million in locked value, are safe and protected through the use of multisig and time lock mechanisms.
Root cause: Rug Pull
Loss: $375K
Reference: Twitter Announcement
Claimable event: No
51. Waifu AI World
May 31, 2023: On Twitter, user @ChrisONCT utilized on-chain data to uncover suspicious activity surrounding the meme coin project Waifu AI World (WFAI). The project’s token economics initially indicated that 95% of the supply was allocated to LPs. However, after WFAI launched, four new wallets emerged and purchased a total of 647 trillion WFAI tokens, accounting for approximately 83.2% of the supply (777 trillion). These transactions amounted to 14.4 ETH. The project team has since blacklisted the wallets that acquired 457 trillion WFAI tokens, resulting in the current total supply being reduced to 320 trillion. This suggests that 190 trillion tokens, or 60% of the total supply, are held by insiders. Additionally, DWF Labs purchased 624.9 billion WFAI tokens for around 20 ETH. Notably, the trust score of DEXTools experienced a significant shift from extremely low to extremely high within a few hours.
Root cause: Suspected Rug Pull
Loss: NIL
Reference: Twitter Announcement
Claimable event: No
