Start of New Year 2022, There are around 26 highlights of hacks. Hacks happened almost every day. Below is the summary of the hack events. đđđ
1. Tinyman
Jan 1, 2022: Beginning on the 1st of January 2022, an attack was orchestrated by unauthorized users on some of Tinymanâs pools by exploiting a previously unknown vulnerability in the Tinyman contracts.
Root cause: Smart Contract Vulnerability
Loss: approx. $2.9 million
Reference: 1.) Official Announcement About the Incidents of 01.01.2022 2.) Technical Report 1âââFirst Insights 3.) Full Technical Report on Attacks
Claimable event: Yes (Smart Contract Vulnerability Cover)
2. Arbix Finance
Jan 4, 2022: Binance Smart Chain-based yield farming protocol Arbix Finance was identified by blockchain security company CertiK as a rug pull, deleting its site, Twitter, and Telegram channel and transferring $10 million worth in funds deposited by users to âunverified poolsâ where they were converted to Ethereum.
Root cause: Scam/Rug pull
Loss: $10 Million
Reference: CertiK identifies Arbix Finance as a rug pull
Claimable event: No
3. Bored Bunny
Jan 5, 2021: Bored Bunny, an NFT project launched on January 5th has drained out all the 2000 ETH raised, and nearly 800 ETH has been transferred to Binance. The project has muted all its channels on Discord and the floor price for the project fell to 90.59 ETH on the same day.
Root cause: Scam/Rug pull
Loss: approx. 2000 ETH
Reference: NFT Rugpull: Bored Bunny NFT project drains out 2000 ETH
Claimable event: No
4. DaoMetaland
Jan 7, 2022: PeckShield issued an alert tweet saying that Metaland DAO had suffered a rug pull on January 7th. The official Metaland Twitter page seems deactivated, and all previous activities have been erased.
Root cause: Scam/Rug pull
Loss: Over 640 BNB
Reference: Metaland DAO Suffers Rug Pull
Claimable event: No
5. StoboxCompany
Jan 7, 2022: StoboxCompany, a digital asset service provider, has been attacked by hackers. Its official said that the private key has been leaked that the deployer address of Stobox Token was hacked, and as ETH and BSC have the same deployer address, all reserve funds have been stolen or liquidated.
Root cause: Private Key Leak
Loss: Nil
Reference: Stobox Hacked: STBU drops by 96%
Claimable event: No
6. Roco Finance
Jan 8, 2022: Roco Finance (ROCO), a decentralized GAMEFI platform and AXAV-based project announced that it was hacked. In the Twitter post, it stated that due to a vulnerability in the Stake and Farm contracts, the hacker created a bot to replace the âROCOperSecondâ contract, claiming a total of 136,000 ROCO tokens. It was stated that the tokens of all ROCO investors and stakers are safe.
Root cause: Smart Contract Vulnerability
Loss: 136,000 ROCO
Reference: Altcoin project hacked: 136,000 tokens withdrawn in seconds
Claimable event: Yes (Smart Contract Vulnerability Cover)
7. Arbitrum One
Jan 9, 2022: Arbitrum One, Ethereumâs leading Layer 2 scaling solution, is down. The team posted a tweet Sunday afternoon confirming that the network was suffering from sequencer downtime, but all funds in the system were safe.
Root cause: Sequencer Downtime
Loss: Nil
Reference: Ethereum Layer 2 Arbitrum One Hit By Another Outage
Claimable event: No
8. LCX
Jan 9, 2022: Liechtenstein-based crypto exchange LCX has confirmed the compromise of one of its hot wallets, losing a cumulative of $6.8 million after the hacker successfully transferred eight types of tokens that included Sandbox (SAND), Quant (QNT), Chainlink (LINK), Enjin Coin (ENJ) and Maker (MKR).
Root cause: Hot Wallet Breach
Loss: approx. $6.8 Million
Reference: LCX loses $6.8M in a hot wallet compromise
Claimable event: Yes (Custodian Risk Cover)
9. Frosties
Jan 9, 2022: Investors in a non-fungible token (NFT) collection called Frosties, have been scammed for over $1 million after creators of the digital tokens absconded with their funds.
Root cause: Scam/Rug Pull
Loss: $1.3 million
Reference: Frosties NFT investors rug pulled, loses over $1 million
Claimable event: No
10. Lympo
Jan 10, 2022: Sports NFT platform Lympo suffered a hot wallet security breach that hackers managed to gain access to Lympoâs operational hot wallet and stole a total of approximately 165.2 million LMT from it.
Root cause: Hot Wallet Breach
Loss: 165.2 million LMT
Reference: Lympo Statement to The Community
Claimable event: No
11. CityDAO
Jan 10, 2022: CityDAO, an Ethereum-based community blockchain city project, has stated that the CityDAO Discord administrator account has been hacked. The attacker issued a fake âland dropâ from the adminâs compromised account, pocketing 29.67 ETH ($95,000) in the process.
Root cause: Scam
Loss: 29.67 ETH
Reference: CityDAO Falls Victim to $95K Hack via Discord
Claimable event: No
12. Big Daddy Ape Club
Jan 11, 2022: Solana NFT project Big Daddy Ape Club rug pulled investors and made off with 9,136 SOL. Their Twitter account, Discord server, and the official website of the collection all shut down, according to Decrypt.
Root cause: Scam/Rug Pull
Loss: 9136 SOL
Reference: NFT scammers made off with $1.3 million in Solana after a ârug pullâ
Claimable event: No
13. LooksRare
Jan 11, 2022: The official website of the NFT marketplace LooksRare suffered distributed denial of service (DDoS) attack within hours of its launch, taking the platform off the web and inaccessible.
Root cause: DDoS Attack
Loss: Nil
Reference: New NFT Marketplace LooksRare Suffers DDoS Attack
Claimable event: No
14. Float Protocol / Rari Capital
Jan 15, 2022: Float Protocol Pool 90 on RariCapital pool suffered effects from a lack of liquidity in the Uniswap V3 FLOAT/USDC oracle which lead to severe price manipulation.
Root cause: Oracle Attack
Loss: 25,000 DAI
Reference: Official Twitter announcement from Float Protocol
Claimable event: No
15. Crypto Burger
Jan 17, 2022: Crypto Burger suffered multiple flash loan attacks caused by a smart contract vulnerability that allows the token to burn in any account.
Root cause: Smart Contract Vulnerability
Loss: around $770K
Reference: Action plan for the attack received
Claimable event: Yes (Smart Contract Vulnerability Cover)
16. Crypto.com
Jan 17, 2022: Crypto.com stated that they detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user. Crypto.com promptly suspended withdrawals for all tokens to initiate an investigation. The exchange claimed that The incident affected 483 users and unauthorized withdrawals totaled 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other cryptocurrencies.
Root cause: Unauthorised withdrawals
Loss: around $33.7M
Reference: 1.) Crypto.com Security Report & Next Steps 2.) CRYPTO.COMâââREKT
Claimable event: Yes (Custodian Risk Cover)
17. Crosswise
Jan 18, 2022: Crosswise was exploited on Binance Smart Chain for a total loss of 880,000 dollars for the protocol. This hacker made use of a publicly exposed privileged function in smart contract that was exploited to set the trustedForwarder and further hijack the owner privilege of Crosswise MasterChef.
Root cause: Smart Contract Vulnerability
Loss: approx. $880,000
Reference: Crosswise exploited due to bug in smart contract
Claimable event: Yes (Smart Contract Vulnerability Cover)
18. Multichain (Anyswap)
Jan 18, 2022: Critical smart contract vulnerability was found to affected six tokens on Multichain: WETH, PERI, OMT, WBNB, MATIC, and AVAX. This allowed multiple attackers to steal these tokens from users who had previously created approvals for them.
Root cause: Smart Contract Vulnerability
Loss: around $3M
Reference: EXPLAINED: THE MULTICHAIN HACK
Claimable event: Yes (Smart Contract Vulnerability Cover)
19. BNB Heroes
Jan 18, 2022: The BNB Heroes play-to-earn game rug pulled after a period of inactivity from the development team. The owner dumped 432 BNB ($191,037.97) worth of the token into the market.
Root cause: Scam/Rug Pull
Loss: 432 BNB
Reference: Security alert from Certik
Claimable event: No
20. Kingfund Finance
Jan 20, 2022: PeckShieldAlert tweeted that it has detected a Rug Pull in Kingfund Finance, with a loss of more than 300 WBNB. Upon inquiry, the project owner dumped the rugged tokens and has disabled their website and Twitter account.
Root cause: Scam/Rug Pull
Loss: over 300 WBNB
Reference: Rug Pull occurred in Kingfund Finance
Claimable event: No
21. Full Send Metacard
Jan 22, 2022: The Discord server of Full Send Metacard was hacked. The hacker posted scam links which resulted in users losing their money and NFTs.
Root cause: Scam
Loss: Unknown
Reference: Official Twitter announcement
Claimable event: No
22. OpenSea
Jan 25, 2022: OpenSea, the worldâs largest NFT marketplace place has been reportedly hacked for 332 ETH due to a bug in the front end as it allowed users to buy popular NFTs at their previous floor price.
Root cause: Front-end Attack
Loss: 332 ETH
Reference: OpenSea reportedly hacked
Claimable event: No
23. CryptoBay VIP
Jan 26, 2022: PeckShieldAlert tweeted that it has detected a Rug Pull in CryptoBay VIP, with a loss of more than 1,098 WBNB.
Root cause: Scam/Rug Pull
Loss: over 1098 WBNB
Reference: Security alert from PeckShieldAlert
Claimable event: No
24. Mercenary Gold
Jan 26, 2022: PeckShieldAlert tweeted that it has detected a Rug Pull in Mercenary Gold, with a loss of more than $760,000.
Root cause: Scam/Rug Pull
Loss: over $760,000
Reference: Security alert from PeckShieldAlert
Claimable event: No
25. CoinExGem
Jan 26, 2022: The team of CoinExGem, a project on CoinEx Smart Chain, rug pulled by suddenly removing its liquidity from OneSwap.
Root cause: Scam/Rug Pull
Loss: Unknown
Reference: CoinExGem Rugged
Claimable event: No
26. Qubit
Jan 28, 2022: The Qubit protocol was subject to an exploit to its QBridge deposit function which the hacker was able to exploit a security flaw in Qubitâs smart contract code that let him send in a deposit of 0 ETH and withdraw almost $80 million in return.
Root cause: Smart Contract Vulnerability
Loss: approx. $80 million
Reference: Hackers have stolen $80 million from the Qubit DeFi platform
Claimable event: Yes (Smart Contract Vulnerability Cover)
Wonderland Issues
The last few days have seen reports and reactions explode regarding the ongoing events at Wonderland. InsurAce.io is dedicated to reducing risk and increasing security for all users and as such felt it was important to provide our community with an update regarding the situation with Wonderland.
Kindly read our take and findings on the situation here:
Community Update regarding recent Wonderland issues
The crypto industry has generated a lot of excitement; however, there are a lot of risks involved. Security incidents occur from time to time, all users should enhance their own security awareness to avoid serious losses.
InsurAce.io currently offer insurance protections for:
- Smart contract vulnerability risk: the smart contract of the covered protocol gets hacked;
- Custodian risk: the custodian gets hacked where the user loses more than 10% of their funds, and/or withdrawals from the custodian are halted for more than 90 days;
- IDO event risk: the smart contract of the covered IDO platform gets hacked
- Stablecoin De-Peg risk: the stablecoin moves significantly below its pegged price
For details on the coverage and exclusions for each cover, kindly read Cover Wording here.
đ Get your investment funds protected with InsurAce.io: Buy Cover
About InsurAce.io
InsurAce.io is a decentralized multi-chain insurance protocol, to empower the risk protection infrastructure for the DeFi community. InsurAce.io offers portfolio-based insurance products with optimized pricing models to substantially lower the cost; launches insurance investment functions with flexible underwriting mining programs to create sustainable returns for the participants, and provides coverage for cross-chain DeFi projects to benefit the whole ecosystem.
At the time of writing, InsurAce.io has provided coverage to 100+ protocols, safeguarding over $210M+ DeFi assets on 16 public chains.
InsurAce.io is backed by DeFiance Capital, Parafi Capital, Alameda Research, Hashkey group, Huobi DeFiLabs, Hashed, IOSG, Signum Capital, LongHash Ventures and a dozen of other top funds.
Join InsurAce.io community:
Website | Twitter | Telegram | LinkedIn | Announcements | Medium