Threat Information Report
Contribute by sharing malicious activities you've encountered.
Pendle Restaking Tokens phishing attack
The attack works like this: • Malicious ads are served through Google Ad Network • Ads load suspicious code from Adloox (http://adlooxtracking.com) • Code checks if you have a web3 wallet • If detected, redirects to pudqypenguin[.]com (FAKE site!) Link : https://x.com/realScamSniffer/status/1815917388136866201 Funds were moved to Tornado Cash and also ThorChain
BigWhale.io Exploit
In an unfortunate turn of events, BigWhale.io experienced a security breach that resulted in the unauthorized access and theft of 7000+ BNB from its smart contract on October 3 2023, 5:01:14 UTC (roughly worth $1.5 million as of the time of attack) due to a private key breach. Link : https://docs.bigwhale.io/hacking-incident
HTX Hack 2023
HTX [HT], formerly Huobi, a prominent Hong Kong-based centralized cryptocurrency exchange, faced a cyber-attack on 24 September that resulted in significant losses, the hacker managed to steal approximately $8 million worth of cryptocurrencies. In the event of hack, funds were then recovered to HTX wallet 0x18709E89BD403F470088aBDAcEbE86CC60dda12e Link : https://www.htx.com/en-in/feed/community/2526192/
Play2Earn Mysterian Russian scam campaign
Wallet addresses linked to the Play2Earn Mysterian Russian scam campaign Link : https://www.reddit.com/r/Buttcoin/comments/1130gyv/how_the_play2earn_scam_works/
UF Dao Hack
On 11 January 2023, The UF Dao of @xdaoapp was hacked, https://bscscan.com/tx/0x933d19d7d822e84e34ca47ac733226367fbee0d9c0c89d88d431c4f99629d77a Due to the incorrect parameter setting. The attacker bought a public offer of the UF Dao with 1:1 rate using USDC, then redeemed almost all in UF Dao. Several Exchanges user wallets were identified and also 22 ETH was laundered via Tornado Cash
Masa Finance Exploit
Decentralized AI data network Masa experienced a hack on September 20. The attack resulted in losses exceeding six figures in USD. Masa has not disclosed this incident to the community. Link : https://www.binance.com/en/square/post/2024-10-18-decentralized-ai-data-network-masa-suffers-significant-hack-15035091424953
Tapioca DAO Hack
In October 2024, Tapioca DAO became one of many DeFi projects to suffer a private key compromise this year. In this case, the attacker managed to steal an estimated $4.4 million from the protocol, though some funds were recovered. Link : https://www.dlnews.com/articles/defi/tapioca-dao-tap-token-plummets-after-founder-suffers-hack/
Onyx Protocol Exploit
The OnyxProtocol experienced an exploit: https://etherscan.io/tx/0xf7c21600452939a81b599017ee24ee0dfd92aaaccd0a55d02819a7658a6ef635. Fund loss is 1,163.53 ETH ~$2.1mln. Funds were then laundered through Tornado Cash Link : https://www.dlnews.com/articles/defi/hacker-drains-funds-through-pepe-market-on-onyx-protocol/
Bitrue Exchange Hack 2023
Singapore-based cryptocurrency trading platform Bitrue said Friday that $23 million was stolen from one of its own digital wallets.In a statement, the company said the attacker was able to withdraw the $23 million in several types of digital coins, including Ethereum (ETH), Polygon (MATIC), Shiba Inu (SHIB), Quant (QNT), GALA and Holo (HOT). Link : https://x.com/BitrueOfficial/status/1646811220543168512 Link : https://etherscan.io/address/0x1819ede3b8411ebc613f3603813bf42ae09ba5a5 Affected funds remain at the wallet 0x1819ede3b8411ebc613f3603813bf42ae09ba5a5
