Revoke.cash logo

Hacks y Vulnerabilidades de Autorizaciones

Más de $470M robado desde el 2020.

Esta página contiene una lista de hackeos y exploits criptográficos conocidos en los que están en riesgo los fondos de los usuarios aprobados. Muchos otros hackeos criptográficos solo afectan a los fondos guardados en el contrato inteligente explotado. Sin embargo, los exploits que figuran en esta página abusan de las aprobaciones ilimitadas de tokens para robar los fondos aprobados. Al utilizar Revoke.cash para gestionar tus aprobaciones, puedes mantener tus fondos a salvo de estas vulnerabilidades. Comprueba si tu cartera está afectada haciendo clic en los exploits que aparecen a continuación.

Radiant Capital Hack

Descubierto en2024-10-16
Monto Robado$53M
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Arbitrum Logo
Base Logo

Descripción

Over $50m was stolen from Radiant Capital's Lending Pool contracts. In this exploit, malicious actors compromised the devices of several core team members and signers of Radiant Capital's multisig wallet. After compromising these devices, the attackers were able to make it seem like the signers were signing safe transactions, while they were actually transferring ownership of the multisig wallet to the attackers. Once the multisig was transferred, the attackers pushed an update to the Lending Pool contracts, draining all of the funds from the lending pools and approved user wallets.

Comprobar

2024 LI.FI Hack

Descubierto en2024-07-16
Monto Robado$11.6M
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Polygon zkEVM Logo
Arbitrum Logo
Optimism Logo
Base Logo
Scroll Logo
Blast Logo
Linea Logo
zkSync Era Logo
Avalanche Logo
Mantle Logo
Gnosis Chain Logo
Mode Logo
Rootstock Logo
Fantom Logo
Celo Logo
Metis Logo
Moonbeam Logo
Moonriver Logo
Aurora Logo
Boba Logo
Fuse Logo

Descripción

Roughly $11m was stolen from users of LI.FI, a cross-chain bridge and DEX aggregator. In a post-mortem statment the LI.FI team stated that the attackers used a vulnerability in a smart contract facet to gain unauthorized access to user wallets that had infinite token approvals to the LI.FI contract.

Comprobar

Magpie Hack

Descubierto en2024-04-23
Monto Robado$130k
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Polygon zkEVM Logo
Arbitrum Logo
Optimism Logo
Base Logo
Blast Logo
zkSync Era Logo
Avalanche Logo

Descripción

About $130k was stolen from users of crosschain DEX Magpie. The Magpie team released a post-mortem statement in which they pointed out that the attacker created an address that starts with one of the approved selectors, and exploited a bug where the position of the selector wasn't checked. The affected wallet addresses were reimbursed according to Magpie.

Comprobar

Merkle Trade Hack

Descubierto en2024-04-18
Monto Robado$20k
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Arbitrum Logo
Optimism Logo
Avalanche Logo

Descripción

About $20k was stolen from users of Merkle Trade, a perp DEX on multiple networks. After discovering the vulnerability in their newer EVM Swap & Deposit smart contract, Merkle Trade rolled back their service to an older smart contract. Only users that have interacted with Merkle's new Swap & Deposit functionality on EVM chains since the 18th of April were affected.

Comprobar

Dolomite Hack

Descubierto en2024-03-20
Monto Robado$1.8M
Redes Afectadas
Ethereum Logo

Descripción

On March 20 2024, over $1.8m was stolen from users of an old version of DeFi protocol Dolomite. The exploit was found in an old contract that was deployed in 2019 and had since been discontinued. However, several users still had lingering approvals to this old contract, which the attacker was able to exploit to drain funds from their wallets.

Comprobar

ParaSwap Whitehat Hack

Descubierto en2024-03-20
Monto Robado$24k
Redes Afectadas
Ethereum Logo
Arbitrum Logo
Optimism Logo
Base Logo

Descripción

On March 20th 2024, ParaSwap discovered a vulnerability in one of their smart contracts. After discovering this vulnerability, they executed a successful whitehat hack to rescue affected user funds. A few addresses were missed so about $24k of funds ended up being stolen. ParaSwap is working on refunding all affected users shortly.

Comprobar

Unizen Hack

Descubierto en2024-03-08
Monto Robado$2.1M
Redes Afectadas
Ethereum Logo

Descripción

$2.1m was stolen from users of decentralised exchange Unizen. Attackers were able to take advantage of an unverified external call after the DEX aggregation contract was upgraded. The Unizen team released a statement in which they promise to reimburse any affected users without any additional user action.

Comprobar

Seneca Hack

Descubierto en2024-02-28
Monto Robado$6.4M
Redes Afectadas
Ethereum Logo
Arbitrum Logo

Descripción

Over $6m was stolen from users of DeFi protocol Seneca on Ethereum and Arbitrum. Fortunately 80% of the stolen funds were returned while the attackers kept 20% as a bounty after an onchain message from Seneca. The Malicious actors used arbitrary calldata parameters to call transfers for approved user tokens, exploiting a vulnerability in Seneca's Chamber contract.

Comprobar

Concentric Hack

Descubierto en2024-01-22
Monto Robado$1.7M
Redes Afectadas
Arbitrum Logo

Descripción

Over $1.7m was stolen from users of Concentric, a DeFi protocol on Arbitrum. The attackers were able to gain access to the protocol's admin keys, which they used to execute malicious upgrades on the protocol's contracts - allowing them to drain the wallets of any users that had active token approvals for the protocol.

Comprobar

Socket Hack

Descubierto en2024-01-16
Monto Robado$3.3M
Redes Afectadas
Ethereum Logo

Descripción

Over 3 million dollars was stolen from users with active token approvals to cross-chain bridge provider Socket. Socket is the underlying technology used by several bridges, such as the popular Bungee Exchange and Rainbow Wallet's bridge functionality. If you've used any of these bridges in the past, you may be affected.

Comprobar

Floor Protocol Hack

Descubierto en2023-12-17
Monto Robado$1.8M
Redes Afectadas
Ethereum Logo

Descripción

Close to $2M worth of NFTs has been stolen from users of the NFT fractionalization platform Floor Protocol on the 17th of December, mostly Bored Apes and Pudgy Penguins. The vulnerability was patched by the team, preventing further losses, which could have been over 10x larger.

Comprobar

NFT Trader Hack

Descubierto en2023-12-16
Monto Robado$400k
Redes Afectadas
Ethereum Logo

Descripción

Close to $3M worth of NFTs was stolen from users of the peer to peer platform NFTTrader, mostly made up of Bored Apes and Mutant Apes. The main exploiter discovered a reentrancy bug in multiple old contracts of NFT Trader, allowing them to drain users' approved assets. Multiple other exploiters followed suit. Representatives from Yuga Labs and Boring Security DAO have since successfully negotiated with the main exploiter to return the assets in return for a 10% bounty. Several hundreds of thousands of dollars worth of NFTs is still in the hands of other exploiters.

Comprobar

Ledger Connect Kit Hack

Descubierto en2023-12-14
Monto Robado$610k
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Arbitrum Logo
Optimism Logo
Base Logo
Avalanche Logo
Fantom Logo

Descripción

Over $600k has been stolen from users of many different crypto websites, including SushiSwap and Revoke.cash. This hack is a result of a vulnerability in the Ledger Connect Kit library, which is used by many crypto websites to connect to Ledger hardware wallets. The vulnerable library allowed hackers to inject a malicious script into these popular crypto websites. Many websites, like SushiSwap and Revoke.cash were quick to take their websites offline and remove the affected library. Most big websites were able to remove the library within a few hours, but some websites took longer to mitigate the issue. Because it is not known how many websites were affected, we recommend to check if you're affected by this hack if you used any crypto websites on the 14th of December 2023.

Comprobar

Unibot Hack

Descubierto en2023-10-31
Monto Robado$600k
Redes Afectadas
Ethereum Logo

Descripción

Over $600k has been stolen from users of Unibot, an automated Telegram trading bot. The team had released a new version of their router contract on October 28th, which was exploited on October 31th 2023. The Unibot team has since refunded all the affected users.

Comprobar

Maestro Hack

Descubierto en2023-10-25
Monto Robado$500k
Redes Afectadas
Ethereum Logo

Descripción

Over $500k has been stolen from users of Maestro, an automated Telegram trading bot. The team had released a new version of their router contract on October 13th, which was exploited on October 25th 2023 due to misconfigured permissions on some of the smart contract's functionality. The Maestro team quickly issued a fix for the smart contract bug by upgrading their upgradeable router contract. All affected users that lost funds in the exploit were reimbursed for their losses. Because the router contract was upgraded, it is not necessary to revoke your approvals to this contract, but you may do so if you wish.

Comprobar

Galxe Frontend Hack

Descubierto en2023-10-06
Monto Robado$270k
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Arbitrum Logo
Optimism Logo
Base Logo
Avalanche Logo
Fantom Logo
Celo Logo

Descripción

Over $270k was stolen from users of Galxe, a popular Web3 community building platform. Hackers were able to gain access the platform's DNS settings through social engineering after which they pointed the DNS records to a malicious website that they controlled. Any users who interacted with the Galxe website on the 6th of October 2023 may be at risk.

Comprobar

CivTrade Hack

Descubierto en2023-07-08
Monto Robado$180k
Redes Afectadas
Ethereum Logo

Descripción

Over $180k was stolen from users of CivTrade, a DEX aggregator created by CivFund. The root cause of the hack was that certain privileged functions were not properly restricted, which allowed the attackers to steal approved user funds. The CivTrade contracts have been paused to prevent further losses.

Comprobar

2023 Multichain Hack

Descubierto en2023-07-07
Monto Robado$120M
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Arbitrum Logo
Optimism Logo
zkSync Era Logo
Avalanche Logo
Gnosis Chain Logo
Fantom Logo
Celo Logo

Descripción

Over $120M was stolen by hackers that exploited the Multichain MPC wallets. As of now it is unclear how this compromise happened. No approved user funds have been stolen, but the Multichain team has recommended revoking approvals due to the uncertainty of the exploit.

Comprobar

Biswap v3 Migrator Hack

Descubierto en2023-06-30
Monto Robado$850k
Redes Afectadas
BNB Chain Logo

Descripción

Over $850k was stolen from liquidity providers of Biswap, a decentralized exchange on BNB Chain. Biswap recently launched their v3, and the team created a migrator contract to help users migrate their liquidity from v2 to v3. The migrator contract lacked proper access control, and an attacker was able to call the migrator contract to steal funds from liquidity providers. The Biswap team has started reimbursing affected users.

Comprobar

Unagii Whitehat Hack

Descubierto en2023-06-28
Monto Robado$60k
Redes Afectadas
Ethereum Logo

Descripción

About $100k was rescued from a vulnerable contract of Unagii, an Ethereum DeFi yield aggregator. The funds were rescued from the vulnerable contract by the Unagii team, but close to $60k was still taken from a single user by an automated MEV operator. The Unagii team has since reimbursed all the affected users.

Comprobar

Hashflow Whitehat Hack

Descubierto en2023-06-14
Monto Robado$100k
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Arbitrum Logo
Avalanche Logo

Descripción

Over $600k was rescued from deprecated contracts of decentralised exchange Hashflow. A whitehat hacker created a contract to rescue the funds and return them to the rightful owners. Users of Hashflow are advised to revoke all approvals to these deprecated contracts before claiming their rescued funds. Some user funds were still stolen by black-hat hackers after the initial rescue though.

Comprobar

Atlantis Loans Hack

Descubierto en2023-06-11
Monto Robado$2.5M
Redes Afectadas
BNB Chain Logo

Descripción

Over $2.5M was stolen from users of Atlantis Loans, a DeFi protocol on BNB Chain. The attacker created a malicious governance proposal that maliciously updated the contracts of several contracts in the system. These updated smart contracts were then used to drain approved user funds.

Comprobar

SushiSwap Hack

Descubierto en2023-04-09
Monto Robado$3.5M
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Polygon zkEVM Logo
Arbitrum Logo
Arbitrum Nova Logo
Optimism Logo
Avalanche Logo
Gnosis Chain Logo
Fantom Logo
Moonbeam Logo
Moonriver Logo
Boba Logo
Fuse Logo

Descripción

Over $3.5M was stolen from users of the popular DEX SushiSwap. The vulnerability only concerns a recently deployed SushiSwap contract, so only users who interacted with the exchange between the 1st and the 9th of April are affected.

Comprobar

BSCex Hack

Descubierto en2023-03-27
Monto Robado$8.2M
Redes Afectadas
BNB Chain Logo

Descripción

Over $8.2M was stolen from users of BSCex / SwapX, a DEX on BNB Chain. Vulnerabilities were found in four old contracts belonging to the DEX. Many users still have active approvals to these contracts, even though they haven't used it for a long time.

Comprobar

Harvest Keeper Rug Pull

Descubierto en2023-03-19
Monto Robado$700k
Redes Afectadas
BNB Chain Logo

Descripción

Over $700k has been stolen by Harvest Keeper from their users. Harvest Keeper claimed to be an "AI-powered" trading platform that provided unsustainably high yields, but turned out to be a scam. When they rugpulled they didn't just steal the deposited funds, but also all approved user funds.

Comprobar

Revert Finance Hack

Descubierto en2023-02-18
Monto Robado$30k
Redes Afectadas
Ethereum Logo
Polygon Logo
Arbitrum Logo
Optimism Logo

Descripción

About $30k was stolen from users of Revert Finance. Hackers were able to execute arbitrary code from the context of the vulnerable contract, allowing them to transfer approved user funds.

Comprobar

Dexible Hack

Descubierto en2023-02-17
Monto Robado$2M
Redes Afectadas
Ethereum Logo
Arbitrum Logo

Descripción

Over $2M was stolen from users of Dexible, a DEX aggregator. Hackers exploited a vulnerability that allowed them to provide their own Router contract, which they programmed to steal all approved user funds.

Comprobar

Rubic Hack

Descubierto en2022-12-25
Monto Robado$1.4M
Redes Afectadas
Ethereum Logo

Descripción

Over $1.4M was stolen from the users of cross-chain DEX Rubic. Hackers were able to exploit active approvals because the USDC contract was mistakenly added as a whitelisted "Router contract". The Rubic team has compensated affected users.

Comprobar

Polynomial Protocol Hack

Descubierto en2022-12-12
Monto Robado$7k
Redes Afectadas
Optimism Logo

Descripción

Around $7k was stolen from a select number of users of Polynomial Protocol, a derivatives platform on Optimism. Since this contract was no used for all functionality, only a few users were affected. Polynomial Protocol reimbursed the affected users.

Comprobar

Brahma Hack

Descubierto en2022-11-09
Monto Robado$90k
Redes Afectadas
Ethereum Logo

Descripción

Around $90k was stolen from users of Brahma, a cross-chain DeFi protocol. Hackers were able to exploit a vulnerability due to incorrect access control.

Comprobar

BitKeep Swap Hack

Descubierto en2022-10-18
Monto Robado$1.1M
Redes Afectadas
BNB Chain Logo
Polygon Logo

Descripción

Over $1.1M was stolen from users of the BitKeep Wallet. Hackers were able to abuse unlimited approvals to steal approved user funds on BNB Chain and Polygon. The BitKeep team reimbursed affected users.

Comprobar

Rabby Swap Hack

Descubierto en2022-10-11
Monto Robado$200k
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Arbitrum Logo
Arbitrum Nova Logo
Optimism Logo
Avalanche Logo
Cronos Logo
Gnosis Chain Logo
Fantom Logo
Celo Logo
Metis Logo
Moonbeam Logo
Astar Logo
Aurora Logo
Harmony Logo
Boba Logo
Kaia (Unsupported) Logo
HECO (Unsupported) Logo

Descripción

About $200k was stolen from users of the Rabby Wallet. Only users who used the wallet's Swap function and have active approvals are at risk.

Comprobar

Transit Swap Hack

Descubierto en2022-10-02
Monto Robado$21M
Redes Afectadas
Ethereum Logo
BNB Chain Logo

Descripción

Over $21M was stolen from users of Transit Swap, a DEX on Ethereum and BNB Chain. Any wallets with active approvals to these smart contracts are at risk.

Comprobar

Celer Frontend Hack

Descubierto en2022-08-17
Monto Robado$240k
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Polygon Logo
Arbitrum Logo
Optimism Logo
Avalanche Logo
Fantom Logo
Metis Logo
Astar Logo
Aurora Logo

Descripción

Over $200k was stolen from users of Celer. Hackers were able to compromise their official website and inject malicious code into it. This malicious code requested users to grant unlimited approvals to the hackers' wallets.

Comprobar

Curve Frontend Hack

Descubierto en2022-08-09
Monto Robado$575k
Redes Afectadas
Ethereum Logo

Descripción

Over $500k was stolen from users of the popular DEX Curve. Hackers were able to compromise their official website and inject malicious code into it. They injected malicious approval transactions into the frontend, draining users' wallets. Anyone that interacted with the Curve frontend on the 9th of August is at risk.

Comprobar

PREMINT Frontend Hack

Descubierto en2022-07-17
Monto Robado$400k
Redes Afectadas
Ethereum Logo

Descripción

Over $400k was stolen from users of PREMINT, a popular NFT platform. Hackers were able to compromise their official website and inject malicious code into it. This malicious code requested users to grant unlimited approvals to the hackers' wallets.

Comprobar

Quixotic Hack

Descubierto en2022-07-01
Monto Robado$200k
Redes Afectadas
Optimism Logo

Descripción

Over $200k was stolen from users of Quixotic, an NFT marketplace on Optimism. The contract allowed malicious actors to sell worthless NFTs to victims for high prices due to missing signature verifications. The smart contract is now paused, but it is still recommended to revoke approvals.

Comprobar

Namecheap DNS Hijack

Descubierto en2022-06-23
Monto Robado$500k
Redes Afectadas
Ethereum Logo

Descripción

Over $500k was stolen from users of several popular dapps, including Convex, Ribbon, and DeFiSaver. Hackers were able to access these websites' Namecheap settings to inject malicious code into the websites. This malicious code requested users to grant unlimited approvals to the hackers' wallets.

Comprobar

Zapper Whitehat Hack

Descubierto en2022-06-14
Monto Robado$0
Redes Afectadas
Ethereum Logo

Descripción

Over $2.5M was rescued from a vulnerable Zapper contract. The Zapper team was notified of the vulnerability by whitehat hackers and were able to rescue the approved user funds. After revoking active approvals, users were reimbursed their funds.

Comprobar

BasketDAO Hack

Descubierto en2022-03-30
Monto Robado$1.2M
Redes Afectadas
Ethereum Logo

Descripción

Over $1.2M was stolen from users of BasketDAO, a DeFi protocol for creating token baskets. Two of their contracts contained vulnerabilities that allowed hackers to steal approved user funds. Since then, BasketDAO has shut down and was acquired by another DeFi protocol, PieDAO.

Comprobar

Auctus Hack

Descubierto en2022-03-29
Monto Robado$700k
Redes Afectadas
Ethereum Logo

Descripción

Over $700k has been stolen from users of Auctus, a decentralized options protocol on Ethereum. The Auctus team discovered a vulnerability in one of their older Beta contracts, which allowed attackers to drain approved funds from users' wallets.

Comprobar

2022 LI.FI Hack

Descubierto en2022-03-20
Monto Robado$600k
Redes Afectadas
Ethereum Logo

Descripción

Around $600k was stolen from users of LI.FI, a cross-chain bridge and DEX aggregator. Hackers exploited a vulnerability that allowed them to execute arbitrary functions from the context of the smart contract, including transactions that drained approved user funds. LI.FI has since then patched the vulnerability and reimbursed affected users.

Comprobar

2022 Multichain Hack

Descubierto en2022-01-17
Monto Robado$3M
Redes Afectadas
Ethereum Logo
BNB Chain Logo
Avalanche Logo
IoTeX (Unsupported) Logo
Telos (Unsupported) Logo

Descripción

Over $3M was stolen by hackers that exploited a bug in the contracts of Multichain (formerly Anyswap), a cross-chain swap router. Any wallets that granted approvals to their smart contracts are at risk.

Comprobar

Sorbet Finance Whitehat Hack

Descubierto en2021-12-11
Monto Robado$0
Redes Afectadas
Ethereum Logo

Descripción

About $26M was rescued from a vulnerable Sorbet Finance smart contract. The team was able to drain all vulnerable funds and has placed it in a special escrow smart contract, where the original owners can reclaim them. Active approvals must be revoked before receiving refunds.

Comprobar

BadgerDAO Frontend Hack

Descubierto en2021-12-02
Monto Robado$120.3M
Redes Afectadas
Ethereum Logo

Descripción

Over $120M was stolen from users of BadgerDAO, a popular DeFi platform. Hackers were able to compromise their official website and inject malicious code into it. This malicious code requested users to grant unlimited approvals to the hackers' wallets.

Comprobar

dYdX Whitehat Hack

Descubierto en2021-11-27
Monto Robado$200k
Redes Afectadas
Ethereum Logo

Descripción

About $2M was rescued from a vulnerable dYdX smart contract. The team was able to drain all vulnerable funds and has been refunding users once they revoke their active approvals. Despite their efforts, hackers were still able to steal just over $200k, which the dYdX team has reimbursed out of their own pocket.

Comprobar

bZx Hack

Descubierto en2021-11-05
Monto Robado$55M
Redes Afectadas
BNB Chain Logo
Polygon Logo

Descripción

Over $55M was stolen from users of DeFi platform bXz. Hackers gained access to the private keys of an admin account and deployed a malicious update to bZx' smart contracts. This new code allowed them to drain bZx' contracts and all approved user funds. This was the final nail in the coffin for bZx, which was exploited multiple times before.

Comprobar

StableMagnet Rug Pull

Descubierto en2021-06-24
Monto Robado$27M
Redes Afectadas
BNB Chain Logo

Descripción

Over $27M was stolen from users of StableMagnet, a DEX on BNB Chain. The StableMagnet team built a backdoor into their smart contract that allowed them to drain the funds in liquidity pools and from users with active approvals.

Comprobar

Furucombo Hack

Descubierto en2021-02-27
Monto Robado$14M
Redes Afectadas
Ethereum Logo

Descripción

Over $14M was stolen from users of Furucombo, an app that helps users compose DeFi transactions. Hackers were able to trick the Furucombo governance to whitelist a scam contract, which was subsequently able to drain all approved user funds.

Comprobar

Bancor Whitehat Hack

Descubierto en2020-06-18
Monto Robado$135k
Redes Afectadas
Ethereum Logo

Descripción

About $400k was rescued from a vulnerable Bancor contract. A vulnerability was discovered by the 1inch team and reported to Bancor. Most of the vulnerable funds were saved by the Bancor team, but just over $100k was still taken by automated front-running bots.

Comprobar