Взломы и эксплойты

Более $260M украдено с 2020.

Сообщить об эксплойте

На этой странице приведен список известных взломов и эксплойтов, в результате которых средства пользователей подвергаются риску. Многие другие взломы и эксплойты затрагивают только средства, хранящиеся в эксплуатируемом смарт-контракте. Но эксплойты, перечисленные на этой странице, используют неограниченное количество одобрений токенов для кражи одобренных средств. Используя Revoke.cash для управления пособиями, Вы можете защитить свои средства от этих уязвимостей. Проверьте, не затронут ли Ваш кошелек, нажав на эксплойты ниже.

SushiSwap Hack

Обнаружено на2023-04-09
Украденная сумма$3.5M
Затронутые блокчейны
Ethereum
Binance Smart Chain
Polygon
Polygon zkEVM
Arbitrum
Arbitrum Nova
Optimism
Avalanche
Fantom
Gnosis
Moonbeam
Moonriver
Boba
Fuse

Описание

Over $3.5M was stolen from users of the popular DEX SushiSwap. The vulnerability only concerns a recently deployed Sushiswap contract, so only users who interacted with the exchange between the 1st and the 9th of April are affected.

Проверить

BSCex Hack

Обнаружено на2023-03-27
Украденная сумма$8.2M
Затронутые блокчейны
Binance Smart Chain

Описание

Over $8.2M was stolen from users of BSCex / SwapX, a DEX on Binance Smart Chain. Vulnerabilities were found in four old contracts belonging to the DEX. Many users still have active allowances to these contracts, even though they haven't used it for a long time.

Проверить

Dexible Hack

Обнаружено на2023-02-20
Украденная сумма$2M
Затронутые блокчейны
Ethereum
Arbitrum

Описание

Over $2M was stolen from users of Dexible, a DEX aggregator. Hackers exploited a vulnerability that allowed them to provide their own Router contract, which they programmed to steal all approved user funds.

Проверить

Revert Finance Hack

Обнаружено на2023-02-18
Украденная сумма$30k
Затронутые блокчейны
Ethereum
Polygon
Arbitrum
Optimism

Описание

About $30k was stolen from users of Revert Finance. Hackers were able to execute arbitrary code from the context of the vulnerable contract, allowing them to transfer approved user funds.

Проверить

Rubic Hack

Обнаружено на2022-12-25
Украденная сумма$1.4M
Затронутые блокчейны
Ethereum

Описание

Over $1.4M was stolen from the users of cross-chain DEX Rubic. Hackers were able to exploit active allowances because the USDC contract was mistakenly added as a whitelisted "Router contract". The Rubic team has compensated affected users.

Проверить

Polynomial Protocol Hack

Обнаружено на2022-12-12
Украденная сумма$7k
Затронутые блокчейны
Optimism

Описание

Around $7k was stolen from a select number of users of Polynomial Protocol, a derivatives platform on Optimism. Since this contract was no used for all functionality, only a few users were affected. Polynomial Protocol reimbursed the affected users.

Проверить

Brahma Hack

Обнаружено на2022-11-09
Украденная сумма$90k
Затронутые блокчейны
Ethereum

Описание

Around $90k was stolen from users of Brahma, a cross-chain DeFi protocol. Hackers were able to exploit a vulnerability due to incorrect access control.

Проверить

BitKeep Swap Hack

Обнаружено на2022-10-18
Украденная сумма$1.1M
Затронутые блокчейны
Binance Smart Chain
Polygon

Описание

Over $1.1M was stolen from users of the BitKeep Wallet. Hackers were able to abuse unlimited allowances to steal approved user funds on Binance Smart Chain ans Polygon. The BitKeep reimbursed affected users.

Проверить

Rabby Swap Hack

Обнаружено на2022-10-11
Украденная сумма$200k
Затронутые блокчейны
Ethereum
Binance Smart Chain
Polygon
Arbitrum
Arbitrum Nova
Optimism
Avalanche
Fantom
Cronos
Celo
Gnosis
Moonbeam
Astar
Metis
Aurora
Harmony
Boba
Klaytn (Unsupported)
HECO (Unsupported)

Описание

About $200k was stolen from users of the Rabby Wallet. Only users who used the wallet's Swap function and have active allowances are at risk.

Проверить

Transit Swap Hack

Обнаружено на2022-10-02
Украденная сумма$21M
Затронутые блокчейны
Ethereum
Binance Smart Chain

Описание

Over $21M was stolen from users of Transit Swap, a DEX on Ethereum and Binance Smart Chain. Any wallets with active allowances to these smart contracts are at risk.

Проверить

Celer Frontend Hack

Обнаружено на2022-08-17
Украденная сумма$240k
Затронутые блокчейны
Ethereum
Binance Smart Chain
Polygon
Arbitrum
Optimism
Avalanche
Fantom
Astar
Metis
Aurora

Описание

Over $200k was stolen from users of Celer. Hackers were able to compromise their official website and inject malicious code into it. This malicious code requested users to approve unlimited allowances to the hackers' wallets.

Проверить

Curve Frontend Hack

Обнаружено на2022-08-09
Украденная сумма$575k
Затронутые блокчейны
Ethereum

Описание

Over $500k was stolen from users of the popular DEX Curve. Hackers were able to compromise their official website and inject malicious code into it. They injected malicious approval transactions into the frontend, draining users' wallets. Anyone that interacted with the Curve frontend on the 9th of August is at risk.

Проверить

PREMINT Frontend Hack

Обнаружено на2022-07-17
Украденная сумма$400k
Затронутые блокчейны
Ethereum

Описание

Over $400k was stolen from users of PREMINT, a popular NFT platform. Hackers were able to compromise their official website and inject malicious code into it. This malicious code requested users to approve unlimited allowances to the hackers' wallets.

Проверить

Quixotic Hack

Обнаружено на2022-07-01
Украденная сумма$200k
Затронутые блокчейны
Optimism

Описание

Over $200k was stolen from users of Quixotic, an NFT marketplace on Optimism. The contract allowed malicious actors to sell worthless NFTs to victims for high prices due to missing signature verifications. The smart contract is now paused, but it is still recommended to revoke allowances.

Проверить

Namecheap DNS Hijack - Multiple Websites

Обнаружено на2022-06-23
Украденная сумма$500k
Затронутые блокчейны
Ethereum

Описание

Over $500k was stolen from users of several popular dapps, including Convex, Ribbon, and DeFiSaver. Hackers were able to access these webites' Namecheap settings to inject malicious code into the websites. This malicious code requested users to approve unlimited allowances to the hackers' wallets.

Проверить

Zapper Whitehat Hack

Обнаружено на2022-06-14
Украденная сумма$0
Затронутые блокчейны
Ethereum

Описание

Over $2.5M was rescued from a vulnerable Zapper contract. The Zapper team was notified of the vulnerability by whitehat hackers and were able to rescue the approved user funds. After revoking active allowances, users were reimbursed their funds.

Проверить

BasketDAO Hack

Обнаружено на2022-03-30
Украденная сумма$1.2M
Затронутые блокчейны
Ethereum

Описание

Over $1.2M was stolen from users of BasketDAO, a DeFi protocol for creating token baskets. Two of their contracts contained vulnerabilities that allowed hackers to steal approved user funds. Since then, BasketDAO has shut down and was acquired by another DeFi protocol, PieDAO.

Проверить

LI.FI Hack

Обнаружено на2022-03-20
Украденная сумма$600k
Затронутые блокчейны
Ethereum

Описание

Around $600k was stolen from users of LI.FI, a cross-chain bridge and DEX aggregator. Hackers exploited a vulnerability that allowed them to execute arbitrary functions from the context of the smart contract, including transactions that drained approved user funds. LI.FI has since then patched the vulnerability and reimbursed affected users.

Проверить

Multichain Hack

Обнаружено на2022-01-17
Украденная сумма$3M
Затронутые блокчейны
Ethereum

Описание

Over $3M was stolen by hackers that exploited a bug in the contracts of Multichain (formerly Anyswap), a cross-chain swap router. Any wallets that approved allowances to their smart contracts are at risk.

Проверить

Sorbet Finance Whitehat Hack

Обнаружено на2021-12-11
Украденная сумма$0
Затронутые блокчейны
Ethereum

Описание

About $26M was rescued from a vulnerable Sorbet Finance smart contract. The team was able to drain all vulnerable funds and has placed it in a special escrow smart contract, where the original owners can reclaim them. Active allowances must be revoked before receiving refunds.

Проверить

Badger Frontend Hack

Обнаружено на2021-12-02
Украденная сумма$120.3M
Затронутые блокчейны
Ethereum

Описание

Over $120M was stolen from users of BadgerDAO, a popular DeFi platform. Hackers were able to compromise their official website and inject malicious code into it. This malicious code requested users to approve unlimited allowances to the hackers' wallets.

Проверить

dYdX Whitehat Hack

Обнаружено на2021-11-27
Украденная сумма$200k
Затронутые блокчейны
Ethereum

Описание

About $2M was rescued from a vulnerable dYdX smart contract. The team was able to drain all vulnerable funds and has been refunding users once they revoke their active allowances. Despite their efforts, hackers were still able to steal just over $200k, which the dYdX team has reimbursed out of their own pocket.

Проверить

bZx Hack

Обнаружено на2021-11-05
Украденная сумма$55M
Затронутые блокчейны
Binance Smart Chain
Polygon

Описание

Over $55M was stolen from users of DeFi platform bXz. Hackers gained access to the private keys of an admin account and deployed a malicious update to bZx' smart contracts. This new code allowed them to drain bZx' contracts and all approved user funds. This was the final nail in the coffin for bZx, which was exploited multiple times before.

Проверить

StableMagnet Rug Pull

Обнаружено на2021-06-24
Украденная сумма$27M
Затронутые блокчейны
Binance Smart Chain

Описание

Over $27M was stolen from users of StableMagnet, a DEX on Binance Smart Chain. The StableMagnet team built a backdoor into their smart contract that allowed them to drain the funds in liquidity pools and from users with active allowances.

Проверить

Furucombo Hack

Обнаружено на2021-02-27
Украденная сумма$14M
Затронутые блокчейны
Ethereum

Описание

Over $14M was stolen from users of Furucombo, an app that helps users compose DeFi transactions. Hackers were able to trick the Furucombo governance to whitelist a scam contract, which was subsequently able to drain all approved user funds.

Проверить

Bancor Whitehat Hack

Обнаружено на2020-06-18
Украденная сумма$135k
Затронутые блокчейны
Ethereum

Описание

About $500k was rescued from a vulnerable Bancor contract. A vulnerability was discovered by the 1inch team and reported to Bancor. Most of the vulnerable funds were saved by the Bancor team, but just over $100k was still taken by automated front-running bots.

Проверить
NotCommon Verified
Русский
Русский