Hacks in June:
- Animoon
June 2, 2022: Animoon, a NFT project based on Pokémon was reported rug pull. The project team claimed to have signed a non-disclosure agreement (NDA) with Pokémon partner TopDeck. However, no evidence of development of the actual play-to-earn (P2E) NFT game. The team disappeared and deleted their Twitter account and website.
Root cause: Rug Pull
Loss: Approx. $6.3 million
Reference: Twitter Announcement
Claimable event: No
- BAYC & Otherside
June 4, 2022: Bored Ape Yacht Club (BAYC) and Otherside were experienced phishing attacks and lost over 145 ETH. The Discord administrator’s account was compromised, which allowed the attackers gained the admin access to the server and posted a phishing link that encouraged users to link their wallets to access “exclusive giveaways.”
Root cause: Discord admin account hacked
Loss: approx. $ 170,000
Reference: News on Cointelegraph
Claimable event: No
- Individual Hacker from South Korea
June 4, 2022: A hacker from South Korea managed to stoles $660,000 worth of crypto from 900 victims by obtaining their crypto wallet and exchange login details which was leaked from a group chat service provided by Naver.
Root cause: Data Leakage
Loss: approx. $ 660,000
Reference: News on CryptoNews
Claimable event: No
- Elrond & Maiar
June 5, 2022: The Layer 1 blockchain network Elrond was experienced a security breach recently. The hackers stole more than 1.65 million worth of token and sold it through the decentralized exchange Maiar. Elrond founder tweeted that the bug has been resolved. All funds and users are safe and almost all stolen funds have been recovered.
Root cause: Virtual Machine Vulnerability
Loss: Not disclosed.
Reference: Official Report
Claimable event: No
- Equalizer Finance
June 7, 2022: Equalizer Finance was suffered flash loan attack recently due to the non-compatibility of FlashLoanProvider contract with the Vault contract.
Root cause: Smart Contract Vulnerability
Loss: Not disclosed.
Reference: Twitter Announcement
Claimable event: Yes (Smart Contract Vulnerability Cover)
- Baby Elon
June 8, 2022: The Baby Elon project on BNBChain was reported rug pull by PeckShield Alert. The project team took 623 BNB and transferred to Tornado Cash.
Root cause: Rug pull
Loss: approx. $179,000
Reference: Twitter Announcement
Claimable event: No
- ApolloX
June 8, 2022: There was a flaw in the ApolloX trading rewards contract. The attacker used the signature system flaw to generate 255 signatures which then withdrew a total of 53 million APX token.
Root cause: Smart Contract Vulnerability
Loss: approx. $1.6 M
Reference: Twitter Announcement
Claimable event: Yes (Smart Contract Vulnerability Cover)
- Osmosis
June 8, 2022: There was a tweet about a critical bug was discovered on Osmosis that could potentially drain all liquidity pools. Osmosis tweeted that the liquidity pool was not “completely drained” and that developers were fixing the bugs.
Root cause: Smart Contract Vulnerability
Loss: approx. $5 M
Reference: Twitter Announcement
Claimable event: Yes (Smart Contract Vulnerability Cover)
- GYM Network
June 8, 2022: According to the official Twitter account, the GYM Network was suffered by an attack on the Claim & Pool function, which resulted in a significant price drop.
Root cause: Smart Contract Vulnerability
Loss: approx. $2.1 M
Reference: Twitter Announcement
Claimable event: Yes (Smart Contract Vulnerability Cover)
- Trader Joe
June 10, 2022: Trader Joe was recently suffered an exploit due to a vulnerability lies in the protocol transaction fees process. Users’ funds are safu, only protocol fees were lost.
Root cause: Smart Contract Vulnerability
Loss: approx. $1 M
Reference: Twitter Announcement
Claimable event: Yes (Smart Contract Vulnerability Cover)
- SHELL
June 11, 2022: According to a few rug pull monitoring websites, SHELL projects was identified as high risk project. SHELL token price fell by more than 56%. The project owner minted 150 million tokens at one address, and transferred them and sold some of them in 12 transactions for about $180,000.
Root cause: Rug pull
Loss: Approx. $180,000
Reference: Announcement
Claimable event: No
- HEGE
June 11, 2022: According to a few rug pull monitoring websites, HEGE projects was reported as potential rug pull.
Root cause: Rug pull
Loss: Approx. $429,000
Reference: Announcement
Claimable event: No
- TreasureSwap
June 11, 2022: The treasure swap project was exploited recently. The attacker only used a very small amount of WETH to exchange all the WETH tokens in the transaction pool. The reverse of the source code found that the swap function of the attacked contract lacked the K value check.
Root cause: Smart Contract Vulnerability
Loss: approx. $920,000
Reference: PA News
Claimable event: Yes (Smart Contract Vulnerability Cover)
- FSwap
June 13, 2022: According to Fswap official announcement, the project was hacked due to an error in the fee-charging mechanism of the protocol. Hackers borrowed money from BISWAP to FSWAP for transaction attacks.
Root cause: Smart Contract Vulnerability
Loss: approx. $5 million
Reference: News on Aliens
Claimable event: Yes (Smart Contract Vulnerability Cover)
- KnownOrigin
June 14, 2022: According to KnownOrigin official tweet, its discord had been compromised. They reminded users not to click on any links.
Root cause: Discord server hacked
Loss: Not Disclosed
Reference: Twitter Announcement
Claimable event: No
- Inverse Finance
June 16, 2022: Inverse Finance suffered a flash loan attack due to the use of insecure oracles to calculate LP prices.
Root cause: Oracle Failure
Loss: approx. $1.26 million
Reference: News on Cointelegraph
Claimable event: No
- LV PLUS
June 21, 2022: The LV PLUS project has been identified as a Rug Pull project. They claimed to be affiliated with the “LV Metaverse”. Its deployer sent tokens to certain wallets and subsequently sold the project’s tokens, causing the project’s market to crash .
Root cause: Rug pull
Loss: $1.5 M
Reference: News
Claimable event: No
- Justcows
June 24, 2022: Justcows, the hosting platform on BSC, is suspected of rug pull and siphoned off $5 million in user funds. The project team distributed a large amount of BUSD to thousands of addresses in the form of mixed currency, some of which were transferred to hunterswap, and some of them were transferred to the exchange. It is reported that the platform issued an announcement a month ago to stop user withdrawals.
Root cause: Rug pull
Loss: $5 M
Reference: Twitter Announcement
Claimable event: No
- ConvexFinance
June 24, 2022: ConvexFinance officially tweeted that they were experiencing a DNS hijacking which caused users to approve malicious contracts on some interactions on the website, and the problem has been fixed.
Root cause: DNS Hijacking
Loss: approx. $250,000
Reference: Twitter Announcement
Claimable event: No
- Harmony
June 24, 2022: Harmony project team has identified an attack occurred on its Horizon bridge. The attacker resulted in loss of more than 100 million USD.
Root cause: Private Key Leak
Loss: approx. $100 M
Reference: Twitter Announcement
Claimable event: No
- XCarnival
June 26, 2022: XCarnival, an Ethereum ecosystem liquidity provider was exploited recently. This attack is due to a flaw in its smart contract which allowed the pledged NFT still be used as the collateral for bollowing. After the project team revealed, they suspended the transactions and successfully recovered 50% of the loss.
Root cause: Smart Contract Vulnerability
Loss: approx. $3.2 M
Reference: News on Cointelegraph
Claimable event: Yes (Smart Contract Vulnerability Cover)
- Goldfinch
June 28, 2022: The SeniorPool contract of the Goldfinch project was experienced an arbitrage attack where the exchange rate of FIDU to USDC in Curve is 1:1.03, while the ratio in SeniorPool is 1:1.07, which creates room for arbitrage. The attacker can use Curve’s FIDU-USDC pool to obtain FIDU tokens to obtain the dividends of the SeniorPool contract mortgaged USDC tokens.
Root cause: Arbitrage Attack
Loss: approx. $541,158
Reference: News
Claimable event: No
- OpenSea
June 16, 2022: OpenSea disclosed a vulnerability in their Shred Storefront contract via their official Twitter channel. This allows in some instances for sellers to accept offers on Shared Storefront items and receive payment without owning the NFT.
Root cause: Smart Contract Vulnerability
Loss: Not disclosed.
Reference: Twitter Announcement
Claimable event: Yes (Smart Contract Vulnerability Cover)
- Solidity
June 15, 2022: According to official disclosure, a previously unknown optimization bug was found in Solidity compiler. It causes the silent discard of important memory operations.
Root cause: Smart Contract Vulnerability
Loss: approx. $3.2 M
Reference: Medium Post
Claimable event: Yes (Smart Contract Vulnerability Cover)
The crypto industry has generated a lot of excitement; however, there are a lot of risks attached. Security incidents occur from time to time, all users should enhance their own security awareness to avoid serious losses.
InsurAce.io currently offer insurance protections for:
- Smart contract vulnerability risk: the smart contract of the covered protocol gets hacked;
- Custodian risk: the custodian gets hacked where the user loses more than 10% of their funds, and/or withdrawals from the custodian are halted for more than 90 days;
- IDO event risk: the smart contract of the covered IDO platform gets hacked
- Stablecoin De-Peg risk: the stablecoin moves significantly below its pegged price
For details on the coverage and exclusions for each cover, kindly read Cover Wording here.
Get your investment funds protected with InsurAce.io: Buy Cover