Pump.fun ($1.9 Million) I need to add a few words about this project. A few days ago, someone asked about liquidity management and mentioned this project. I had never researched the project nor was I aware that it had been exploited. In my comment, I said that this project sounded like a scam. I'm bringing this up because if everyone learns how to identify such issues, we will be much more secure in the crypto space. Digital security won't improve our lives unless we learn and act properly.

Pump.fun, a Solana-based memecoin launchpad, was exploited by a former employee, resulting in the theft of $1.9 million in SOL. The attacker used flash loans to manipulate memecoins, affecting $1.9 million of $45 million in liquidity. Pump.fun paused trading, upgraded contracts, and pledged to restore the lost liquidity with no trading fees for seven days. The exploiter, "Stacc," admitted the act and criticized the platform’s management.

BlockTower Capital (Undisclosed)

BlockTower Capital, a major crypto investment firm, suffered a security breach that partially drained its main hedge fund. The stolen amount is undisclosed, and the attacker remains at large. The firm has enlisted blockchain forensics experts and remains a significant player despite this and a previous $1.55 million loss in TrueFi tokens in 2023.

Gnus.AI Discord Hack ($1.27 Million)

Gnus.AI lost $1.27 million due to a token-minting exploit. The attacker used a stolen private key to create fake GNUS tokens, which were sold on the Fantom network. The team plans to issue new tokens and inject $1 million to compensate for 80% of the losses.

Prisma Finance ($10 Million)

Prisma Finance was hacked, resulting in a $10 million loss. Cyvers detected the breach, flagging $9 million initially and $1 million shortly after. Prisma Finance paused operations to investigate. This incident highlights the vulnerability of DeFi platforms, with total crypto hacks exceeding $200 million in 2024.

Mozaic Finance ($2.5 Million)

Mozaic Finance lost $2.4 million in a security breach on March 15, 2024. The attack, involving a compromised private key, targeted the Arbitrum chain. Mozaic promptly acted to recover the funds, emphasizing the importance of swift and transparent responses in DeFi security incidents.

BitForex ($57 Million)

BitForex, a cryptocurrency exchange, disappeared after withdrawing $57 million from its hot wallets on February 23, 2024. Users were locked out, and despite regulatory efforts, BitForex was not flagged by the Securities & Futures Commission. The company claims multiple registrations and operational teams worldwide.

PlayDapp ($290 Million)

PlayDapp suffered a $290 million exploit due to the unauthorized minting of 1.79 billion PLA tokens. The hacker laundered the funds, rejecting PlayDapp’s offer of a $1 million reward for their return. Consequently, PlayDapp paused the PLA smart contract on February 13.

Abracadabra Finance ($6.5 Million)

Abracadabra Finance was hacked, losing $6.5 million and causing its stablecoin, Magic Internet Money (MIM), to deviate from its peg. Quick actions restored MIM's value. The attackers exploited a smart contract vulnerability, with $29 million still at risk.

Concentric.fi ($1.8 Million)

Concentric.fi was breached through a social engineering attack, resulting in a $1.8 million loss. Despite having audited vaults, their upgradability made them vulnerable. The same attacker is suspected of a previous exploit on OKX. Concentric.fi is investigating and plans to mitigate the losses.

Socket.Tech ($3.3 Million)

Socket.Tech lost $3.3 million in a January 16 exploit targeting the Bungee Exchange. The attacker used a flaw in SocketGateway to transfer funds from users who granted unlimited access. About 700 victims were affected, with the largest loss being $656,000 USDC.

Gamma Strategies ($3.4 Million)

Gamma Strategies lost $3.4 million due to a vulnerability in its accounting mechanism. The attacker exploited a high price change threshold, withdrawing over 1500 ETH. Deposits were disabled, but withdrawals remained active. The flaw was identified as an inconsistency in accounting mechanisms.

CoinsPaid ($7.5 Million)

CoinsPaid, an Estonia-based digital asset processor, was hacked for $7.5 million in unauthorized withdrawals. The attacker exchanged CPD tokens for Ethereum and transferred them to various exchanges. Despite a previous hack linked to the Lazarus Group, CoinsPaid has not commented on the recent breach.

Radiant Capital ($4.5 Million)

Radiant Capital suspended operations on the Arbitrum network after a flash loan attack resulted in a $4.5 million loss. The vulnerability was linked to the 'index parameter' in the code. Radiant assured that no existing funds were at risk and postponed further actions pending a review.

Orbit Chain ($80 Million)

South Korea’s Orbit Chain lost over $80 million due to a hack involving compromised multisig signers. Various cryptocurrencies were transferred through mixers. This incident underscores the risks with multisig wallets and highlights the need for improved security measures. There is no information on victim compensation yet.