July 11, 2020 - Cashaa

Cashaa shared that it lost 336 bitcoins to hackers. The attacker may have implanted malware into one of the exchange’s computers. As an employee accessed the affected machine to make two transfers, the attack was launched.

June 28, 2020 - Balancer

An attacker stole over $500,000 in Ether, Wrapped Bitcoin, Chainlink, and Synthetix tokens.

Balancer CTO Mike McDonald explains that the attacker had borrowed $23 million in WETH tokens in a flash loan from dYdX. They then traded against themselves with Statera (STA), a token that uses a transfer fee model and burns 1% when traded. The attacker repeated this back and forth 24 times, draining the STA liquidity pool. Because Balancer thought it had the amount of STA remained unchanged, it released WETH in the amount of the original balance, giving the attacker a larger margin for every trade.

The attacker repeated this attack with WBTC, LINK and SNX, all against Statera tokens.

May 31, 2020 - Coincheck

In an official statement, the Tokyo-based organization shared that attackers hijacked one of Coincheck's domains to carry out spear-phishing attacks on customers.

Coincheck stated that certain personal information like names, registered addresses, birth dates, phone numbers, and ID Selfies was exposed in the incident. Digital assets, however, were not affected.

In 2018, Coincheck lost $500 million in NEM coins after hackers compromised the exchange platform.

April 18, 2020 - Uniswap

Hacker(s) deployed two reentrancy attacks, made possible by a known vulnerability found in the ERC777-token of Uniswap Exchange, to steal $300,000 and $1.1 million in imBTC tokens. Tokenlon, the company behind the imBTC token that runs on the Uniswap platform, provides a timeline of the events:

“8:58 SGT on April 18th. An attacker used a vulnerability with Uniswap and ERC777 to perform a reentrancy attack. For technical details please refer to Open Zeppelin’s explanation here. 12:12 on April 18th. The Tokenlon team observed the anomaly, defined the incident as a P0-level security issue and established an emergency response team. 12:49 on April 18th. After evaluating the situation, Tokenlon suspended the transfer of imBTC and notified imBTC partners including Lendf.Me to evaluate potential security risks. 17:00 on April 18th. imBTC transfer was resumed after receiving the confirmation from Lendf.Me and other partners that it is OK to do so. 09:28 on April 19th. Tokenlon received a message from Lendf.me about a reentrancy attack, similar to the one happened to Uniswap, resulting in a large number of abnormal borrowing on the platform. 10:12 on April 19th. In order to cooperate with the investigation of the reentrancy attack, Tokenlon suspended the transfer of imBTC.”

February 5, 2020 - Altsbit

According to Altsbit, hackers were responsible for the theft of a large number of coins. The exchange cannot compensate losses but intends to return untouched amounts as some percentage to users.

Verified losses include: