$3.1 million in EIGEN tokens stolen and sold

Around 1.67 million EIGEN tokens belonging to an investor in the popular Ethereum-based EigenLayer project were stolen after the investor was tricked into transferring the tokens into the attacker's wallet. The thief then sold the tokens for around $3.1 million, although the tokens were notionally worth around $5.5 million. Some of the stolen funds were later frozen by centralized exchanges.

After the incident, some questioned why the tokens had been sent to an investor without a vesting contract, given they were supposed to be locked for a period of time to prevent sale.

Victim loses over $32 million to wallet drainer

A victim lost 12,083 spWETH tokens (~$32.4 million) after signing a malicious transaction stemming from someone using wallet drainer software. These drainers are "scam-as-a-service" products, where the drainer creators allow others to operate the drainer software in exchange for a 20% cut of stolen funds.

The victim wallet sent a message to the thief, offering "a peaceful resolution to this situation" in which the thief could keep 20% of the total amount taken (around $6.5 million).

Bedrock staking platform loses $2 million after bug that allowed users to trade Bitcoin and Ethereum 1:1

A staking platform called Bedrock lost around $2 million after exploiters discovered a bug that allowed them to swap 1 ETH for 1 BTC despite the more than $63,000 difference in prices for the two assets.

A security firm working with Bedrock had tried to warn Bedrock of the vulnerability several hours before the attack, but the team was asleep. The vulnerable contracts had been deployed a day and a half prior to the attack, and had not been audited.

Fortunately for Bedrock, security groups were able to pause third-party projects surrounding Bedrock, which helped to limit the losses — which ultimately could have been as high as the entire value of funds on the protocol.

Onyx hacked for $3.8 million via the same exploit used against them less than a year ago

The Onyx protocol was hacked for a second time by attackers taking advantage of known bugs in forks of the Compound Finance project. Projects regularly fail to patch these bugs, despite many instances of multi-million dollar hacks affecting Compound forks in the past.

Onyx apparently didn't learn their lesson the first time around, when they were exploited for $2 million in November 2023 by an attacker taking advantage of a known vulnerability affecting empty markets on the protocol. This same bug seems to have contributed to this exploit, although Onyx has claimed the hack was due to a separate vulnerability in an NFT liquidation contract.

Truflation hacked for around $5 million

The Truflation platform suffered a loss of around $5 million after what they described as "an attack using malware". The company acknowledged the attack and limited some of their services while they worked to mitigate it. They also offered a reward to "any white hats offering assistance", and offered to negotiate a "bug bounty" with the attacker.

Truflation is a blockchain-based project that provides economic data including inflation rates and asset valuations. The platform has been backed by Coinbase Ventures, Chainlink, and others.

OpenAI Twitter account once again hacked and used to promote scam token

The Twitter account belonging to OpenAI's news account was compromised and used to "announce" a scam website purporting to announce the $OPENAI token. "All OpenAI users are eligible to claim a piece of $OPENAI’s initial supply. Holding $OPENAI will grant access to all of our future beta programs," the scam tweets claimed. A link in the tweets directed users to a malicious website that invited users to connect their wallets to claim tokens.

This latest hack is only the latest in a slew of Twitter account compromises "announcing" a scam token. Over a year, OpenAI CTO Mira Murati had her account hacked to promote an "$OPENAI" token. Three months ago, accounts belonging to chief scientist Jakub Pachocki and researcher Jason Wei were hacked and used to post the same scam as today.

Shezmu hacked for almost $5 million, negotiates bounty

A crypto yield platform called Shezmu suffered a loss of around $4.9 million in $ShezUSD after an attacker exploited a flaw that allowed anyone to mint collateral, which they could then use to borrow ShezUSD. These tokens were relatively illiquid, however, so the total amount the attacker could have obtained was likely considerably less.

Shortly after the attack, Shezmu offered a 10% "bounty" for the return of the funds. The attacker responded that they would only consider a 20% bounty. Shezmu agreed to the terms, and announced to their followers that they had achieved a recovery from the "white hat" hacker.

BingX hacked for $52 million

Singaporean cryptocurrency exchange BingX suffered a $52 million loss across a broad range of cryptocurrencies. The thefts occurred across two attacks that were hours apart. The attack appears to have targeted one of the exchange's hot wallets.

Some accused the exchange of trying to cover up the theft by announcing "temporary wallet maintenance" without disclosing that a theft had occurred. The team later announced that "there has been minor asset loss", and stated that the lost funds would be restored out of the company's capital.

Around $10 million of the stolen assets were frozen during recovery efforts after the theft.

Germany seizes 47 cryptocurrency exchanges reportedly used by ransomware groups

Webpage announcing seized crypto exchange. Letter reads: "Operation Final Exchange THIS WAS YOUR FINAL EXCHANGE! This is for you, ransomware affiliates, botnet operators and darknet vendors: For years, the operators of these criminal exchange services have led you to believe that their hosting cannot be found, that they do not store any customer data and that all data is deleted immediately after the transaction. An apparently unregulated hub allowing you to launder the proceeds of your criminal activities without fear of prosecution. From our point of view: nothing but empty promises! We have found their servers and seized them - development servers, production servers, backup servers. We have their data and therefore we have your data. Transactions, registration data, IP addresses. Our search for traces begins. See you soon."Warning on seized domains (attribution)
German authorities have seized 47 cryptocurrency exchanges alleged to have been used to launder stolen funds by ransomware groups. The exchanges did not require KYC, allowing customers to remain anonymous throughout their transactions.

Websites for these exchanges now show notices announcing a law enforcement operation called "Operation Final Exchange". The page announces to visitors "This was your final exchange!", and in a letter addressed to "ransomware affiliates, botnet operators and darknet vendors", warns that authorities are now working to trace the illicit users of the exchange.

Almost $2 million taken from users of Telegram "Banana Gun" crypto trading bot

Some people use a Telegram-based crypto trading bot called "Banana Gun" to "snipe" crypto trades, copytrade, and perform other activities. On September 19, at least 11 victims lost around $3 million after their accounts were apparently compromised and drained.

Banana Gun acknowledged the attack on Twitter and shut down the bot. They posted that they did not believe their backend was compromised, and stated that they believed the attack occurred via a "front-end vulnerability" — though it was not clear what this might have referred to.

Arrests made after $243 million stolen from one individual in Gemini phishing attack

Two people have been arrested in relation to a phishing scam that successfully stole more than 4,000 BTC priced at around $243 million from a single individual. The victim was targeted with a phishing scam in which the attackers posed as Google support employees and convinced the victim to reset their two-factor authentication for their account on the Gemini cryptocurrency exchange.

The FBI raided a luxury home in Miami in connection to the theft, and arrested two men in their early twenties. Authorities worked with crypto investigators including zachxbt to trace the stolen funds.