MangoFarmSOL is unrelated to the other Solana-based mango-themed project, Mango Markets, which was exploited in October 2022 for more than $100 million.
MangoFarmSOL rug pulls for $2 million
Narwhal likely exit scams for $1.5 million
However, investigation by the CertiK blockchain security firm suggests that the "hack" may have been an inside job, with much of the $1.5 million that was "stolen" going to wallets with links to the Narwhal team.
The Narwhal project had launched in mid-December.
xKingdom rug pulls for $1.25 million
On January 6, the project's creators drained the tokens that had been put into the project, then deleted their website and social media accounts. Altogether, they withdrew 558.3 ETH (~$1.25 million).
CoinsPaid hacked again
In July 2023, an attacker stole $37.3 million from the CoinsPaid platform. CoinsPaid said at the time that they suspected the attacker was the North Korean Lazarus hacking group, which has been a prolific perpetrator of cryptocurrency thefts.
Blockchain security firm CertiK suffers compromise of their own
CertiK quickly regained control of the account and deleted the tweets, later explaining that an employee had been contacted by a "verified account, associated with well-known media". The journalist's account, apparently compromised, successfully phished the CertiK employee by sending what looked like a Calendly meeting scheduling link, but what was in fact a malicious link used to take over the CertiK Twitter account.
Blockchain sleuth zachxbt criticized CertiK, which describes itself as a leading blockchain security firm, for not protecting against the attack, and asked if they would be reimbursing phishing victims.
Gamma Strategies exploited for $6.2 million
Gamma has contacted the hacker to try to negotiate a return of some of the assets, and also says they have engaged law enforcement. Although they have promised to try to repay some of the stolen assets, they are estimating between 25% and 40% recoveries for various categories of users.
- "Post-Mortem & Remediation Plan", Gamma Strategies [archive]
- "DeFi protocol Gamma Strategies suffers an estimated $3.4 million exploit", The Block [archive]
Radiant Capital lending protocol hacked for $4.5 million
Radiant Capital sent an on-chain message to the attacker, offering to negotiate a bounty.
- Tweet thread by Radiant Capital [archive]
- Tweet thread by PeckShield [archive]
- On-chain message from Radiant Capital to the exploiter [archive]
Wallet security startup founder scammed out of $125,000
"I just got scammed out of $125k of stEth while trying to claim the $LFG airdrop. And I'm a fking founder of a wallet startup that's trying to improve wallet security..." wrote Lou on Twitter. "This is the first time I've been scammed. I always read about others but you never think it could happen to you..." he wrote.
If the founder of a wallet security project can't avoid scams in the crypto world, what hope do the rest of us have?
Orbit Bridge hacked for $81 million
Orbit began sending the attacker on-chain messages, writing that "we will track you down and restore the damage you incurred to the ecosystem. And we will not stop." Orbit also wrote on Twitter that they were working with various law enforcement agencies.
Wallet gets phished for $4.4 million
The attack was perpetrated by the Pink Drainer group, which had recently compromised the Twitter account of Compound Finance to try to lure its more than 250,000 followers into authorizing the malicious drainer. It's not clear if that's how this wallet was drained, however, as Pink Drainer uses numerous strategies to attract victims.