According to statistics from multiple blockchain security monitoring platforms, in October 2025, there were a total of 21 incidents in the cryptocurrency field due to active attacks by hackers (including vulnerability exploitation and permission theft), resulting in direct losses of approximately 620 million USD; during the same period, Rug Pull and scam incidents reached 15 cases, with involved amounts exceeding 120 million USD. Cross-chain bridges and DeFi contracts have become the main targets for hackers, while 'pseudo-official endorsement' and 'delayed authorization' have become new tactics for scams, with security risks showing a dual-line high incidence trend.
Hacker attacks
Typical security incidents 6 cases
• Abracadabra contract logic vulnerability attack
Loss Amount: Loss of 1.8 million US dollars, user funds were not affected
Nature of Attack: Hackers exploited 'cook function' solvency validation vulnerabilities for repeated attacks
Event Details: On October 4, the attackers manipulated the 'borrowing process (Operation 5)' and 'null update (Operation 0)' commands to bypass verification steps and borrowed 1.79 million US dollars in MIM stablecoins, exchanging them for ETH, which was then laundered through Tornado Cash. This is the third similar attack on the protocol in 2025, with total losses exceeding 21 million US dollars.
• BNB Chain cross-chain bridge vulnerability attack
Loss Amount: Stolen amount of 105 million US dollars, the largest single hacker attack loss in 2025
Nature of Attack: Active intrusion initiated by hackers exploiting cross-chain bridge verification logic vulnerabilities
Event Details: On October 6, attackers forged a validation proof for block (110217401) to bypass the hash verification mechanism of the BSC Token Hub cross-chain bridge, stealing 2 million BNB (worth approximately 566 million US dollars) in two transactions. Although BNB Chain urgently froze the network, 105 million US dollars in assets were still transferred, and Tether has frozen 7 million US dollars in addresses associated with the hackers.
• Astra Nova AI platform hacker attack
Loss Amount: Loss of 10.3 million US dollars, no indirect chain losses
Nature of Attack: Hackers exploited third-party market maker account vulnerabilities to infiltrate minting contracts
Event Details: On October 18, attackers exploited a vulnerability to steal 860 million RVV tokens from the project's minting contract, exchanging them for USDT and transferring them to exchanges such as Gate and KuCoin, with on-chain data estimating losses of approximately 10.3 million US dollars. Although the project team launched a 10% bounty program and promised to repurchase tokens, only 2 million US dollars of the stolen funds are under monitoring, with the rest laundered through over-the-counter channels.
• Moola Market lending protocol attack incident
Loss Amount: Loss of 10.3 million US dollars, no indirect chain losses
Nature of Attack: Active attack combining flash loans with price manipulation vulnerabilities
Event Details: On October 19, attackers initiated a flash loan on the Celo network to borrow a large amount of CELO, artificially inflating the price of the native MOO token on the Moola Market platform, and profiting from the price difference of 8.4 million US dollars; the protocol team urgently suspended all lending and trading functions, later announcing that they would compensate affected users in phases using platform reserves and future income through DAO proposals.
• Bunni DEX contract vulnerability attack
Loss Amount: Loss of 8.4 million US dollars, no indirect chain losses
Nature of Attack: Hackers exploited contract rounding logic vulnerabilities combined with flash loan arbitrage
Event Details: On October 23, the attackers targeted the weETH/ETH and USDC/USDT pools on Unichain, profiting from manipulating liquidity and swap transactions, resulting in a project loss of 8.4 million US dollars. Due to the failure to recover funds and the high cost of restarting, the project announced a permanent closure on October 23, allowing users to withdraw only the remaining 1.3 million US dollars in assets.
• 402Bridge cross-chain bridge was hacked
Loss Amount: 17,600 USDC (approximately 17,600 US dollars)
Nature of Attack: Hackers exploited third-party market maker account vulnerabilities to infiltrate minting contracts
Event Details: On October 28, due to the leakage of the project team's private key, hackers transferred remaining USDC authorized by over 200 users to contracts, resulting in a loss of approximately 17,693 USDC.
Rug Pull / Phishing Scam
A total of 8 typical security incidents
(1) On October 5, a victim with an address starting with 0x5565 lost 499 US dollars due to a phishing approval signed 90,691 days ago.
(2) On October 7, a victim with an address starting with 0xf875 lost 96,352 US dollars after signing a malicious 'permit' signature.
(3) On October 8, a victim with an address starting with 0x8C42 lost 439,922 US dollars after signing a malicious 'permit' signature.
(4) OracleBNB Project Rug Pull
Time: October 10
Nature of Event: A typical exit scam with forged 'official endorsements'
Details: The OracleBNB project on BNB Chain was monitored for a Rug Pull, and the official social media accounts were deleted overnight, with 1,431 victims deceived. The project team disguised it as a 'Binance incubated project' by acquiring old accounts, using 'low-risk mining' as a gimmick to attract funds, and on-chain data shows core assets have been transferred to a mixer.
Amount Involved: Specific amounts not disclosed, with an average loss per victim exceeding 10,000 US dollars.
(5) On October 11, a victim with an address starting with 0x2EDB lost 72,572 US dollars worth of ASTER after signing a malicious 'allow' signature.
(6) On October 14, a victim with an address starting with 0x4aF9 lost 209,816 US dollars worth of WBTC and tBTC after signing malicious 'permit' and 'increaseApproval' signatures.
(7) 'Ghost Authorization' phishing scam
Time: October 23 (Exposed in October, attack period spans 458 days)
Nature of Event: Delayed authorization theft scam
Details: Hackers induced users to sign 'permanent authorization' transactions through a forged airdrop website, lying in wait for 458 days, and triggered the authorization to steal all assets within 10 minutes after the victim transferred 908,000 USDC. The malicious address is associated with the 'pink-drainer.eth' siphoning wallet, with 23 users confirmed as victims of similar scams.
Amount Involved: A single loss of 908,000 US dollars, with similar cases totaling over 3 million US dollars this month.
(8) GMGN Advanced Phishing Scam
Time: October 28
Details: Attackers obtained the tokens of users' GMGN accounts through phishing websites without leaking private keys, profiting over 700,000 US dollars by investing user funds in 'Pixiu Plate' (buy only, sell not allowed) and withdrawing liquidity.
