2025-01-12
Targeted Protocol: Asset Dash
Lack of rate limiting leaves the API vulnerable to Denial of Service (DoS) attacks, rendering the service inaccessible. Coupled with insecure headers allowing the site to be used as an attack vector.
Multi-Hack
2025-01-07
Targeted Protocol: AIXBT
Lack of rate limiting leaves the API vulnerable to Denial of Service (DoS) attacks, rendering the service inaccessible.
Availability
2025-01-06
Targeted Protocol: Griffain
Lack of rate limiting leaves the API vulnerable to Denial of Service (DoS) attacks, rendering the service inaccessible.
Availability
2025-01-03
Targeted Protocol: Akasha Rising
Discovered and exploited insecure public API to mine sensitive API keys and manipulate game data through memory modification.
Multi-Hack
2024-12-31
Targeted Protocol: Griffain
Loophole in API where users can send mail for free as opposed to paying on the website UI.
API Vulnerability
2024-12-31
Targeted Protocol: Stealth AI
Unauthenticated API with incorrect token scope allowing users to read and modify other users account data and emails.
API Vulnerability
2024-12-22
Targeted Protocol: Palm AI
Discovered and exploited insecure public API routes to extract user data and manipulate the Palm Island Telegram game functionality.
API Security Breach
2024-12-20
Targeted Protocol: Jump.Trade
Exploited insecure public API routes to extract Twitter credentials from the platform.
API Security Vulnerability
2024-12-18
Targeted Protocol: Virtuals Protocol
Identified and exploited insecure public API routes to extract sensitive user data from the platform.
Data Security Breach
2024-12-15
Targeted Protocol: Holo World AI
Successfully exploited insecure public API routes to mine user data from the platform.
API Vulnerability
2024-12-12
Targeted Protocol: Paal AI
Leveraged exposed API endpoint to extract user data from the platform's database.
API Vulnerability
2024-12-10
Targeted Protocol: Moemate AI
Exploited exposed API endpoint to extract both Stripe payment information and personal user data.
API Vulnerability
2024-12-08
Targeted Protocol: Axie Infinity
Data mined game files to extract deployment credentials for Android and iOS platforms along with external analytics service credentials.
DLL Reverse Engineering
2024-12-05
Targeted Protocol: Vault Terminal
Exploited server configuration vulnerability to extract AWS server credentials and OpenAI API keys.
Server Security Breach
2024-12-03
Targeted Protocol: Zerebro
Extracted Firebase configuration through hardcoded client-side variables and bypassed token gate through direct API server access.
Configuration Leak
2024-11-30
Targeted Protocol: Safrootics
Exploited exposed leaderboard endpoint to extract extensive user data from the web3 game platform.
Endpoint Vulnerability
2024-11-28
Targeted Protocol: Xociety
Exploited exposed endpoint to extract sensitive user data, affecting over 9,000 user accounts.
Data Security Breach
2024-11-25
Targeted Protocol: Pixel Realm
Exploited exposed endpoints in NFT marketplace to extract sensitive user data including email addresses, contact information, and passport details.
Marketplace Security Breach
2024-11-22
Targeted Protocol: Earnscape
Leveraged exposed endpoints to extract personal and sensitive data from various game studios on the platform.
Platform Security Breach