chaindrainMVP
Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

frontend dns hijackDemo

Jun 24, 2024 · $517.3K · frontend

Narrative

On 2024-06-24, CryptoQuant suffered a frontend dns hijack incident resulting in approximately $517,321 in losses. The exploit targeted the frontend layer. Attribution: dprk_lazarus. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
frontend_dns_hijack
Secondary causes
supply_chain_npm
Attack layer
frontend
Strategy
tech_vuln
Actor role
target
Attribution
dprk_lazarus
Attacker address
0xbe62c87a89a3ee3fb0bad3bc028901f2773b9cbe
Flash loan
no
Audited at time
no
Bounty at time
no

AADAPT mappings

DEMO:AADAPT.TA0001DEMO:AADAPT.TA0008DEMO:AADAPT.T1071.001DEMO:AADAPT.T1583.001

Evidence

Disclosure date
Jun 27, 2024
Funds recovered
$210K
Audit firms at time
Post-mortem URLs (synthetic)
  • https://medium.com/cryptoquant/post-mortem-cryptoquant-2024-06-24
  • https://rekt.news/cryptoquant-rekt
  • https://blog.cryptoquant.xyz/incident-report
tx hashes (1)
  • 0xf8430261993aa437fbcd83b8ea00fefe2de3ac9d68e370d3454aca42dc4e8d7b