| Number | Capec-ID | Threat ||---------------------|--------------------------

1. | Number | Capec-ID | Threat |
2. |---------------------|-----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
3. | 1 | CAPEC-225: Subvert Access Control | A hacker successfully gains control of a privileged user account and transfers the funds to her own account.
4. | 2 | CAPEC-225: Subvert Access Control | A hacker successfully infiltrates an employee's computer and retrieves the file containing the private keys for an account. |
5. | 3 | CAPEC-225: Subvert Access Control | The administrative account is compromised allowing the hacker to make unauthorized fund transfers. |
6. | 4 | CAPEC-210: Abuse Existing Functionality | Functions used by developers to upgrade the smart contracts was utilized to drain funds from the contract system. |
7. | 5 | CAPEC-156: Engage in Deceptive Interactions | The official website is hacked and replaced with a false one that records user information and attempts to lure them into uploading their private keys. |
8. | 6 | CAPEC-156: Engage in Deceptive Interactions | The system administrator receives a call from what he thought is his CTO to reset his password. A hacker uses the CTO's account to gain access to a server that stores the private key of an account and drains all its fund. |
9. | 7 | CAPEC-125: Flooding | A hacker deliberately drives up the price of gas in order to prevent a token sale from successfully completing. |
10. | 8 | CAPEC-125: Flooding | Denial of Service attack executed by sending a lot of simultaneous requests to a centralized application makes the service unusable. |≤
11. | 9 | CAPEC-98: Phishing | Compromised e-mail accounts are used to send e-mails soliciting for user account information from employees. |
12. | 10 | CAPEC-98: Phishing | E-mails containing malicious attachments are sent to employees to infect their computers and look for wallet private keys. |
13. | 11 | CAPEC-98: Phishing | The organization's telegram channels are used to solicit users under false claims to transfer funds to the hacker's own account. |
14. | 12 | CAPEC-255: Manipulate Data Structures | Captured by the Smart Contract specific incidents. |
15. | 13 | CAPEC-118: Collect and Analyze Information | The Gitter Channel is monitored for a few weeks as the hacker wants to find out who was on the technical team of the company. |
16. | 14 | CAPEC-118: Collect and Analyze Information | Hacker monitors the traveling patterns of company employees in order to successfully steal a company-issued laptop. |
17. | 15 | CAPEC-118: Collect and Analyze Information | Hacker analyzes organization's e-mail traffic in order to find out who their hosting service provider and to leverage the information for further attacks. |
18. | 16 | CAPEC-212: Functionality Misuse | Captured by the Smart Contract specific incidents. |
19. | 17 | CAPEC-21: Exploitation of Trusted Credentials | The CTO utilizes his credentials to steal funds from the organization's wallet after being terminated. |
20. | 18 | CAPEC-21: Exploitation of Trusted Credentials | An employee left the organization due to a dispute and posted all the private keys in a public forum. |