A hacker attacked decentralized finance protocol Bankroll Network, draining $230,000, according to a post from blockchain security platform TenArmor.
TenArmor shared details of the attack, showing several large transfers of Binance Coin (BNB) from a BankrollNetworkStack contract to itself. Each transfer was valued at $9,679,645.51.
Two additional transfers, worth $9,435,877.94, involved moving funds from a PancakeSwap swap pool to an account ending in “47D7” and then to the BankrollNetworkStack contract.
The gap between these transfers, approximately $243,767.57, is close to the reported loss of $230,000, suggesting that the hacker exploited a vulnerability that allowed him to withdraw more than he deposited, possibly using flash loans for the initial deposit.
Blockchain data confirms that the transfers took place at 16:50 UTC on September 22. Bankroll Network has not yet confirmed that the transactions are the result of an exploit.
DeFi protocols have often been the target of exploits. In August, the Nexera protocol suffered an exploit, resulting in the loss of $1.5 million worth of digital assets. The DeFi protocol, which bridges traditional finance with DeFi, was hit by hackers who stole Nexera (NXRA) tokens.
Hackers often convert stolen tokens into Ether to launder the funds through cryptocurrency mixers like Tornado Cash, complicating cybersecurity firms’ tracing efforts.
The Nexera exploit adds to the growing list of DeFi hacks in 2024, coming just a day after Ronin Network was exploited for $9.8 million worth of Ether by a suspected white hat hacker who later returned the funds.
Cryptocurrency hacks have been on the rise in 2024. In the first quarter alone, $542.7 million was stolen, a 42% increase over the same period in 2023. July was particularly bad, with more than $266 million stolen in 16 attacks, including a $230 million theft from Indian exchange WazirX, the second-largest hack of the year.
The WazirX hacker attempted to funnel the stolen funds, consolidating $57 million worth of ETH into new addresses by July 22.
More recently, Singapore-based cryptocurrency exchange BingX’s estimated loss from an alleged hack on Friday more than doubled to over $52 million following further investigations.
