Bankroll Network DeFi Hacked: $50M Phisher Moves Crypto on CoW
Massive Exploit Drains Bankroll Network
A recent attack on the decentralized finance (DeFi) protocol Bankroll Network resulted in a loss of $230,000. The breach occurred on September 22, and blockchain security platform TenArmor provided details through a post the following day. The attack exploited a vulnerability in the BankrollNetworkStack contract, enabling the hacker to execute multiple transfers of BNB tokens.
Details of the Bankroll Attack
The hacker managed to transfer significant amounts of BNB within the system, totaling more than $19 million. However, the actual loss reported was around $230,000. The attack involved manipulating self-transfers and external transfers, creating a discrepancy that allowed the hacker to siphon off funds. The method employed likely involved flash loans to facilitate the initial deposit, exploiting a loophole to withdraw more than what was deposited.
Uncertainty Surrounding the Exploit
As of now, Bankroll Network has not officially confirmed the exploit, and investigations are ongoing. This incident underscores the persistent risks within the DeFi sector, where vulnerabilities can lead to substantial financial losses. Users are advised to thoroughly vet the security measures of any DeFi protocol before engaging with it.
Phisher Moves $250,000 Through CoW Protocol
In a separate incident, a phishing attacker laundered $250,000 through the CoW decentralized finance protocol. This individual had previously stolen $55.4 million from a cryptocurrency whale. The attacker converted the stolen DAI stablecoin into ETH, moving the funds through a series of transactions to obscure the money trail.
Tracking the Phishing Scam
PeckShield, a blockchain security firm, detected the laundering operation on September 14. The attacker utilized a function call labeled “MoooZ1089603480,” executing 33 trades to exchange DAI for ETH. Despite attempts to obfuscate the trail by using third-party paymasters, the funds were traced back to the original phishing attack.
The Mechanics of Phishing Attacks
Phishing attacks in the crypto space often involve tricking users into authorizing malicious contracts. Once authorized, attackers can drain the victim’s wallet. In this case, the stolen funds were split across multiple wallets and swapped for different tokens to evade detection. Security firms are working to trace these transactions in hopes of recovering the stolen assets.
D-Link Router Vulnerabilities Exposed
D-Link recently disclosed five vulnerabilities in some of its router models, posing risks to users’ home networks, including those who hold cryptocurrency wallets. These vulnerabilities allow attackers to gain unauthorized access and execute arbitrary code on the devices.
Specific Vulnerabilities and Their Impacts
The identified vulnerabilities include stack-based overflows and hardcoded credentials, affecting models such as DIR-X4860, DIR-X5460, and the discontinued COVR-X1870. Some of these vulnerabilities can be exploited remotely, while others require physical access to the network. D-Link has urged users to update their firmware to mitigate these risks.
Importance of Network Security for Crypto Users
For cryptocurrency users, securing home networks is critical. Cybercriminals can exploit network vulnerabilities to monitor online activities, potentially leading to targeted attacks. Ensuring that all devices are updated and following best security practices can help protect against such threats.
Conclusion
The recent incidents involving Bankroll Network and the phishing attack through CoW highlight the ongoing security challenges in the cryptocurrency and DeFi sectors. Users must remain vigilant, continuously update their security measures, and stay informed about potential vulnerabilities to safeguard their assets.
