DeFi Exploits: Bankroll Network Hacked
Bankroll Network Breach
On September 22, the decentralized finance (DeFi) protocol, Bankroll Network, faced a security breach. A hacker exploited the system, resulting in a loss of $230,000. This incident was highlighted by TenArmor, a blockchain security platform, which shared detailed images of the attack transactions. The hacker managed to execute multiple transfers of BNB from the BankrollNetworkStack contract to itself. Each transaction was valued at $9,679,645.51.
Transaction Analysis
Two additional transfers, each worth $9,435,877.94, were noted. One came from a PancakeSwap exchange pool and was directed to an account ending in “47D7.” The other transfer was from the “47D7” account back to the BankrollNetworkStack contract. The discrepancy between the self-transfers and the account transfer is approximately $243,767.57, which is close to the reported loss of $235,000. This suggests that the attacker exploited a vulnerability allowing withdrawals greater than their deposits, possibly using flash loans to make the initial deposit.
Blockchain Data Confirmation
Blockchain data confirmed the suspicious transactions occurred at 4:50 PM UTC on September 22. Despite attempts to contact the Bankroll Network team, no response was received by the time of this report. This kind of DeFi exploit highlights the ongoing risks in the Web3 ecosystem. Users are advised to thoroughly research and ensure protocols are audited by reputable security firms, though even this does not guarantee complete safety.
Phishing Attack: $250,000 Laundered Through CoW Protocol
Phisher’s Maneuver
On August 28, a phishing attacker who had previously stolen $55.4 million from a crypto whale’s wallet moved $250,000 of the stolen funds through the CoW decentralized finance protocol. This attempt to launder the stolen assets was detected by PeckShield, a blockchain security platform. The attacker converted the stolen DAI stablecoin into ETH and transferred it to a new address on September 14.
Transaction Breakdown
The transaction, visible on Etherscan, involved 33 individual trades under the “MoooZ1089603480” function call. The account labeled “Fake_Phishing442897” sent $260,000 worth of DAI to CoW and received approximately 106.29 ETH in return. The function was likely called by a third-party paymaster or relayer, which could have been an attempt to obscure the funds’ trail. However, this strategy did not succeed in preventing the funds from being traced.
Tracking the Stolen Funds
Further investigation revealed that the attacker received $3,000 worth of DAI by swapping ETH through CoW the previous day. Tracing back to August 20, the attacker had initially received 3,879.58 ETH (around $10,000,000 at that time) from CoW by trading DAI. The ETH was then transferred through several addresses before being detected by PeckShield’s system.
Implications and Security Measures
This incident underscores the importance of vigilance in the crypto space. Phishing attacks often trick users into authorizing malicious contracts, leading to significant losses. It is crucial for users to carefully inspect the addresses and contracts they interact with to avoid falling victim to such scams.
Malware Corner: D-Link Telnet Vulnerabilities
D-Link Router Vulnerabilities
On September 16, networking device manufacturer D-Link disclosed five vulnerabilities in some of its router models. These vulnerabilities could potentially allow attackers to gain access to a user’s home network and devices, risking the security of crypto wallets.
Specific Vulnerabilities
The first two vulnerabilities, CVE-2024-45695 and CVE-2024-45694, involve a stack-based overflow that allows attackers to execute arbitrary code on the device. The DIR-X4860 and DIR-X5460 models are affected by these vulnerabilities.
Three additional vulnerabilities affect the DIR-X4860 and the discontinued COVR-X1870 models. These devices can be compromised using hardcoded credentials if Telnet is enabled. The vulnerability CVE-2024-45697 allows attackers to activate Telnet service by plugging the internet or WAN port into the modem, enabling them to execute OS commands.
Firmware Update Recommendation
D-Link has urged users to upgrade their devices to the latest
