Binance Smart Chain Hacked $2 Million Lost in Phishing Attack

In the ever-evolving landscape of cryptocurrency, security breaches and exploits continue to pose significant threats. Recently, blockchain security firm CertiK revealed that in May alone, approximately $140.1 million was lost to various crypto hacks, scams, and exploits, with an additional $162 million in assets frozen. Notably, phishing attacks accounted for about $8.5 million of the total losses, highlighting the pervasive nature of these security threats.

CertiK has flagged a major exploit on the Binance Smart Chain (BSC), where an attacker drained nearly $2 million by abusing a smart contract function called printMoney(). The exploit was carried out by a known attacker operating from address 0xd5c6f3...122c. The individual repeatedly triggered the printMoney() function on their authorized attack contract. The unauthorized access stemmed from a compromised victim contract linked to the address 0xb5cb0, which had unknowingly approved the malicious contract about eight hours before the attack.

CertiK believes the victim contract deployer’s private key may have been phished or otherwise compromised, leading to the unauthorized approval transaction. This gave the attacker full permission to transfer the victim’s tokens. Once access was secured, the attacker swiftly converted the stolen derivative tokens into BNB and stablecoins. As of now, the exploiter is holding approximately $1.96 million worth of assets at their address.

This incident is part of a broader trend of significant crypto hacks this year, with other major platforms like Coinbase losing $400 million and Cetus on the Sui network hit for $220 million. These incidents underscore the risks associated with cryptocurrency if proper security measures are not in place. According to CertiK, one of the biggest mistakes is trusting unverified smart contracts or having weak security for private keys. In the recent BSC hack, that’s exactly what went wrong. The attacker was able to steal millions because the victim’s contract wasn’t properly secured.

CertiK is now tracking the hacker’s wallet and keeping an eye on suspicious activity. They’ve also reminded users and developers to always check contract approvals, use well-audited code, and avoid rushing into transactions. The community is urged to stay alert and vigilant, as the risks in the crypto space are ever-present. CertiK’s advice is simple: be careful, stay alert, and don’t rush into anything.