- LaunchZone’s Bscex SwapX contract was hit, resulting in the loot of approximately $7.7 million in funds.
- 75,586 addresses were still at risk because the main attacker was still on the lookout.
The DeFi ecosystem remained a happy hunting ground for hackers as yet another protocol fell victim to an exploit.
A vulnerability in LaunchZone’s early contract Bscex SwapX [LZ]a BNB Chain-based decentralized exchange (DEX), was exploited, resulting in the loot of approximately $7.7 million in funds.
Exactly one month ago, $700,000 in funds were leaked of LaunchZone’s liquidity pool, after which its native token tanked LZ and other platforms suspended transactions related to the token.
🚨 #LaunchZone #BSCex Security Alert 🚨
🔓 Over $7 Million Exploited Due To Vulnerability In SwapX Contract
🏦 More than 34,000 addresses are at risk – Check and withdraw ASAP!🔍 More details & data:https://t.co/uel6QiOkg6
— Scam Sniffer (@realScamSniffer) March 27, 2023
A problem with wallet authorization?
According to fraud detection platform Scam Sniffer, the hacker exploited a loophole in the SwapX contract to exchange users’ funds for low-value tokens. More than 34,000 wallets were affected according to data on Dune dashboard.
While users were warned that about 7,838 wallets had been revoked, 75,586 addresses were still at risk. Scam Sniffer stressed that the attacker’s addresses were still active and advised users to check their wallet authorization and revoke it as soon as possible. This is to prevent further loss of funds.
Source: Dune
Yu Xian, the founder of blockchain security firm SlowMist, ventured into the matter, saying hackers may have targeted wallet addresses exposed to authorization risks.
Notably, two to three years ago, there was a loophole in a wallet address authorization project and hackers were looking for users who did not revoke the authorization.
谁能想到2~3年前钱包地址授权的一个项目出漏洞,许多用户一直没取消授权,有黑客就不断监已经超过 700万美金被盗了。 https://t.co/BmCZMUjIss
— Cos(余弦)😶🌫️ (@evilcos) March 27, 2023
Lately, the BNB Chain ecosystem has fallen prey to various hacks and exploits. It was at the center of a sensational $570 million hack last October.
Hackers exploited a bug in the chain’s smart contract and transferred about 2 million tokens to their wallets. After the hack, Binance had to immediately suspend withdrawals and deposits.
Still, the network has taken several steps to combat DeFi hacks. Earlier in March, Binance announced that it will work with law enforcement agencies around the world to combat crypto-related scams.
The DeFi ecosystem experienced its biggest hack of 2023 when the Ethereum-based non-custodial lending protocol Euler Finance was the target of a flash lending attack on March 13. This resulted in a loss of $197 million.
However, in a surprising turn of events, the hacker suggested making peace with the DeFi protocol and returned most of the stolen money.
