Decentralized exchanges Launch Zone (LZ) and BSCex (BSCX) suffer from contract vulnerabilities — already losing more than $7.7 million on them, according to crypto sleuths Scam Sniffer and SlowMist.
The vulnerability was discovered on March 27 around 03:00 UTC and more than 34,000 wallets are at risk, according to Scam Sniffer data shared.
The vulnerability
The problem lies in the SwapX contract on the BNB Chain (BNB) – detected after a user reported that their Binance USD (BUSD) was stolen.
The stolen funds can be traced back to an authorized SwapX contact launched more than 700 days ago. Four contracts are considered vulnerable, which were deployed on Jan. 2021, May. 2021, July 2021 and Oct. 2021.
At the time of writing, the attacker’s primary addresses and gains are still active. The exploiter uses SwapX to launder trade or exchange stolen funds for low value tokens.
The founder of SlowMist, @evilcos, noticed about the SwapX vulnerability and suggested they saw it coming a few years ago. The translation of his tweet reads:
“Who would have thought there was a loophole in a wallet address authorization project 2 to 3 years ago. Many users have not revoked the authorization. Hackers will continue to track these wallet addresses with exposure to authorization risks. Once they find money, they will steal them…”
BNB chain for exploits
According to a recent survey, the crypto world has lost $372 million in scams and exploits since the beginning of the year.
The report also revealed that the BNB chain is the most popular destination for crypto criminals. Since the beginning of the year, 47 attacks and exploits have been registered. Of the attacks, BNB Chain suffered 18 episodes – accounting for more than 38% of the attacks.
Data from 2022 shows the growth rate of the BNB chain. A December 2022 DappRadar report found that BNB Chain has the highest number of dApps deployed in 2022 by launching 2,163 dApps.
Meanwhile, another report from the same month revealed that 12% of all tokens wagered on the BNB Chain were back pull scams. The study discovered 117,629 scam tokens deployed in the first 11 months of 2022 – indicating that BNB Chain hosted 14,115 scam tokens between January 2022 and November 2022.
The post Launch Zone, BSCex Suffers Contract Vulnerability – Over $7 Million Deflated appeared first on CryptoSlate.
