The increasing instances of phishing, wallet hacking, and security violations are causing distress in the cryptocurrency sector. Blockchain security company, CertiK, recently disclosed that roughly $140.1 million was lost to cryptocurrency exploits, hacks, and scams in May alone, with about $162 million in assets being frozen. Phishing incidents notably contributed to around $8.5 million of the total losses.
CertiK has detected a significant exploit on Binance Smart Chain (BSC), where a perpetrator siphoned nearly $2 million by misusing a smart contract function known as printMoney(). Exploiter Manipulates Authorized Contract to Loot Funds Twitter Link A recognized attacker carried out the exploit from address 0xd5c6f3…122c. This person repeatedly activated the printMoney() function on their authorized attack contract. The unauthorized intrusion originated from a compromised victim contract associated with address 0xb5cb0, which had unknowingly authorized the malicious contract approximately eight hours before the attack.
CertiK suspects the victim contract deployer’s private key was either phished or compromised in some other way, leading to the unauthorized approval transaction. This allowed the attacker to fully transfer the victim’s tokens. Hacker Transforms Funds and Possesses Nearly $2M Twitter Link Once the attacker had access, they quickly transformed the stolen derivative tokens into BNB and stablecoins. Currently, the exploiter holds about $1.96 million worth of assets at their address.
The crypto community is urged to remain vigilant as several major crypto hacks have been reported this year. Coinbase lost $400 million, Cetus on the Sui network was hit for $220 million, and other platforms like Phemex and UPCX have also suffered significant losses. These incidents demonstrate the high risk involved in the crypto space if not properly managed. According to CertiK, trusting unverified smart contracts or having weak security for private keys are among the biggest blunders. In a recent BSC hack, these were the exact issues that led to the theft of millions.
CertiK is actively monitoring the hacker’s wallet and is on the lookout for suspicious activity. They’ve also reminded users and developers to consistently verify contract approvals, use thoroughly audited code, and avoid rushing transactions. CertiK’s advice is straightforward – be cautious, stay vigilant, and don’t rush decisions.
