A hacker attacked the decentralized finance protocol Bankroll Network, draining $230,000, according to a post by blockchain security platform TenArmor.
TenArmor shared details of the attack, showing several large transfers of Binance Coin (BNB) from a BankrollNetworkStack contract to itself. Each transfer was valued at $9,679,645.51.
Two additional transfers, worth $9,435,877.94, involved movement of funds from a PancakeSwap exchange pool to an account ending in “47D7” and then back to the BankrollNetworkStack contract.
The discrepancy between these transfers, roughly $243,767.57, is close to the reported $230,000 loss, suggesting the hacker exploited a vulnerability allowing them to withdraw more than they deposited, possibly using flash loans for the initial deposit.
Blockchain data confirms that the transfers occurred at 4:50 pm UTC on Sept. 22. Bankroll Network has not yet confirmed that the transactions are the result of an exploit.
DeFi protocols have been frequent targets of exploits. In August, Nexera Protocol suffered an exploit, leading to the loss of $1.5 million in digital assets. The DeFi protocol, which bridges traditional finance with DeFi, was hit by hackers who stole Nexera (NXRA) tokens.
Hackers often convert stolen tokens into Ether to launder the funds through cryptocurrency mixers like Tornado Cash, complicating the tracing efforts by cybersecurity firms.
The Nexera exploit adds to the growing list of DeFi hacks in 2024, coming just a day after Ronin Network was exploited for $9.8 million worth of Ether by a suspected white hat hacker who later returned the funds.
Crypto hacks have been escalating in 2024. The first quarter alone saw $542.7 million stolen, a 42% increase from the same period in 2023. July was particularly severe, with over $266 million stolen across 16 attacks, including a $230 million theft from Indian exchange WazirX, the second-largest hack of the year.
The WazirX hacker has been attempting to funnel the stolen funds, consolidating $57 million worth of ETH into new addresses by July 22.
Most recently, Singapore-based cryptocurrency exchange BingX’s estimated loss from a suspected hack on Friday more than doubled to over $52 million, following further investigations.