The decentralized finance (DeFi) protocol Bankroll Network has fallen victim to a major security breach, resulting in the loss of $230,000, according to a report from blockchain security firm TenArmor.
The hack, which took place on September 22, marks yet another instance of a DeFi protocol being exploited by malicious actors.
TenArmor’s investigation revealed a series of suspicious transactions involving the transfer of BNB tokens from a Bankroll contract.
The hacker allegedly exploited a vulnerability in the system that allowed them to withdraw more funds than they deposited. Utilizing flash loans to manipulate the system, the attacker drained over $230,000 from the platform.
Blockchain data showed a pattern of transactions, with multiple transfers of large sums to and from a BankrollNetworkStack contract.
These movements are believed to have been part of the exploit, as the hacker repeatedly moved funds to disguise their actions.
Despite the severity of the hack, Bankroll Network has yet to confirm the breach or provide an official response, leaving users in the dark. Efforts to reach the platform’s team have been unsuccessful.
The DeFi space has seen a surge in hacks and security breaches, with billions of dollars lost to bad actors. Users of decentralized platforms are often vulnerable to attacks due to the complexity and evolving nature of smart contracts. While some DeFi platforms undergo audits by security firms, no system is immune to potential vulnerabilities.
In a related incident, another crypto phishing scammer moved $250,000 in stolen funds through the CoW decentralized finance protocol, as identified by blockchain security platform PeckShield. The scammer had previously stolen $55.4 million from a crypto whale and used CoW to launder a portion of the stolen assets.
PeckShield tracked the scammer’s activity and identified suspicious transactions where the attacker exchanged stolen DAI stablecoin for Ethereum (ETH) in an attempt to cover their tracks. Despite their efforts, the attacker’s movements were detected, and the stolen funds remain traceable.