Problems galore for DeFi ecosystem as another protocol gets compromised
- LaunchZone’s Bscex SwapX contract was hit resulting in the loot of about $7.7 million of funds.
- 75,586 addresses were still at risk as the main attacker was still on the lookout.
The DeFi ecosystem continued to be a happy hunting ground for hackers as yet another protocol fell victim to an exploit.
A vulnerability in the early contract Bscex SwapX of LaunchZone [LZ], a BNB Chain-based decentralized exchange (DEX), was exploited resulting in the loot of about $7.7 million of funds.
Exactly a month ago, $700,000 worth of funds were drained out of LaunchZone’s liquidity pool, following which its native token LZ tanked and other platforms suspended transactions involving the token.
🚨 #LaunchZone #BSCex Security Alert 🚨
🔓 Over $7M exploited through SwapX contract vulnerability
🏦 34,000+ addresses at risk – Check & revoke ASAP!
🔍 More details & data:https://t.co/uel6QiOkg6
— Scam Sniffer (@realScamSniffer) March 27, 2023
An issue with wallet authorization?
According to the fraud detection platform Scam Sniffer, the hacker exploited a SwapX contract loophole to trade users’ funds for low-value tokens. More than 34,000 wallets were affected as per the data on Dune Dashboard.
While users were alerted that about 7,838 wallets were revoked, 75,586 addresses were still at risk. Scam Sniffer highlighted that the addresses of the attacker were still active and advised users to check their wallet authorization and revoke it as soon as possible. This, in order to prevent further loss of funds.
Yu Xian, the founder of the blockchain security firm SlowMist, waded into the issue and said that hackers might have targeted wallet addresses with authorization risk exposure.
Notably, there was a loophole in a wallet address authorization project two to three years ago and hackers were on the lookout for users who didn’t revoke the authorization.
谁能想到2～3年前钱包地址授权的一个项目出漏洞，许多用户一直没取消授权，有黑客就不断监测这些存在授权风险敞口的钱包地址，一旦发现有资金就盗走…已经超过 700 万美金被盗了。 https://t.co/BmCZMUjIss
— Cos(余弦)😶🌫️ (@evilcos) March 27, 2023
Of late, the BNB Chain ecosystem has fallen prey to several hacks and exploits. It was at the center of a sensational $570 million hack in October last year.
Hackers exploited a bug in the chain’s smart contract and transferred about 2 million tokens into their wallets. Following the hack, Binance had to immediately suspend withdrawals and deposits.
Even so, the network has undertaken several steps to combat DeFi hacks. Earlier in March, Binance announced that it will partner with law enforcement agencies worldwide to combat crypto-related scams.
The DeFi ecosystem saw its biggest hack of 2023 when Ethereum-based noncustodial lending protocol Euler Finance was targeted by a flash loan attack on 13 March. Thus, resulting in a loss of $197 million.
However, in a surprising turn of events, the hacker proposed to make peace with the DeFi protocol and returned the majority of the stolen funds.