BSC Alert: Wild Hack Causes Loss of Funds for Users!
An In-the-Wild Hack recently occurred on the Binance Smart Chain (BSC) that caused the loss of funds for some users. While the contract was unverified, the root cause is a wild allowance for losing innocent users.
According to BSCScan, a malicious user exploited a vulnerability in the contract and transferred many tokens from an unverified contract. The attacker could pull off the exploit due to a wild allowance within the contract, allowing more funds to get transferred.
🚨🚨🚨 There is an in-the-wild hack https://t.co/sM70tpesZb. While the contract is not verified, the root cause appears to be the wild allowance at the loss of innocent users. Please revoke your allowance, if any, to https://t.co/dP4JqOlxMF pic.twitter.com/P2dd7i61NZ
— PeckShield Inc. (@peckshield) February 27, 2023
How the Hack Occurred?
The hacker could send more tokens than were available for the transfer due to a wild allowance in the contract. It allowed them to use up more funds than were present in the asset contract. Once the attacker had access to the funds, they quickly moved them to various wallets, making it difficult to trace the money or recover the stolen funds.
Impact on BSC Users
The users that had their funds stolen transferred 8,000 BNB (~$1.6 million) and 10,000 BUSD (~$10 million). The exact impact of the hack has yet to be determined, as it is unknown how many users were affected by this breach. However, some users likely had all of their funds stolen, while others may have lost a portion of their holdings.
Steps being taken to Prevent Future Breaches
In response to the attack, the Binance Smart Chain has implemented a whitelisting feature for all transactions on the network. It will help to ensure that only authorized users can perform transactions on the chain. Additionally, the team is exploring ways to tighten security further and increase the platform’s overall safety.
The attack has also spotlighted the need for users to take extra precautions when interacting with unknown services. In addition to always double-checking the verifications of a contract, users should also be wary of wild allowances that may be present in the code, and malicious actors could potentially exploit.
