Updated on May 29, 11:00 UTC: This article has been revised to provide additional information from BNB Chain.
An exploit on the BNB Chain resulted in the loss of approximately $80,000 worth of a BEP-20 token called ‘BTC’. Although this amount may seem small compared to other crypto exploits, it has raised suspicions about the intentions of the attacker.
The on-chain security firm Cyvers suggests that the attacker could potentially be a white hat hacker, also known as an ethical hacker, who utilizes their skills to uncover security vulnerabilities. However, the specific token contract that was exploited remains unknown. Cointelegraph has reached out to Cyvers for further clarification.
Source: Cyvers Alerts
In response to these reports, the BNB Chain Core Development Team has identified the attack as a price manipulation exploit targeting a BEP-20 token labeled as “BTC”. Despite receiving funding from the cryptocurrency mixing service Tornado Cash, the attacker also interacted with Binance, the largest centralized exchange globally.
Typically, sophisticated crypto hackers with malicious intent tend to avoid interacting with major centralized exchanges like Binance. This is because these exchanges require Know Your Customer (KYC) verification, which could potentially lead to the discovery of the attacker’s identity. However, in this case, the attacker deviated from this pattern. According to the BNB Chain Core Development Team, this indicates that the attacker is not a white hat.
In unrelated news, Gala Games recently experienced an exploit resulting in the theft of $23 million worth of Gala (GALA) tokens. Gala Games co-founder and CEO, Eric Schiermeyer, attributed the exploit to an issue with their internal controls, which they have since resolved.
Surprisingly, the hacker returned $22.3 million worth of Ether (ETH), which is nearly the same value as the 600 million GALA they had stolen and sold the day before. The hacker’s wallet was frozen with the stolen funds, prompting the return. Eric Schiermeyer revealed in a statement that the alleged attacker had been identified, including their home address.
This incident marks the second time in May that stolen funds have been returned by a thief. In another case, $71 million worth of cryptocurrencies stolen from a recent wallet poisoning scam were also returned to the victim. However, on-chain transactions suggest that the attacker in this situation was not an ethical hacker, but rather a malicious actor who returned the funds out of fear of the attention drawn to the incident.
Magazine: Hong Kong streaming firm to buy $100M of crypto, Worldcoin sanctioned: Asia Express