DeFi Platform Bankroll Status Suffers Major Breach, $230K Lost: Report

Bankroll Status, a BNB Chain-based decentralised finance (DeFi) platform, suffered a significant breach on Monday, resulting in a $230,000 loss. The hacking tactics appear to follow the same pattern as used in previous DualPools attacks.

Flagged by a cybersecurity firm, Cyvers Alerts, the infamous DualPools hacker group reportedly carried out the hack.

Shockingly, the evidence points to a smart contract deployed 90 days ago, which possibly served as the hacker’s entry point.

“Our system has detected malicious contract deployment targeting Bankroll 90 days ago,” the cybersecurity firm wrote on X.

🚨ALERT🚨Our system has detected a suspicious transaction involving @Bankroll_Status on #BNB with loss of #230k

It seems that #dualpools hacker is behind the suspicious transaction!. Our system has detected malicious contract deployment targeting #Bankroll 90 days ago!

Want to… pic.twitter.com/iI9j7H6yC3

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 23, 2024

Further, Cyvers has warned to users, urging them to secure their assets and prevent future attacks. However, the investigation into the exact mechanism of the hack is still ongoing.

The DualPools Threat Pattern

According to UEEx data, the attackers stole around $4.6 million worth of various cryptocurrencies from DualPools. The exploit drained around 750,000 Bitcoins in February 2024.

Following the hack, DualPools acknowledged the exploit and paused operations. Further, it implemented improved security measures for their hot wallets, however, specifics were not disclosed publicly.

According to cybersecurity experts, a vulnerability within Dualpools’ hot wallet security system allowed unauthorised access. Other possibilities include compromised server security and weak private key management.