Update as of May 29, 11:00 UTC: The BNB Chain has provided further clarification regarding the recent exploit involving the loss of approximately $80,000 worth of a BEP-20 token labeled as ‘BTC’. Multiple suspicious transactions were involved in this incident, which has raised questions about the intentions of the attacker.
While $80,000 may be considered a relatively small amount compared to other crypto exploits, it is still significant enough to warrant attention. The identity of the exploited token contract remains unknown, but according to on-chain security firm Cyvers, the attacker could potentially be a white hat hacker or ethical hacker who utilizes their skills to uncover security vulnerabilities. Cyvers made this statement in a post on May 28.
Cointelegraph has reached out to Cyvers for further comment on this matter.
In response to these reports, the BNB Chain Core Development Team has identified the attack as a price manipulation exploit specifically targeting a BEP-20 token labeled as “BTC”. In an email correspondence with Cointelegraph, the BNB Chain Core Development Team stated that despite receiving funding from the cryptocurrency mixing service Tornado Cash, the exploiter also interacted with Binance, the world’s largest centralized exchange.
It is worth noting that sophisticated crypto hackers with malicious intent usually avoid engaging with large centralized exchanges like Binance. This is because such exchanges require Know Your Customer (KYC) verification, which could potentially lead to the discovery of the attacker’s identity.
However, despite the interaction with Binance, the BNB Chain Core Development Team has concluded that the attacker is not a white hat hacker.
In a separate incident, Gala Games, a gaming platform, experienced an exploit resulting in the loss of $23 million worth of Gala (GALA) tokens. Gala Games co-founder and CEO Eric Schiermeyer stated that the exploit was caused by issues with internal controls, which have since been addressed. It is important to note that this incident is unrelated to the BNB Chain exploit.
In a surprising twist, the hacker responsible for the Gala Games exploit returned $22.3 million worth of Ether (ETH), which is close to the market value of the 600 million GALA tokens they stole and sold the previous day. The return of the funds occurred after the attacker’s wallet was frozen with the stolen funds. Eric Schiermeyer, the co-founder and CEO of Gala Games, revealed in a post on May 20 that the alleged attacker had been identified, including their home address.
This marks the second occurrence in May where a thief has had a change of heart and returned stolen funds. In another incident, $71 million worth of cryptocurrencies that were stolen in a recent wallet poisoning scam were also returned to the victim. The unknown attacker returned the funds on May 12 after the high-profile phishing incident attracted the attention of several blockchain investigation firms.
However, based on the on-chain transactions, it appears that the attacker in this case was not an ethical hacker, but rather a malicious actor who became fearful of the increased scrutiny and decided to return the funds.
In other news, a Hong Kong streaming firm has announced plans to purchase $100 million worth of cryptocurrency. Additionally, the cryptocurrency Worldcoin has been sanctioned. These updates are covered in the latest edition of Asia Express magazine.
Source: Cointelegraph