Binance Smart Chain
Compromised Access Control
Escalated privileged call
Days in Operation:
100 pts each
Certik Alert reported an unusual transaction from a staking contract for a token that was hacked previously.
EOA 0x158F5… performed a privileged function to withdraw funds from a staking contract on BSC and AVAX and then bridged the tokens to Ethereum. A Telegram group created by people who were impacted by the incident divulged the staking contract that holds the assets along with the team’s addresses - https://twitter.com/CertiKAlert/status/1573364452270931969/photo/1
BSC 0x158F5… removed funds using InCaseTokensGetStuck() privileged function from the listed staking contract listed above. The bridged ERC-20 tokens were then swapped for ETH, all funds (1865 ETH or ~$2.4M) have been deposited into Tornado.Cash.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.