$50 Million Phishing Attack Hits Bankroll Network DeFi, Funds Laundered via CoW

A $50 million phishing attack on the Bankroll Network DeFi protocol highlights ongoing vulnerabilities in the cryptocurrency space, with stolen funds laundered through CoW.

A significant security breach has struck the Bankroll Network, a decentralized finance (DeFi) protocol, resulting in the theft of approximately $50 million. The attack, which occurred on September 22, 2024, involved a sophisticated phishing scheme that exploited vulnerabilities within the network, leading to substantial financial losses for users.

Key Takeaways

  • Bankroll Network was hacked, resulting in a loss of $50 million.
  • The attacker utilized a phishing tool to drain funds from a crypto whale.
  • Stolen funds were laundered through the CoW decentralized finance protocol.
  • The incident highlights ongoing vulnerabilities in DeFi protocols.

Details of the Attack

On September 22, 2024, the Bankroll Network was targeted by a hacker who managed to drain approximately $230,000 from the protocol. According to blockchain security firm TenArmor, the attack involved multiple transfers of BNB from a contract associated with the Bankroll Network, indicating a potential exploitation of a vulnerability that allowed the attacker to withdraw more than they deposited.

The transactions were executed at 4:50 PM UTC, and the blockchain data revealed a series of self-transfers and withdrawals that raised suspicions about the legitimacy of the operations. The attacker may have employed flash loans to facilitate the initial deposit, further complicating the tracing of the stolen funds.

Phishing Scheme Uncovered

In a related incident, a phishing attack targeting a cryptocurrency whale resulted in the theft of approximately $55.4 million worth of DAI stablecoin. The attacker utilized a phishing tool known as Inferno Drainer, which is notorious for mimicking legitimate platforms to deceive users into revealing sensitive information.

The breach allowed the hacker to gain control of the whale's Maker Vault, a smart contract that enables users to borrow DAI by depositing collateral. After compromising the wallet, the attacker transferred ownership of the vault to a new address, effectively draining it of its funds.

Laundering the Stolen Funds

Following the theft, the attacker attempted to launder the stolen funds through the CoW decentralized finance protocol. On August 28, the hacker moved $250,000 worth of DAI to CoW, converting it into ETH. This transaction was part of a larger scheme to obscure the trail of the stolen assets, involving multiple trades and transfers across various addresses.

The laundering process was detected by PeckShield, a blockchain security platform, which traced the funds back to the original phishing attack. The attacker’s strategy involved using a third-party paymaster to execute the transactions, aiming to evade detection by analytics systems. However, the efforts were ultimately unsuccessful as security firms managed to track the movements of the stolen assets.

Implications for DeFi Security

This incident underscores the ongoing vulnerabilities within the DeFi space, where protocols are frequently targeted by cybercriminals. The Bankroll Network hack, along with the phishing attack on the crypto whale, highlights the need for enhanced security measures and user awareness in the cryptocurrency ecosystem.

Users are advised to conduct thorough research on the security of DeFi protocols before engaging with them. Employing best practices, such as verifying addresses and being cautious of phishing attempts, can help mitigate the risks associated with these types of attacks. As the DeFi landscape continues to evolve, the importance of robust security measures cannot be overstated.

Sources

[ newsletter ]
Stay ahead of Web3 threats—subscribe to our newsletter for the latest in blockchain security insights and updates.

Thank you! Your submission has been received!

Oops! Something went wrong. Please try again.

[ More Posts ]

Essential Strategies for Fraudulent dApp Identification in 2025
14.3.2025
[ Featured ]

Essential Strategies for Fraudulent dApp Identification in 2025

Discover key strategies for fraudulent dApp identification in 2025, leveraging AI and data analysis for security.
Read article
Security Automation in Cryptocurrency Projects
14.3.2025
[ Featured ]

Security Automation in Cryptocurrency Projects

Explore the importance and challenges of crypto security automation in cryptocurrency projects.
Read article
Smart Contract Analysis: Manual vs AI Methods
14.3.2025
[ Featured ]

Smart Contract Analysis: Manual vs AI Methods

Explore smart contract analysis methods, comparing manual reviews with AI's efficiency and accuracy.
Read article