Bankroll Status, a decentralized finance (DeFi) platform operating on the BNB Chain, fell victim to a substantial cyberattack on Monday, resulting in the theft of $230,000. The breach appears to follow the same hacking techniques used in previous attacks on the DualPools platform, according to cybersecurity firm Cyvers Alerts.
The investigation revealed that the attackers exploited a vulnerability linked to a smart contract deployed 90 days prior, which may have served as the hacker’s point of entry.
“Our system detected the malicious contract targeting Bankroll 90 days ago,” Cyvers Alerts shared on X, while also advising users to safeguard their assets and take precautions to avoid further attacks. The full extent and exact mechanism of the hack are still under investigation.
The DualPools Attack Pattern Resurfaces
The attack on Bankroll Status mirrors tactics used by the DualPools hacker group, notorious for a similar breach earlier this year. In that incident, the group stole approximately $4.6 million in various cryptocurrencies, including draining around 750,000 Bitcoins in February 2024.
After the DualPools exploit, the platform temporarily suspended operations and introduced enhanced security measures, especially around their hot wallets. However, the specifics of those improvements were not disclosed to the public.
Cybersecurity experts suggest that the vulnerability within DualPools may have stemmed from weak hot wallet security, poor server protection, or inadequate private key management, all of which remain critical areas of concern for DeFi platforms.
As the investigation into the Bankroll Status hack continues, the incident highlights the ongoing risks facing decentralized platforms and the need for stronger security protocols to prevent future breaches.
