Crypto Hack Hits Binance Smart Chain: CertiK Tracks $2M Exploit

The post Crypto Hack Hits Binance Smart Chain: CertiK Tracks $2M Exploit appeared first on Coinpedia Fintech News

The rising phishing, wallet hack, and security breaches are creating panic in the crypto space. Recently, Blockchain security firm CertiK revealed that in May alone, around $140.1 million was lost to crypto hacks, scams, and exploits, while $162 million in assets were frozen. Notably, phishing attacks accounted for about $8.5 million of the total losses.

CertiK alert has flagged a major exploit on the Binance Smart Chain (BSC), where an attacker drained nearly $2 million by abusing a smart contract function called printMoney().

Exploiter Uses Authorized Contract to Steal Funds

The exploit was carried out by a known attacker operating from address 0xd5c6f3…122c. The individual repeatedly triggered the printMoney() function on their authorized attack contract. The unauthorized access stemmed from a compromised victim contract linked to the address 0xb5cb0, which had unknowingly approved the malicious contract about eight hours before the attack.

CertiK believes the victim contract deployer’s private key may have been phished or otherwise compromised, leading to the unauthorized approval transaction. This gave the attacker full permission to transfer the victim’s tokens.

.article-inside-link {
margin-left: 0 !important;
border: 1px solid #0052CC4D;
border-left: 0;
border-right: 0;
padding: 10px 0;
text-align: left;
}

.entry ul.article-inside-link li {
font-size: 14px;
line-height: 21px;
font-weight: 600;
list-style-type: none;
margin-bottom: 0;
display: inline-block;
}

.entry ul.article-inside-link li:last-child {
display: none;
}

Also Read :
ZachXBT Accuses Garden Finance For Laundering Bybit Hack Funds
,

Attacker Converts Funds and Holds Nearly $2M

2/ The attacker quickly redeemed stolen derivative tokens for BNB and stables and is currently holding ~$1,962,330 in value at 0xd5c6f3B71bCcEb2eF8332bd8225f5F39E56A122c. pic.twitter.com/D7MSpbUagY
— CertiK Alert (@CertiKAlert) June 25, 2025

Once access was secured, the attacker swiftly converted the stolen derivative tokens into BNB and stablecoins. As of now, the exploiter is holding approximately $1.96 million worth of assets at their address.

Community Urged to Stay Alert

Big crypto hacks are piling up this year, with Coinbase losing $400 million, Cetus on the Sui network hit for $220 million, and others like Phemex and UPCX also suffering huge losses. These incidents show just how risky things can get in crypto if you’re not careful. According to CertiK, one of the biggest mistakes is trusting unverified smart contracts or having weak security for private keys. In a recent BSC hack, that’s exactly what went wrong. The attacker was able to steal millions because the victim’s contract wasn’t properly secured.

CertiK is now tracking the hacker’s wallet and keeping an eye on suspicious activity. They’ve also reminded users and developers to always check contract approvals, use well-audited code, and avoid rushing into transactions.

Meanwhile, CertiK’s advice is simple be careful, stay alert, and don’t rush into anything.

.article_register_shortcode {
padding: 18px 24px;
border-radius: 8px;
display: flex;
align-items: center;
margin: 6px 0 22px;
border: 1px solid #0052CC4D;
background: linear-gradient(90deg, rgba(255, 255, 255, 0.1) 0%, rgba(0, 82, 204, 0.1) 100%);
}

.article_register_shortcode .media-body h5 {
color: #000000;
font-weight: 600;
font-size: 20px;
line-height: 22px;
text-align:left;
}

.article_register_shortcode .media-body h5 span {
color: #0052CC;
}

.article_register_shortcode .media-body p {
font-weight: 400;
font-size: 14px;
line-height: 22px;
color: #171717B2;
margin-top: 4px;
text-align:left;
}
.article_register_shortcode .media-body{
padding-right: 14px;
}

.article_register_shortcode .media-button a {
float: right;
}
.article_register_shortcode .primary-button img{
vertical-align: middle;
width: 20px;
margin: 0;
display: inline-block;
}

@media (min-width: 581px) and (max-width: 991px) {
.article_register_shortcode .media-body p {
margin-bottom: 0;
}
}

@media (max-width: 580px) {
.article_register_shortcode {
display: block;
padding: 20px;
}

.article_register_shortcode img {
max-width: 50px;
}

.article_register_shortcode .media-body h5 {
font-size: 16px;
}

.article_register_shortcode .media-body {
margin-left: 0px;
}

.article_register_shortcode .media-body p {
font-size: 13px;
line-height: 20px;
margin-top: 6px;
margin-bottom: 14px;
}

.article_register_shortcode .media-button a {
float: unset;
}

.article_register_shortcode .secondary-button {
margin-bottom: 0;
}
}

Never Miss a Beat in the Crypto World!

Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.

.subscription-options li {
display: none;
}
.research-report-subscribe{
background-color: #0052CC;
padding: 12px 20px;
border-radius: 8px;
color: #fff;
font-weight: 500;
font-size: 14px;
width: 96%;
}
.research-report-subscribe img{
vertical-align: sub;
margin-right: 2px;
}

var templateIds = “6”;
var listOfSubscribed = [];

function subscribed_popupmodal(template_id) {
var templateId = ‘6’;
getAllSubscriberCategoryList([templateId]);
var subcribemodal = window.parent.document.getElementById(‘subscribe-modal-design’);
if (subcribemodal) {
var modalContent = `

`;
subcribemodal.innerHTML = modalContent;
}
subscribe_unsubscribe_status(template_id);
//getAllSubscriberCategoryList(template_id);
}

function getAllSubscriberCategoryList(getcategoryId) {

jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘GET’,
data: {
action: ‘subscribe_api_ajax_request’,
apiurl: ‘/app/email_newsletter/list’,
},
success: function(response) {
var result = JSON.parse(response.message);

if (result.status === true) {

var idstosubscribed = []
// Populate listOfSubscribed with subscribed category IDs
result.message.forEach(listofcategory => {

if (listofcategory.subscribe_status === 1) {
if (!listOfSubscribed.includes(listofcategory._id)) {

listOfSubscribed.push(listofcategory._id);
}

if (!idstosubscribed.includes(listofcategory.news_cp_category_row_id)) {
idstosubscribed.push(listofcategory.news_cp_category_row_id);
}
}
});

idstosubscribed.forEach(id => {
var subscribeButton = document.getElementById(‘subscribe_’ + id);
var unsubscribeButton = document.getElementById(‘unsubscribe_’ + id);

if (subscribeButton && unsubscribeButton) {
subscribeButton.style.display = ‘none’;
unsubscribeButton.style.display = ‘block’;
var showDownloadReport = document.getElementById(‘download_report’);

if (showDownloadReport) {
showDownloadReport.style.display = ‘block’;
}
}
});
}

},
error: function(xhr, status, error) {
console.error(‘Error:’, error);
}
});
}

function logSelectedSubscriptions(categoryid) {
var unsubscribemodal = document.querySelector(‘.unsubscribed-popup-modal .modal’);
var subscribedmodal = document.querySelector(‘.subscribed-popup-modal .modal’);
unsubscribemodal.innerHTML=”;
subscribedmodal.innerHTML=”;
var selectedSubscriptions = [];
var storeCheckedId = [];
var checkboxes = document.querySelectorAll(‘#subscription-options-‘ + categoryid + ‘ input[type=”checkbox”]’);
var errorMessage = document.getElementById(‘error-message-select’);

// Use a Set to handle unique data-ids
var uniqueSubscribedIds = new Set(listOfSubscribed);

checkboxes.forEach(function(checkbox) {
var dataId = parseInt(checkbox.getAttribute(‘data-id’));
if (checkbox.checked) {

selectedSubscriptions.push(checkbox.id);
storeCheckedId.push(dataId);
} else {

uniqueSubscribedIds.delete(dataId); // Remove unchecked data-id
}
});

// Update listOfSubscribed with unique values
listOfSubscribed = Array.from(uniqueSubscribedIds);

var selectedSubscriptionsString = selectedSubscriptions.join(‘, ‘);
var concatinateSubscribeId = […new Set(storeCheckedId.concat(listOfSubscribed))];

var categoryData = {
‘subscribed_categories’: concatinateSubscribeId
};

var requestSubscriberData = {
action: ‘handle_dynamic_api_request_with_headers’,
security: ‘a4ccf0f5a6’,

endpoint: ‘/app/email_newsletter/update_categories’,
token: ”,
data: categoryData
};

jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘POST’,
data: requestSubscriberData,
beforeSend: function(xhr) {
xhr.setRequestHeader(‘X-Requested-With’, ‘XMLHttpRequest’);
},
success: function(response) {
try {
response = response.data;

if (storeCheckedId.length === 0) {
var unsubcribedPopUpmodal =

`;
unsubscribemodal.innerHTML = unsubcribedPopUpmodal;
document.querySelector(‘#subscribe-modal-design .modal’).style.display = ‘none’;
unsubscribemodal.style.display = ‘block’;
unsubscribemodal.classList.remove(‘hide’);
unsubscribemodal.classList.add(‘show’);
document.getElementById(‘subscribe_’ + categoryid).style.display = ‘block’;
document.getElementById(‘unsubscribe_’ + categoryid).style.display = ‘none’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘none’;
}

} else {

var subscribedPopupModal =

let selectedSubscriptionsArray = selectedSubscriptionsString.split(‘,’);
let subscribedCategories = selectedSubscriptionsArray.map(subscription => subscription.split(‘_’)[0]);
let subscribedCategoriesString = subscribedCategories.join(‘, ‘);

subscribedmodal.innerHTML = subscribedPopupModal;
if (document.getElementById(‘selectidname’)) {
document.getElementById(‘selectidname’).textContent = subscribedCategoriesString;
}

document.querySelector(‘#subscribe-modal-design .modal’).style.display = ‘none’;
subscribedmodal.style.display = ‘block’;
subscribedmodal.classList.remove(‘hide’);
subscribedmodal.classList.add(‘show’);
document.getElementById(‘subscribe_’ + categoryid).style.display = ‘none’;
document.getElementById(‘unsubscribe_’ + categoryid).style.display = ‘block’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘block’;
}

}

} catch (e) {
console.error(‘Error parsing response:’, e);
}
},

});
}

function closeModal(template_id) {
var modalId = template_id;
var modal = document.querySelector(‘#’ + modalId); // Using querySelector to find the modal

if (modal) {
modal.classList.add(‘hide’);
modal.classList.remove(‘show’);
setTimeout(function() {
modal.style.display = ‘none’;
}, 500);

} else {
console.warn(‘Modal not found:’, modalId);
}
}

function closeunsubscribemodal() {
var unsubscribemodal = document.querySelector(‘.unsubscribed-popup-modal .modal’);

if (unsubscribemodal) {
unsubscribemodal.classList.add(‘hide’);
unsubscribemodal.classList.remove(‘show’);
}
setTimeout(function() {
unsubscribemodal.style.display = ‘none’;
}, 500);
}

function withoutLoginClicked(withoutlogin_id) {

localStorage.setItem(‘subscribe_without_Login’, ‘true’);
localStorage.setItem(‘subscribe_clicked_id’, withoutlogin_id);
}

document.addEventListener(‘DOMContentLoaded’, function() {

const subscribewithoutData = localStorage.getItem(‘subscribe_without_Login’);
const subscribe_clicked_cat_id = localStorage.getItem(‘subscribe_clicked_id’);

// Function to get cookies
function getCookie(name) {
let value = “; ” + document.cookie;
let parts = value.split(“; ” + name + “=”);
if (parts.length == 2) return parts.pop().split(“;”).shift();
}

// Get user token from cookies
const userToken = getCookie(‘user_token’);

if (subscribewithoutData === ‘true’ && userToken) {
// Call the modal function with the category ID
subscribed_popupmodal(subscribe_clicked_cat_id);

// Remove the flag and category ID from localStorage
localStorage.removeItem(‘subscribe_without_Login’);
localStorage.removeItem(‘subscribe_clicked_id’);
}
});

/************************** update susbcriber content **************************** */
function initializeSubscriptionButton() {
var initialListItems = document.querySelectorAll(‘.subscription-options input[type=”checkbox”]’);
initialListItems.forEach(function(item) {
console.log(item.checked, ‘Initial Checkbox checked status’);
});

var listItems = document.querySelectorAll(‘.subscription-options li’);
if (listItems.length === 0) return;

}

function updateSubscriptionButton() {
var listItems = document.querySelectorAll(‘.subscription-options li’);
if (listItems.length === 0) return;

// Update the button text based on whether any list item has the ‘active’ class
updateButtonText(anyActive);
}
document.addEventListener(‘click’, function(event) {
var clickedItem = event.target.closest(‘.subscription-options li’);
if (clickedItem) {
var checkbox = clickedItem.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
checkbox.checked = !checkbox.checked;
updateSubscriptionButton();
}
}
});

FAQs

What are the biggest crypto hacks of 2025 so far?

Major 2025 hacks include $400M from Coinbase, $220M from Cetus, and millions more from BSC, Phemex, and UPCX exploits.

How much crypto was lost to hacks in May 2025?

Over $140.1 million was lost to hacks, scams, and exploits in May 2025, according to blockchain security firm CertiK.

How can I protect my crypto wallet from phishing attacks?

Avoid unverified contracts, never share keys, and regularly review approvals to secure your wallet from phishing.

What was the “printMoney()” smart contract exploit?

It allowed an attacker to mint and drain funds via repeated function calls after gaining unauthorized contract approval.

Source: https://coinpedia.org/news/crypto-hack-hits-binance-smart-chain-certik-tracks-2m-exploit/

Exploiter Uses Authorized Contract to Steal Funds

Attacker Converts Funds and Holds Nearly $2M

Community Urged to Stay Alert

Never Miss a Beat in the Crypto World!

Never Miss a Beat in the Crypto World!

Daily

Weekly

Monthly

You’ve Unsubscribed Successfully

Thank you for subscribing!

FAQs