DualPools hacker group steals $230K from Bankroll Status in DeFi attack

According to the cybersecurity firm Cyvers Alerts, the DualPools hacker group siphoned over $230,000 from Bankroll Status. The security firm has linked the loss to a previously signed contract, deployed about three months ago.

DeFi protocols are at risk of several types of attacks and hacking attempts because they are open-source and have a fast-paced development process with interconnected features in DeFi projects.  

Hackers target DeFi protocols using various strategies to gain personal access to the system. One common approach involves exploiting vulnerabilities in the code of the DeFi protocol’s smart contracts. This technique enables cybercriminals to tamper with how the DeFi protocol operates and siphon off assets belonging to its users. 

Bankroll Status is reeling from heavy losses following the cyber attack

Bankroll Status, a DeFi platform on the BNB blockchain, lost over $230,000 in a cyber attack. Cyvers Alerts was the first to report on the fraudulent transaction, citing that the funds were stolen through a smart contract signed and deployed about 90 days ago.

According to Cyvers, the attack was orchestrated by the DualPools hacker group, known for its distinct attack methodologies. The group typically employs malicious smart contracts in DeFi platforms to systematically drain funds from unaware users.

In an X post, Cyvers reported:

Our system has detected a suspicious transaction involving Bankroll Status on BNB with a loss of $230k. It seems that the Dualpools hacker is behind the suspicious transaction! Our system detected malicious contract deployment targeting Bankroll 90 days ago!

Cyvers

Concerning trend of DeFi hacks in 2024

Most of the DeFi attacks in 2024 have resulted from smart contract vulnerabilities, with several DeFi exchanges falling victim to exploits. For instance, DeFi protocol Nexera lost about $1.5 million on Aug. 7 due to a smart contract vulnerability.

Mar Guimenez-Aguilar, a cybersecurity expert and the lead security architect at Halborn’s cybersecurity firm, confirmed that close to 60% of crypto losses in the top 100 DeFi hacks resulted from off-chain attacks. He stated that about 52% of attacks targeted private keys, with roughly 56% of crypto’s total value lost. 

However, Halborn’s Guimenez-Aguilar thinks the lack of investor awareness leaves a larger opportunity for crypto hackers, highlighting that the attention is often heavily directed toward securing the smart contracts’ code, which has been the primary attack vector while neglecting the fact that the protocol functions within a broader context.

Source: https://www.cryptopolitan.com/bankroll-loses-230k-after-dualpools-attack/