$50 Million Phishing Attack Hits Bankroll Network DeFi, Funds Laundered via CoW

A $50 million phishing attack on the Bankroll Network DeFi protocol highlights ongoing vulnerabilities in the cryptocurrency space, with stolen funds laundered through CoW.

A significant security breach has struck the Bankroll Network, a decentralized finance (DeFi) protocol, resulting in the theft of approximately $50 million. The attack, which occurred on September 22, 2024, involved a sophisticated phishing scheme that exploited vulnerabilities within the network, leading to substantial financial losses for users.

Key Takeaways

  • Bankroll Network was hacked, resulting in a loss of $50 million.
  • The attacker utilized a phishing tool to drain funds from a crypto whale.
  • Stolen funds were laundered through the CoW decentralized finance protocol.
  • The incident highlights ongoing vulnerabilities in DeFi protocols.

Details of the Attack

On September 22, 2024, the Bankroll Network was targeted by a hacker who managed to drain approximately $230,000 from the protocol. According to blockchain security firm TenArmor, the attack involved multiple transfers of BNB from a contract associated with the Bankroll Network, indicating a potential exploitation of a vulnerability that allowed the attacker to withdraw more than they deposited.

The transactions were executed at 4:50 PM UTC, and the blockchain data revealed a series of self-transfers and withdrawals that raised suspicions about the legitimacy of the operations. The attacker may have employed flash loans to facilitate the initial deposit, further complicating the tracing of the stolen funds.

Phishing Scheme Uncovered

In a related incident, a phishing attack targeting a cryptocurrency whale resulted in the theft of approximately $55.4 million worth of DAI stablecoin. The attacker utilized a phishing tool known as Inferno Drainer, which is notorious for mimicking legitimate platforms to deceive users into revealing sensitive information.

The breach allowed the hacker to gain control of the whale's Maker Vault, a smart contract that enables users to borrow DAI by depositing collateral. After compromising the wallet, the attacker transferred ownership of the vault to a new address, effectively draining it of its funds.

Laundering the Stolen Funds

Following the theft, the attacker attempted to launder the stolen funds through the CoW decentralized finance protocol. On August 28, the hacker moved $250,000 worth of DAI to CoW, converting it into ETH. This transaction was part of a larger scheme to obscure the trail of the stolen assets, involving multiple trades and transfers across various addresses.

The laundering process was detected by PeckShield, a blockchain security platform, which traced the funds back to the original phishing attack. The attacker’s strategy involved using a third-party paymaster to execute the transactions, aiming to evade detection by analytics systems. However, the efforts were ultimately unsuccessful as security firms managed to track the movements of the stolen assets.

Implications for DeFi Security

This incident underscores the ongoing vulnerabilities within the DeFi space, where protocols are frequently targeted by cybercriminals. The Bankroll Network hack, along with the phishing attack on the crypto whale, highlights the need for enhanced security measures and user awareness in the cryptocurrency ecosystem.

Users are advised to conduct thorough research on the security of DeFi protocols before engaging with them. Employing best practices, such as verifying addresses and being cautious of phishing attempts, can help mitigate the risks associated with these types of attacks. As the DeFi landscape continues to evolve, the importance of robust security measures cannot be overstated.

Sources

[ newsletter ]
Stay ahead of Web3 threats—subscribe to our newsletter for the latest in blockchain security insights and updates.

Thank you! Your submission has been received!

Oops! Something went wrong. Please try again.

[ More Posts ]

Navigating the Future: Essential Insights for a Comprehensive Blockchain Audit
26.9.2025
[ Featured ]

Navigating the Future: Essential Insights for a Comprehensive Blockchain Audit

Explore essential insights for a comprehensive blockchain audit. Learn about evolving skills, best practices, and challenges in blockchain auditing.
Read article
Reddit's Top Picks: Finding the Best Web3 Wallet for Your Needs in 2025
26.9.2025
[ Featured ]

Reddit's Top Picks: Finding the Best Web3 Wallet for Your Needs in 2025

Discover the best Web3 wallet Reddit recommends for 2025. Compare top picks like MetaMask, Trust Wallet, and hardware options for security & ease of use.
Read article
Navigating the Future: A Comprehensive Guide to Blockchain Audit
26.9.2025
[ Featured ]

Navigating the Future: A Comprehensive Guide to Blockchain Audit

Explore a comprehensive blockchain audit guide. Understand types, mechanics, benefits, challenges, and future trends in blockchain auditing.
Read article