75,000 BSC Addresses Still at Risk After LaunchZone Hack
The team of Scam Sniffer analytical group, developers of holistic anti-fraud software, shared the statistics of wallets affected by the LaunchZone DeFi hack. Although the event took place five weeks ago, thousands of users still did not revoke their approvals on the hacked DeFi.
75,000 addresses on BNB Chain remain exposed to attack, Scam Sniffer says
Today, March 27, 2023, Scam Sniffer representatives shared detailed analytics of the aftermath of the recent hack of LaunchZone, a popular DeFi protocol on BNB Chain. In short, over 75,000 of its users still can lose their funds stored in wallets that interacted with the attacked contracts.
🚨 #LaunchZone #BSCex Security Alert 🚨
— Scam Sniffer (@realScamSniffer) March 27, 2023
🔓 Over $7M exploited through SwapX contract vulnerability
🏦 34,000+ addresses at risk - Check & revoke ASAP!
🔍 More details & data:https://t.co/uel6QiOkg6
As explained in a dashboard created on Dune platform by Scam Sniffer, out of all wallets at risk, only 7,860 addresses managed to revoke all approvals at LaunchZone. Meanwhile, 75,564 BNB Chain (BSC) wallets are still at risk.
Analysts explained that hackers managed to drain liquidity thanks to the vulnerabilty in Bscex SwapX, a smart contract that served as an exchange instrument on LaunchZone. A sample of the code of the potential attack's design has also been shared by researchers.
They reiterated that all wallets that interacted with the hacked contracts (the addresses of four such contracts are indicated by Scam Sniffer) should remove their approvals by automated revoke services or manually. All vulnerable contracts were deployed back in January-October 2021.
$7.8 million in users' funds already stolen
Despite the fact that the global crypto community was informed of the necessity to revoke the approvals, by press time, hackers managed to steal $7,792,137 in crypto equivalent.
The team of LaunchZone confirmed the hacker attack. It appeared to be fatal for the protocol: yesterday, on March 26, 2023, its website stopped operating.
As scheduled, we would like to inform you that our website https://t.co/Kb1gpRIxKb will be closed after Sunday, March 26th. We are grateful for the continuous support from our users until now.
— LaunchZone (LZ.finance) (@launchzoneann) March 24, 2023
Thanks and best regards! pic.twitter.com/wajXeqqPPB
When the attack was reported on Feb. 27, 2023, the price of LZ token dropped by 86% in no time. The token was even delisted from some centralized exchanges.
In March, the team organized a compensation program for affected users.