Main navigation

75,000 BSC Addresses Still at Risk After LaunchZone Hack

Mon, 03/27/2023 - 15:50
article image
Vladislav Sopov
Hack alert: Revoke all approvals on this now-defunct DeFi on BNB Chain as contract remains vulnerable
75,000 BSC Addresses Still at Risk After LaunchZone Hack
Cover image via
Read U.TODAY on
Google News

The team of Scam Sniffer analytical group, developers of holistic anti-fraud software, shared the statistics of wallets affected by the LaunchZone DeFi hack. Although the event took place five weeks ago, thousands of users still did not revoke their approvals on the hacked DeFi.

75,000 addresses on BNB Chain remain exposed to attack, Scam Sniffer says

Today, March 27, 2023, Scam Sniffer representatives shared detailed analytics of the aftermath of the recent hack of LaunchZone, a popular DeFi protocol on BNB Chain. In short, over 75,000 of its users still can lose their funds stored in wallets that interacted with the attacked contracts.

As explained in a dashboard created on Dune platform by Scam Sniffer, out of all wallets at risk, only 7,860 addresses managed to revoke all approvals at LaunchZone. Meanwhile, 75,564 BNB Chain (BSC) wallets are still at risk.

Analysts explained that hackers managed to drain liquidity thanks to the vulnerabilty in Bscex SwapX, a smart contract that served as an exchange instrument on LaunchZone. A sample of the code of the potential attack's design has also been shared by researchers.

They reiterated that all wallets that interacted with the hacked contracts (the addresses of four such contracts are indicated by Scam Sniffer) should remove their approvals by automated revoke services or manually. All vulnerable contracts were deployed back in January-October 2021.

$7.8 million in users' funds already stolen

Despite the fact that the global crypto community was informed of the necessity to revoke the approvals, by press time, hackers managed to steal $7,792,137 in crypto equivalent.

The team of LaunchZone confirmed the hacker attack. It appeared to be fatal for the protocol: yesterday, on March 26, 2023, its website stopped operating.

When the attack was reported on Feb. 27, 2023, the price of LZ token dropped by 86% in no time. The token was even delisted from some centralized exchanges.

In March, the team organized a compensation program for affected users.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)