Multi-chain crypto wallet UvToken has been hacked for 5,011 BNB tokens (1.45 million) and the funds have already been routed into sanctioned crypto mixer Tornado Cash. This comes amid a flurry of hacks and exploits this month, as October looks set to be a particularly bad month for DeFi projects.
The incident occurred on the BNB Chain blockchain on Thursday morning at around 1 a.m. ET time, as noted by security firms Ancilia and Peckshield.
UvToken acknowledged the exploit, saying that its “staking project” was attacked. It’s currently working with security teams to investigate the exploit. UvToken lets users stake the native token into a specific contract, which was targeted, PeckShield noted.
The attacker likely took advantage of the UvToken staking contract’s failure to properly authenticate input data, PeckShield told The Block. The firm noted the contract may have contained a logic error that allowed the hacker to make a malicious call and seize the staked funds.
The latest exploit represents another addition to the list of exploits that have plagued the crypto sector this month. So far in October, the crypto sector has witnessed a series of security exploits, including a$100 million hack of BSC Token Hub and a$114 million attack on Mango Markets, among several other incidents.