Decentralized exchanges Launch Zone (LZ) and BSCex (BSCX) are suffering contract vulnerabilities — losing over $7.7 million to it already, according to crypto sleuths Scam Sniffer and SlowMist.

The vulnerability was detected on Mar. 27 at around 3:00 am UTC, and over 34,000 wallets are at risk, according to data Scam Sniffer shared.

The vulnerability

The problem is with the SwapX contract on the BNB Chain (BNB) — detected after a user reported their Binance USD (BUSD) was stolen.

The stolen funds were traced back to an authorized SwapX contact launched over 700 days ago. Four contracts are deemed vulnerable, which were deployed on Jan. 2021, May. 2021, July 2021, and Oct. 2021.

At the time of writing, the attacker’s primary addresses and profits are still active. The exploiter uses SwapX to either wash trade, or exchange stolen funds for low-value tokens.

The founder of SlowMist, @evilcos, commented on the SwapX vulnerability and implied they saw it coming a few years ago. Translation of his tweet states:

“Who would have thought that there was a loophole in a wallet address authorization project 2 to 3 years ago. Many users have not canceled the authorization. Hackers will continue to monitor these wallet addresses with authorization risk exposure. Once they find funds, they will steal them away…”

BNB Chain for exploits

According to a recent study, the crypto sphere lost $372 million to scams and exploits since the beginning of the year.

The report also revealed that the BNB Chain is the most popular destination for crypto criminals. There are 47 attacks and exploit cases recorded since the beginning of the year. Out of the attacks, BNB Chain suffered 18 episodes — accounting for over 38% of the attacks.

Data from 2022 demonstrates the growth rate of the BNB Chain. A DappRadar report from December 2022 revealed that BNB Chain deployed the highest number of dApps in 2022 by launching 2,163 dApps.

Meanwhile, another report from the same month revealed that 12% of all tokens deployed on the BNB Chain were rugpull scams. The study detected 117,629 scam tokens deployed in the first 11 months of 2022 — indicating that BNB Chain hosted 14,115 scam tokens between Jan. 2022 and Nov. 2022.