Hack Alert - Smart Contract Exploit Drains $2 Million Dollars on BSC
Quick Summary
In May 2025, an attacker exploited a smart contract on Binance Smart Chain (BSC), stealing approximately $2 million in crypto assets.
The exploit involved a malicious contract authorized by a newly deployed MEV contract at address 0xb5cb0, which contained an arbitrary call in its
fallback()function. CertiK reports the MEV contract was deployed roughly 10 hours before the exploit, and the original deployer was likely phished or had their private key compromised.The attacker, operating from address 0xd5c6f3B71bCcEb2eF8332bd8225f5F39E56A122c, swiftly converted stolen derivative tokens into BNB and stablecoins. As of now, the wallet holds approximately $1.96 million in assets.
CertiK is tracking the exploiter and monitoring associated wallets for suspicious movement. A detailed post-mortem is underway.
How to Protect Yourself
Secure Private Keys – Use hardware wallets or secure storage. Never input keys into unknown apps or sites.
Review Token Approvals – Regularly check wallet permissions. Revoke access to untrusted or inactive contracts.
Avoid Unverified Contracts – Interact only with smart contracts that are publicly audited and well-documented.
Monitor Wallet Activity – Tools like Forta, DeBank, or Etherscan alerts can help you catch unauthorized approvals early.
Stay Vigilant – Phishing remains a leading cause of exploits. Double-check all transactions, especially those involving contract approvals.