Hacker Transfers $1M Worth of BNB to Tornado Cash Following Level Finance’s Exploit

Amid the recent disclosure of an attack on the decentralized exchange Level Finance, new developments from the exploiter have arisen. The attacker has allegedly transferred approximately 3,345 Binance Coins (BNB), valued at around $1 million, to Tornado Cash according to the latest reports.

#PeckShieldAlert @Level__Finance Exploiter transferred 3,345 $BNB (~$1M) to Tornado Cashhttps://t.co/3mck6hrEM0 https://t.co/klJaH2Ju8e pic.twitter.com/bpsBfVqz63
— PeckShieldAlert (@PeckShieldAlert) May 29, 2023

The breach came to light as Level Finance conducted a thorough investigation into the incident, uncovering the unauthorized access and subsequent transfer of funds. The exchange promptly took measures to address the security vulnerability and enhance its defenses against similar attacks in the future.

The transfer of funds to Tornado Cash, known for its ability to obfuscate transaction trails, poses challenges for tracking and recovering stolen assets. The initial exploit, which involved the manipulation of the “claim multiple” bug, highlights the complexities associated with security breaches in decentralized ecosystems and serves as a reminder of the importance of robust security measures.

The attack on level finance

Level Finance made the announcement on May 10 that it will be instituting a bug bounty program with prizes of up to $1 million “for critical vulnerabilities.” On the same day, the smart contracts functionality of the DeFi platform was integrated into the Immunefi bug bounty program.

It seems the @Level__Finance's LevelReferralControllerV2 contract has a bug that allows for repeated referral claims from the same epoch. So far 214k LVLs have been drained and swapped into 3,345 BNB (~1M)

Here is an example hack tx: https://t.co/isqHhzFk1Z https://t.co/ikOWx2ezf6 pic.twitter.com/wlr5bFFf0R
— PeckShield Inc. (@peckshield) May 1, 2023

There has been no movement other than the announcement of a bug bounty program, and the firm has not made any formal announcements on any plans to repay the lost funds. This is not the first time that the BSC network has been hacked. The OceanLife (OLIFE) token on the BSC blockchain was also the target of an exploit a month ago, which led to a value reduction of one hundred percent. After breaking into the blockchain-based cryptocurrency company Qubit Finance, which was situated in BSC, a hacker stole BNB worth $80 million in January 2022

The crypto community is closely monitoring the situation, eager for updates from Level Finance regarding the progress of their investigation and the steps taken to address the exploit. This incident serves as a reminder of the ongoing efforts required to ensure the safety of user assets within the crypto industry.

As security remains a paramount concern, this breach highlights the need for continuous improvement in security practices across decentralized exchanges. It serves as a valuable lesson for the industry, emphasizing the importance of proactive measures and the constant adaptation of security systems to protect user funds effectively.