Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
No Result
View All Result
Home News Security & Hacks

Binance Smart Chain Hack Drains $187K as AM Token and WUKONG Staking Contracts Exploited

Two separate vulnerabilities in AM token and WUKONG staking contracts allowed attackers to drain more than $187K from Binance Smart Chain DeFi projects within minutes.

Saravana Kumar Mahendran by Saravana Kumar Mahendran
March 12, 2026
in Security & Hacks
0 0
Binance Smart Chain Hack Drains $187K
Share on FacebookShare on Twitter
MakeCryipCryippreferred onGoogle
The Binance Smart Chain (BSC) ecosystem was hit by two distinct smart contract exploits in the early hours of March 12, 2026, leading to combined losses estimated at more than $187,000. Security alert provider TenArmor detected and reported both incidents via X posts, highlighting vulnerabilities that allowed attackers to drain funds from unrelated projects. the #AM token and the #WUKONG staking contract.These attacks, occurring within minutes of each other, serve as a reminder of persistent risks in DeFi protocols on BSC, including flawed token mechanics and classic coding errors.
Binance Smart Chain Hack

AM Token Exploit: Flawed Burn Mechanism Drains ~$131,600

The first attack targeted the #AM token contract on BSC. TenArmor flagged it as resulting from “another flawed burn mechanism in tokens contract,” enabling an attacker to manipulate token supply or liquidity unfairly.

Key transaction details:

  • Transaction Hash: 0xd0d13179645985eae599c029574e866d79b286fbea395b66504f87f31629f859
  • Timestamp: March 12, 2026, 12:40:15 AM UTC
  • Attacker Wallet: 0x0B9a1391269e95162bfeC8785E663258C209333B
  • Target Contract: 0x11ab0C24fbc359a585587397D270B5FEd2c85FD4
  • Method Called: 0x07adecd7 (custom exploit function)
  • Profit Realized: Approximately 131,572.53 BUSD (~$131,600 at the time), transferred directly to the attacker wallet
The exploit leveraged flash loans from Lista DAO (also known as Moolah), borrowing massive amounts: 9,265,119.89 BUSD and 361,710.32 WBNB. These were used to interact with Venus protocol lending pools (vWBNB and vUSDT) for borrowing/repaying cycles and PancakeSwap V2 for swaps in the AM-BSC-USD liquidity pool.The flawed burn logic allowed unauthorized token minting or manipulation during swaps, leading to excessive BUSD extraction. A “SwapFailed” event occurred due to “INSUFFICIENT_LIQUIDITY” in one sub-call, but the overall transaction succeeded. Large AM token amounts were sent to a dead address as part of the burn simulation gone wrong, inflating the attacker’s gains. Similar smart contract vulnerabilities have appeared in other DeFi incidents as well, including the Solv Protocol exploit, where attackers drained $2.7 million from the BRO vault after exploiting a contract flaw.
Binance Smart Chain Hack
Binance Smart Chain Hack

WUKONG Staking Exploits – ~$55,700 Loss in Two Attacks

TenArmor described the subsequent incidents as “another two hacks” on the #WUKONG staking contract, explicitly attributing them to a “classical reentrancy vulnerability.” This allowed the attacker to repeatedly call withdrawal functions before state updates, draining funds multiple times.Combined losses:

  • First attack: ~$37,700
  • Second attack: ~$18,000 (noted as “the attacker’s another hack tx”)

Attacker Wallet (from analysis of related flows): 0x13b1ae7c8413cc9f53356e69393c61bd29965ac8
Vulnerability Details: The staking contract’s unstake or claim function transferred tokens/BNB before updating user balances, total staked amounts, or emitting events. No reentrancy guard was present.
The attacker deployed temporary malicious contracts (e.g., addresses starting with 0xddb8…, 0x1f86…, 0xe89d…, etc.) that interacted with the staking contract, self-destructed after draining, and routed funds back via PancakeSwap Router V2. Internal transfers included:

  • 2.01 BNB (~$1,294)
  • 2 BNB (~$1,288)
  • Smaller amounts like 0.1 BNB and 0.4 BNB

These were converted and consolidated, with final outflows in BNB or wrapped forms.

  • Primary attack: 0x79467533d4d1f332df846dc78c16fe319cd1d3a1a0f01545b4cdd7a2d3a71d22   (~$37.7K)
  • Follow-up attack: 0x97e2b875552e4e82d058a775c7dd14198d15df869260235dbaf6577e5e3b13cc (~$18K)

Both occurred shortly after the AM exploit, around early March 12 UTC.

Separate Attacks, Common Chain Risks

The exploits involved different wallets (0x0B9a… for AM vs. 0x13b1… for WUKONG) and mechanisms (flash loan + burn flaw vs. reentrancy drain), indicating separate opportunistic actors rather than a coordinated group. However, the close timing and shared chain highlight how quickly vulnerabilities are scanned and exploited on BSC.No further on-chain recovery or project responses have been publicly confirmed yet. DeFi participants should prioritize:

  • Thorough smart contract audits
  • Use of established patterns like checks-effects-interactions
  • Reentrancy guards (e.g., OpenZeppelin libraries)
  • Real-time monitoring tools

These incidents also come amid a rise in scam tokens and honeypot schemes targeting users on BNB Smart Chain. In one recent case, a BSC Chain scam involving the 4Agent token reportedly drained nearly $100,000 from investors through a suspected honeypot setup, highlighting how malicious contracts can trap funds and prevent users from selling their tokens.

Related Story

Suspected Hedera DeFi Hack Moves $5.8 Million to Ethereum

Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera

July 11, 2026
CodexField on BNB Chain Faces Rug Pull Allegations

BNB Chain Project CodexField Faces Rug Pull Claims After Abnormal Fund Transfers

July 10, 2026
Disclaimer: Cryip is an independent media and research outlet providing news, data, and analysis on the cryptocurrency industry. Content is for informational and research purposes only and does not constitute financial, legal, tax, or investment advice. Cryptocurrency markets are volatile and past performance is not indicative of future results. References to specific assets, platforms, or incidents are for journalistic purposes only and do not imply endorsement, and readers assume full responsibility for their decisions.
Tags: BSC ChainCrypto Hacks

Related Posts

Suspected Hedera DeFi Hack Moves $5.8 Million to Ethereum
Security & Hacks

Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera

by Saravana Kumar Mahendran
July 11, 2026

A Bonzo Lend oracle verification exploit allowed an attacker to borrow approximately $9.05 million using a manipulated SAUCE price before...

Read moreDetails
CodexField on BNB Chain Faces Rug Pull Allegations

BNB Chain Project CodexField Faces Rug Pull Claims After Abnormal Fund Transfers

July 10, 2026
Hackers Target Injective Wallet Keys Through Compromised npm Package

Malicious Injective SDK Package Targets Private Keys and Seed Phrases

July 10, 2026
Ethereum User Loses Nearly $1 Million USDT in Phishing Token Approval Exploit

Phishing Approval Drains 999K USDT From Ethereum Wallet

July 9, 2026
BNB Chain Unveils New Layer 1 for AI-Powered Trading, Targets 2027 Mainnet

BNB Chain Unveils New Layer 1 for AI-Powered Trading, Targets 2027 Mainnet

July 8, 2026
Ctrl Wallet to Permanently Shut Down

Ctrl Wallet to Permanently Shut Down on August 3 After Cardano Security Exploit

July 7, 2026
Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

July 7, 2026
Next Post
OP_NET Secures $5 Million in Equity Funding Led by Further Ventures

OP_NET Secures $5 Million in Equity Funding Led by Further Ventures

Wells Fargo Files Trademark for WFUSD, Signaling Expanded Push Into Crypto and Tokenized Assets

Wells Fargo Files Trademark for WFUSD, Signaling Expanded Push Into Crypto and Tokenized Assets

Recommended

  • All
  • News
Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin's Biggest Long-Term Risks

Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks

July 11, 2026
Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

July 11, 2026
Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

July 11, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
AI Agents Now Have a New Internet Court to Settle Disputes

AI Agents Now Have a New Internet Court to Settle Disputes

July 10, 2026
Ledger Researchers Disclose Tangem Card Flaw

Ledger Researchers Reveal Laser Flaw in Tangem Cards as Firm Downplays User Risk

July 10, 2026
Circle Receives Final OCC Approval to Launch National Trust Bank

Circle Wins Federal Approval to Launch Regulated Digital Asset Trust Bank

July 10, 2026

Cryip focuses on crypto research and on-chain analysis, supported by coverage of markets, regulation, security events, and blockchain ecosystems.

Recent Posts

  • BingX launches the BingX Visa Debit Card, bridging digital assets and everyday payments
  • Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera
  • Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks

Categories

  • AI × Crypto
  • Data & Dashboards
  • DeFi Basics
  • Investing Basics
  • Market & Price
  • Market Updates
  • On-Chain Analysis
  • OpSec
  • Policy & Regulation
  • Post Mortems
  • Press Release
  • Reports
  • Scams & Fraud
  • Security & Hacks
  • Stablecoins
  • Tokenomics
  • VC & Funding
  • Wallets & Custody

Company

  • About Us
  • Contact Us
  • Editorial Standards & Integrity
  • Our Team
  • Privacy Policy
  • Review Methodology
  • Terms and Conditions
  • Trust, Disclosures & Independence

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.