-
$140M Lost in May Alone – CertiK reports crypto hacks and scams surged, with phishing attacks causing $8.5M in damages.
-
BSC Exploit Drains $2M – Attacker abused printMoney() via a compromised contract, converting funds into BNB and stablecoins.
The rising phishing, wallet hack, and security breaches are creating panic in the crypto space. Recently, Blockchain security firm CertiK revealed that in May alone, around $140.1 million was lost to crypto hacks, scams, and exploits, while $162 million in assets were frozen. Notably, phishing attacks accounted for about $8.5 million of the total losses.
CertiK alert has flagged a major exploit on the Binance Smart Chain (BSC), where an attacker drained nearly $2 million by abusing a smart contract function called printMoney().
Exploiter Uses Authorized Contract to Steal Funds
#CertiKInsight 🚨
We have detected suspicious txns by a known exploiter address 0xd5c6f3B71bCcEb2eF8332bd8225f5F39E56A122c on BSC, which repeatedly calls printMoney() on its authorized attack contract to drain ~$2M from unverified victim 0xb5cb0.
Stay… pic.twitter.com/yNKLecD5Le
— CertiK Alert (@CertiKAlert) June 25, 2025
The exploit was carried out by a known attacker operating from address 0xd5c6f3…122c. The individual repeatedly triggered the printMoney() function on their authorized attack contract. The unauthorized access stemmed from a compromised victim contract linked to the address 0xb5cb0, which had unknowingly approved the malicious contract about eight hours before the attack.
CertiK believes the victim contract deployer’s private key may have been phished or otherwise compromised, leading to the unauthorized approval transaction. This gave the attacker full permission to transfer the victim’s tokens.
Attacker Converts Funds and Holds Nearly $2M
2/ The attacker quickly redeemed stolen derivative tokens for BNB and stables and is currently holding ~$1,962,330 in value at 0xd5c6f3B71bCcEb2eF8332bd8225f5F39E56A122c. pic.twitter.com/D7MSpbUagY
— CertiK Alert (@CertiKAlert) June 25, 2025
Once access was secured, the attacker swiftly converted the stolen derivative tokens into BNB and stablecoins. As of now, the exploiter is holding approximately $1.96 million worth of assets at their address.
Community Urged to Stay Alert
Big crypto hacks are piling up this year, with Coinbase losing $400 million, Cetus on the Sui network hit for $220 million, and others like Phemex and UPCX also suffering huge losses. These incidents show just how risky things can get in crypto if you’re not careful. According to CertiK, one of the biggest mistakes is trusting unverified smart contracts or having weak security for private keys. In a recent BSC hack, that’s exactly what went wrong. The attacker was able to steal millions because the victim’s contract wasn’t properly secured.
CertiK is now tracking the hacker’s wallet and keeping an eye on suspicious activity. They’ve also reminded users and developers to always check contract approvals, use well-audited code, and avoid rushing into transactions.
Meanwhile, CertiK’s advice is simple be careful, stay alert, and don’t rush into anything.
Read the full article here
