Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Attacker Exploits Unknown Stake Contract, Drains $133K on BNB Chain

BlockSec Phalcon reports attacker used referrals to drain TUR, then swapped funds to USDT, emptying the contract and exposing key wallets involved.

Written By Kenrodgers Fabian
Fact Checked by Gopal Solanky
Published 2026-03-27·Updated 4 months ago
Make The Crypto Times preferred on GoogleGoogle
Share
Attacker Exploits Unknown Stake Contract, Drains $133K on BNB Chain

Key Highlights

  • $133K lost on BSC Stake exploit due to manipulated TUR token prices in the TUR-NOBEL pool.
  • DeFi rewards using live DEX prices are vulnerable, letting attackers inflate payouts instantly.
  • Past BSC hacks show low-liquidity pools and weak oracles create repeated exploitable risks.

A sudden loss of $133,000 has hit Binance Smart Chain (BSC), now known as BNB Chain, users after an advanced attack occurred on the Stake contract. The suspicious activities were quickly identified by BlockSec Phalcon, who flagged them immediately. 

As per the report, the hacker manipulated the TUR token price in the TUR-NOBEL pool. The hacker raised the spot price of the token and then staked it to gain an amplified reward. 

“Amplified rewards were claimed via referred accounts, draining all TUR from the contract,” BlockSec Phalcon reported. The attacker then swapped stolen TUR for USDT, leaving the contract empty. Key addresses involved include 0xC9..F692 and several referral accounts.

ALERT! Our system detected a suspicious transaction targeting an unknown contract (Stake) on #BSC hours ago, resulting in ~$133K loss.

Root cause: a vulnerable spot-price dependency in the Stake contract.

Attack flow:
1️⃣ The attacker manipulated the TUR price in the TUR–NOBEL… pic.twitter.com/bKhIZPiK4q

— BlockSec Phalcon (@Phalcon_xyz) March 26, 2026

The vulnerability of the exploit is a common DeFi vulnerability in that it utilized the real-time prices of the decentralized exchange without any form of protection. The contract utilized the spot price of the TUR-NOBEL pool for the reward computation. It did not have any form of protection, such as a time-weighted average or any external oracle. 

This meant that the attacker had the ability to inflate the rewards and then instantly claim them. In the transaction history, there are multiple instant claims made by the attacker, indicating that the attack was systematic and the price had not normalized yet. One of the transactions indicated that the attacker had tested the limits of the system but had been unable to proceed with the theft.

How price manipulation drives DeFi exploits

Many DeFi platforms, especially smaller staking or yield farms, get token prices straight from liquidity pools. This approach saves on transaction costs but can be risky in pools with low liquidity or when flash loans are used. Attackers can borrow large amounts temporarily, shift pool balances, and manipulate reward or loan calculations. Once the pool returns to normal, they cash out with a profit.

BNB Chain has seen similar attacks before. In 2025, the TOKENbnb contract lost $3,000 when flawed reward logic allowed price manipulation. D3X AI suffered a $158,900 loss for relying on a single spot price. Venus Protocol faced over $3.7 million in losses after attackers manipulated TWAP oracles using large token holdings.

The broader DeFi risk landscape

BNB Chain remains popular because of its low fees and fast transactions, but repeated exploits highlight ongoing weaknesses. Problems like flawed reward systems, reliance on live token prices, and weak access controls leave platforms vulnerable. 

Developers need stronger safeguards, such as TWAP oracles, external price feeds, and thorough audits. Investors should also be careful when using smaller staking pools.

Also Read: Brazil Targets Crime With Crypto Law as Bitcoin Reserve Looms

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:BinanceCrypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Ethereum L1 Tops Public Networks With Over $19B in Tokenized Assets
Ethereum L1 Tops Public Networks With Over $19B in Tokenized Assets
Backpack Launches 24/7 Trading for Select U.S. Stocks
Backpack Launches 24/7 Trading for Select U.S. Stocks
Why is Black Bull (ANSEM) Token Down Today
Why is Black Bull (ANSEM) Token Down Today?
Empery Digital Sells 1,400 BTC to Cut Debt, Fund Expansion
Senate Democrats Renew Calls to Probe Trump’s Crypto Holdings

Find Us on Socials

You may also like

On-Chain Investigator Flags BNB Chain's CodexField as a Potential $85M Rug Pull

On-Chain Investigator Flags BNB Chain’s CodexField as a Potential $85M Rug Pull

MiCA Backfire Binance Says 70% of Departing EU Users Choose Self-Custody

MiCA Backfire: Binance Says 70% of Departing EU Users Chose Self-Custody 

Robinhood Chain Active Addresses Hit Record High Amid Meme Coin Frenzy

Robinhood Chain Active Addresses Hit Record High Amid Meme Coin Frenzy

Crypto User Loses $999,999 in USDT to a Single Phishing Signature

Crypto User Loses $999,999 in USDT to a Single Phishing Signature

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information