Bitcoin btc
$ usd

BNB Hacker Now Fourth-Largest Holder of Rocket Pool’s rETH

2 mins
5 February 2023, 12:32 GMT+0000
Updated by Ali M.
5 February 2023, 12:32 GMT+0000
In Brief
  • A BNB exploiter is now the fourth-largest holder of Rocket Pool's rETH.
  • The hacker has moved majority of the funds to a new wallet "0x5313."
  • The exploiter appears to be attempting to obfuscate his transactions.
  • promo

An address connected to the BNB bridge exploiter has moved $74 million worth of crypto to 0x5313, becoming the fourth-largest Rocket Pool’s rETH whale, blockchain security firm PeckShield reported.

According to PeckShield, the crypto assets transferred to the new wallet included 43,228 stETH, worth about $70 million, 1,679 Rocket Pool’s rETH, worth $2.9 million, and 771 ETH, valued at $1.27 million. The account further swapped $7 million in crypto assets, including 6.2 million USDC and 472 ETH for 3,990 rETH.

BNB Exploiter: The Fourth-Largest Holder of rETH

The 0x5313 is now one of the largest holders of staked Ethereum, with over $82 million in liquid staked ETH from the top two platforms. This includes 39,000 wrapped LDO, stETH, and 5,700 RocketPool staked ETH.

With its rETH holding valued at $10 million, the exploiter is now the fourth largest holder of rETH. RocketPool staked ETH and Wrapped Lido stETH are trading at a premium to ETH itself.

Soruce: EtherScan

The BNB bridge exploiter took advantage of a bridge vulnerability to steal 2 million BNB tokens valued at over $500 million in October 2022.

At the time, Binance decided to temporarily pause the BNB Smart Chain to prevent the hacker from moving the funds. The exploiter was only able to successfully move about $100 million worth of assets before the rest were frozen. Since then, the hacker has been using decentralized protocols to move assets.

Arkham Intelligence data shows that the address used 1inch to swap 33,000 ETH valued at $50 million for stETH. It also received 8.9 million worth of stETH in two transactions from 0x68EA8. After transferring most of its assets today to 0x5313, the exploiter moved 0.2 ETH to 0x4Ad.

All these fund transfers appear to be part of a strategy by the hacker to obfuscate his transactions. It could also be a way to minimize losses after the exploiter lost 7.18 million JUSDTNative due to liquidation on his AVAX position. 

DeFi exploits have been relatively low this year. PeckShield reported that there were only $8.8 million in crypto losses due to exploits in January. That is a 93% year-on-year decline from 24 exploits.


In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.