VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
On May 12, 2026, at approximately 10:11 UTC, the SQ Protocol on BNB Chain was exploited for $346,137. The attacker abused a hardcoded owner backdoor in the verified Staking contract (0x404404a845fff0201f3a4d419b4839fc419c99f7). Using a type-0x4 transaction with authorizationList, they took ownership, minted fake staking claims, redeemed ~296.5K USDT, swept SQi tokens, and dumped them in the SQi/USDT pool for additional profit. Total realized loss: approximately $346.1K. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 346,100.
Primary source
https://x.com/Defi_Nerd_sec/status/2054425936746148148 ↗Sourced from
slowmist
Technical record
- chain
- bsc
- protocol
- SQ Protocol
- bug_class
- logic
- date_occurred
- 2026-05-12
- loss_usd
- $346,100
- source_id
- sm:sq-protocol::2026-05-12
Related — same bug class· logic