Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to monitoring by BlockSec Phalcon, a suspicious transaction targeting an unknown contract (Stake) on the BSC chain has been detected, resulting in a loss of approximately $133,000. The attacker exploited a spot price dependency vulnerability within the Stake contract. By manipulating the price of TUR in the TUR-NOBEL pool and subsequently staking TUR, the attacker triggered reward calculations based on the artificially inflated price. They then claimed the amplified rewards through a referral account and ultimately profited by swapping the stolen TUR for USDT. Attack method (per SlowMist): Oracle Manipulation. Reported loss: $ 133,000.
- chain
- bsc
- protocol
- unknown contract (Stake) on BSC
- bug_class
- oracle
- date_occurred
- 2026-03-27
- loss_usd
- $133,000
- source_id
- sm:unknown-contract-stake-on-bsc::2026-03-27