XSurge Faces $5,000,000 Exploit Despite Promises of Security

XSurge has confirmed a deeply damaging exploit worth $5 million and has made promises of reimbursements.

Security Breach And Millions Lost

After alarming transactions first became apparent on BSC Scan, the XSurge team have confirmed, via official Twitter account, that $5 million in SurgeBNB has been taken.

In the same tweet XSurge noted that it had been a backdoor exploit, meaning normal processes had been bypassed. The team also tried to quell fears of a further attack by explaining that SurgeUSD and SurgeETH do not withdraw BNB and therefore cannot be exploited in the same manner.

This will be unlikely to calm the anxieties of investors who will be scouring to inspect the damage caused. As expected the responses have been rampant, and some not unreasonable.

“I’m $1500 down: normally I would say I knew my risks but you guys said rug proof. Compensation sounds fair,”  @VinnyRipps_ tweeted.

This comes after many promises of security from the project team. Surge even boasted a well-known developer from SafeMoon, SafemoonMark – SafeMoon CEO, John Karony, has since announced he is no longer apart of the team.

SafemoonMark came out as the to be the writer of Surge code and mentioned safety from Rug Pulls via a Tweet on July 30th.


Hollow Promises

“With ownership fully renounced, no liquidity, and no need for DApps, there is no possibility of a rug pull or whale dominance,” Is the lofty statement on the XSurge webpage. Although that has been categorically proven untrue, it does not stop others from being influenced.

A dangerous trope that is currently permeating in DeFi are the relentless promises that see projects guaranteeing security, and hiding behind audits in underlining the strength of security. 

“There is absolutely no risk of a rug pull! There is no liquidity, no dev tokens, no exchange or the possibility of whales monopolizing ownership.” This was the statement in the most recent Medium post by AG Digikemet, an apparent supporter and volunteer.

The reality is exploits have been commonplace, and recent weeks have seen initiatives to combat them result in bug bounties and attempts to further strengthen security.

Exploit Anticipated?

Peculiarly, only hours before the exploit became apparent, a statement was put out urging SurgeBNB owners to take immediate action. 

The call out explained that a vulnerability had been identified and that SurgeBNB owners should find a way to migrate out of the token ASAP.


Of course, it is very clear that there is more than meets the eye here. It is very unlikely that a call should be put out in anticipation just hours before a huge exploit occurs. 

The truth is somewhere in between. After a detailed search we have also procured a statement that has been screenshot and placed on reddit. In the apparent source, ‘SurgeOrganizer’ explains that the exploit had been found earlier and the team had been trying to find a responsible solution. 

The general response, not just on this statement but by the XSurge team in general, is one of great disappointment and seemingly genuine hurt in the face of letting down investors. 


The issue of course lies in the initial readiness and perhaps even arrogance in proclaiming the project as rug proof. 

In a market where things move so quickly it is nearly impossible to guarantee the security of a project- but once you do you can expect investors to come knocking when inevitable disaster strikes. 

Source : bsc.news

Leave a Reply

Your email address will not be published. Required fields are marked *