On March 5, 2026, BC.GAME announced that a hacker exploited a vulnerability in a third party game and stole $4,326,700. The platform is offering a $500,000 bounty for any leads on the attacker.

The hacker’s wallet was identified almost immediately. EyeOnChain tracked $1.7 million USDC flowing from the attacker into Hyperliquid, where they opened a 15,457 ETH short position worth ~$31 million. ETH moved against them. Within 20 hours, partial liquidations wiped the balance down to $171,178. Roughly $1.53 million of the stolen funds gone on a single leveraged bet.

Community investigators then connected the same wallet to previous Hyperliquid blowups totalling over $65 million in losses.

Below is everything we know: what BC.GAME confirmed, where the money went, who the attacker may be, and what players should do now.

What BC.GAME Confirmed on March 5, 2026

BC.GAME’s official statement on X revealed the following details about the incident.

Here is BC.GAME’s full statement:

This address belongs to a hacker,the funds used are illegal proceeds stolen from https://t.co/75wFXJL2Zp!!

The hacker exploited a vulnerability in a third-party game and illegally profited $4,326,700 from BCGAME.

BCGAME is now offering a global bounty to all players worldwide… https://t.co/U8DiVj14G0

— BC.GAME (@bcgame) March 5, 2026

The exploit targeted a third party game, not BC.GAME’s core platform or wallet infrastructure. This is an important distinction. BC.GAME hosts over 10,000 titles from hundreds of external game providers. These third party integrations carry their own code and their own attack surface.

BC.GAME did not specify which game or provider was compromised. The HYPE invite code MMREFCSI suggests the attacker had an active account on the platform and was using Hyperliquid’s referral system, which may help investigators trace the identity further.

The $500,000 bounty is open to all players worldwide. At the time of writing, BC.GAME has not announced any withdrawal pauses, account freezes, or changes to its deposit and withdrawal processing.

The speed of BC.GAME’s public response is notable. The platform identified the wallet, disclosed the exact dollar amount, and posted the bounty within hours. Whether this leads to recovery depends largely on on chain investigators and whether the hacker’s operational security holds up under scrutiny.

Based on what community analysts have already uncovered, it may not.

How the Hacker Lost $1.53M of the Stolen Funds on Hyperliquid

Hours after the exploit, blockchain analyst EyeOnChain flagged the attacker’s wallet moving aggressively on Hyperliquid. The on chain data tells a clear story.

This one escalated very fast .

Wallet 0xA5e4F8141Cb2759CeA58F28cF2d0AB21b98580cA came in heavy about 19 hours ago, receiving 1.7M USDC and going straight into a massive short — 15,457 $ETH , roughly a $31M position.

Big size and Clear conviction. But #ETH didn’t cooperate.… pic.twitter.com/qNJv3vi4ri

— EyeOnChain (@EyeOnChain) March 4, 2026

The attacker deposited $1.7 million USDC via a cross account transfer and immediately opened a massive short position on Ethereum. The bet was simple: ETH goes down, hacker profits. ETH went up instead.

The Position Breakdown

How the Position Collapsed

ETH price pushed higher after the short was opened. The position started taking partial liquidations almost immediately. On chain records show at least 9 separate close/decrease events within a two hour window.

The withdrawal record confirms the damage. The account started with a $1,700,196.02 cross account transfer and ended with a single $171,178.95 withdrawal. That is a 90% loss in under a day.

EyeOnChain’s post tracking this wallet received over 215,000 views within hours. The visibility of the trade makes it significantly harder for the attacker to move the remaining funds without being flagged by exchanges, on chain trackers, and law enforcement.

This was not the attacker’s first time making reckless bets on Hyperliquid. And the pattern is what ultimately may identify them.

The On Chain Trail: Connecting the Hacker to Previous Incidents

Within hours of BC.GAME’s announcement, crypto investigator SomaXBT posted on X linking the attacker’s wallet to a pattern of high leverage blowups on Hyperliquid dating back to November 2025. The connections suggest this is not a first time exploit.

November 2025: The $60M ZEC Short Liquidation

Arkham Intelligence tracked a whale controlling three separate Hyperliquid accounts, each shorting $20 million of Zcash (ZEC) simultaneously. Total exposure: $60 million. ZEC rallied instead. All three accounts were fully liquidated, resulting in a $5.5 million loss.

Arkham confirmed all three accounts belonged to the same individual.

November 2025: The $7M BTC and XRP Short

SomaXBT also flagged a second connection. Earlier that same month, on chain analyst Elon Xusk (@GateioTP) had identified a newly created wallet that deposited $7 million USDC into Hyperliquid and opened 20x short positions on both BTC and XRP.

The analyst identified the wallet owner as a high stakes gambler with accounts on Roobet and Stake.com.

March 2025: ZachXBT Identifies a Convicted Cybercriminal

The most significant connection comes from an earlier investigation by ZachXBT, the most prominent on chain detective in crypto. In March 2025, ZachXBT published a thread identifying a mysterious Hyperliquid whale as William Parker (formerly known as Alistair Packover), a British national convicted and sentenced in Finland in 2024 for stealing nearly $1 million from two online casinos.

ZachXBT’s investigation found that the wallet cluster was tied to accounts on multiple platforms.

ZachXBT also found that one address in the cluster had received funds from a phishing operation. His conclusion was blunt: this was not a sophisticated trader. It was a cybercriminal gambling with stolen funds.

The Pattern

What is clear is this: the individual behind the BC.GAME exploit follows a consistent pattern. Steal funds. Move them to Hyperliquid. Open reckless leveraged positions. Lose most of it. That pattern of behaviour is exactly what makes on chain investigators confident these incidents are connected.

Is BC.GAME Safe? What Players Need to Know

This is the question every BC.GAME player is asking right now. The short answer: player wallets and deposits were not compromised. The exploit targeted a third party game, not BC.GAME’s core infrastructure. But context matters, so here is how this incident compares to other major crypto casino hacks.

How BC.GAME’s Hack Compares to Stake.com and MetaWin

The key difference here is the attack surface. Stake.com’s hack compromised their own hot wallet private keys. MetaWin’s exploit hit their withdrawal system. BC.GAME’s breach came through an external game provider’s code. That means BC.GAME’s own wallet infrastructure, player balances, and deposit/withdrawal systems were not the point of failure.

That said, BC.GAME is still responsible for the games it hosts. If a third party title has a vulnerability that allows $4.3 million to be extracted, questions about vetting, auditing, and integration security are valid.

BC.GAME’s Security Setup

BC.GAME runs a multi layer security system called BC Shield. Based on our review of the platform, it includes the following protections.

BC.GAME’s own original games (Crash, Plinko, Dice, Limbo) use provably fair cryptographic verification. Players can verify each result using server seeds and client seeds. These games were not part of the exploit.

The vulnerability was in a third party title, one of the 10,000+ games BC.GAME hosts from external providers. This is where the risk sits for any large crypto casino. The more games you offer, the larger your third party attack surface becomes.

BC.GAME’s Licensing Situation

BC.GAME currently operates under a licence from the Autonomous Island of Anjouan (Union of Comoros). This replaced its previous Curacao licence after its former operator Blockdance B.V. was declared bankrupt by Curacao courts in late 2024 for failing to pay over $2 million in player winnings.

Anjouan is a less established regulatory jurisdiction than Curacao, Malta, or the UKGC. It does not impose the same compliance requirements or player protection standards. This does not mean BC.GAME is unsafe, but players should understand the regulatory framework they are operating under.

What This Means for BC.GAME Players

If you have an active BC.GAME account, there are a few practical steps worth taking right now.

Immediate Actions

Should You Still Play at BC.GAME?

That depends on your risk tolerance. Here is what the evidence says.

The exploit hit a third party game, not BC.GAME’s wallet or payment systems. Player deposits and withdrawals are processing normally. BC.GAME responded publicly within hours, disclosed the exact amount, identified the wallet, and posted a $500,000 bounty. That level of transparency is better than what most platforms deliver after a security incident.

On the other side, BC.GAME has not named the compromised game or provider. They operate under an Anjouan licence, which offers less regulatory oversight than Curacao or Malta. And the fact that a third party integration allowed $4.3 million to be extracted raises questions about how games are vetted before being added to the platform.

For players who want to continue using BC.GAME, our BC.GAME bonus code page has the latest available offers and sign up details.

What Happens Next

This story is still developing. The key things to watch for are:

We will update this article as new details emerge. If you have information related to the hack, BC.GAME’s bounty is open globally through their official X account @bcgame.