Ще один проект BSC: 7.2 мільйона доларів, вичерпані з BurgerSwap в результаті флеш-кредитної атаки

Another protocol employing the Binance Smart Chain has suffered a security breach. This time, it was the decentralized exchange BurgerSwap, and the perpetrators stole over $7 million through a flash loan attack.

$7.2M Drained From BurgerSwap

Launched earlier this year, BurgerSwap is a DeFi project enabling users to swap between tokens issued on the BSC and earn rewards for providing liquidity. Earlier today, the protocol took it to Twitter to виділити the security breach it had experienced.

It all happened on May 28th, and the perpetrators chose a rather notorious and common way to exploit the protocol – through a flash loan attack. They manage to drain $7.2 million from BurgerSwap via 14 transactions.

They created their own Fake Coin and formed a new trading pair with BURGER – the native crypto token of BurgerSwap. Later, the perpetrators adjusted the routing to – BURGER -> Fake Coin -> Wrapped BNB.

They used the BURGER/Fake Coin trading pair to re-enter BurgerSwap through Fake Coin and manipulated the number of reserve0 and reserve1 in the contract, causing a significant price change.

By re-entering the transaction again and trading back to WBNB, the hackers managed to obtain the extra amount of WBNB inputted. As such, they flash swapped 6,000 WBNB ($2 million) from PancakeSwap and then almost all WBNB to 92,000 BURGER on BurgerSwap.

6/9

(3) Created pair with a fake token on BurgerSwap & added 100 fake tokens and 45k $ БУРГЕР to pool;
(4) Swapped 100fake tokens to 4,400 $ WBNB through the pool;
(5) Because of reentrancy in time of transfer fake token, attacker did another swap from 45k $ БУРГЕР до 4.4к $ WBNB; pic.twitter.com/SeVcE2bJ6w

- BurgerSwap (@burger_swap) Травень 28, 2021

Ultimately, they stole 4,400 WBNB ($1.6M at the time), 22,000 BUSD, 2.5 ETH ($6.8K), 432,000 BURGER ($3.2M), 142,000 xBURGER ($1M) and 95,000 ROCKS.

The DeFi project has suspended all its services as of now and волі “surely work hard to cover users’ loss.”

Не Перший

The BSC’s rapid growth since inception caught the attention of bad actors, and the number of attacked protocols using the network has exponentially increased in recent months.

Криптовалюта має повідомляє some of the examples, including Spartan Protocol. The attack transpired earlier in May and resulted in the loss of over $30 million of users’ funds.

Shortly before that one was Uranium Finance’s turn. The BSC-employing automated market maker saw roughly $50 million вкрали from its network, but some suggested that it could have actually been a rug pull.

Similar concerns came from Meerkat Finance after $30 million was злиті from the protocol in March this year.