BurgerSwap on Binance Smart Chain drained of $7.2M after flash loan attack
Binance Smart Chain is under attack, again, after yet another decentralized finance [DeFi] project got exploited in the last 24 hours. On 28 May, BurgerSwap [BURGER] on the BSC was the target of a flash loan attack, one owing to which the protocol lost $7.2 million.
The aforementioned attack was carried out within the span of 14 transactions, with different amounts of seven different cryptos being stolen by perpetrators. These included $3.2 million worth of BURGER tokens, along with Wrapped BNB [WBNB] worth $1.6 million, Tether [USDT] worth $1.4 million, and Ethereum worth $6.8k.
According to an update provided by the BurgerSwap team,
“Here is the core of the attack, Hackers created their own Fake Coin (non-standard BEP-20 tokens) and formed a new trading pair with $BURGER;by adjusting the routing, attacker created $BURGER -> Fake Coin -> $WBNB routing; through $BURGER -> Fake Coin trading pair, attacker re-entered BurgerSwap through Fake Coin & manipulated number of reserve0 and reserve1 in the pair’s contract, causing the price to change.”
The attacker then re-entered the transaction to trade back the WBNB to obtain the extra amount of WBNB that was put in.
Following the attack on BurgerSwap, there was panic among users and holders. Soon after the news broke, the team behind BurgerSwap urged the protocol’s users for “some time,” adding that a “detailed compensation plan is on the way.”
We understand what the community cares about the most. Detailed compensation plan is on the way. https://t.co/DnwRN33ENC
— BurgerSwap (@burger_swap) May 28, 2021
Despite the aforementioned update, however, it’s worth noting that some online analysts have been speculating about an inside job by the developers.
The exploit happened because the attacker could do reentrance and did a second swap before reserves, which are used to calculate the number of tokens in swaps, were updated. pic.twitter.com/45DNYtycbO
— Igor Igamberdiev (@FrankResearcher) May 28, 2021
Binance Smart Chain and security woes
While the BurgerSwap team is now focused on rebuilding from this attack, the vulnerability of BSC is under the scanner once again, especially since this isn’t the first time.
Other projects have also been attacked on the BSC recently like PancakeBunny [BUNNY] and Bogged Finance [BOG]. The former was attacked on 20 May and resulted in attackers sweeping $200 million, while the latter saw $3 million being stolen on 24 May.
It should be highlighted here that BSC has taken steps to fix its loose ends with respect to its security, with the same receiving support from blockchain security and analytics firm CipherTrace recently. The security firm has extended its services to identify high-risk financial transactions taking place on the blockchain.