By Ekin Genç
2 min read
In just 14 transactions, a flash loan attack drained $7.2 million from the wallets of BurgerSwap, a decentralized exchange based on the Binance Smart Chain.
Flash loans are instantaneous crypto loans. A borrower can do whatever they like with the funds, so long as they repay the loan within the same transaction.
BurgerSwap conducted a post-mortem investigation with blockchain security firm PeckShield to work out how flash loans manipulated the protocol.
They discovered that, at 9PM UTC yesterday, an attacker deployed a fake BEP-20 token—a generic token standard on the Binance Smart Chain—and used it to form a trading pair with BURGER, BurgerSwap’s native token.
Later, the attacker executed a code to manipulate the reserve supply of that trading pair, causing the price of $BURGER to move drastically. The attacker capitalized on that phony price difference through flash loans and continued to scheme their way through the exchange.
The attacker eventually made off with $1.6 million in Wrapped BNB, $6,800 in ETH), $3.2 million of BURGER coin, $1 million of xBURGER, a synthetic version of BURGER, 95,000 ROCKS ($152,000), $22,000 of Binance’s US dollar-pegged stablecoin, BUSD, and a further $1.4 million of USD stablecoin Tether.
“We understand what the community cares about the most. Detailed compensation plan is on the way”, BurgerSwap tweeted today. “All we [are] asking for is some time.”
BurgerSwap launched in September 2020 on the Binance Smart Chain (BSC), a popular decentralized finance (DeFi) alternative to the Ethereum network.
The BurgerSwap attack comes a week after PancakeBunny, another Binance Smart Chain-hosted DEX, fell victim to a similar attack and lost $45 million in customer funds.
Decrypt-a-cookie
This website or its third-party tools use cookies. Cookie policy By clicking the accept button, you agree to the use of cookies.