Binance Smart Chain-based DeFi platform suffers $3M flash loan attack

Published at: May 24, 2021

Binance Smart Chain’s decentralized finance ecosystem saw a second flash loan exploit in a week after PancakeBunny. A new attack drained $3 million, or half the total liquidity, from DeFi platform Bogged Finance. The team confirmed the attack on Sunday, warning users not to buy its native token until the issue is solved.

The developer team identified and mitigated the exploit within 45 seconds, or 15 blocks, thanks to an online meeting held when the attack started. Still, the culprit was able to drain $3 million of the $6 million of liquidity. The BOG token price crashed from around $1.8 to $0.0003 following the attack.

Bogged Finance enables users to place a limit order on any Binance Smart Chain-based tokens. The team shared details of the attack in a Medium post:

“The attacker was able to utilize flash loans to exploit a flaw in the staking section of the BOG smart contract to manipulate the staking rewards and cause an inflation of supply — without the transaction fee being charged and burned — causing net inflation.”

According to the team, the transaction limit of 47,500 BOG has slowed the attacker’s automated process and potentially mitigated the damage. Within 45 seconds before the lead developer patched the exploit by disabling the transaction fee, the hacker was able to make a total of 11 transactions and made off 11,358 Binance Coin (BNB).

The team is working on migrating the liquidity to a new contract by “using the same exploit the attacker used.” It will deploy an updated version of the contract to Binance Smart Chain.

After burning about 7.5 million previously minted tokens during the migration, Bogged Finance will airdrop the holders’ liquidity tokens. “If you paid for your BOG, the platform’s native token, it is safe,” the announcement reassures. The team expects a smaller circulating supply after the whole process, which will take 48 hours, according to yesterday’s announcement.

Last week, prominent BSC-based DeFi protocol PancakeBunny suffered an attack in the same manner. Hackers made off with more than $200 million in crypto by utilizing an exploit in a flash loan attack.

Tags
Related Posts
DeFi hacks on Binance Smart Chain rise as TVL and volumes increase
Binance Smart Chain, or BSC, was launched in September 2020 as a parallel blockchain to Binance Chain. It enabled the creation of smart contracts and a staking mechanism for the native token of both blockchains, Binance Coin (BNB). In its brief nine-month existence, there have been a lot of decentralized finance, or DeFi, projects built on it, but there have been numerous instances of hacks on the blockchain’s protocols as well. The latest victim in the series of exploits is Spartan Protocol. The liquidity platform for synthetic assets was the subject of an attack that led to a loss of …
Technology / May 10, 2021
Finance Redefined: You get hacked, they get hacked, everyone gets hacked, Nov. 11–18
If people actually used insurance against hacks, this week would definitely have bankrupted a great many insurers. In the span of one week, a total of four flash loan-enabled exploits were registered (one actually happened the week before, but wasn’t noticed until later). We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol’s loss of $7 million. In total, the hackers stole $18.3 million, which admittedly, is not that much — less than the single October exploit of Harvest Finance. As …
Technology / Nov. 19, 2020
Binance Smart Chain Adds Chainlink Oracles for Better DeFi
Binance Smart Chain — a dual-chain architecture from major crypto exchange Binance — is now integrating Chainlink (LINK) data oracles. Binance Smart Chain adds smart contracts to the exchange's original chain, Binance Chain, and is currently in testnet. Chainlink co-founder Sergey Nazarov told Cointelegraph that in his opinion, this integration will save time and effort for developers who are building decentralized apps on the blockchain: “With the Chainlink integration, Binance Smart Chain developers no longer need to dedicate months of engineering time to set up their own oracle infrastructure. Now, they can simply use Chainlink as an abstraction layer to …
Technology / July 23, 2020
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023