Binance Smart Chain-based Bogged Finance Falls Victim to Flash Loan Attack, BOG Tanks 98%

Published May 23, 2021 | Updated May 23, 2021

In Brief
  • As per the report, hackers exploited a bug in the BOG token contract minting $3.6 million in profit.
  • The BOG token price crashed to an intraday low of $0.29.

Binance Smart Chain-based Bogged Finance Falls Victim to Flash Loan Attack, BOG Tanks 98%

  • As per the report, hackers exploited a bug in the BOG token contract minting $3.6 million in profit.
  • The BOG token price crashed to an intraday low of $0.29.

The Binance Smart Chain (BSC) is becoming more vulnerable to flash loan attacks on the DeFi protocol running over the platform. On Saturday, May 22, BSC faced a second such attack in a week’s time with the victim being the Defi protocol Bogged Finance (BOG). Earlier this week, a similar incident was reported for BSC-based Pancake Bunny (BUNNY).

The Bogged Finance (BOG) token price crashed 98% dropping from $8.6 all the way to hitting an intraday low of $0.29. However, the BOG token price has pulled back from the low and is currently trading at $1.95 with a market cap of $4.5 billion.

Courtesy: CoinMarketCap

Blockchain security and data analytics firm PeckShield recently reported the attack earlier today. As per their root cause analysis, The Bogged Finance Defi protocol was exploited by attackers while inflating the BOG balance. The attackers then minted a massive $3.6 million in profits while liquidating the BOG tokens. The analysis noted:

“The incident was due to a bug that allows the attacker to increase the balance via self-transfer. While it appears to be a flashloan attack, it is a flashswap-assisted one”.

Bug In BOG Token Contract

As reported by PeckShield, the incident happened through the exploitation of a bug in the BOG token contract. The contract in reality has been designed to be deflationary in nature by charging 5% of the transferred amount. Of this 5%, 1% is burned and the remaining 4% is taken as a fee for staking charges.

At the same time, the token contract implementation only charges 1% of the transferred amount but still inflates the 4% as the staking profit. The blog post notes:

“As a result, the attacker can take advantage of flashloans to significantly increase the staking amount and repeatedly perform self-transfers to claim the inflated staking profit. After that, the attacker immediately sells the inflated BOG for about $3.6M WBNB”.

Disclaimer
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.
About Author
Bhushan is a FinTech enthusiast and holds a good flair in understanding financial markets. His interest in economics and finance draw his attention towards the new emerging Blockchain Technology and Cryptocurrency markets. He is continuously in a learning process and keeps himself motivated by sharing his acquired knowledge. In free time he reads thriller fictions novels and sometimes explore his culinary skills.

Subscribe to our newsletter for free

Bhushan Akolkar 544 Articles
Bhushan is a FinTech enthusiast and holds a good flair in understanding financial markets. His interest in economics and finance draw his attention towards the new emerging Blockchain Technology and Cryptocurrency markets. He is continuously in a learning process and keeps himself motivated by sharing his acquired knowledge. In free time he reads thriller fictions novels and sometimes explore his culinary skills.
Follow Bhushan @