BurgerSwap Flash Loan Attack on Binance Smart Chain (BSC) Sweeps $7 Million In Losses

Binance Smart Chain (BSC), the Ethereum-competitor for DeFi protocols, is facing severe flash loan attacks since the beginning of May 2021. The latest victim has been DeFi protocol BurgerSwap. The platform recently updated that at around 3 AM on Friday, May 28, BurgerSwap faced a flash loan attack on BSC wherein the attackers swept $7.2 million in losses in just 14 transactions.

To exploit the platform, the attackers created their own fake BEP-20 token while forming a new trading pair with $BURGER. Through some routing adjustments, the “attacker created $BURGER -> Fake Coin -> $WBNB routing; through $BURGER -> Fake Coin trading pair”.

Later, using the fake coin and manipulated reserves in the pair’s contract, the attacker re-entered BurgerSwap while changing the price of $BURGER. The attacker then re-entered the transaction to trade back the $WBNB and thus obtain the extra amount of WBNB inputted. In this thread, BurgerSwap explains step-wise how the attacker managed to rout $7.2 million. Below is the complete list of what exactly has been stolen.

8/9

What was stolen:
– 4.4k WBNB ($1.6M)
– 22k BUSD ($22k)
– 2.5 ETH ($6.8k)
– 1.4M USDT ($1.4M)
– 432k BURGER ($3.2M)
-142k xBURGER ($1M)
– 95k ROCKS

— BurgerSwap (@burger_swap) May 28, 2021

The price of the $BURGER token is down by more than 20% and is currently trading at $6.65 with a market cap of $80.3 million.

Binance Smart Chain (BSC) and Flash Loan Attacks

This is the fourth flash loan attack taking place on Binance Smart Chain (BSC) within a month’s time. Over the last two weeks, we have reported attacks on DeFi protocols Pancake Bunny, Bogged Finance, and AutoShark Finance.

The price of their respective DeFi tokens has crashed over 90% thereby eroding a large amount of investors’ money. This vulnerability of attackers frequently exploiting the Binance Smart Chain (BSC) has got investors to question the security of the platform.

Since the beginning of May, the total losses on BSC due to multiple flash loan attacks have exceeded over 150 million U.S. Dollars. Another DeFi project JustLiquidity Swap aka JulSwap has been facing a similar situation. However, its founder has confirmed that there has been no exploit or hack at the protocol level.

Hi Community,

we investigated the dump tonight on Jul. it’s seems it was the same Situation as some other projects experienced in the last weeks due to an flash loan.

There is NO hack or exploit!

Flash Loan Hash:https://t.co/AVus5B2ZVX

More informations soon.

— TG Crypto (@tg_cryptos) May 28, 2021

Disclaimer

The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.

About Author

Bhushan Akolkar

Bhushan is a FinTech enthusiast and holds a good flair in understanding financial markets. His interest in economics and finance draw his attention towards the new emerging Blockchain Technology and Cryptocurrency markets. He is continuously in a learning process and keeps himself motivated by sharing his acquired knowledge. In free time he reads thriller fictions novels and sometimes explore his culinary skills.