Binance Smart Chain’s [BSC] DeFi protocols have seen tremendous traction as the industry anticipated yet another dramatic summer for the decentralized finance realm.
However, instances of security breaches by bad actors in millions continued to grab headlines as the field achieved more and more popularity. Especially, flash loan attacks, which have gained significant notoriety off late.
BurgerSwap is the latest decentralized exchange on Binance’s defi to have suffered a flash loan exploit. It all started at around 3 AM on the 28th of May [UTC+8].
What exactly happened?
The perpetrators of the hack allegedly stole a whopping $7.2 million after creating their own “Fake Coin”, forming a trading pair with the platform’s native token BURGER, and subsequently changing the latter’s value.
In a series of tweets, BurgerSwap revealed that it incurred a $3.2 million loss in BURGER, $1.6 million in Wrapped Binance Coin [wBNB], $2.5k in Ethereum [ETH], and $1.4 million in stablecoin Tether [USDT] and $22k in BUSD among others. The Uniswap clone on BSC also disclosed that the flash loan exploit was executed in a total of 14 transactions.
Popular Research analyst, Igor Igamberdiev stated,
“The exploit happened because the attacker could do reentrance and did a second swap before reserves, which are used to calculate the number of tokens in swaps, were updated.”
According to the founder of Uniswap, Hayden Adams, the malicious entities were able t hack because the decentralized exchange was missing a key line of code. The exec said that that BurgerSwap was based on Uniswap’s V2 code. However, a certain line of code had been removed, which allowed the core to be very “trivially be drained.”
He also took a not-so-subtle jibe at the protocol which read, “iWoNDerWhYTHeyDiDtHAt”
The attack, however, did not have much effect on the native BURGER token which was down by almost 16% due to the market-wide pullback. At the time of writing, it was being traded at $5.91.
BSC takes the heat for back-to-back defi exploits
Binance Smart Chain [BSC] has come received its fair share of flack from users and investors in the defi space. It has not only triggered an alarm in the wider developer community, but the frequency of attacks on protocols has led to several notable players in the field question the infrastructure as a whole.
Along the same line Samy Karim, who happens to be the coordinator of business and ecosystem development in the cryptocurrency exchange Binance, had recently tried to alleviate the situation and stated,
“BSC is a public permissionless infrastructure so anybody can deploy projects there. You have malicious actors there and hacks, and exploits in DeFi are not new and definitely not unique to BSC.”
If you found this article interesting, here you can find more DeFi News