Binance Smart Chain DeFi project BurgerSwap hacked for $7 million Binance Smart Chain DeFi project BurgerSwap hacked for $7 million
🚨 This article is 3 years old...

Binance Smart Chain DeFi project BurgerSwap hacked for $7 million

Decentralized finance platform BurgerSwap lost over $7.2 million worth of BNB, ETH, BURGER, other tokens to a flash loan attack.

Binance Smart Chain DeFi project BurgerSwap hacked for $7 million

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

BurgerSwap, a decentralized finance (DeFi) platform based on smart contracts network Binance Smart Chain (BSC), fell victim to a so-called flash loan attack today, allowing the malicious actor to get away with roughly $7.2 million worth of tokens.

Another day, another DeFi hacked

“BurgerSwap Flash Loan Attack Details: At around 3 am on May 28th (UTC+8) #BurgerSwap on the BSC chain encountered a flash loan attack; $7.2M was stolen from #BurgerSwap in 14 transactions,” the project tweeted.

According to BurgerSwap, the hacker(s) created their own “fake coin”—which can be done by anyone on BSC—and used it to form a trading pair with the platform’s BURGER token.

“By adjusting the routing, the attacker created $BURGER -> Fake Coin -> $WBNB routing; through $BURGER -> Fake Coin trading pair, attacker re-entered  BurgerSwap through Fake Coin & manipulated a number of reserve0 and reserve1 in the pair’s contract, causing the price to change,” the developers explained.

Then, the attacker took a flash loan of 6,000 Binance Coin (BNB) from PancakeSwap, another BSC-based DeFi platform, and swapped the funds for 92,000 BURGER tokens. After that, they added 100 “fake tokens” and 45,000 BURGER to a liquidity pool and used it to exchange the “fake tokens” for 4,400 BNB.

“Because of reentrancy in time of transfer fake token, the attacker did another swap from 45k $BURGER to 4.4k $WBNB. In total attacker received 8,800 $WBNB in the two latest steps,” the platform noted, adding that the hacker then “Swapped 493 $WBNB to around $108,700 BURGER on BurgerSwap” and repaid the flash loan.

Flash boys

Overall, the attacker reportedly managed to steal 4,400 BNB (worth around $1.6 million), 22,000 BUSD and 1.4 million USDT stablecoins, 2.5 Ethereum ($6,800), 432,000 BURGER ($3.2 million), and 142,000 xBURGER ($1 million)—for a total of over $7.2 million.

As CryptoSlate previously reported, a similar attack was recently conducted on Pancake Bunny, yet another DeFi platform in the BSC ecosystem.

Following the exploit, the project’s BUNNY token plummeted, losing over 90% of its price, while the hacker nabbed approximately $45 million of tokens.

Posted In: DeFi, Hacks