Welcome Bonus: Sign Up & Get Up to $150 in BTC

Get Started
Binance Smart Chain DeFi project BurgerSwap hacked for $7 million Binance Smart Chain DeFi project BurgerSwap hacked for $7 million

Binance Smart Chain DeFi project BurgerSwap hacked for $7 million

Decentralized finance platform BurgerSwap lost over $7.2 million worth of BNB, ETH, BURGER, other tokens to a flash loan attack.

Binance Smart Chain DeFi project BurgerSwap hacked for $7 million

Cover art/illustration via CryptoSlate

BurgerSwap, a decentralized finance (DeFi) platform based on smart contracts network Binance Smart Chain (BSC), fell victim to a so-called flash loan attack today, allowing the malicious actor to get away with roughly $7.2 million worth of tokens.

Another day, another DeFi hacked

โ€œBurgerSwap Flash Loan Attack Details: At around 3 am on May 28th (UTC+8) #BurgerSwap on the BSC chain encountered a flash loan attack; $7.2M was stolen from #BurgerSwap in 14 transactions,โ€ the project tweeted.

According to BurgerSwap, the hacker(s) created their own โ€œfake coinโ€โ€”which can be done by anyone on BSCโ€”and used it to form a trading pair with the platformโ€™s BURGER token.

โ€œBy adjusting the routing, the attacker created $BURGER -> Fake Coin -> $WBNB routing; through $BURGER -> Fake Coin trading pair, attacker re-enteredย  BurgerSwap through Fake Coin & manipulated a number of reserve0 and reserve1 in the pairโ€™s contract, causing the price to change,โ€ the developers explained.

Then, the attacker took a flash loan of 6,000 Binance Coin (BNB) from PancakeSwap, another BSC-based DeFi platform, and swapped the funds for 92,000 BURGER tokens. After that, they added 100 โ€œfake tokensโ€ and 45,000 BURGER to a liquidity pool and used it to exchange the โ€œfake tokensโ€ for 4,400 BNB.

โ€œBecause of reentrancy in time of transfer fake token, the attacker did another swap from 45k $BURGER to 4.4k $WBNB. In total attacker received 8,800 $WBNB in the two latest steps,โ€ the platform noted, adding that the hacker then โ€œSwapped 493 $WBNB to around $108,700 BURGER on BurgerSwapโ€ and repaid the flash loan.

Flash boys

Overall, the attacker reportedly managed to steal 4,400 BNB (worth around $1.6 million), 22,000 BUSD and 1.4 million USDT stablecoins, 2.5 Ethereum ($6,800), 432,000 BURGER ($3.2 million), and 142,000 xBURGER ($1 million)โ€”for a total of over $7.2 million.

As CryptoSlate previously reported, a similar attack was recently conducted on Pancake Bunny, yet another DeFi platform in the BSC ecosystem.

Following the exploit, the projectโ€™s BUNNY token plummeted, losing over 90% of its price, while the hacker nabbed approximately $45 million of tokens.

Posted In: DeFi, Hacks