Binance Smart Chain DeFi project BurgerSwap hacked for $7 million

Decentralized finance platform BurgerSwap lost over $7.2 million worth of BNB, ETH, BURGER, other tokens to a flash loan attack.

Binance Smart Chain DeFi project BurgerSwap hacked for $7 million

BurgerSwap, a decentralized finance (DeFi) platform based on smart contracts network Binance Smart Chain (BSC), fell victim to a so-called flash loan attack today, allowing the malicious actor to get away with roughly $7.2 million worth of tokens.

Another day, another DeFi hacked

“BurgerSwap Flash Loan Attack Details: At around 3 am on May 28th (UTC+8) #BurgerSwap on the BSC chain encountered a flash loan attack; $7.2M was stolen from #BurgerSwap in 14 transactions,” the project tweeted.

According to BurgerSwap, the hacker(s) created their own “fake coin”—which can be done by anyone on BSC—and used it to form a trading pair with the platform’s BURGER token.

“By adjusting the routing, the attacker created $BURGER -> Fake Coin -> $WBNB routing; through $BURGER -> Fake Coin trading pair, attacker re-entered  BurgerSwap through Fake Coin & manipulated a number of reserve0 and reserve1 in the pair’s contract, causing the price to change,” the developers explained.

Then, the attacker took a flash loan of 6,000 Binance Coin (BNB) from PancakeSwap, another BSC-based DeFi platform, and swapped the funds for 92,000 BURGER tokens. After that, they added 100 “fake tokens” and 45,000 BURGER to a liquidity pool and used it to exchange the “fake tokens” for 4,400 BNB.

“Because of reentrancy in time of transfer fake token, the attacker did another swap from 45k $BURGER to 4.4k $WBNB. In total attacker received 8,800 $WBNB in the two latest steps,” the platform noted, adding that the hacker then “Swapped 493 $WBNB to around $108,700 BURGER on BurgerSwap” and repaid the flash loan.

Flash boys

Overall, the attacker reportedly managed to steal 4,400 BNB (worth around $1.6 million), 22,000 BUSD and 1.4 million USDT stablecoins, 2.5 Ethereum ($6,800), 432,000 BURGER ($3.2 million), and 142,000 xBURGER ($1 million)—for a total of over $7.2 million.

As CryptoSlate previously reported, a similar attack was recently conducted on Pancake Bunny, yet another DeFi platform in the BSC ecosystem.

Following the exploit, the project’s BUNNY token plummeted, losing over 90% of its price, while the hacker nabbed approximately $45 million of tokens.

Posted In: DeFi, Hacks

CryptoSlate Newsletter

Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis
Price snapshots
More context
Join now for $19/month Explore all benefits