$7 Million Lost in Flash Loan Attack on BSC’s BurgerSwap
Key Takeaways
BurgerSwap was hit by a flash loan attack last night. The losses amount to roughly $7.2 million.
Uniswap founder Hayden Adams noted that a key part of the code was changed by the BurgerSwap team, raising suspicions of an inside job.
Incidents on Binance Smart Chain have multiplied in recent weeks resulting in tens of millions in lost user funds.
Share this article
Another Binance Smart Chain app has suffered a flash loan attack. More than $7 million of users’ funds was drained from BurgerSwap last night.
BurgerSwap Suffers Attack
Flash loan attackers are increasingly targeting Binance Smart Chain applications. This time, it was Uniswap clone BurgerSwap that got exploited. Last night, an attacker borrowed funds from PancakeSwap to unbalance the liquidity pools on BurgerSwapm then emptied them before returning the loan.
BurgerSwap posted a breakdown of the incident on Twitter earlier this morning.
1/9
BurgerSwap Flash Loan Attack Details:
At around 3 am on May 28th (UTC+8) #BurgerSwap on the BSC chain encountered a flash loan attack; $7.2M was stolen from #BurgerSwap in 14 transactions;
— BurgerSwap (@burger_swap) May 28, 2021
The attack was worth roughly $7.2 million. Some of the funds are now on the Ethereum blockchain, while some BURGER tokens have been left on Binance Smart Chain. BurgerSwap is one of Binance Smart Chain’s leading applications. It was launched last year and has similar code to Uniswap’s V2. However, as Uniswap founder Hayden Adams noted, BurgerSwap’s code misses out a crucial line responsible for securing its liquidity pools. Adams reacted to the attack by noting that the pools were very susceptible to this type of flash loan attack without the line of code before adding “iWoNDerWhYTHeyDiDtHAt.”
This thread sounds complicated. Here's what happened very simply.
Uniswap v2 fork removed the only line that enforces x*y=k from core:
So core could very trivially be drained.
This is the line that was removed:https://t.co/iN3nc1xMTm
iWoNDerWhYTHeyDiDtHAt https://t.co/B9TN3KP25U
— Hayden Adams 🦄 (@haydenzadams) May 28, 2021
Many Binance Smart Chain projects have suffered exploits recently, and suspicions of inside jobs have been running high. In some examples, such as the case of Uranium Finance, key parts of the code used by other projects have been omitted or changed. Both Uranium Finance and BurgerSwap are run by anonymous teams, which would reduce the accountability in the event of an inside job.
Meerkat Finance, a copy of Yearn Finance, suffered a suspected rug pull worth $30 million. Last week, Bunny Finance was exploited by a flash loan attack, leading the price of the BUNNY governance token to drop by 96%.
This year alone, the total losses from attacks on Binance Smart Chain projects are now comfortably in the tens of millions of dollars.
Disclaimer: The author held BTC, ETH, and several other cryptocurrencies at the time of writing.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
Problems Abound on BSC as Bunny Finance Suffers Attack
An attacker used a flash loan to exploit the Binance Smart Chain yield aggregator Bunny Finance earlier this morning. They dumped BUNNY tokens on the market, causing prices to plummet…
Another Binance Smart Chain Project Suffers an Attack
Bogged Finance, a project built on Binance Smart Chain (BSC), faced a malicious attack in which $3 million worth of funds was drained from its liquidity pool on PancakeSwap. The…
What is Polygon (MATIC): Ethereum’s Internet of Blockchains
In terms of both decentralized app (DApp) development and adoption, no blockchain has been more successful than Ethereum (ETH). But despite its relative success, the Ethereum network still contains several…
BSC Protocol Uranium Finance Hacked for $50 Million
Yet another DeFi project on the Binance Smart Chain has fallen to hackers. This time, Uranium Finance was drained of more than $50 million. Uranium Finance Joins List of Hacked…
