Another decentralized finance (DeFi) project has fallen victim to a flash loan attack, with the hackers stealing over $7.2 million worth of BNB, ETH, BURGER, and other tokens.
BurgerSwap, a Binance Smart Chain (BSC) DeFi platform, suffered a flash loan attack at around 3 am on May 28. The malicious actor succeeded in stealing roughly $7.2 million.
1/9BurgerSwap Flash Loan Attack Details:At around 3 am on May 28th (UTC+8) #BurgerSwap on the BSC chain encountered a flash loan attack; $7.2M was stolen from #BurgerSwap in 14 transactions;— BurgerSwap (@burger_swap) May 28, 2021
According to the incident report shared by the BurgerSwap team on Twitter, the attacker was able to create a “fake coin,” a loophole that can be exploited by anyone on BSC. The fake token was used to form a trading pair with the BURGER token. The devs explained:
By adjusting the routing, the attacker created $BURGER -> Fake Coin -> $WBNB routing; through $BURGER -> Fake Coin trading pair, attacker re-entered BurgerSwap through Fake Coin & manipulated a number of reserve0 and reserve1 in the pair’s contract, causing the price to change.
1/9BurgerSwap Flash Loan Attack Details:At around 3 am on May 28th (UTC+8) #BurgerSwap on the BSC chain encountered a flash loan attack; $7.2M was stolen from #BurgerSwap in 14 transactions;— BurgerSwap (@burger_swap) May 28, 2021
In total, the attacker went home with 432,000 BURGER ($3.2 million), 4,400 BNB (worth around $1.6 million), 142,000 xBURGER ($1 million), 1.4 million USDT stablecoins, 22,000 BUSD, and 2.5 Ethereum ($6,800).