The central theses
- BurgerSwap was hit by a flash credit attack last night. The losses amount to around $ 7.2 million.
- Hayden Adams, founder of Uniswap, noted that a significant part of the code had been changed by the BurgerSwap team, raising the suspicion of an inside job.
- The incidents on the Binance Smart Chain have multiplied in recent weeks, resulting in a loss of tens of millions of user funds.
Share this article
Another Binance Smart Chain app suffered a flash credit attack. More than $ 7 million in user funds were withdrawn from BurgerSwap last night.
BurgerSwap suffers attack
Flash loan attackers are increasingly targeting Binance Smart Chain applications. This time the Uniswap clone BurgerSwap was exploited. Last night, an attacker borrowed funds from PancakeSwap to throw off the liquidity pools on BurgerSwapm and then emptied them before returning the loan.
BurgerSwap posted a breakdown of the incident on Twitter this morning.
BurgerSwap Flash Loan Attack Details:
On May 28 (UTC + 8) around 3 a.m., #BurgerSwap encountered a flash credit attack on the BSC chain. #BurgerSwap $ 7.2 million was stolen in 14 transactions.
– BurgerSwap (@burger_swap) May 28, 2021
The attack was valued at around $ 7.2 million. Some of the funds are now on the Ethereum blockchain, while some BURGER tokens remain on the Binance Smart Chain. BurgerSwap is one of the leading applications of Binance Smart Chain. It was launched last year and has a code similar to Uniswaps V2. However, as noted by Hayden Adams, Uniswap’s founder, BurgerSwap’s code overlooks an important line responsible for securing its pools of liquidity. Adams responded to the attack by finding that the pools without the line of code were very vulnerable to this type of flash credit attack before adding “iWoNDerWhYTHeyDiDtHAt”.
This thread sounds complicated. Here’s what happened very easily.
Uniswap v2 Fork removed the only line that enforces x * y = k from the core:
The core could therefore be emptied very trivially.
This is the line that was removed: https: //t.co/iN3nc1xMTm
– @ Hayden Adams @ (@haydenzadams) May 28, 2021
Many Binance Smart Chain projects have suffered exploits recently and there are high suspicions of insider jobs. In some examples, as in the case of Uranium Finance, important parts of the code used by other projects have been omitted or changed. Both Uranium Finance and BurgerSwap are run by anonymous teams, which would reduce accountability in the event of an insider job.
Meerkat Finance, a copy of Yearn Finance, suffered an alleged $ 30 million carpet pull. Last week, Bunny Finance was exploited by a flash credit attack, which caused the price of the BUNNY governance token to drop 96%.
This year alone, the total losses from attacks on Binance Smart Chain projects are now comfortably in the double-digit million range.
Disclaimer: The author owned BTC, ETH, and several other cryptocurrencies at the time of writing.
There are many problems at BSC as Bunny Finance is attacked
An attacker used a flash loan this morning to take advantage of Binance Smart Chain’s Bunny Finance earnings aggregator. They launched BUNNY tokens which resulted in a drop in prices …
Another Binance Smart Chain project suffers an attack
Bogged Finance, a Binance Smart Chain (BSC) -based project, was exposed to a malicious attack that withdrew $ 3 million in funds from its liquidity pool on PancakeSwap. The…
What is Polygon (MATIC): The Internet of Blockchains from Ethereum
With regard to the development and introduction of decentralized apps (DApp), no blockchain has been more successful than Ethereum (ETH). Despite its relative success, the Ethereum network still contains several …
BSC protocol uranium funding hacked for $ 50 million
Another DeFi project on the Binance Smart Chain fell victim to hackers. This time, Uranium Finance was depleted by more than $ 50 million. Uranium Finance joins list of hacked …