Another Binance Smart Chain project has been hit with a flash loan attack according to a post mortem written by the Burgerswap team. The project’s official Twitter account said at around 3 a.m. on Friday, Burgerswap suffered from a flash loan attack with the hackers stealing $7.2 million in funds.
Binance Smart Chain Defi Protocol Burgerswap Drained for $7.2M
- The Burgerswap project explained on Friday that the project saw $7.2 million in funds drained after a malicious flash loan attack.
- “At around 3 am on May 28th (UTC+8) Burgerswap on the BSC chain encountered a flash loan attack; $7.2M was stolen from Burgerswap in 14 transactions,” the official Twitter account noted.
- Burgerswap is a decentralized finance (defi) project that leverages the Binance Smart Chain (BSC). Similar to Sushiswap or Uniswap, the Burgerswap protocol allows users to swap between tokens issued on BSC. Users can also add liquidity and earn the project’s native token dubbed BURGER.
- “Hackers created their own Fake Coin (non-standard BEP-20 tokens) and formed a new trading pair with BURGER,” Burgerswap added. “By adjusting the routing, [the] attacker created BURGER -> Fake Coin -> WBNB routing; through BURGER -> Fake Coin trading pair, attacker re-entered Burgerswap through Fake Coin & manipulated number of reserve0 and reserve1 in the pair’s contract, causing the price to change,” the team further noted.
- Burgerswap is not the first BSC project that’s having issues with flash loan attacks, as hackers have seemingly made a sport of it in recent times. A total of $6 million was stolen from two BSC projects last week, as Pancakebunny and Bogged Finance saw $3 million drained from each defi project.
- Flash loans have been a problem for a number of defi protocols in 2020 and into 2021. The specialized exploit has been a common attack in the defi world ever since the defi margin trading protocol Bzx was attacked.
- Flash loans are smart contract-based schemes that allow the issuance of loans within a single transaction or attack. In the Burgerswap instance, the hacker got away with WBNB, BUSD, ETH, USDT, BURGER, XBURGER, and ROCKS.
- Burgerswap explained on Twitter that the blockchain security company Peckshield helped with the investigation.
- The Burgerswap flash loan hack also follows the recent BSC announcement from Ciphertrace. The blockchain surveillance firm has added analytics support for the Binance Smart Chain to track illicit transactions.
What do you think about the recent Burgerswap hack and the flash loan attacks against multiple Binance Smart Chain defi projects? Let us know what you think about this subject in the comments section below.