Yet Another Flash Loan Attack😮😮😮 BurgerSwap Drained of $7.2 Million Worth Tokens

          Ever since its launch back in September 2020 Binance Smart Chain is getting significant traction, being pitched as a most competitive rival of Ethereum. Increasing number of new projects are getting launched everyday and many others are also migrating from other chains. But with all the traction, also came the malicious attention of hackers and exploiters constantly looking for vulnerabilities or loopholes in the code.

Yesterday, BurgerSwap a DeFi on BSC came under flash loan attack with $7.2 million worth tokens drained. This is the third flash loan attack on a BSC project in recent times, as few days Pancakeswap and Bogged Finance also got exploited, with hackers draining $45 million and $3.6 million worth funds respectively.

Attack on BurgerSwap came in the form of sequential transactions. As per BurgerSwap, the perpetrators created their own Fake Coin and used it to form a trading pair with platform's Burger token. Then, they adjusted the routing to; BURGER --> Fake Coin --> WBNB. After that Burger/Fake Coin trading -pair was used to reenter BurgerSwap via Fake Coin and attackers were able to manipulate the number of reserve0 and reserve1 in the contract, significantly altering the price.

Latter, the transaction was executed again and traded back to WBNB, to obtain the extra amount of WBNB inputted. As such, 6,000 WBNB were flash swapped from PancakeSwap and then almost all WBNB was converted to 92,000 BURGER on BurgerSwap. After that, they added 900 Fake Coin and 45,000 Burger to LP and used it to exchange Fake Coin for 4,400 BNB. The last two steps gave attackers 8,800 WBNB and of which 493 WBNB were swapped to around $108,700 BURGER to repay the flash loan.

Overall, the hackers managed to get hands on 4,400 BNB, 22,000 BUSD, 1.4 million USDT, 2.5 Ethereum, 432,000 Burger and 142,000 xBURGER, totaling over $7.2 million. Following the exploitation, BurgerSwap suspended all deposits, withdrawal and swaps, and is currently working on a compensation plan.

Earlier this week, a representative from Binance said that the exchange is not responsible for any kind of rug pulls, exploits and hacks. And a roll back is not possible in any case.

BSC is a public permissionless infrastructure so anybody can deploy projects there. You have malicious actors there and hacks, and exploits in DeFi are not new and definitely not unique to BSC. It is not possible in the way that a lot of people think for there to be some kind of rollback.

Despite Binance denying responsibility, the hacks, exploits or rug pulls does put up a negative image of the blockchain. And it seems Binance has already been working to bring security and intelligence tools to the blockchain. Yesterday, CipherTrace extended its analytics support to Binance Smart Chain, allowing the Defi projects across the chain to identify and flag the high risk or potentially malicious transactions.

The way Binance Smart Chains project are getting exploited, I am a bit worried about Cubdefi. May be Cubdefi have low TLV as of now is not a such bad thing after all, as it doesn't extend hacker/exploiters enough motive. Instead of pomp and show, Cubdefi dev team's approach of slow and steady development keeping security paramount is the right thing to do.