BurgerSwap took to Twitter today to announce that they had experienced a flash loan attack. As a result, BurgerSwap has suspended Swap and BURGER generation to prevent further losses while their team investigates the situation and looks for a solution. The team has also said that it will publish more details shortly.
This is another example of the growing attacks on a major DeFi protocol on the Binance Smart Chain. A total of $7.2 million were stolen from BurgerSwap over 14 transactions.
Understanding Flash Loan Attacks
Flash Loan Attacks are some of the most common DeFi attacks and are easy to carry out and get away with. Unfortunately, flash loan attacks are becoming more popular and are turning out to be a significant headache for DeFi protocols.
In a flash loan attack, the attacker takes out a flash loan from any lending protocol and proceeds to use it in a way that manipulates the market in the attacker’s favor. Flash loan attacks can occur in seconds and can involve multiple DeFi protocols.
The Attack On BurgerSwap
A total of - 4.4k WBNB ($1.6M) - 22k BUSD ($22k) - 2.5 ETH ($6.8k) - 1.4M USDT ($1.4M) - 432k BURGER ($3.2M) -142k xBURGER ($1M) - 95k ROCKS was stolen from BurgerSwap.
The attacker first flashed swapped 6k WBNB ($2 million) on PancakeSwap and then swapped all WBNB to 92k BURGER on BurgerSwap. The attacker then created a pair with fake tokens on BurgerSwap, adding 100 fake tokens and 45k BURGER. The 100 counterfeit tokens were then swapped to 4.4k WBNB. The attacker then did another swap from 45k BURGER to 4.4k WBNB, resulting in the attacker receiving 8.8k WBNB in total. 493 WBNB were then swapped to 108.7k BURGER.
The attacker could do a reentrance, allowing for the exploit to happen. The attacker also did a second swap before the reserves were updated. As of writing, the funds are still being sold and withdrawn to Ethereum through the Nerve bridge. A total of $1.7 million is left on the Binance Smart Chain in BURGER and xBURGER. 1.4k ETH and 1M DAI remain on Ethereum.
Not The First Time
The BurgerSwap Attack is not a flash in the pan attack and comes hot on the heels of another flash loan attack on PancakeBunny. According to Cryptodaily, PancakeBunny came under a flash loan attack through which 690,000 BUNNY tokens were sold into ETH and BNB, leading to a loss of 95.5% in the token’s valuation. PancakeBunny insisted that their vaults were secure and put out a tweet stressing on the same,
“Attention Bunny Fam, We would like to remind the community that no vaults have been compromised. The exploit was an economic exploit that attacked the price of BUNNY using flash loans. We repeat, no vaults have been breached.”
Total losses on the Binance Smart Chain due to flash loans and other attacks have now exceeded $157 million.
CipherTrace To Cover Binance Smart Chain
As a result of frequent attacks, Binance has also moved to beef up security on the Binance Smart Chain. CipherTrace has announced analytics support for Binance Smart Chain amidst a spate of attacks on protocols and a rise in vulnerabilities in the platforms running on the platform. Meanwhile, BurgerSwap has announced that they have identified the problem, will cover user losses, and provide more details when available.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.