This is becoming more common in decentralized finance (DeFi) space.. In a new DeFi attack, the protocol was emptied and there is a loss of $7.2 million.
Quick loan attack and $7.2 million loss in the DeFi project
<
7.2 million dollars were stolen from the protocol with the new fast loan attack on the DeFi protocol BurgerSwap. The project was using Binance Smart Chain.
Binance Smart Chain (BSC) was hacked as a result of another protocol vulnerability. The protocol this time is BurgerSwap. Attackers stole $7.2 million in a quick loan attack.
$7.2 million attack on BurgerSwap
BurgerSwap is a DeFi project that started working earlier this year. This protocol allows users to win rewards by providing swap and liquidity between tokens issued on BSC.
BurgerSwap announced the security breach on Twitter today.. Attackers today (May 28) opted for a rather notorious and common way of exploiting the protocol: the quick borrow attack.. With this attack, they managed to steal $7.2 million in 14 transactions in the protocol.
Attackers created their own Fake Coin, and with it, they established a new transaction parity with BurgerSwap’s own local crypto token BURGER.. Then they created a path from BURGER to Fake Coin and from there to Wrapped BNB.
To re-enter BurgerSwap via Fake Coin, they used the BURGER / Fake Coin trading pair, changing the number of reserve0 and reserve1 in the contract, which is important. they caused a price change.
By re-entering the trade and trading back WBNB, the attackers were able to get the extra amount of WBNB entered. Thus, they exchanged 6,000 WBNB ($2 million) from PancakeSwap and then almost all of the WBNB at BurgerSwap with 92,000 BURGERs.
As a result, the attackers 4,400 WBNB ( $1.6 million worth), 22,000 BUSD, 2.5 ETH ($6.8k), 432,000 BURGER ($3.2 million), 142,000 xBURGER ($1 million) and 95,000 ROCKS.
BurgerSwap said in a statement that all services reported that it was stopped. It is also stated that “users will work hard to make up for their losses”.
This is not the first attack in BSC. A total of $100 million was stolen in previous similar attacks (Spartan Protocol, Uranium Finance, and Meerkat Finance).
Related – If your account on the Bitcoin exchange is hacked, whose responsibility is it?
Source