Today, a decentralized finance (DeFi) protocol running on the Binance Smart Chain (BSC), BurgerSwap, lost a whopping sum of $7.2 million through a flash loan attack. This money was stolen in a series of fourteen transactions.
The total amount received by the attackers was 8,800 WBNB, a 493 WBNB swapped to 108,700 BURGER on BurgerSwap.
Breaking down what was stolen from BurgerSwap
A tweet post reporting this incident stated what was stolen included a 2.5 ETH worth $6,800, 4,400 WBNB worth $1.6 million, 22,000 BUSD worth $22,000, 1.4 million USDT worth $1.4 million, 432,000 BURGER worth $3.2 million, 142,000 xBurger worth $1 Million, and 95,000 ROCKS.
The attack happened in a sequence, wherein the first was swapping 6,000 WBNB on PancakeSwap. The second was swapping WBNB to 92,000 BURGER on BurgerSwap. A fake 100 tokens were swapped to WBNB through the pool in the third swap.
The attackers reportedly created a pair with fake tokens on BugerSwap. Another swap of 45,000 BURGER to 4,400 WBNB was also completed by the attacker.
These series of transactions reportedly occurred successfully because the hackers were able to do a re-entrance, and completed a second swap, before the updating of reserves used to check the number of tokens in swaps.
The report also states that the stolen funds were sold and withdrawn to Ethereum (ETH) through the Nerve bridge.
Based on this sudden attack, BurgerSwap stated in a notice on its website that it was suspending all further swapping, deposit and withdrawal transactions until all issues are sorted out. According to the notice, the company’s technology team was working to resolve the issues and will relate back to its users on the available solutions.
BurgerSwap protocol allows users to swap tokens used on the BSC, and earn rewards for providing liquidity to the markets. It allows everyone who provides liquidity to eligible pairs to receive rewards in BURGER tokens, which represents their share of the pool.