- Bogged Finance reported that an unknown attacker successfully drained $3 million from its liquidity pools.
- The attack used a flash loan to exploit a code vulnerability.
- The rising number of attacks on Binance Smart Chain projects has created major security concerns for the blockchain.
Bogged Finance, a project built on Binance Smart Chain (BSC), faced a malicious attack in which $3 million worth of funds was drained from its liquidity pool on PancakeSwap. The incident is the second flash loan attack taking place on BSC in the last week.
Bogged Finance Attacked
Bogged Finance, a trading platform built on Binance Smart Chain (BSC), has suffered an attack.
The team reported that an unknown attacker had successfully drained $3 million in liquidity over the weekend. This was done through a complex attack that leveraged a flash loan and a vulnerability in its smart contract code.
We are aware of the flash loan attack against BOG and are as devastated as you. We believe we have prevented further theft against more of our liquidity.
We will make further announcements in the coming hours and days.
— BogTools – Powering DeFi on #BSC. (@bogtools) May 22, 2021
In a Medium blog post, the Bogged Finance team explained that the attacked exploited a bug in its smart contract that is linked to the platform’s transaction fees.
Using a vulnerability, the attacker was able to artificially mint new tokens that produced a high rate of inflation and stakers were rewarded with huge quantities of BOG tokens. Overall, there was distribution of over 15 million BOG tokens to liquidity providers.
The inflated supply helped in executing a flash loan attack in which the attacker from able to drain funds from the BOG/BNB liquidity pool on PancakeSwap. The Bogged Finance team wrote:
“The attacker was able to utilize flash loans to exploit a flaw in the staking section of the BOG smart contract to manipulate the staking rewards and cause an inflation of supply—without the transaction fee being charged and burned—causing net inflation.”
Malicious actors have been known to use flash loans to borrow large amounts of funds so that they can artificially manipulate the price of a token, before returning the funds in the same transaction.
In the reports on the attack, the team claimed it was able to prevent the attacker from draining full liquidity by quickly turning off the transaction fee function.
Nevertheless, the attacker was able to get away with 11,358 Binance Coin (BNB), which equates to around $3 million of the $6 million available in the pool at the time of they attack. They did it all in only 45 seconds across 11 transactions.
Following the attack, the price of the BOG token collapsed from around $1.8 to almost zero ($0.0001).
The team said it removed all liquidity from the old contract and plans to migrate its contract to a new one to prevent a similar attack from happening in the future. The contract will be deployed to the following address. Meanwhile, the team has warned users of not purchasing the existing tokens. The team has also promised the newly deployed smart contract would burn off the extra supply of tokens artificially minted by the attacker. This would reinstate the supply of tokens before the attack.
Red Flags on Binance Smart Chain
With this, Bogged Finance joins a growing list of projects on BSC that have been exploited or suffered rug pulls.
On Thursday, Bunny Finance, a BSC yield aggregator, faced a similar flash loan attack that crashed the price of its native token by more than 96% and led to a loss of funds worth more than $45 million.
Exploits on BSC have increased in frequency as the total value locked (TVL) on the blockchain has grown to billions of dollars within the last six months.
Binance Smart Chain is an EVM-compatible chain that replicates many of the DeFi features found on Ethereum. It’s sometimes referred to as a “CeDeFi” network, meaning a centralized alternative to DeFi.
Soon after it was launched in Sep. 2020, BSC witnessed rapid growth and adoption. This was partly because of the low costs of trading and yield farming on the network relative to Ethereum, which is known for its exorbitant fees. However, after the recent spate of attacks, the blockchain is becoming better known for its high-risk ecosystem.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
Binance Smart Chain DeFi Project Hacked for $31 Million
The BNB-BUSD yield farming “Vault 1” of the DeFi application Meerkat finance, a clone of Yearn Finance on Binance Smart Chain, was drained for $31 million this morning. Meerkat Finance…
Problems Abound on BSC as Bunny Finance Suffers Attack
An attacker used a flash loan to exploit the Binance Smart Chain yield aggregator Bunny Finance earlier this morning. They dumped BUNNY tokens on the market, causing prices to plummet…
What is Polygon (MATIC): Ethereum’s Internet of Blockchains
In terms of both decentralized app (DApp) development and adoption, no blockchain has been more successful than Ethereum (ETH). But despite its relative success, the Ethereum network still contains several…
BSC Protocol Uranium Finance Hacked for $50 Million
Yet another DeFi project on the Binance Smart Chain has fallen to hackers. This time, Uranium Finance was drained of more than $50 million. Uranium Finance Joins List of Hacked…