Two Binance Smart Chain projects in BurgerSwap and JulSwap fell victims to flash loan attacks with the former being drained of more than $7 million.
On BurgerSwap’s project website, its team posted it has suffered Flash Loan Attack and that it has “suspended Swap, addition or removal of liquidity, and BURGER generation to avoid further loss,” adding they are already working on the issue and they will inform the public about their solution and offer “more details soon.”
Meanwhile, JustLiquidity’s JulSwap also seemed to have been hit with the same attack but Chief Executive Officer Tobias Graf denied the incident, saying there is no hack or exploit on their project.
Massive loss for BurgerSwap
BurgerSwap’s flash loan attack losses piled up to $7.2 million in 14 transactions that involved ethereum, Binance USD, and tether.
In its Twitter account, the project revealed the cyber attacker was able to take 4,400 WBNB worth $1.6 million, 22,000 BUSD worth $22,000, 1.4 million USDT amounting to $1.4 million, 423,000 BURGER tokens worth $3.2 million, along with 142,000 xBURGER worth $1 million, 2.5 ethereum with a value of $6,800 and 95,000 ROCKS.
At press time, the BURGER token is changing hands at $6.94 and is staring at 15% decline for the past 24 hours.
How the attack happened
Incident post mortem shows the hackers created their fake coin and used it to form a trading pair with the platform’s BURGER token.
The developers explained, attackers created “$BURGER -> Fake Coin -> $WBNB routing; through $BURGER -> Fake Coin trading pair, attacker re-entered BurgerSwap through Fake Coin & manipulated a number of reserve0 and reserve1 in the pair’s contract, causing the price to change.”
After that, a flash loan of 6,000 Binance Coin from PancakeSwap was made by the attacker, swapping the funds for 92,000 BURGER tokens. One hundred fake tokens and 45,000 BURGER were added to the liquidity pool and were exchanged for 4,400 BNB.
Image courtesy of Cointelegraph News/YouTube