Binance Smart Chain’s BurgerSwap Loses $7.2M to Hackers

BurgerSwap has announced via Twitter on May 28, 2021, that bad actors have successfully exploited a loophole in its protocol, stealing a massive $7.2 million worth of various tokens, including BUSD, ETH. BURGER and a host of others.

Another BSC Protocol Goes Down 

In a rather unfortunate development for Changpeng Zhao’s Binance Smart Chain (BSC) and the entire decentralized finance (DeFi) ecosystem, bad actors have successfully orchestrated a flash loan attack on BurgerSwap, carting away over $7 million of users’ funds.

According to a tweet by the team, a detailed report on the ugly incident will be published shortly, however, the token swapping and liquidity mining operations on the network have been suspended until a solution is found.

In a separate tweet, the team explained that the flash loan attack took place at around 3 AM (UTC+8) on May 28, 2021, as the hackers exploited a reentrancy loophole in the protocol.

“At around 3 am on May 28th (UTC+8) #BurgerSwap on the BSC chain encountered a flash loan attack; $7.2M was stolen from #BurgerSwap in 14 transactions,” declared the team.

DeFi Exploits on the Rise 

According to CoinMarketCap (CMC), a total of 4.4k WBNB ($1.6M), 22k BUSD ($22k), 2.5 ETH ($6.8k), 1.4M USDT ($1.4M), 432k BURGER ($3.2M), 142K xBURGER ($1M), and 95k ROCKS was stolen by the attackers.

“The attacker first flashed swapped 6k WBNB ($2 million) on PancakeSwap and then swapped all WBNB to 92k BURGER on BurgerSwap. The attacker then created a pair with fake tokens on BurgerSwap, adding 100 fake tokens and 45k BURGER. The 100 fake tokens were then swapped to 4.4 WBNB. The attacker then did another swap from 45k BURGER to 4.4 WBNB, resulting in the attacker receiving 8.8k WBNB in total. 493 WBNB were then swapped to 108.7k BURGER,” explained CMC.

While decentralized finance (DeFi) holds a lot of promise, flash loan attacks have been on the increase since 2019 and the industry has lost over $300 million to bad actors since that time.

Interestingly, the latest BurgerSwap heist has attracted mixed reactions from DeFi market participants, with some pointing accusing fingers at the team behind the project.

In the same vein, Uniswap  (UNI) creator, Hayden Adams has revealed that BurgerSwap, which is a fork of Uniswap V2, misses a crucial line of code responsible for securing assets on the protocol, a strong indication that the heist was likely an inside job.

At press time, the global DeFi space has a combined $107.86 billion in total value locked (TVL). Aave maintains an 11.15 percent dominance with its $12.02 billion TVL, according to DeFi Llama.

Related posts:

Like BTCMANAGER? Send us a tip!

Our Bitcoin Address: 3AbQrAyRsdM5NX5BQh8qWYePEpGjCYLCy4


Tagged : / / / /

$7 Million Lost in Flash Loan Attack on BSC’s BurgerSwap

Key Takeaways

  • BurgerSwap was hit by a flash loan attack last night. The losses amount to roughly $7.2 million.
  • Uniswap founder Hayden Adams noted that a key part of the code was changed by the BurgerSwap team, raising suspicions of an inside job.
  • Incidents on Binance Smart Chain have multiplied in recent weeks resulting in tens of millions in lost user funds.

Share this article

Another Binance Smart Chain app has suffered a flash loan attack. More than $7 million of users’ funds was drained from BurgerSwap last night.

BurgerSwap Suffers Attack

Flash loan attackers are increasingly targeting Binance Smart Chain applications. This time, it was Uniswap clone BurgerSwap that got exploited. Last night, an attacker borrowed funds from PancakeSwap to unbalance the liquidity pools on BurgerSwapm then emptied them before returning the loan.

BurgerSwap posted a breakdown of the incident on Twitter earlier this morning.

The attack was worth roughly $7.2 million. Some of the funds are now on the Ethereum blockchain, while some BURGER tokens have been left on Binance Smart Chain. BurgerSwap is one of Binance Smart Chain’s leading applications. It was launched last year and has similar code to Uniswap’s V2. However, as Uniswap founder Hayden Adams noted, BurgerSwap’s code misses out a crucial line responsible for securing its liquidity pools. Adams reacted to the attack by noting that the pools were very susceptible to this type of flash loan attack without the line of code before adding “iWoNDerWhYTHeyDiDtHAt.”

Many Binance Smart Chain projects have suffered exploits recently, and suspicions of inside jobs have been running high. In some examples, such as the case of Uranium Finance, key parts of the code used by other projects have been omitted or changed. Both Uranium Finance and BurgerSwap are run by anonymous teams, which would reduce the accountability in the event of an inside job.

Meerkat Finance, a copy of Yearn Finance, suffered a suspected rug pull worth $30 million. Last week, Bunny Finance was exploited by a flash loan attack, leading the price of the BUNNY governance token to drop by 96%.

This year alone, the total losses from attacks on Binance Smart Chain projects are now comfortably in the tens of millions of dollars.

Disclaimer: The author held BTC, ETH, and several other cryptocurrencies at the time of writing.

Share this article


Tagged : / / / /

SUSHI Could Hit $100 Soon As it Rallies Ahead, Todaro Says

SushiSwap’s governance token, SUSHI, could get to $100, which represents five times its current price, according to John Todaro, head of business development at TradeBlock. 

One of the Biggest Successes in DEXs

SushiSwap is a decentralized cryptocurrency exchange based on the Ethereum blockchain. Its price rose to about $19, a 30-fold increase from a low of November 2020. Todaro wrote in Thursday’s Bankless newsletter that the protocol has proven to be one of the greatest success stories in DeFi, with over $100 million in cumulative revenue since its introduction.

SUSHI holders receive a share of SushiSwap’s fees, similar to how stockholder holders can receive a dividend. SushiSwap recently started this mechanism by paying token holders a portion of exchange charges across the network.

Investors and participants in the market will now earn incentives through ownership of a valuable asset. Also, investors can assess assets paying for a prize at a quantitative stage since they can somehow predict future rewards.

Todaro noted that they often price dividend-paying stocks at an expected discount rate on the conventional equity markets by discounting future cash flows to date. In calculating cash flows, he used historical trading volumes and taxes.

The terminal growth rates consistent with the broader industry and economy are modeled at 3 percent annually. The terminal growth rate in line with the country’s GDP in which the business operates can be structured in such models. In the US, it usually ranges from 1.5% to 4% annually. SushiSwap is a young business and thus has a significant risk over more mature, traditional enterprises.

SUSHI’s Smooth Rally 

While other DEXes offer similar governance types tokens, SUSHI is different, as SushiSwap is one of the few projects that pays owners to own a coin. Hence, there has been a rise in demand. As of March 15, 2021, prices rose from just $2.1 in December 2020 to about $20.97 – an increase of 915 percent. While several other tokens on the market are glorified methods for speculating on cryptographic content, SushiSwap tries to do something special that is time-testing.

Todaro calculates the intrinsic market value of SushiSwap to be about $12.6 billion, or a cumulative token value of around $100 based on its assumptions.

Todaro cautions investors about significant market threats, including a slump in DeFi crypto-monetary trading despite high valuations. This overall risk in the industry will “heavily impact the amount and thus the trade costs of SushiSwap,” writes Todaro.

Like BTCMANAGER? Send us a tip!

Our Bitcoin Address: 3AbQrAyRsdM5NX5BQh8qWYePEpGjCYLCy4


Tagged : / / / / / / / / / / / / / / /
Bitcoin (BTC) $ 27,556.38 1.58%
Ethereum (ETH) $ 1,665.85 3.57%
Litecoin (LTC) $ 66.24 2.56%
Bitcoin Cash (BCH) $ 250.23 2.51%