DeFi platform based on Binance Smart Chain suffers $3M flash loan attack

A Defi protocol based on Binance Smart Chain, Bogged Finance saw a second flash loan exploit drained almost $3 million, or half the total liquidity, from the platform.

DeFi platform based on Binance Smart Chain suffers $3M flash loan attack

The team has confirmed the attack on Sunday and warned users not to buy its native token until the issue is solved.

Developers identified and mitigated the exploit within 45 seconds, thanks to an online meeting held when the attack started. Still, the scammer was able to run away with $3 million of the $6 million of liquidity. 

Following the news, the BOG token price crashed from around $1.8 to $0.0003 following the attack.

Bogged Finance enables users to place a limit order on any Binance Smart Chain-based tokens. The team published details of the attack via a post stating :

“The attacker was able to utilize flash loans to exploit a flaw in the staking section of the BOG smart contract to manipulate the staking rewards and cause an inflation of supply — without the transaction fee being charged and burned — causing net inflation.”

Team says the transaction limit of 47,500 BOG has slowed the attacker’s automated process and potentially mitigated the damage. Within 45 seconds before the lead developer patched the exploit by disabling the transaction fee, the hacker was able to make a total of 11 transactions and made off 11,358 BNB.

The team is working on migrating the liquidity to a new contract by “using the same exploit the attacker used.” It will deploy an updated version of the contract to Binance Smart Chain, the team said.

After burning about 7.5 million previously minted tokens during the migration, Bogged Finance will airdrop the holders’ liquidity tokens. “If you paid for your BOG, the platform’s native token, it is safe,” the announcement reassures. The team expects a smaller circulating supply after the whole process, which will take 48 hours, according to yesterday’s announcement.

Last week, prominent BSC-based DeFi protocol PancakeBunny suffered an attack in the same manner. Hackers made off with more than $200 million in crypto by utilizing an exploit in a flash loan attack.