- Bogged Finance reported that an unknown attacker successfully drained $3 million from its liquidity pools.
- The attack used a flash loan to exploit a code vulnerability.
- The rising number of attacks on Binance Smart Chain projects has created major security concerns for the blockchain.
Share this article
Bogged Finance, a project built on Binance Smart Chain (BSC), faced a malicious attack in which $3 million worth of funds was drained from its liquidity pool on PancakeSwap. The incident is the second flash loan attack taking place on BSC in the last week.
Bogged Finance Attacked
Bogged Finance, a trading platform built on Binance Smart Chain (BSC), has suffered an attack.
The team reported that an unknown attacker had successfully drained $3 million in liquidity over the weekend. This was done through a complex attack that leveraged a flash loan and a vulnerability in its smart contract code.
We are aware of the flash loan attack against BOG and are as devastated as you. We believe we have prevented further theft against more of our liquidity.
We will make further announcements in the coming hours and days.
— BogTools – Powering DeFi on #BSC. (@bogtools) May 22, 2021
In a Medium blog post, the Bogged Finance team explained that the attacked exploited a bug in its smart contract that is linked to the platform’s fees that are given to liquidity providers as rewards.
Using a vulnerability, the attacker was able to artificially mint new tokens that produced a high rate of inflation. This led to a distribution of over 15 million BOG tokens to liquidity providers.
The inflated supply helped in executing a flash loan attack in which the attacker from able to drain funds from the BOG/BNB liquidity pool on PancakeSwap. The Bogged Finance team wrote:
“The attacker was able to utilize flash loans to exploit a flaw in the staking section of the BOG smart contract to manipulate the staking rewards and cause an inflation of supply—without the transaction fee being charged and burned—causing net inflation.”
Malicious actors have been known to use flash loans to borrow large amounts of funds so that they can artificially manipulate the price of a token, before returning the funds in the same transaction.
In the reports on the attack, the team claimed it was able to prevent the attacker from draining full liquidity by quickly turning off the transaction fee function.
Nevertheless, the attacker was able to get away with 11,358 Binance Coin (BNB), which equates to around $3 million of the $6 million available in the pool at the time of they attack. They did it all in only 45 seconds across 11 transactions.
Following the attack, the price of the BOG token collapsed from around $1.8 to almost zero ($0.0001).
The team said it removed all liquidity from the old contract and plans to migrate its contract to a new one to prevent a similar attack from happening in the future. The contract will be deployed to the following address. Meanwhile, the team has warned users of not purchasing the existing tokens. The team has also promised the newly deployed smart contract would burn off the extra supply of tokens artificially minted by the attacker. This would reinstate the supply of tokens before the attack.
Red Flags on Binance Smart Chain
With this, Bogged Finance joins a growing list of projects on BSC that have been exploited or suffered rug pulls.
On Thursday, Bunny Finance, a BSC yield aggregator, faced a similar flash loan attack that crashed the price of its native token by more than 96% and led to a loss of funds worth more than $45 million.
Other notable BSC projects that have suffered attacks this year include Uranium Finance, Spartan Protocol, Meerkat Finance, and bEarn. The attacks were collectively worth $122 million.
Exploits on BSC have increased in frequency as the total value locked (TVL) on the blockchain has grown to billions of dollars within the last six months.
Binance Smart Chain is an EVM-compatible chain that replicates many of the DeFi features found on Ethereum. It’s sometimes referred to as a “CeDeFi” network, meaning a centralized alternative to DeFi.
Soon after it was launched in Sep. 2020, BSC witnessed rapid growth and adoption. This was partly because of the low costs of trading and yield farming on the network relative to Ethereum, which is known for its exorbitant fees. However, after the recent spate of attacks, the blockchain is becoming better known for its high-risk ecosystem.
Binance Smart Chain DeFi Project Hacked for $31 Million
The BNB-BUSD yield farming “Vault 1” of the DeFi application Meerkat finance, a clone of Yearn Finance on Binance Smart Chain, was drained for $31 million this morning. Meerkat Finance…
Problems Abound on BSC as Bunny Finance Suffers Attack
An attacker used a flash loan to exploit the Binance Smart Chain yield aggregator Bunny Finance earlier this morning. They dumped BUNNY tokens on the market, causing prices to plummet…
BSC Protocol Uranium Finance Hacked for $50 Million
Yet another DeFi project on the Binance Smart Chain has fallen to hackers. This time, Uranium Finance was drained of more than $50 million. Uranium Finance Joins List of Hacked…