Flash Loan Attack on BNB Chain Nets $1.57M in Record-Breaking Profit

  cryptopotato.com 6 m

The most significant flash loan attack in the BNB Chain was reported on Oct. 11 when an MEV bot made a massive arbitrage profit of $1.575 million.

The attack, which passed through the Pancakeswap DEX network, only cost the perpetrating bot a fee of $4.16, leaving them with humongous profits.

Large Single Flash Loan Attack on BNB Chain

As per reports, the MEV Bot with address 0x216Ccf on the BNB Chain emerged as the record holder of the most significant single arbitrage profit in the chain’s history.

EigenPhi, a leading blockchain data analysis firm, revealed the details, confirming that the enormous profit resulted from a well-planned price manipulation attack on the BH token.

Essentially, the attacker exploited a shortcoming in the system for about $1.27 million, immediately transferring the funds to the popular mixer Tornado Cash.

This attacker borrowed a large amount of USDT using the function ID 0x33688938 and added USDT to the contract.

Under normal conditions, the liquidity ratios for the contract are around 1 USDT:100 BH. The attacker then manipulated the system by instantly swapping USDT for BH via pair and later removed the liquidity with the transaction ID 0x4e290832.

This swap affected the ratio of liquidity removal drastically, changing to approximately 1 USDT:2 BH, allowing them to withdraw even more USDT.

The series of transactions was later confirmed by Beosin, a renowned blockchain security company, emphasizing its deliberate nature. The attacker profited a total of $1.575 million in the entire process.

$BH token on BNB Chain was exploited for ~$1.27M due to suspected price manipulation. The profits were sent into Tornado Cash.
Attacker: 0xFDbfcEEa1de360364084a6F37C9cdb7AaeA63464

The attacker flashloaned a large amount of $USDT, then called 0x33688938() to add $USDT to the… pic.twitter.com/POppQswi7u

— Beosin Alert (@BeosinAlert) October 11, 2023

The MEV Bot address 0x216Ccf was possibly created on Oct. 6 and has been inactive since then, up to the date of the flash loan attack. The counter address, 0xFDbfcE, has been active and currently holds about 1,000 BNB tokens valued at $205.8K.

The Flash Loan Attack Conundrum

Flash loan attackers will mainly exploit the flash loan mechanism to steal users’ funds, as in the case of BH tokens. In its bare meaning, a flash loan is not an attack but a system allowing people to benefit from arbitrage trading.

In the 24 hours preceding the writing of this report, EigenPhi‘s data suggests that there were about 278 flash loans within the Ethereum network. The number has been 2,435 and 9,721 in the past 7 and 30 days, respectively. Over $2.2 billion in transaction value has been flash loans in the past 30 days, suggesting the extended use of this mechanism.

However, many scammers have been leveraging flash loans to cripple cryptosystems and steal from investors, as in the case mentioned above. In June this year, a DeFi protocol dubbed Sturdy Finance lost 442 ETH worth $800K through different hacks, including a flash loan attack.

Source