Two DeFi protocols based on Binance Smart Chain — BurgerSwap and Julswap — were subjected to attacks using flash loans.
\n\n\n\n\n\n\n\n
BurgerSwap just experienced Flash Loan attack.
We have suspended Swap and BURGER generation to avoid further loss.
Our tech team is working on the issue and will publish the solution later.
More details will be published soon. Thanks for your patience.
— BurgerSwap (@burger_swap) May 28, 2021
The BurgerSwap team said that in 14 transactions the attacker withdrew $7.2 million. Part of it went to BURGER and xBURGER tokens, and funds in WBNB, BUSD and Ethereum were also stolen. Representatives pledged to cover the losses.
\n\n\n\n
8/9
What was stolen:
— 4.4k WBNB ($1.6M)
— 22k BUSD ($22k)
— 2.5 ETH ($6.8k)
— 1.4M USDT ($1.4M)
— 432k BURGER ($3.2M)
-142k xBURGER ($1M)
— 95k ROCKS— BurgerSwap (@burger_swap) May 28, 2021
The Block analyst Igor Igamberdiev noted that the attacker exploited a feature that allowed reentrancy and a second swap before reserves, which are used to calculate the number of tokens in swaps, were updated.
\n\n\n\n
6/7
The exploit happened because the attacker could do reentrancy and did a second swap before reserves, which are used to calculate the number of tokens in swaps, were updated. pic.twitter.com/45DNYtycbO
— Igor Igamberdiev (@FrankResearcher) May 28, 2021
A similar attack vector was observed at Julswap. The project CEO Tobias Graf denied the hack and the exploit. According to him, the team will present details of the incident soon.
\n\n\n\n
Hi Community,
we investigated the dump tonight on Jul. it’s seems it was the same Situation as some other projects experienced in the last weeks due to an flash loan.
There is NO hack or exploit!
Flash Loan Hash:https://t.co/AVus5B2ZVX
More informations soon.
— TG Crypto (@tg_cryptos) May 28, 2021
In the last 24 hours, the BurgerSwap (BURGER) token fell by 18%, according to CoinGecko. After the attack, the JulSwap (JULD) price dropped from $0.062 to $0.035. At the time of writing, the coin was trading at around $0.047.
\n\n\n\n
Earlier, using flash loans funds were withdrawn from the DeFi project PancakeBunny. The token price collapsed by more than 80%.
\n\n\n\n
In May xToken lost $25 million due to a hacker attack. The attacker took a flash loan of 61,800 ETH, and then deployed two exploits.
\n\n\n\n
Earlier, CipherTrace analysts reported that in 2021 hackers stole from DeFi protocols a record $156 million.
\n\n\n