BNB Chain exploited in flash loan attack, attacker snags $1.27M

A flash loan attack on the BNB Chain has resulted in the largest single arbitrage profit in its history, according to security experts.

The attacker exploited a price manipulation vulnerability on the BH token (BH) and made off with $1.27 million in USDT.

As reported by Chinese journalist Colin Wu on Oct. 11, the attacker used a bot to borrow a large amount of USDT from a lending platform and then manipulated the price of BH on PancakeSwap, a decentralized exchange on the BNB Chain.

The bot then swapped USDT for BH at a low price and removed liquidity from the BH/USDT pair at a high price, earning a massive profit in the process. The bot spent only $4.16 in fees for the attack and transferred all the profits to the crypto mixing service Tornado Cash.

You might also like: FTX founder Sam Bankman-Fried’s trial day 6: Recap

Beosin, a blockchain security company, explained the details of the attack on X. They said the attacker exploited a function in the BH contract that allowed them to add USDT to the contract without affecting the liquidity ratio.

The contract assumed the liquidity ratio was about 1 USDT:100 BH. However, the attacker changed it to 1 USDT:2 BH by swapping USDT for BH through PancakeSwap. This way, the attacker could withdraw more USDT than they deposited.

Beosin warned that this was a premeditated attack on the BH token. Moreover, PeckShield, another blockchain security firm, confirmed on X that the address involved in the attack initially received funds from Tornado Cash.

In a flash loan attack, the attacker quickly borrows a large sum of an asset with no collateral from a DeFi lending platform, uses it to manipulate vulnerabilities in other protocols, and repays the loan within the same transaction, often resulting in significant profits at the expense of the targeted protocols.

Read more: Hong Kong’s regulatory approach criticized as “licensed to be killed”