The PancakeSwap V2 pool for OCAUSDC on BSC was exploited in a suspicious transaction detected today. The attack resulted in the loss of almost $500,000 worth of $USDC market, drained in a single transaction.
According to reports from Blockchain security platforms, the attacker exploited a vulnerability in the deflationary sellOCA() logic, giving them access to manipulate the pool’s reserves. The final amount the attacker got away with was reportedly approximately $422,000.
The exploit involved the use of flash loans and flash swaps combined with repeated calls to OCA’s swapHelper function. This removed OCA tokens directly from the liquidity pool during swaps, artificially inflating the on-pair price of OCA and enabling the drainage of $USDC
How did the OCA/$USDC exploit happen?
The attack was reportedly executed via three transactions. The first to carry out the exploit, and the following two to serve as additional builder bribes.
“In total, 43 $BNB plus 69 $BNB were paid to 48club-puissant-builder, leaving an estimated final profit of $340K,” Blocksec Phalcon wrote on X about the incident, adding that another transaction in the same block also failed at position 52, likely because it was frontrun by the attacker.
Flash loans on PancakeSwap allow users to borrow significant amounts of crypto assets without collateral; however, the borrowed amount plus fees must be repaid within the same transaction block.
They are primarily used in arbitrage and liquidation strategies on the Binance Smart Chain, and the loans are usually facilitated by PancakeSwap V3’s flash swap function.
Another flash loan attack was detected weeks ago
In December 2025, an exploit allowed an attacker to withdraw approximately 138.6 WBNB from the PancakeSwap liquidity pool for the DMi/WBNB pair, netting approximately $120,000.
That attack demonstrated how a combination of flash loans and manipulation of the AMM pair’s internal reserves via sync() and callback functions is capable of being used to completely deplete the pool.
The attacker first created the exploit contract and called the f0ded652() function, a specialized entry point into the contract, after which the contract then calls flashLoan from the Moolah protocol, requesting approximately 102,693 WBNB.
Upon receiving the flash loan, the contract initiates the onMoolahFlashLoan(…) callback. The first thing the callback does is find out the DMi token balance in the PancakeSwap pool in order to prepare for the pair’s reserve manipulation.
It should be noted that the vulnerability is not in the flash loan, but in the PancakeSwap contract, allowing manipulation of reserves via a combination of flash swap and sync() without protection against malicious callbacks.