Overview of the Attack
A recent flash loan attack on the BNB Chain has set a historic record, marking the largest single arbitrage profit in the chain’s history, according to security experts.
Exploiting Vulnerabilities
The attacker targeted a price manipulation vulnerability on the BH token (BH) and managed to steal $1.27 million in USDT. Using a sophisticated bot, the attacker borrowed a substantial amount of USDT from a lending platform and manipulated the price of BH on PancakeSwap, a decentralized exchange on the BNB Chain.
Attack Methodology
The bot executed a series of strategic moves, swapping USDT for BH at a low price and then removing liquidity from the BH/USDT pair at a significantly higher price. This manipulation allowed the attacker to reap massive profits, all while incurring minimal fees of $4.16 for the entire attack. The profits were swiftly transferred to the crypto mixing service Tornado Cash, making it difficult to trace the funds.
Exploited Contract Functionality
Beosin, a leading blockchain security company, revealed that the attacker exploited a specific function within the BH contract. This function enabled the attacker to add USDT to the contract without affecting the liquidity ratio. Originally assuming a 1 USDT:100 BH ratio, the attacker altered it to 1 USDT:2 BH by exchanging USDT for BH through PancakeSwap. By doing so, the attacker could withdraw more USDT than initially deposited, maximizing their illicit gains.
Warning from Security Experts
Beosin cautioned that this attack was premeditated, targeting the BH token intentionally. Additionally, PeckShield, another prominent blockchain security firm, verified that the address involved in the attack had initially received funds from Tornado Cash.
Understanding Flash Loan Attacks
In a flash loan attack, the attacker swiftly borrows a substantial sum of an asset with no collateral from a DeFi lending platform. They then exploit vulnerabilities in other protocols, manipulating prices and liquidity to their advantage. The loan is repaid within the same transaction, resulting in significant profits for the attacker at the expense of the targeted protocols.