- Bogged Finance reported that an unknown attacker successfully drained $3 million from its liquidity pools.
- The attack used a flash loan to exploit a code vulnerability.
- The rising number of attacks on Binance Smart Chain projects has created major security concerns for the blockchain.
Share this article
Bogged Finance, a project built on Binance Smart Chain (BSC), faced a malicious attack in which $3 million worth of funds was drained from its liquidity pool on PancakeSwap. The incident is the second flash loan attack taking place on BSC in the last week.
Bogged Finance Attacked
Bogged Finance, a trading platform built on Binance Smart Chain (BSC), has suffered an attack.
The team reported that an unknown attacker had successfully drained $3 million in liquidity over the weekend. This was done through a complex attack that leveraged a flash loan and a vulnerability in its smart contract code.
We are aware of the flash loan attack against BOG and are as devastated as you. We believe we have prevented further theft against more of our liquidity.
We will make further announcements in the coming hours and days.
— BogTools – Powering DeFi on #BSC. (@bogtools) May 22, 2021
In a Medium blog post, the Bogged Finance team explained that the attacked exploited a bug in its smart contract that is linked to the platform’s transaction fees.
Using a vulnerability, the attacker was able to artificially mint new tokens that produced a high rate of inflation and stakers were rewarded with huge quantities of BOG tokens. Overall, there was distribution of over 15 million BOG tokens to liquidity providers.
The inflated supply helped in executing a flash loan attack in which the attacker from able to drain funds from the BOG/BNB liquidity pool on PancakeSwap. The Bogged Finance team wrote:
“The attacker was able to utilize flash loans to exploit a flaw in the staking section of the BOG smart contract to manipulate the staking rewards and cause an inflation…