After PancakeBunny hacking saga, Binance Smart Chain’s decentralized finance platform has witnessed another loan hack within a week. A recent assault on DeFi project Bogged Finance depleted $3 million, or 50% of its overall liquidity.
On Sunday, the company announced the hack, advising customers not to purchase its native token until the problem is resolved.
Thanks to an online conference conducted as the assault began, the software developer detected and neutralized the issue in 45 seconds, or 15 blocks. Despite this, the criminal was able to rip off $3 million of the $6 million in cash.
Following the attack, the price of the BOG token plummeted from about $1.8 to $0.0003.
Bogged Finance offers its users the right to place a limit order on any Binance Smart Chain-based token. In a Medium post, the team detailed the invasion:
“The attacker was able to utilize flash loans to exploit a flaw in the staking section of the BOG smart contract to manipulate the staking rewards and cause an inflation of supply — without the transaction fee being charged and burned — causing net inflation.”
The transaction cap of 47,500 BOG, as per the team, hindered the hacker’s automatic system and is believed to have lessened the harm. The hacker successfully completed 11 transfers and withdrew 11,358 Binance Coins in 45 seconds until the lead developer fixed the vulnerability by removing the transaction charge (BNB).
The core team is attempting to migrate the liquidity to a fresh contract “by employing the same bug used by the attacker.” It will upgrade the contract and host it on Binance Smart Chain.
Bogged Finance will airdrop liquidity tokens to investors after burning around 7.5 million freshly minted tokens during the transfer. The announcement guarantees that “if you paid for your BOG, the platform’s native token, it is safe.”
As per yesterday’s media release, the team anticipates a lower circulation of its tokens after completion of the whole operation, which is expected to take 48 hours. PancakeBunny, a famous BSC-based DeFi protocol, was hacked in a similar way last week. Using a flaw in a flash loan system, hackers managed to swindle over $200 million in cryptocurrency.