The most significant flash loan attack on the BNB chain was reported on October 11 when the MEV bot made massive arbitrage profits worth $1.575 million.
The attack, which went through the Pancakeswap DEX network, only cost the perpetrating bot a fee of $4.16, generating huge profits for them.
Massive individual flash loan attack on the BNB chain
According to reports, the MEV bot with the address 0x216Ccf on the BNB chain has emerged as the record holder for the most significant single arbitrage profits in the history of the chain.
EigenPhi, a leading blockchain data analysis company, open Details, confirming that the massive profit resulted from a well-planned price manipulation attack on the BH token.
Essentially, the attacker exploited a flaw in the system worth around $1.27 million, and immediately transferred the funds to the popular mixer Tornado Cash.
This attacker borrowed a large amount of USDT using job ID 0x33688938 and added USDT to the contract.
Under normal circumstances, the liquidity ratios of the contract are around 1 USD: 100 BH. The attacker then manipulated the system by immediately swapping USDT for BH via the pair and later removed the liquidity with transaction ID 0x4e290832.
This swap affected the liquidity removal ratio significantly, changing to approximately 1 USDT:2 BH, allowing them to withdraw more USDT.
The chain of transactions was later confirmed by Beosin, a well-known blockchain security company, emphasizing its intentional nature. The attacker made a total profit of $1.575 million in the entire operation.
$BH The token on the BNB chain was exploited for approximately $1.27 million due to suspected price manipulation. Profits were sent to Tornado Cash.
— Beosin Alert (@BeosinAlert) October 11, 2023
The MEV Bot address 0x216Ccf was likely created on October 6 and has been inactive since then, until the date of the flash loan attack. The counter address, 0xFDbfcE, was active and currently held around 1,000 BNB tokens worth $205.8K.
Flash loan attack puzzle
Flash loan attackers will mainly exploit the flash loan mechanism to steal users’ funds, as is the case with BH tokens. In its abstract sense, flash loan is not an attack but a system that allows people to benefit from arbitrage trading.
In the 24 hours prior to writing, EigenPhi data indicates that there were around 278 flash loans within the Ethereum network. The number was 2,435 and 9,721 in the last 7 and 30 days, respectively. More than $2.2 billion in transaction value have been processed in the form of flash loans in the past 30 days, indicating expanded use of this mechanism.
However, many scammers use flash loans to cripple crypto systems and rip off investors, as in the case mentioned above. In June of this year, a DeFi protocol called Sturdy Finance 442 lost $800,000 worth of Ethereum through various hacks, including a flash loan attack.
Free Binance $100 (Exclusive): Use this link to sign up and get free $100 and 10% off Binance Futures in your first month (conditions).
PrimeXBT Special Offer: Use this link to register and enter code CRYPTOPOTATO50 to receive up to $7,000 on your deposits.