In October 2023, BH (Black Hole) Token was the victim of a price manipulation exploit. The attacker took advantage of the vulnerable smart contract to drain an estimated $1.27 million.
Inside the Attack
The attack against BH Token was a classic example of a price manipulation attack. These attacks take advantage of the fact that a smart contract calculates the value of a particular token on-chain, making it possible for an attacker to manipulate this value within a single transaction.
Price manipulation attacks typically begin with a flashloan, which is a collateral-free loan that lasts for a single blockchain transaction.
These loans provide an attacker with the ability to manipulate the perceived value of a token by unbalancing a trading pair. This imbalance is called “slippage” and can happen naturally due to unbalanced transaction activity on an exchange. However, it can also occur by adding more of one token to the pair compared to the other.
In this case, the attacker targeted the BH/USDT trading pair on PancakeSwap. The attacker swapped USDT for BH at a low price, enabling them to extract liquidity from the trading pair at a much higher price. The attack would then end with the attacker paying back the flash loan and keeping whatever is left over as profit.
In this case, the attacker paid approximately $4.16 in fees to perform their attack on BNB Chain. However, after performing the price manipulation attack and taking advantage of the slippage that they created, they were able to drain an estimated $1.27 million in USDT. In the end, the attacker transferred their profits to Tornado Cash to prevent them from being traced and frozen.
Lessons Learned from the Attack
The attack on BH Token exploited a price manipulation vulnerability. The attacker used a flashloan attack to create significant slippage on the BH/USDT token on PancakeSwap. Using this slippage, the attacker was able to extract liquidity from the pair at a high price, draining about $1.27 million from the exchange.
Price manipulation attacks can be prevented by using various slippage prevention mechanisms. For example, off-chain price oracles such as Chainlink are not vulnerable to price manipulation attacks. A smart contract can also implement slippage protection by preventing a token’s value from deviating outside of a particular range too quickly.
Price manipulation vulnerabilities are a common risk for DeFi smart contracts, but they can often be identified and corrected as part of a smart contract audit. For help in protecting your smart contracts, get in touch.