June 2nd, 2021
On May 28, 2021, the Binance Smart Chain (BSC)-based BurgerSwap protocol experienced a flash loan attack. The attacker of the DeFi protocol managed to steal approximately $7.2 million in tokens by manipulating the price of the BURGER token.
The hack on BurgerSwap was based on a fake token contract and a reentrancy exploit. The attack began and ended with a flash loan from PancakeSwap that provided the source of the funds used in the attack.
With the tokens gained from the flash loan, the attacker took the following steps (using WBNB as an example):
By using this technique, the attacker was able to steal a number of different altcoins as well as over $4 million in BURGER and xBURGER. The total theft is valued at about $7.2 million.
The BurgerSwap hack is the latest in a series of attacks on DeFi protocols that take advantage of price manipulation. Since many DeFi liquidity pools base their exchange rates on the relative amounts of the tokens in a trading pair that they contain, manipulation of these amounts changes the rates and allows attackers to extract more value than they put in. Flash loans make these attacks easy to perform by providing the seed capital needed to manipulate prices and achieve large gains.
This and previous attacks on DeFi protocols have demonstrated the risks of calculating exchange rates within the code of a smart contract. Preventing future attacks requires the use of an external reference for exchange rates that is less vulnerable to manipulation.