In April 2026, the TMM/USDT trading pair on Binance Smart Chain (BSC) was the victim of a reserve manipulation attack. The attacker used flash loans to skew pricing information and steal an estimated $1.665 million.
Inside the Attack
Flash loans are a common tool in price manipulation attacks because they provide an attacker with enough of a token to dramatically skew the balance of tokens in a particular trading pair. In this case, the attacker used flash loans from multiple sources — ListaDAO Moolah, Venus, Aave V3, PancakeSwap Vault, and Uniswap PoolManager — to collect the required funds without hitting borrowing caps.
After borrowing USDT across all of these sources, the attacker burned TMM tokens to the 0x..DEAD address on BSC. As a result, the TMM token reserve was reduced to just 1 TMM, distorting the balance of USDT and TMM within the targeted liquidity pool (0xc36c718e7d0af055092e5274f92f6511820ca041).
The target was a Constant Product Market Maker (CPMM) pool, which means that it calculated the value of tokens in a trading pair as x * y = k, where k is a constant. As x increases, the perceived value of y decreases, and vice versa. In this case, draining the pool’s reserves of TMM tokens inflated the perceived value of those tokens relative to USDT.
The attacker then swapped approximately 850 million TMM tokens in the pool, netting them 272 million USDT. After paying off the flash loans used in the attack, an estimated $1.665 million remained and was later distributed to various addresses.
Lessons Learned from the Attack
This was a classic example of a flash loan-based reserve manipulation attack. These exploits take advantage of the fact that certain types of pools price assets based solely on the pool’s current reserves of the two assets in a trading pair. By taking out massive flash loans from multiple sources, the attacker was able to manipulate this asset balance and trick the pool into providing large payouts of USDT in exchange for a deposit of the seemingly rare TMM token.
This attack was made possible by the fact that this type of pool doesn’t perform sync operations for its reserves in response to a transfer or burn operation. This makes the pool believe that it has an imbalance that it needs to correct by making deposits of the “rare” asset more profitable for users.
Reserve manipulation attacks are a common exploit that can result in millions in losses for targeted pools. For help in protecting against this and other top threats, get in touch.