PANews reported on February 14th that, according to BlockSec Phalcon monitoring, an unknown USDC-OCA liquidity pool on the BSC chain was attacked, resulting in the withdrawal of approximately 422,000 USDC. The attackers exploited a deflationary vulnerability in the OCA token's `sellOCA()` function. Each call to `sellOCA()` swapped OCA tokens while simultaneously removing an equal amount of OCA from the liquidity pool, artificially inflating the token price within the pool.

The attack was completed through three transactions: the first executed the attack, and the latter two were primarily used to pay additional bribes to the block builder. The attacker paid a total of approximately 43 BNB plus 69 BNB to 48club-puissant-builder, ultimately profiting an estimated $340,000. Another transaction in the same block failed at position 52, presumably due to preemption by the attacker.