Security company: Suspicious transactions were discovered on BSC for an uncontracted entity, resulting in a loss of approximately $150,000

PANews reported on September 17th that BlockSec Phalcon alerted its system to detect a series of suspicious transactions targeting an unverified contract (0x93fD192e1CD288F1f5eE0A019429B015016061F9) on Bitcoin Cash (BSC) a few hours ago, resulting in a loss of approximately $150,000. The issue stemmed from the contract's referral reward design: the reward calculation relied on the manipulable spot price of the BURN/BUSD trading pair.

Attack details:

  • When a user stakes or locks BURN tokens through a referral, the contract issues referral rewards in the form of BUSD to the user. These rewards are calculated based on the amount of BURN staked/locked and the real-time spot price of BURN/BUSD.
  • The attacker exploited this vulnerability to manipulate the price of BURN through flash loans. They then repeatedly created new contracts to bypass two key restrictions: the "one referral per address" rule and the maximum investment limit, allowing them to accumulate artificially inflated BUSD rewards.
  • The attacker then sold the remaining borrowed BURN tokens and repurchased BUSD, causing the price of BURN to drop. Finally, they used their previously accumulated BUSD to purchase BURN at this low price, intending to profit from the transaction.
Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
6 hour ago
6 hour ago
2025-12-21 13:30
2025-12-21 12:54
2025-12-21 05:51
2025-12-21 05:12

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读