TechFlow News: On March 27, according to BlockSec Phalcon (@Phalcon_xyz) monitoring, an unknown staking contract on Binance Smart Chain (BSC) was attacked, resulting in losses of approximately $133,000.
The root cause was a vulnerability involving real-time (spot) price dependency within the contract. The attacker manipulated the price of the TUR token in the TUR–NOBEL liquidity pool, then staked TUR tokens in the staking contract. This triggered reward calculations based on the artificially inflated price. Subsequently, the attacker withdrew the amplified rewards via three referrer accounts, draining all TUR tokens from the contract and ultimately converting them into USDT for profit.
Add to Favorites
Share to Social Media
