TechFlow, September 17 — According to BlockSec Phalcon, an unverified contract on BSC (0x93fD192e1CD288F1f5eE0A019429B015016061F9) was attacked, resulting in losses of approximately $150,000.
BlockSec Phalcon stated that the attack originated from a flaw in the contract's referral reward design: the reward calculation relied on the manipulable spot price of the BURN/BUSD trading pair. The attacker used flash loans to manipulate the BURN token price, then repeatedly created new contracts to bypass the "one referral per address" rule and maximum investment limits, thereby accumulating inflated BUSD rewards.
Add to Favorites
Share to Social Media
