BlockSec Flags $100K Exploit on Binance Smart Chain Liquidity Pool

According to BlockSec, a design flaw in a burn pair mechanism enabled reverse swaps that drained PGNLZ and PGNLP tokens, leading to nearly all USDT in the pool being stolen.

USDT

37d ago

Summary

BlockSec reported a $100,000 exploit on the Binance Smart Chain targeting an unknown contract. The attacker exploited a burn pair design flaw by performing two reverse swaps to withdraw 99.56% of PGNLZ. They then triggered transferFrom to burn 99.9% of PGNLP, synced the contract, and drained nearly all USDT from the liquidity pool.

Terms & Concepts

Burn Pair Mechanism: A liquidity pool design in which token burning affects supply and pricing dynamics, potentially introducing vulnerabilities if improperly implemented.
Reverse Swaps: A type of transaction that swaps tokens in the opposite direction of intended use, potentially to exploit pricing or logic errors in smart contracts.
USDT: Tether, a U.S. dollar-pegged stablecoin widely used for trading and transfers in the cryptocurrency market.