BurgerSwap

BurgerSwap Hack - May 2021

Overview

On May 28, 2021, the Binance Smart Chain (BSC)-based BurgerSwap protocol experienced a flash loan attack. The attacker of the DeFi protocol managed to steal approximately $7.2 million in tokens by manipulating the price of the BURGER token.

Attack Method

The hack on BurgerSwap was based on a fake token contract and a reentrancy exploit. The attack began and ended with a flash loan from PancakeSwap that provided the source of the funds used in the attack.

Missing Line of Code

According to the founder of Uniswap, Hayden Adams, the malicious entities were able to hack because the decentralized exchange was missing a key line of code. The exec said that BurgerSwap was based on Uniswap's V2 code. However, a certain line of code had been removed, which allowed the core to be very "trivially be drained."

Stolen Assets

The attacker reportedly managed to steal:

• 4,400 BNB (~$1.6 million)

• 22,000 BUSD

• 1.4 million USDT stablecoins

• 2.5 Ethereum (~$6,800)

• 432,000 BURGER (~$3.2 million)

• 142,000 xBURGER (~$1 million)

For a total of over $7.2 million.

Sources

• https://www.halborn.com/blog/post/explained-the-burgerswap-hack-may-2021

• https://cryptoslate.com/binance-smart-chain-defi-project-burgerswap-hacked-for-7-million/

• https://www.coindesk.com/markets/2021/05/28/burgerswap-hit-by-flash-loan-attack-netting-over-7m

• https://cryptopotato.com/another-bsc-project-exploit-7-2m-drained-from-burgerswap-in-a-flash-loan-attack/

• https://coingape.com/burgerswap-flash-loan-attack-binance-smart-chain-bsc-sweeps-7-million-losses/