According to Odaily Odaily, BlockSec Phalcon stated on the X platform that their system detected an attack on an unknown contract on the BSC chain, resulting in a loss of approximately $100,000. The root cause was a design flaw in burn pair.
The attacker carried out the attack through two reverse swaps: first, the attacker withdrew 99.56% of the PGNLZ tokens from the pool through the first swap; then, when selling PGNLZ in the second swap, the transferFrom function triggered the destruction of 99.9% of the PGNLP tokens and executed a sync operation, causing the price of PGNLP to rise. The attacker then used the manipulated price to withdraw almost all of the USDT in the pool.
