BurgerSwap Compromised — Attackers Walk Away With $7.2M in Exploits

Yerevan (CoinChapter.com) – Decentralized finance (DeFi) protocol BurgerSwap suffered a flash loan attack on Friday that saw hackers walk away with around $7.2 million in various altcoins. The company took to Twitter to break the news.

BurgerSwap is a Democratized Automated Market Maker (AMM), launched atop Binance Smart Chain (BSC) in September 2020. It has since become a popular decentralized exchange (DEX) and go-to address for people looking to swap tokens across different chains.

According to the company, the attackers stole varying amounts of seven different cryptocurrencies, including $3.2 million worth of BURGER tokens, $1.6 million worth of Wrapped BNB (WBNB), and $1.4 million worth of Tether (USDT).

Launched as a replica of Uniswap, BurgerSwap had looked to improve on the benchmark DEX’s protocol. However, it has become evident that some lapses in its code made the system weaker than Uniswap. It was perhaps this coding lapse that allowed hackers to succeed.

Some even speculated deduced that the attack was an internal one, hinting that the developers themselves could have orchestrated the attack. Perhaps it was a marketing gimmick.

Such Attacks are Becoming Worryingly Common

A flash loan is a quick loan taken and returned by the time a new block is created. It does not require the borrower to put down any collateral. The borrower quickly gains a profit on the loan and returns it before a new block on the blockchain is formed.

The attack on BurgerSwap, albeit outrageous, is not new in the industry. Earlier this month, a hacker used PancakeSwap, another decentralized exchange running on Binance Smart Chain, to manipulate the Bunny market. The price of Bunny dropped to nearly zero.

The hacker borrowed a huge Binance BNB token on PancakeSwap and manipulated its price against the Binance USD stablecoin and Bunny tokens. The hacker then dumped the acquired Bunny tokens on the market. This caused the price of Bunny to plummet to $6.17 from around $146, a crash of over 95%.

Pancake Bunny announced the news of the attack on Twitter.

Attention Bunny Fam

Our project has suffered a flash loan attack from an outside exploiter.

We will be posting a post mortem, in depth analysis, but for the time being we would like to update the community as to how this happened.

— pancakebunny.finance (@PancakeBunnyFin) May 20, 2021

A similar attack on Bogged Finance saw attackers walk away with $3 million. The company broke the news in a long post on Bogged Tools.

DeFi platforms are constantly under attack. This may be because many of them have the same glitch in their codes. Attackers have found a weak point and know where to attack.

Implications For Potential Investors

The repeated attacks on DeFi networks can scare away potential investors. Meanwhile, with the industry still largely unexplored, news of such attacks can warn amateur investors who may consider DeFi an unsafe option.

As it stands, people find DeFi and other blockchain-based protocols hard to digest. Skeptic onlookers reading the news about repeated attacks will opt to stay away, hampering its potential growth.