PANews reported on September 17th that BlockSec Phalcon alerted its system to detect a series of suspicious transactions targeting an unverified contract (0x93fD192e1CD288F1f5eE0A019429B015016061F9) on Bitcoin Cash (BSC) a few hours ago, resulting in a loss of approximately $150,000. The issue stemmed from the contract's referral reward design: the reward calculation relied on the manipulable spot price of the BURN/BUSD trading pair. Attack details: When a user stakes or locks BURN tokens through a referral, the contract issues referral rewards in the form of BUSD to the user. These rewards are calculated based on the amount of BURN staked/locked and the real-time spot price of BURN/BUSD. The attacker exploited this vulnerability to manipulate the price of BURN through flash loans. They then repeatedly created new contracts to bypass two key restrictions: the "one referral per address" rule and the maximum investment limit, allowing them to accumulate artificially inflated BUSD rewards. The attacker then sold the remaining borrowed BURN tokens and repurchased BUSD, causing the price of BURN to drop. Finally, they used their previously accumulated BUSD to purchase BURN at this low price, intending to profit from the transaction.PANews reported on September 17th that BlockSec Phalcon alerted its system to detect a series of suspicious transactions targeting an unverified contract (0x93fD192e1CD288F1f5eE0A019429B015016061F9) on Bitcoin Cash (BSC) a few hours ago, resulting in a loss of approximately $150,000. The issue stemmed from the contract's referral reward design: the reward calculation relied on the manipulable spot price of the BURN/BUSD trading pair. Attack details: When a user stakes or locks BURN tokens through a referral, the contract issues referral rewards in the form of BUSD to the user. These rewards are calculated based on the amount of BURN staked/locked and the real-time spot price of BURN/BUSD. The attacker exploited this vulnerability to manipulate the price of BURN through flash loans. They then repeatedly created new contracts to bypass two key restrictions: the "one referral per address" rule and the maximum investment limit, allowing them to accumulate artificially inflated BUSD rewards. The attacker then sold the remaining borrowed BURN tokens and repurchased BUSD, causing the price of BURN to drop. Finally, they used their previously accumulated BUSD to purchase BURN at this low price, intending to profit from the transaction.
Security company: Suspicious transactions were discovered on BSC for an uncontracted entity, resulting in a loss of approximately $150,000
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com
PANews reported on September 17th that BlockSec Phalcon alerted its system to detect a series of suspicious transactions targeting an unverified contract (0x93fD192e1CD288F1f5eE0A019429B015016061F9) on Bitcoin Cash (BSC) a few hours ago, resulting in a loss of approximately $150,000. The issue stemmed from the contract's referral reward design: the reward calculation relied on the manipulable spot price of the BURN/BUSD trading pair.
Attack details:
- When a user stakes or locks BURN tokens through a referral, the contract issues referral rewards in the form of BUSD to the user. These rewards are calculated based on the amount of BURN staked/locked and the real-time spot price of BURN/BUSD.
- The attacker exploited this vulnerability to manipulate the price of BURN through flash loans. They then repeatedly created new contracts to bypass two key restrictions: the "one referral per address" rule and the maximum investment limit, allowing them to accumulate artificially inflated BUSD rewards.
- The attacker then sold the remaining borrowed BURN tokens and repurchased BUSD, causing the price of BURN to drop. Finally, they used their previously accumulated BUSD to purchase BURN at this low price, intending to profit from the transaction.
Market Opportunity
RealLink Price(REAL)
$0.05326
$0.05326$0.05326
USD
RealLink (REAL) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
Ripple’s Hidden Road acquisition could ‘supercharge XRP’s utility’
The post Ripple’s Hidden Road acquisition could ‘supercharge XRP’s utility’ appeared on BitcoinEthereumNews.com. On Monday, March 2, 2026, the Depository Trust
Share
BitcoinEthereumNews2026/03/03 18:12
S&P 500 Slides as Gas Prices Rise
The post S&P 500 Slides as Gas Prices Rise appeared on BitcoinEthereumNews.com. U.S. stocks opened sharply lower Tuesday with the Dow Jones Industrial Average and
Share
BitcoinEthereumNews2026/03/03 18:35
Aave DAO to Shut Down 50% of L2s While Doubling Down on GHO
The post Aave DAO to Shut Down 50% of L2s While Doubling Down on GHO appeared on BitcoinEthereumNews.com. Aave DAO is gearing up for a significant overhaul by shutting down over 50% of underperforming L2 instances. It is also restructuring its governance framework and deploying over $100 million to boost GHO. This could be a pivotal moment that propels Aave back to the forefront of on-chain lending or sparks unprecedented controversy within the DeFi community. Sponsored Sponsored ACI Proposes Shutting Down 50% of L2s The “State of the Union” report by the Aave Chan Initiative (ACI) paints a candid picture. After a turbulent period in the DeFi market and internal challenges, Aave (AAVE) now leads in key metrics: TVL, revenue, market share, and borrowing volume. Aave’s annual revenue of $130 million surpasses the combined cash reserves of its competitors. Tokenomics improvements and the AAVE token buyback program have also contributed to the ecosystem’s growth. Aave global metrics. Source: Aave However, the ACI’s report also highlights several pain points. First, regarding the Layer-2 (L2) strategy. While Aave’s L2 strategy was once a key driver of success, it is no longer fit for purpose. Over half of Aave’s instances on L2s and alt-L1s are not economically viable. Based on year-to-date data, over 86.6% of Aave’s revenue comes from the mainnet, indicating that everything else is a side quest. On this basis, ACI proposes closing underperforming networks. The DAO should invest in key networks with significant differentiators. Second, ACI is pushing for a complete overhaul of the “friendly fork” framework, as most have been unimpressive regarding TVL and revenue. In some cases, attackers have exploited them to Aave’s detriment, as seen with Spark. Sponsored Sponsored “The friendly fork model had a good intention but bad execution where the DAO was too friendly towards these forks, allowing the DAO only little upside,” the report states. Third, the instance model, once a smart…
Share
BitcoinEthereumNews2025/09/18 02:28