BabyDogeCoin, a spinoff of the popular Dogecoin, has been exploited by an unknown attacker who stole 437 BNB (Binance Coin) worth about $137K from the project’s liquidity pool. The exploit happened on May 28, 2023, at 03:15:47 UTC, and was detected by De.Fi Antivirus, a security platform for decentralized applications.
How did the exploit happen?
According to De.Fi Antivirus, the attacker used a flash loan to borrow 437 BNB from PancakeSwap, a decentralized exchange on the Binance Smart Chain. The attacker then swapped the borrowed BNB for BabyDogeCoin on the same platform, causing a temporary increase in the price of BabyDogeCoin. The attacker then swapped the BabyDogeCoin for BNB on decentralized exchange, and repaid the flash loan with a profit of 437 BNB.
The exploit was possible because of a vulnerability in the BabyDogeCoin smart contract that allowed the attacker to manipulate the price of the token by creating a large imbalance between the supply and demand of BabyDogeCoin. The attacker exploited this vulnerability by using a flash loan, which is a type of loan that allows users to borrow and repay funds within one transaction.
What is the impact of the exploit?
The exploit resulted in a loss of 437 BNB from the BabyDogeCoin liquidity pool, which is used to facilitate trading of the token on decentralized exchanges. The loss of liquidity means that the price of BabyDogeCoin could become more volatile and susceptible to manipulation by other actors
