Bogged Finance Suffers $3M Flash Loan Exploit
- The project’s development team discovered and mitigated the attack within 45 seconds, but the attacker was still able drain $3 million of the $6 million of liquidity.
- The team is currently working on a plan to mitigate the situation, which uses the same exploit as the unknown attacker.
Shutterstock
Bogged Finance has become the second Binance Smart Chain-based decentralized finance (DeFi) project to become the target of a flash loan exploit, Bogged said in a press release on 23 May.
According to the announcement, at around 14:30 UTC on Saturday an attacker executed a “complex flash-loan based attack” that manipulated the platform’s staking rewards and caused an inflation of supply. Through the exploit the attacked was able to drain $3 million of the platform’s native BOG token, the price of which has fallen dramatically since the incident. Bogged’s team said in the blog post:
“The attacker was able to utilize flash loans to exploit a flaw in the staking section of the BOG smart contract to manipulate the staking rewards and cause an inflation of supply — without the transaction fee being charged and burned — causing net inflation.”
While the Bogged developer team — some of which were in a Discord meeting during the incident — were able to discover and mitigate the exploit within 45 seconds, the attacker was still able to get away with half of the platform’s liquidity. In the time it took to patch the exploit, the attacker was able to make 11 transactions taking 11,358 BNB with him. The only thing that got in the way of the exploit was the platform’s transaction limit of 47,500 BOG.
Bogged Finance — which enables users to place limit orders on all BSC-based tokens — now plans to mitigate the situation by migrating the remaining liquidity to a new contract using the “same exploit” as the attacker to drain the Liquidity Pool. The team will then redeploy an update version of the contract to BSC, and after burning around 7.5 million tokens “airdrop the Liquidity Tokens back to their rightful owners”. The process is expected to take 24 hours to complete, with BOG having a much smaller circulating supply after it is finished. The team said:
“Not everyone will like this solution, but this will remove as much of the illegitimately obtained $BOG from circulation without affecting those who acted honestly during the attack.”
Bogged Finance’s exploit is the latest in a number of incidents targeting BSC-based DeFi projects. Less than a week ago, prominent DeFi protocol PancakeBunny also became the victim of a flash loan attack — with the hacker taking off with $200 million in crypto — but similarly to Bogged Finance, the platform was quick to come up with a recovery plan.
- The New York Jurors took 4 fours of deliberating before pronouncing the former FTX CEO guilty of all seven charges of fraud and conspiracy to commit fraud.
- Bankman-Fried will now have to appear in court on 28 March, 2024, where he will face a potential maximum sentence of 115 years in prison.
Former CEO of FTX Sam Bankman-Fried leaves the Federal Court in New York after pleading not guilty, 3 January, 2022.
lev radin/Shutterstock
- The U.S. Department of Justice has expressed its concerns over Sam Bankman-Fried’s seven expert witnesses, and requested they be barred from testifying on the case.
- The DoJ claimed most of the proposed experts lacked the necessary foundation for their opinions, making them unqualified to be an expert witness.
- The remaining $31 million worth of crypto assets were returned late on Monday, marking a successful end to Euler Finance’s recovery efforts.
- The total value of assets returned is a little over $177 million, which is 90% of the “recoverable funds” after adjusting for the 10% bounty previously offered.