Flash loans are becoming increasingly popular within decentralized finance (DeFi). Unfortunately, this has recently been increasingly accompanied by attacks on this. Bogged Finance is the most recent victim of this. Security firm PeckShield has announced that some $ 3.6 million has been looted.
Bogged Finance is a DeFi platform that allows users to place limit orders on tokens within the Binance Smart Chain (BSC). They make use of the liquidity of PancakeSwap.
The person behind the attack on Bogged managed to completely inflate the value of the BOG token and then sell everything. The hacker took millions in profit and the coin collapsed. There was a similar attack on PancakeBunny last week.
The hacker has exploited a bug. He executed nine flash swaps, comparable to flash loans. Each of these swaps generated 47,770 BOG tokens and 83,440 liquidity pool tokens.
The liquidity pool tokens were deposited in a BOG contract and that’s exactly where the bug was. The attacker was able to make 434 transfers himself, for a total of 18.74 BOG tokens. This added 151,000 tokens to his contract. The hacker then paid back his flash loans, leaving $ 3.6 million in profit.
As a result, the value of a BOG token almost dropped to $ 0. Before the hack it was still over $ 8 and two weeks ago the value was even well over $ 20.
Bogged Finance has already indicated on Twitter that it will switch to a new contract. They advise users not to buy or sell anything at this time. During the transition to the new contract, about 7.5 million tokens will be burned. The rightful owners will get their BOG back via airdrop.
Announcement We are currently migrating the token to a new contract. Your funds are safe. Please Read this Medium Post for more details: https://t.co/ELDX3xRFTL$BOG #BSC - BoggedFinance: Charts, Limit Orders & DEX. (@boggedfinance) May 23, 2021