价值22.6万美元的BNB丢失了! How BFB token’s safety protocol became its own worst enemy

An exploit targeted the BFB token’s faulty price-defense mechanism rather than the PancakeSwap liquidity pool itself.

Investigators traced the attack to a logical flaw in BFB’s price-defense mechanism on BNB Chain. The attacker first funded gas fees with assets routed through Railgun, a privacy protocol that obscures transaction origins.

价值22.6万美元的BNB丢失了! How BFB token’s safety protocol became its own worst enemy 来源:BscScan

Then, by repeatedly using zero-value transferFrom() calls to trigger the _priceDeflPool() function with a flash loan, the attacker burned 5% of the BFB tokens in the liquidity pool.此操作已完成大约 151 次。

<风格> @media only 屏幕和(最小宽度:0px)和(最小高度:0px){ div[id^=”bsa-zone_1774359638628-7_123456″] { 最小高度:50px; 过渡:最小高度 0.3 秒缓和; } } @media only 屏幕和(最小宽度:640px)和(最小高度:0px){ div[id^=”bsa-zone_1774359638628-7_123456″] { 最小高度:90px; } } <按钮 onclick=” var el = document.getElementById(‘amb-ad-inline-content’); el.style.maxHeight = el.scrollHeight + ‘px’; requestAnimationFrame(function() { el.style.maxHeight = ‘0’; el.style.marginTop = ‘0’; el.style.marginBottom = ‘0’; }); “>AD <矩形宽度=“10”高度=“10”rx=“5”填充=“当前颜色”/><路径填充=“#000000”d=“M6.883 6.317a.4.4 0 1 1-.566.566L5 5.566 3.683 6.883a.4.4 0 1 1-.566-.566L4.434 5 3.117 3.683a.4.4 0 1 1 .566-.566L5 4.434l1.317-1.317a.4.4 0 1 1 .566.566L5.566 5z” />

In each iteration, a zero-value transferFrom() call between externally owned accounts (EOAs) triggered the _priceDeflPool() function.这导致合约销毁 PancakeSwap 流动性池中存储的 5% 的 BFB 代币,并立即调用 sync() 来更新池的储备。

攻击者如何排空池中的水?

Here, after the BFB reserve was nearly exhausted, the attacker consumed approximately 396.43 Binance [BNB] (roughly $226,000) by exchanging a small amount of BFB for nearly all the BNB 在池中。 

价值22.6万美元的BNB丢失了! How BFB token’s safety protocol became its own worst enemy Source: BscScan

The attacker later converted the stolen BFB into BNB and left the funds in wallet 0x3BFA…6b0F without moving them.

Investigators identified the logical flaw in BFBToken’s price-defense mechanism as the root cause. They continue monitoring the wallet for any outgoing transfers.

The attacker also combined several techniques, including liquidity pool draining, reserve manipulation, Automated Market Maker (AMM) price manipulation, flash loans, logic exploitation, zero-value transaction abuse, repeated execution, and Railgun funding.

攻击数量惊人增加

这与 TRM 实验室数据显示,2026 年上半年发生了创纪录的 207 起安全漏洞。 

价值22.6万美元的BNB丢失了! How BFB token’s safety protocol became its own worst enemy Source: TRM Labs

Even so, total losses fell sharply to $972 million, less than half the $2.3 billion stolen during the same period in 2025.

The attack also followed Polymarket’s recent phishing incident, where attackers compromised the frontend and manipulated what users viewed and signed.

Summer.fi 的事后分析还显示,攻击者在执行价值 604 万美元的 Lazy Summer Protocol 漏洞之前花费了大约三个月的时间。

<小时>

最终摘要

  • 396.43 BNB was drained by the attacker in exchange for a small amount of BFB. 
  • A logical error in BFBToken’s price-defense mechanism was the root cause of this attack. 

免责声明:以上内容(如有图片或视频亦包括在内)均为平台用户上传并发布,本平台仅提供信息存储服务,对本页面内容所引致的错误、不确或遗漏,概不负任何法律责任,相关信息仅供参考。

本站尊重他人的知识产权、名誉权等法律法规所规定的合法权益!如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到qklwk88@163.com,本站相关工作人员将会进行核查处理回复

(0)
链答报道的头像链答报道
上一篇 2026年 7月 10日
下一篇 2026年 7月 10日

相关推荐