Apparently, some wallets can make a chain of transaction events, that eventually "steals" LP-CAKE from token owners who are trying to inject liquidity into their pools, or in some cases, make a buy-sell of LP-CAKE that increases their value without any reason.
The most amazing thing is, that this type of hack is "bending" the rules of the blockchain, by using exploit / LP attack and making a chain of transactions, usually at the same block, where they buy LP-CAKE and selling back at much higher value after a very short time.
As far as it seems, the exploit / LP attack happens through the BSCscan network - unrelated to any token's code or function. As far as we noticed, they attacked much bigger projects. Last example we found was Tron(TRX)
TX: https://bscscan.com/tx/0xa7af78ed9ce9354acaaccfdf5a9fc076f2c53ed6f5970daa031cc2bf1d2fcaa3
The last wallets found by BidenSwap team, are:
https://bscscan.com/address/0x34927d8bebe7e83e479d8999c988b4f5c13bb7a9
https://bscscan.com/address/0x8c6359a08eb39d9681aaab642ecd54a234995dc0
https://bscscan.com/address/0x991e498d4285ea71641a18ff3f1a417a8964afe0
They are all working together, and in some cases, even under the same block - must be a pretty smart bot!.
Pretty amazing results, from 0.5+- BNB to 43.3+- , ALL BY LP-CAKE "TRADES"
In another case, the first wallet (Ends with A9) just recently attacked from another new and interesting project : Baby Doge Coin.
So far, weβve found this :
TX : 0xa2dff91a9dc18fff0c4fb5257f89b1da6b64f52eb3ba0c282e5a1ee7b5751b8d
https://bscscan.com/tx/0xa2dff91a9dc18fff0c4fb5257f89b1da6b64f52eb3ba0c282e5a1ee7b5751b8d
Now, lets go deeper!
11 days ago, the first wallet (Ends with A9) made a transaction with Baby Doge Coin:
TX : 0xa66422aaffcf6dc5b3a54ce29e1d4b33d7773e7240d5d65e7c2feac02635fab8
Zooming in a bit more and we can find a weird CAKE-LP transaction, increasing the worth of the BNB deposited for the transaction and send it back to the original wallet:
https://bscscan.com/tx/0xa66422aaffcf6dc5b3a54ce29e1d4b33d7773e7240d5d65e7c2feac02635fab8
Less than 24 hours ago, the same wallet made another weird movement, again with LP-CAKE from Baby Doge Coin:
https://bscscan.com/tx/0xa2dff91a9dc18fff0c4fb5257f89b1da6b64f52eb3ba0c282e5a1ee7b5751b8d
Another huge increase of BNB, going back to the owners wallet.
There are many other examples inside their transaction history. This unfortunately happened with our very own BidenSwap as well.
Chain of events of BidenSwap LP-CAKE steal:
https://bscscan.com/tx/0xafef514eb5b86ecadc6be806cd730c186546715aa03f6523365ad89eb5e221d7
(5 BNB Injection, recieved 0.35 LP Cake)
2 minutes after first injection, the wallet is active:
https://bscscan.com/tx/0xe0fbccf1ba5d7f7bd2cf035a4558fba373a8c904191be9dfda1eb4b0348ebd57
https://bscscan.com/tx/0xdca7ce6f085f8bc1c157a3164090c746badd6fae9379c695d8903a54b8d7d794
(On this one he liquidated 4.6BNB's at one shot - drained most of LP out and made our teams notice that at the same second, means: from 0.00005 BNB to 4.6 BNB in 2 minutes)
https://bscscan.com/tx/0x65b1502c581ae04df0a930ea79a8e4f3b3152660f939781773f8fcf303cfb649
https://bscscan.com/tx/0x8fa29074221859e135eea3009f23c376395dfddc8fed0679ca67aa6dec99ad5e
https://bscscan.com/tx/0xbe11f73f8b08620bc5f407691634991afff9f7b88c2c962f54d972001f394a20
https://bscscan.com/tx/0xbf1520d720bd7596ddf0c89d79f15fac4fc41f14bbc203e629e93475038e45fb
At the same time, the other wallet is taking more actions:
https://bscscan.com/tx/0x9e71d672091931fe2a6560f520a66b0d5527defec9b1e839815a9800c521693f
AT THE SAME TIME!! another wallet is in action:
https://bscscan.com/tx/0xb72eaa60ed4de8b8f02c7126e54145a6146c5d2c022681875d19d24efdae7041
We found those wallets working together according to the time frames they attacked other tokens, and the fact that in some cases, they were able to make actions together at the same block.
We made a small first injection, and when we noticed this anomaly, we started to investigate it, finally arriving at some conclusions about how to make future injections safer.
While analysing our transactions, we also reviewed our code and its functions for any anomalies that might effect the security and we're happy to say it turned out completely secure and unaffected by this incident.
If it's all true, it doesnβt look like there is a way to stop those CAKE-LP attacks, and it seems that the entire BSCscan network is exposed to those cases.
Token owners - make sure to check your LP tokens after liquidity injections and monitor your LP-CAKE contract for any similar transaction as we mentioned.
Our team has sent an e-mail to BSC Scan regarding this issue and we await their reply.
Wishing you all safe swapping!
BidenSwap Team
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments