Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
BurgerSwap, an automatic market maker on the BSC chain, suffered a lightning loan attack and lost nearly 7 million U.S. dollars. This attack is a problem in the BurgerSwap architecture. Since the Pair layer completely trusts the data of the PaltForm layer, it did not perform another check on its own, which led to the attack. Attack method (per SlowMist): Flash loan attack. Reported loss: $ 7,000,000.
- chain
- bsc
- protocol
- BurgerSwap
- bug_class
- flashloan
- date_occurred
- 2021-05-28
- loss_usd
- $7,000,000
- source_id
- sm:burgerswap::2021-05-28