VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
On the BSC network, an unknown smart contract MSCST suffered a flash loan attack, resulting in an estimated loss of approximately $130,000. The root cause of the exploit lies in the lack of access control (ACL) within the releaseReward() function of the MSCST contract, which allowed the attacker to manipulate the price of the GPC token in the PancakeSwap liquidity pool (address: 0x12da). Attack method (per SlowMist): flash loan attack. Reported loss: $130,000.
Primary source
https://x.com/Phalcon_xyz/status/2005518274864595002 ↗Sourced from
slowmist
Technical record
- chain
- bsc
- protocol
- MSCST
- bug_class
- access-control
- date_occurred
- 2025-12-29
- loss_usd
- $130,000
- source_id
- sm:mscst::2025-12-29
Related — same bug class· access-control
2026-05-13
27d ago
ARB
access-control
$132.7K
AUDIT-CATCHABLE
2026-05-12
28d ago
ETH
access-control
$47.5K
UNRATED
2026-05-12
29d ago
—
access-control
$455.0K
UNRATED
2026-05-11
29d ago
POLY
access-control
$101.4K
AUDIT-CATCHABLE
2026-05-10
1mo ago
ARB
access-control
$209.0K
UNRATED
2026-05-10
1mo ago
ARB
access-control
$209.0K
UNRATED