Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The PLTD project was attacked by hackers, all BUSD in its trading pool was sold out, and the attackers gained a total of 24,497 BUSD. This attack mainly exploits the code loopholes in the PLTD contract, reduces the PLTD token balance in Cake-LP (0x4397c7) to 1 through a flash loan attack, and then uses the PLTD in hand to exchange all BUSD into the attack contract . Attack method (per SlowMist): Flash Loan Attack. Reported loss: 24,497 BUSD.
- chain
- —
- protocol
- PLTD
- bug_class
- flashloan
- date_occurred
- 2022-10-18
- loss_usd
- —
- source_id
- sm:pltd::2022-10-18