Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The SAS Token on BNB Chain was exploited via a flawed custom transfer logic (Deferred Burn Exploit). The token’s custom transfer logic had a flaw: sending SAS to the LP pool only incremented a global sellBurn counter, while any subsequent ordinary transfer could burn SAS directly from the pool and call sync() to rewrite reserves, bypassing the AMM’s swap logic. The attacker accumulated sellBurn credit through sells, triggered an unrelated ordinary transfer to burn SAS from the pool down to ~1 wei, and then reverse-swapped to extract profit. Attack method (per SlowMist): Price Manipulation. Reported loss: $ 12,000.
- chain
- bsc
- protocol
- SAS Token
- bug_class
- oracle
- date_occurred
- 2026-04-02
- loss_usd
- $12,000
- source_id
- sm:sas-token::2026-04-02