On October 11, 2023, a flash loan attack was carried out on the Pancakeswap BH/USDT trading pair on the BNB Chain, resulting in the largest single arbitrage profit in the chain’s history. The attack was carried out by the MEV Bot: 0x21…480C, which generated a profit of US$1.575 million for only $4.16.
However, Beosin monitoring showed that this was a premeditated price manipulation attack on BH, with the entire sum being transferred to Tornado Cash. This incident highlights the vulnerability of decentralized finance (DeFi) platforms to malicious attacks and the urgent need to implement better security measures.
How did the attack work?
Flash loans are a type of uncollateralized loan that can be taken out and repaid within a single block. This allows attackers to manipulate the price of an asset by borrowing a large amount of the asset and selling it on the market, causing the price to drop. The attacker then buys back the asset at a lower price and repays the flash loan, keeping the difference as profit.
In the case of the MEV Bot attack, the attacker borrowed a large amount of BH tokens from a flash loan provider and sold them on the Pancakeswap exchange. This caused the price of BH to drop sharply. The attacker then bought back the BH tokens at a lower price and repaid the flash loan, keeping the difference as profit.
Why is this attack significant?
This attack is significant because it is the largest single arbitrage profit ever made on the BNB Chain. It also highlights the vulnerability of DeFi platforms to price manipulation attacks. DeFi platforms are often targeted by attackers because they are decentralized and there is no central authority to intervene.
What can be done to prevent similar attacks in the future?
There are several things that can be done to prevent similar attacks in the future. One is to implement better security measures on DeFi platforms. This could include things like detecting and preventing price manipulation attacks and requiring users to KYC before they can use the platform.
Another way to prevent this type of attack is to educate users about the risks of flash loans and how to avoid being manipulated. Users should be aware that flash loans can be used to manipulate the price of assets, and they should be careful about selling assets at a loss after a sudden price drop.