first level title

attacker

https://bscscan.com/address/0xf84efa8a9f7e68855cf17eaac9c2f97a9d131366

first level title

https://bscscan.com/tx/0xff5515268d53df41d407036f547b206e288b226989da496fda367bfeb31c5b8b

attack contract

https://bscscan.com/address/0x98e241bd3be918e0d927af81b430be00d86b04f9

first level title

https://bscscan.com/address/0x5f739a4ade4341d4aee049e679095bccbe904ee1

asset loss

26,attack steps

attack steps

1. The attacker obtained a flash loan of 29, 100, 000, 000, 000, 001, 048, 576 BSC-USD from DPPOracle;

2. Exchange 29, 100, 000, 000, 000, 001, 048, 576 BSC-USD to 91, 391, 982, 773, 176, 450, 879, 376 $UN;

3. Transfer 84, 994, 543, 979, 054, 099, 317, 825 to UN-LP pairing;

4. Call the skim function of the UN-LP pair to send the UN to the attacker. At this time, 2, 307, 601, 869, 031, 318, 796, 481 $UN were transferred from the UN-LP pairing to the UNStake contract, resulting in an increase in the price of $UN;

5. Repeat steps 3 and 4 to substantially increase the $UN price;

6. first level title

root cause

first level title

Key Code

PoC

https://github.com/MetaTrustLabs/SmartContractAttackPoC/blob/main/test/UN/UN.t.sol

The attack on $UN on BSC is a reminder of the evolving challenges facing the blockchain industry and the importance of strong security measures. As the crypto ecosystem continues to grow and innovate, developers, investors, and interactors must all remain vigilant and take proactive steps to protect their assets.

While incidents like this may cause short-term FUD, they also provide valuable lessons for the community, prompting further improvements to security protocols and risk mitigation strategies. Through continued research, development, and education efforts, the blockchain industry can work towards a safer and more resilient ecosystem that enables individuals and organizations to realize the full transformative potential of blockchain technology.