BSC-based DeFi App Merlin Loses $680K to Recurring Security Exploit

[EAA-ALLAH]

With the recent string of attacks on several DeFi protocols in recent weeks, the DeFi space has once again suffered another attack, the latest being on Merlin Lab.
According to a report on Rekt, Merlin Lab, a fork of PancakeBunny was hacked and the platform lost about 240 ETH  which was worth about $680,000 at the time it was hacked.
The hacker allegedly followed a series of steps to successfully perpetuate his act. According to the transaction details on BscScan, the hacker first deposited a small amount to the LINK-BNB Vault and obtained a getReward, then sent 180 CAKE to the LINK-BNB Vault contract.
The hacker chose to use the wallet balance of CAKE since the performance fee obtained from that wallet can be easily tampered with by just a simple act of sending CAKE tokens to the vault contract.
The 180 CAKE token he deposited into the wallet of the vault contract attracted a large profit, prompting the system to mint 100 MERL as a reward to the hacker.
The hacker continued by repeating his earlier steps 36 times, obtaining 49K of MERL tokens in total. He then swapped the MERLIN token for ETH, 240 in number. and moved his loot out of BSC using Anyswap. Source