In just 14 transactions, a flash loan attack drained $7.2 million from the wallets of BurgerSwap, a decentralized exchange based on the Binance Smart Chain.
Flash loans are instantaneous crypto loans. A borrower can do whatever they like with the funds, so long as they repay the loan within the same transaction.
BurgerSwap conducted a post-mortem investigation with blockchain security firm PeckShield to work out how flash loans manipulated the protocol.
They discovered that, at 9PM UTC yesterday, an attacker deployed a fake BEP-20 token—a generic token standard on the Binance Smart Chain—and used it to form a trading pair with BURGER, BurgerSwap’s native token.
Later, the attacker executed a code to manipulate the reserve supply of that trading pair, causing the price of $BURGER to move drastically. The attacker capitalized on that phony price difference through flash loans and continued to scheme their way through the exchange.
Source