en.bitcoinsistemi.com
The OLPC/LABUBU liquidity pool on PancakeSwap V2, located on the $BNB Chain, was disrupted by an attack today.
As a result of the incident, approximately $1.11 million worth of $USDT was stolen, while the attacker’s net profit was reported to be around $960,000.
Initial on-chain investigations have not yet definitively determined the root cause of the attack. However, fund flows indicate that an unusual mechanism was triggered in the OLPC/LABUBU trading pair, with a transfer of approximately 10 OLPC tokens routed through the attacker’s contract. As a result of this transaction, approximately 51.9 million OLPC and 124,000 LABUBU tokens were burned from the OLPC/LABUBU pool address 0xedb7…f365 to the address 0x…dead.
According to experts, the attack pattern may be related to deflationary tokens or tokens that burn during transfers creating reserve mismatches in fixed-multiplier liquidity pools. While the pool’s true balance of pairs dropped significantly, the lack of synchronization of cached reserves provided an opportunity for the attacker. Following this, the attacker emptied the LABUBU portion of the pool, converting the assets through LABUBU/WBNB and WBNB/$USDT pools, and obtaining a total of 1,115,903 $USDT.
The attacker reportedly later bridged the stolen funds to the Ethereum network, depositing 633.4 $ETH into Tornado Cash. It was also reported that the attacker sent 0.0221 $BNB and 0.0411 $ETH to a designated burning address.
*This is not investment advice.