On September 10, blockchain security platform Certik reported an attacker drained over $1.4M worth of Bows Coin Synthetic US Dollar (BSC-USD) from a liquidity pool that held CUT tokens
The CUT token contract depended on a distinct, unverified contract to establish its “future yield” parameter. This contract was utilized to drain the BSC-USD using an unknown method.
CertiK reported the event on X.
Located at an address ending in 36a7 on the Binance Smart Chain, the CUT token that was exploited is distinct from the Crypto Unity project, which shares the same ticker symbol but a different address.
Drainage of the pool was a component of the Pancakeswap exchange. It is not believed to have impacted any other Pancakeswap pools.
According to blockchain data, the perpetrator conducted four distinct transactions that drained the BSC-USD pool. The total quantity that was removed was $1,448,974.
The transaction is unlikely to be a legitimate withdrawal, as the perpetrator did not own any liquidity provider tokens for the pool and had not made any deposits.
Within each transaction, the perpetrator invoked a function known as “0x7a50b2b8.” However, it is absent from the token contract.
According to the report, the attacker must have invoked ILPFutureYieldContract(), which enables the user to call a distinct function on an entirely different contract whose address terminates in 1154. The BSC Scan does not display any readable bytecode for this particular contract, as it is unverified.
Cointelegraph could not locate any marketing website or Twitter account promoting CUT. Investors may have mistakenly named it the unrelated Crypto Unity project.
Exploits are a prevalent method for Web3 users to incur losses. An exploit of the Penpie decentralized finance protocol resulted in the loss of more than $25 million in cryptocurrency on September 3.
An attacker exploited a defective deployment script to siphon $10 million from the Ronin gaming network’s bridge on August 6. In this instance, the exploit has resulted in a collective loss of $1.4 million for CUT liquidity providers.
