BlockSec: BSC on-chain LML/USDT staking protocol subjected to price manipulation attack, resulting in approximately $950,000 in losses

MeNews · 2026-04-06T19:08:25+00:00

According to the BlockSec report, unknown contracts on BSC have been exploited, resulting in losses of approximately $950,000. Analysis shows that the contract has a pricing design flaw, allowing attackers to manipulate prices to obtain reward tokens and profit.

MeNews

2026-04-06 19:08:25

Abstract generation in progress

ME News update, April 1 (UTC+8), according to monitoring by BlockSec, it detected suspicious exploit activity on the BSC targeting an unknown contract, or involving the LML/USDT staking protocol, resulting in an approximately $950k loss. Although the affected contract is not open source, analysis suggests it may have pricing design flaws: the claimable rewards appear to be calculated based on TWAP/snapshot prices, and the attacker can sell the reward tokens using manipulated spot prices, profiting through price manipulation and reverse swapping. The attacker first drove up the price of LML in the pool through a series of transactions (including routes with the recipient set to address（0）). Then, it used the controlled address holding funds that had been stored earlier to initiate a claiming operation, thereby obtaining eligibility for direct claiming during the attack. (Source: Foresight News)

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.