BlockSec: BSC on-chain LML/USDT staking protocol subjected to price manipulation attack, resulting in approximately $950,000 in losses

MeNews · 2026-04-06T22:05:10+00:00

According to the BlockSec report, unknown contracts on BSC have been exploited, resulting in losses of approximately $950,000. Analysis shows that the contract has a pricing design flaw, allowing attackers to manipulate prices to obtain reward tokens and profit.

MeNews

2026-04-06 22:05:10

Abstract generation in progress

ME News message, April 1 (UTC+8), according to BlockSec monitoring, it detected on BSC suspicious exploit activity targeting an unknown contract, or involving the LML/USDT staking protocol, resulting in an estimated loss of about $950k. Although the affected contract is not open source, analysis indicates it may have pricing-design flaws: the claimable rewards appear to be calculated based on TWAP/snapshot prices, and the attacker can profit by selling the reward tokens at manipulated spot prices through price manipulation and reverse swaps. The attacker first raised the price of LML in the pool through a series of transactions (including paths that set the recipient to address（0）). It then initiated a claim operation from a controlled address holding previously deposited funds, thereby obtaining eligibility for direct claiming during the attack. (Source: Foresight News)

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.