Attack transaction

0x1d0af3a963682748493f21bf9e955ce3a950bee5817401bf2486db7a0af104b4

BurnsDeFi Incident

Profitable contract call to the exploit was made

Attacker gained $64,264.70

Transaction Details

Network	bsc
Attacker Address	0xc9fbcf3eb24385491f73bbf691b13a6f8be7c339
Exploit Address	0xb5eebf73448e22ce6a556f848360057f6aadd4e7
Victim Address	0x
Funding Source	tornado
Funds Lost	$64,264.70
Block	35858190
Timestamp	5 Feb 2024 3:02:08 +00:00 (a year ago)

Attack Steps

Funding
5 Feb 2024 1:56:38 +00:00 +1.0 BNB
3 minutes
Transfer To Intermediate Address
5 Feb 2024 1:53:26 +00:00 +1.0 BNB
a minute
Exploit Contract Deployment
5 Feb 2024 1:54:47 +00:00
an hour
Attack Transaction
5 Feb 2024 3:02:08 +00:00 +$64,264.70

Exploit Analysis

Flashloans	No events	No tx history	console.log	SELFDESTRUCT	CREATE2

Functions
supportsInterface(bytes4)
getRoleAdmin(bytes32)
grantRole(bytes32,address)
renounceRole(bytes32,address)
hasRole(bytes32,address)
DEFAULT_ADMIN_ROLE()
revokeRole(bytes32,address)

Events
RoleGranted(bytes32,address,address)
RoleRevoked(bytes32,address,address)

Address	Found In
0xc9fbcf3eb24385491f73bbf691b13a6f8be7c339	storage
0x55d398326f99059ff775485246999027b3197955 (BEP20USDT)	storage
0x10ed43c718714eb63d5aa57b78b54704e256024e (PancakeRouter)	storage
0x16b9a82891338f9ba80e2d6970fdda79d1eb0dae (PancakePair)	storage
0xbb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c (WBNB)	storage

External Call	To
balanceOf(address)	0x55d398326f99059ff775485246999027b3197955 (BEP20USDT)
token1()
token0()
flashLoan(uint256,uint256,address,bytes)
swap(uint256,uint256,address,bytes)
getAmountOut(uint256,uint256,uint256)
getReserves()