Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Flash Loan Attack Drains $438K From SOF and LAXO on BNB Chain

CertiK says the SOF hacker first claimed mining rewards, then used $590M flash loans to swap 313M BSC-USD for nearly 1 million SOF tokens.

Written By Kenrodgers Fabian
Fact Checked by Dhara Chavda
Published 2026-02-27
Make The Crypto Times preferred on GoogleGoogle
Share
Flash Loan Attack Drains $438K From SOF and LAXO on BNB Chain

Key Highlights

  • Hackers drained $438K from SOF and LAXO in Feb 2026 by exploiting a burn logic flaw on BNB Smart Chain.
  • Flash loans let attackers manipulate token prices, turning tiny mining rewards into millions in BSC-USD profits.
  • Copycat attacks followed quickly; even small loopholes in burn mechanics can lead to massive DeFi losses.

Hackers hit the BNB Smart Chain hard in February 2026, stealing more than $438,000 from SOF and LAXO tokens. The first attack happened on February 14, and the second followed on February 22, according to a report from CertiK.

As per the Incident Analysis report, both attacks took advantage of a glitch in the tokens’ burn system. This glitch let hackers artificially pump up the token prices in just one transaction, and allowed them to manipulate the liquidity pools and cash out huge amounts of BSC-USD with almost no resistance.

CertiK Alert confirmed on X, “On 14 February and 22 February 2026, SOF and LAXO tokens were exploited, resulting in losses of ~$248K and ~$190K respectively, due to their burn logic.” The attackers used flash loans, drained liquidity pools, repaid borrowed funds, and kept the difference. Moreover, copycat exploiters quickly followed the first LAXO breach.

#CertiKInsight 🚨

On 14 February and 22 February 2026, SOF and LAXO tokens were exploited, resulting in losses of ~$248K and ~$190K respectively, due to their burn logic.

To learn more about what happened, read our full analysis here 👇https://t.co/Ykc4mjj9uj

— CertiK Alert (@CertiKAlert) February 27, 2026

How the SOF exploit unfolded

The SOF hacker started by claiming 875 tokens from mining rewards. But the real attack came afterward. They took out multiple flash loans worth over $590 million in assets and swapped 313 million BSC-USD for just under a million SOF tokens.

Instead of keeping the tokens, the hacker sent them to the mining contract, which skipped fees. This left the pool with only 787 SOF tokens but still over 313 million BSC-USD.

Next, the attacker sold the 875 SOF reward tokens back into the pool. The contract burned some tokens and updated the balances before figuring out the payout. This made the system think the remaining tokens were worth much more than they really were.

In the end, those 875 tokens were enough to grab the entire 313 million BSC-USD from the pool. The hacker paid back all flash loans and pocketed 225,936 BSC-USD in profit. They also moved some funds to FixedFloat and sent 20 BNB through Tornado Cash.

LAXO attack and rapid copycats

The LAXO attack worked in a similar way. The first hacker borrowed 350,000 BSC-USD using a flash loan and swapped it for more than 43 million LAXO tokens.

Using clever tricks and fee exemptions on PancakeSwap, the attacker moved the tokens around without losing much to fees. Then, the contract burned over 41 million LAXO before figuring out how much BSC-USD to return. This sudden burn slashed the token supply and made the price skyrocket instantly.

After paying back the flash loan and a small fee, the hacker walked away with 137,320 BSC-USD in profit. Interestingly, within just 13 minutes, two more attackers spotted the same flaw and used it themselves. They earned smaller amounts, though one even had to give a big MEV bribe.

The SOF and LAXO exploits show how small flaws in burn logic can be amplified by flash loans into major DeFi losses within a single transaction. They also underscore how quickly attackers replicate vulnerabilities, making robust smart contract design and real-time monitoring critical.

Also Read: XRP Ledger Averts $80B Critical Hack as AI Uncovers Major Flaw

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:BlockchainCrypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

New Hampshire Says No to Landmark $100M Bitcoin Bond Plan
New Hampshire Says No to Landmark $100M Bitcoin Bond Plan
Ethereum UTXO Proposal Hits Privacy and Data-Retention Roadblock 
Ethereum UTXO Proposal Hits Privacy and Data-Retention Roadblock 
Quantum Threat? BitGo Adds New Protection for Bitcoin Wallets
Quantum Threat? BitGo Adds New Protection for Bitcoin Wallets
Robinhood Chain Sees 70x Jump in ETH Bridging After Mainnet Launch
Robinhood Chain Sees 70x Jump in ETH Bridging After Mainnet Launch
Labour MPs Seek Permanent UK Ban on Crypto Political Donations
Labour MPs Seek Permanent UK Ban on Crypto Political Donations

Find Us on Socials

You may also like

Citi & StanChart Join Swift’s 17-Bank Live Blockchain Ledger Pilot

Citi & Standard Chartered Join Swift’s 17-Bank Blockchain Ledger Pilot

Robinhood Chain Active Addresses Hit Record High Amid Meme Coin Frenzy

Robinhood Chain Active Addresses Hit Record High Amid Meme Coin Frenzy

Crypto User Loses $999,999 in USDT to a Single Phishing Signature

Crypto User Loses $999,999 in USDT to a Single Phishing Signature

Why Is Arbitrum (ARB) Up Today? Robinhood Chain Sparks 10% Rally

Why Is Arbitrum (ARB) Up Today? Robinhood Chain Sparks 10% Rally

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information