DeFi News

DIP Token Bug Drains $111K From PancakeSwap Pool

Security researcher Defi Nerd said that the DIP token contained a flaw in its transfer mechanism that caused certain transactions involving the PancakeSwap router to be processed twice.

Written By:
Kenrodgers Fabian

Reviewed By:
Dhara Chavda
DIP Token Bug Drains $111K From PancakeSwap Pool
The DeFi sector faces significant risks due to coding mistakes in cryptocurrency tokens.
A single flaw in a smart contract can lead to substantial financial losses for DeFi projects.
Even growing projects are not immune to security setbacks, as evidenced by the recent exploit of the DIP token.

A coding mistake in a cryptocurrency token allowed an attacker to steal about $111,000 from a liquidity pool on PancakeSwap, exposing another security weakness in the decentralized finance sector.

The attack targeted the DIP token on BNB Chain on June 16, according to blockchain security firm SlowMist in a post on X. Investigators said a flaw in the token’s transfer code caused some transactions to be executed twice under certain conditions. The attacker used the bug to manipulate the pool’s balances, distort the token’s price, and ultimately cash out roughly 111,098 USDC.

The incident underscores the risks facing DeFi projects, where even a small error in a smart contract can lead to significant financial losses.

How the exploit unfolded

Security researcher Defi Nerd further confirmed in his latest post on X that the DIP token contained a flaw in its transfer mechanism that caused certain transactions involving the PancakeSwap router to be processed twice. The attacker exploited this weakness to manipulate the liquidity pool’s pricing, creating an artificial price imbalance that allowed them to extract funds from the pool at the expense of liquidity providers.

As explained by the security expert, the hacker took advantage of this glitch in order to borrow a huge amount of AIC tokens, buy DIP, and change the composition of the assets held in the AIC-DIP trading pool. As a result, the amount of DIP in the pool decreased, thus increasing its price.

The hacker then sold off their holdings, draining more than 29 million AIC tokens—worth over $111,000—which were converted to USDC.

A growing project faces security setback

Before this exploit, there were signs of growth within the dip coin. As per data provided by DeFiLlama, the total value locked on the protocol was around $4.37 million. On the other hand, its decentralized exchange had a trading volume of around $5.63 million in the last month.

DipCoin Metrics
Source: DefiLIama

This hack, however, brought to light one key vulnerability with the design of the tokens. According to SlowMist, this hack was possible due to the faulty DIP transfer function used by the token.

SlowMist founder Cos highlighted the issue in a post on X, stating, “When I first started reading, I was a bit skeptical, but DIP contracts can be transferred twice, leading to subsequent price manipulation of related liquidity pools.”

The incident adds to a series of recent security breaches on BNB Chain. Previous attacks have targeted the BY token, DxSale liquidity lockers, and the LML staking protocol, underscoring ongoing concerns about vulnerabilities in custom smart-contract code. Security researchers have urged developers to conduct thorough audits before launching new token projects.

Also Read: Ethereum’s “Glamsterdam” Upgrade Enters Final Testing Phase

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Fabian is Crypto Journalist at The Crypto Times
By Kenrodgers Fabian
Follow:
Kenrodgers Fabian is a Content Writer with over 3 years of experience in crypto news, data analysis, and IT. With a degree in Health Records and Information Technology, he brings a structured and analytical approach to digital reporting. Kenrodgers focuses on delivering accurate, informative content that helps readers stay updated on the latest trends in crypto and emerging technologies.
Dhara Chavda- Crypto Research Analyst at The Crypto Times
By Dhara Chavda
Follow:
Dhara Chavda is a Content Strategist and Research Analyst with 5 years of experience in the crypto industry. She holds a Bachelor’s degree in Computer Engineering and brings a strong technical perspective to her work. Dhara specializes in DeFi, price analysis, and the core mechanics of cryptocurrencies. She also works on crypto news, including research, analysis, and assigning stories, ensuring accurate and timely coverage of key developments in the space.

Latest News

OKX Founder Fires Back at CZ Over Aster DEX Links After Hyperliquid Praise
OKX Founder Fires Back at CZ Over Aster DEX Links After Hyperliquid Praise
FTX’s Sam Bankman-Fried Contemplates Launching a New Cryptocurrency
FTX’s Sam Bankman-Fried Contemplates Launching a New Cryptocurrency
Bipartisan Senators Press Treasury to Clarify State Stablecoin Oversight
Bipartisan Senators Press Treasury to Clarify State Stablecoin Oversight
CFTC Approves Novig as Sports Prediction Market Boom Accelerates
CFTC Approves Novig as Sports Prediction Market Boom Accelerates
Ethereum’s ‘Glamsterdam’ Upgrade Enters Final Testing Phase
Ethereum’s “Glamsterdam” Upgrade Enters Final Testing Phase

Find Us on Socials

You may also like