On-chain security researchers have flagged another major exploit on the BNB Chain after attackers drained nearly $950,000 from a liquidity pool linked to the ATM token, highlighting structural token-design vulnerabilities across decentralized finance (DeFi) protocols.
According to blockchain security firm F12, the attacker targeted the main ATM/WBNB trading pair on PancakeSwap. The exploiter successfully siphoned out 1,604 WBNB by finding a flaw that allowed them to distort the pool’s pricing calculations.
Crucially, researchers confirmed the attack did not rely on flash loans, the tool commonly used to trigger major DeFi market exploits. Instead, the attacker manipulated the pool’s internal accounting reserves, creating an artificial pricing skew that enabled them to sweep up all available WBNB liquidity.
Attack revives earlier ATM security concerns
The latest attack comes just weeks after ATM suffered another exploit that resulted in losses of about $243,000, adding to concerns about the security of the project’s underlying code.
Blockchain security firms said the earlier incident stemmed from a flaw in the token’s transfer mechanism. CertiK flagged suspicious activity at the time, linking the exploit to ATM’s custom transferFrom() function. Security monitor TenArmorAlert later estimated the losses at roughly $243,500.
According to researchers, the vulnerability was tied to a feature that automatically converted 20% of token transfers into BSC-USD. Attackers allegedly manipulated the process repeatedly, allowing them to extract funds from the protocol.
The newest exploit appears to involve a different weakness. F12 said the attacker manipulated the ATM/WBNB liquidity pool on PancakeSwap by creating a mismatch between the pool’s recorded reserves and its actual balances. That distortion enabled the attacker to artificially influence prices and ultimately drain the pool’s liquidity, highlighting ongoing risks within automated market maker systems.
DeFi risks continue across BNB Chain
The ATM exploit is the latest in a series of attacks that have hit decentralized finance projects in recent weeks, exposing weaknesses in how some tokens and liquidity pools are designed.
Earlier this month, attackers stole about $111,000 from the DIP token liquidity pool. Security firms SlowMist and DeFi Nerd said the breach was caused by a flaw that allowed certain transactions to be processed twice, enabling the attackers to withdraw funds they should not have been able to access.
The growing number of exploits has also put the spotlight on PancakeSwap, one of the largest decentralized exchanges on BNB Chain. After the OLPC/LABUBU incident, the platform said its investigation found no issues with PancakeSwap’s own smart contracts, indicating that the vulnerability was linked to the affected token rather than the exchange itself.
As losses for experimental token models continue to mount, developers face heightened pressure to abandon highly experimental, multi-layered transaction fees and return to standardized, audited token frameworks.
Also Read: Hashflare-Linked $18.5M ETH Moves After 3.5 Years Dormant
