BYC contract has “autoBurnLiquidity” function that transfers tokens from pancake pair to DEAD address when balance of pancake pair is more than “lpBurnFrequency”.
“lpBurnFrequency” is increased when tokens are transferred to pancake pair(when exchanging BYC to USDT).
To increase this value, hacker exchanged large amount USDT to BYC and transferred all BYC to pancake pair, then skim pancake pair.
After he called “autoBurnLiquidity”, BYC reserve was 1.
Then, he was able to drain all USDT in pancake pair. Total loss is about $100k.
Leave a Reply