AST token on BSC was hacked because of wrong transfer logic.
When remove liquidity from pancake pair, AST token decreases pancake pair balance and burn tokens of pancake pair, not increase user’s balance.

This means AST token balance of pancake pair decreased 2 times.
Hacker exchanged a huge amount of USDT to AST, small amount of AST remained in pancake pair.

Then, he transferred some USDT and AST to pancake pair, and called “skim”, AST balance of pancake pair decreased to 1.

Then, he was able to drain all USDT using a few AST tokens. He gained $65k.
Leave a Reply