A DeFi mining protocol on BNB Smart Chain (BSC), Little Boy Plus, was hacked, with losses estimated at about $370,000, according to SlowMist monitoring.
According to Foresight News, the incident involved approximately 610.555 BNB.
SlowMist said the attack stemmed from the `LBPHashrate._update()` function at `0x5e3c...85fe`, which was triggered via a zero-value `transferFrom` call that bypassed OpenZeppelin authorization checks.
This reportedly allowed the attacker to call `LBPHashrate.transferFrom(pair, DEAD, 0)` without authorization from the pair, triggering `_harvest(pair)`. SlowMist said `_harvest(pair)` then used `LBP.mintReward(pair, reward)` to mint LBP tokens directly to the PancakePair address.
The minted LBP increased the pair’s token balance without increasing its reserves, enabling the attacker to drain USDT through `PancakePair.swap()`.
Little Boy Plus DeFi Protocol on BSC Loses About $370,000 in Hack, SlowMist Says
2026-06-18 02:03:42
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
Imran Khan谈代币化两路径
