金色财经
金色财经|Jun 18, 2026 02:03
[SlowMist: Little Boy Plus Hacked, Approximately $370,000 Lost] According to a report by Jinse Finance on June 18, SlowMist monitoring revealed that the DeFi mining protocol Little Boy Plus on BSC was hacked, resulting in a loss of approximately $370,000 (around 610.555 BNB). The root cause was the `LBPHashrate._update()` function (located at `0x5e3c...85fe`) being triggered by a zero-value `transferFrom` call, bypassing OpenZeppelin's authorization checks. This allowed the attacker to call `LBPHashrate.transferFrom(pair, DEAD, 0)` without pair authorization, thereby triggering `_harvest(pair)`. This function directly minted LBP tokens to the PancakePair address via `LBP.mintReward(pair, reward)`. The minted LBP increased the pair's balance but did not increase its reserves, enabling the attacker to drain USDT through `PancakePair.swap()`.
+5
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads