QI Quadriga Initiative

Nov 2024 - BGM on BSC Batch Transactions Price Manipulation Exploit - $450k (Global)

BGM is a smart contract on the Binance Smart Chain. Very limited information can be found about the history of this token.

"The token rewards invitees when tokens are transferred between EOAs. This mechanism can be exploited if multiple user have the same invitee address, which can artificially inflate userInvitorEarn[addr]."

"The reward can be withdrawn by calling the withdraw function, which directly transfer the reward tokens from the pair, functioning similarly to a burn mechanism that attacker exploited."

"Today's #BGM incident on #BSC @BNBCHAIN appears to be a well-planned attack. The attacker(0x7824) prepared this attack about three days in advance! The root cause lies in the reward mechanism for tokens inviters. Let's break it down"

Further Analysis

BGM is a token launched on BSC (Binance Smart Chain). This project has limited public presence. On November 10th, a complex attack was launched on the token which included price manipulation and large batch transactions. There was an estimated $450k lost. It's unclear what will be happening for affected users in this case.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

DeltaPrime Unchecked Smart Contract Inputs > > < < CoinPoker Hot Wallet Third-party Vulnerability

Sources/Further Reading

BGM/USDT Real-time On-chain PancakeSwap v2 (BSC) DEX Data (Dec 31)
BEP-20: BGM (BGM) Token Tracker | BscScan (Dec 31)
Exchange | PancakeSwap (Dec 31)
@TenArmorAlert Twitter (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
BGM/USDT - BGM Price on Pancakeswap V2 (BSC) | GeckoTerminal (Dec 31)
BGM (BGM) contract is 0xdbd0ffadebd345686d91fdca316e81c94f9faa90 on BSC | Top100Token (Dec 31)
x.com (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.