QI Quadriga Initiative

May 2024 - OSN Liquidity Reward Vulnerability - $110k (Global)

"OSN on BNBChain is suspected to have been attacked. The attacker initiated multiple attack transactions, resulting in a loss of ~$110K. The attacker took advantage of the OSNLpDividendTracker contract which sells its own tokens as a reward for users adding liquidity."

"According to Foresight News, SlowMist, a cybersecurity company, has issued a warning about potential suspicious activity related to OSN tokens on the BNB Chain. Users are advised to remain vigilant. Further details about the nature of the suspicious activity were not provided."

"In OSN token's _transfer function, when transfer to address is the liquidity pool, it uses the swapAndSendDividends function to sell its own tokens and sends the BUSD to the OSNLpDividendTracker."

"The attacker repeatedly bought and sold OSN tokens, causing the OSNLpDividendTracker contract to accumulate a large amount of rewards."

"As the OSNLpDividendTracker contract primarily distributes rewards to addresses that provide liquidity, the attacker used multiple attack contracts to add liquidity and gain the rewards from the OSNLpDividendTracker contract."

Further Analysis

A protocol without any website or social media which could be found has been exploited. Named OSN, the protocol was reportedly offering tokens as a reward for providing liquidity. This enabled an attack where multiple contracts were deployed to add liquidity and gain all of the available rewards.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

Perpy Finance Contract Initialization Issue > > < < GNUS.ai Discord Private Keys Exposed

Sources/Further Reading

SlowMist Hacked - SlowMist Zone (Dec 31)
@SlowMist_Team Twitter (Dec 31)
Potential Suspicious Activity Detected On BNB Chain Related To OSN Tokens | Binance News on Binance Square (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
BNB Smart Chain Token 0x810f4c6ae97bcc66da5ae6383cc31bd3670f6d13 - BSCTrace (Dec 31)
OSN on BNB Smart Chain (Dec 31)
@ChainAegis Twitter (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
@CertiKAlert Twitter (Dec 31)
OSN (OSN) Token Tracker | BscScan (Dec 31)
Token Transfer | BscScan (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.