Hacker Exploits Deflationary Vulnerability to Steal $420K from USDC-OCA Pool

Attack Overview

A liquidity pool involving USDC and OCA tokens on the BSC network was recently exploited, with the attacker managing to siphon off approximately $420,000 worth of USDC. The vulnerability stemmed from the deflationary mechanism of the OCA token, which the attacker manipulated using a flaw in the sellOCA function to artificially inflate prices within the pool.

Breakdown of the Attack

The attack unfolded through three transactions. The first was used to execute the exploit, while the subsequent two were primarily used to bribe block builders. The attacker paid 43 BNB and 69 BNB respectively to 48club-puissant-builder, netting a profit of about $340,000.

Additional Anomalies

• A transaction at position52 within the same block failed.
• This failure is suspected to be a frontrunning attempt by the attacker.