One exploit targeted the faulty price defense mechanism of the BFB token rather than the PancakeSwap liquidity pool itself.
Investigators found that the attack was based on a logical flaw in BFB’s price defense mechanism on BNB Chain. The attacker first funded the gas fees with assets routed through Railgun, a privacy protocol that hides the origins of the transaction.


Then using the value zero over and over again transferFrom() calls to trigger _priceDeflPool() Working with a flash loan, the attacker burned 5% of BFB tokens in the liquidity pool. This was done approximately 151 times.
zero-valued at each iteration transferFrom() call between externally owned accounts (EOAs) triggered _priceDeflPool() function. This caused the contract to burn 5% of the BFB tokens stored in the PancakeSwap liquidity pool and call immediately. sync() To update the pool’s reserves.
How did the attacker drain the pool?
Here, after the BFB reserve is almost exhausted,he is aggressive consumed Approximately 396.43 Binance (BNB) (roughly $226,000) by swapping a small amount of BFB for almost all of it BNB in the pool.


The attacker then converted the stolen BFB into BNB and left the money in wallet 0x3BFA…6b0F without moving it.
Investigators identified a logical flaw in BFBToken’s price defense mechanism as the root cause. They continue to monitor the wallet for transfers made.
The attacker also combined various techniques such as liquidity pool draining, reserve manipulation, Automated Market Maker (AMM) price manipulation, flash loans, logic exploitation, zero-value transaction abuse, repeated execution, and Railgun financing.
Alarming increase in attacks
This came across TRM Labs data reveals record 207 security breaches In the first half of 2026.


Despite this, total losses fell sharply to $972 million; this was less than half of the $2.3 billion stolen during the same period in 2025.
The attack also followed Polymarket’s latest phishing incidentWhere attackers compromise the front end and manipulate what users view and sign.
Summer.fi’s post-mortem report also showed that the attackers spent nearly three months preparing the $6.04 million Lazy Summer Protocol before running.
Final Summary
- 396.43 BNB was withdrawn by the attacker in exchange for a small amount of BFB.
- A logical error in BFBToken’s price defense mechanism was the root cause of this attack.





