Blockchain security firm Certificate BNB has published a detailed forensic breakdown of the March 10, 2026 exploit that resulted in the loss of approximately $242,000 from the Movie Token (MT) project on its Smart Chain. Incident targeting a popular deflationary token Pancake Swap liquidity resulted from a subtle but devastating flaw in the market. agreement‘s sales mechanism.
Accordingly CertificateAccording to on-chain analysis, the vulnerability allowed an attacker to artificially inflate the price of the token through manipulated burns, ultimately extracting value from the liquidity pool.
The root cause lay in a double counting error in the token transfer logic. When users sell MT tokensthe contract not only forwarded 90% of the net amount (after 10% tax) to the liquidity pair for clearing, but also credited the same amount to a pending BurnAmount variable.
Then, when the public function distributeDailyRewards() was called, this triggered a chain of calls that removed the “pending” states (extractFromPoolForLpMining() and then runPendingBurn()). tokens directly from the pair’s reserves.
This created an artificial supply squeeze, pushing up the price of the token and allowing the attacker to exit with huge profits.
Sophisticated attack unfolded in a meticulously orchestrated sequence using flashlight loans and liquidity maneuvers.
The perpetrator first borrowed 358,681.54 WBNB from Moolah trustee via flash loan.
By using small swaps and adding/removing liquidity on PancakeSwap, the attacker bypassed the built-in constraint (!deflationStopped) that could prevent swap fees and direct purchases.
Key steps included replacing portions of WBNB with MT, adding and then removing liquidity to acquire tokens without triggering taxes, and executing a secondary flash swap of 397 WBNB.
In the callback, the same 90% net amount was delivered to both the couple and added to the write queue.
Since reserves were already limited, the attacker traded an additional 717 WBNB for approximately 10 million MT, reducing the pool’s MT stocks to approximately 6.75 million.
When distributDailyRewards() was called at this exact moment, almost all of the remaining MT in the pair was burned, leaving only 21,000 tokens against 1,201 WBNB.
The resulting price distortion allowed the final settlement of 10 million MT for 1,198,628 WBNB.
Net profit after repayment of the first flash loan amounted to 381.7468 WBNB, later converted to approximately $242,000. US Dollar.
Post-exploitation fund flows reveal professional laundering tactics.
The attacker exchanged his proceeds B.S.C.tied them to Ethereum, converted them to DAI, and protected the assets via Railgun, complicating recovery efforts.
Key addresses linked to the wallet and use The contract was marked in CertiK’s report.
This incident highlights the persistent risks in deflationary token designs, particularly around burn logic and liquidity interactions.
Certificate He notes that incorrect indentation around pendingBurnAmount suggests that the double counting may have been an unintentional oversight during development.
The attack joins a series of similar early BSC exploits 2026SOF underscores the need for comprehensive smart contract audits that examine every edge case in tax, burn, and reward mechanisms, including those affecting projects like LAXO, Gyroscope, and Machinery.
Movie Token for DeFi developers event serves as a reminder: even minor logic flaws can be weaponized by flash loan attackers. CertiK concluded that projects should prioritize rigorous code reviews. official verificationand real-time monitoring to protect liquidity pools and user funds in an increasingly complex threat landscape.
