Little Boy Plus has suffered a security breach resulting in the loss of approximately 377,642 USDT, equivalent to about 610.555 BNB, according to SlowMist monitoring. The attack exploited a vulnerability in the LBPHashrate contract's _update function, which can be triggered by a zero-value transferFrom call, bypassing OpenZeppelin’s authorization checks.
The attacker utilized this flaw to call the function without authorization, enabling the _harvest process and minting LBP tokens to the PancakePair address via LBP.mintReward. This action increased the pool balance without affecting reserves, allowing the attacker to drain USDT through PancakePair.swap.
Little Boy Plus Exploited for $378,000 in Security Breach
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.