Cointime

Download App
iOS & Android

Cracking the Code: Delving into the Elaborate Scheme Behind BabyDogecoin's Flash Loan Attack"

Validated Project

In a recent incident, the popular Binance Smart Chain (BSC) token, @babydogecoin, fell victim to a flash loan attack, resulting in a loss of approximately $157,000. The attack exploited a vulnerability of misconfiguration of the BabyDoge contract to allow the FarmZAP contract excluded from the fee-charging mechanism, which allowed the attacker to manipulate the price of $BabyDoge on the PancakeSwap pair and dump BabyDoge tokens of the BabyDoge contract at a lower price.The attack transaction, available at https://bscscan.com/tx/0x098e7394a1733320e0887f0de22b18f5c71ee18d48a0f6d30c76890fb5c85375, provides insights into the steps taken by the attacker.

Here are the key details of the incident.

Token:

  • Token under attack: BabyDoge
  • Contract address: https://bscscan.com/address/0xc748673057861a797275CD8A068AbB95A902e8de#readContract

Attacker:

https://bscscan.com/address/0xcbc0d0c1049eb011d7c7cfc4ff556d281f0afebb

Attacking Contract:

https://bscscan.com/address/0x51873a0b615a51115f2cfbc2e24d9db4bfa2e6e2

Attacked Contract:

BabyDoge https://bscscan.com/address/0xc748673057861a797275CD8A068AbB95A902e8de

TreatSwap pair https://bscscan.com/address/0x0536c8b0c3685b6e3c62a7b5c4e8b83f938f12d1

Pairs Involved:

Attacking Steps:

  1. The attacker acquired 80,000 BNB through a flash loan from Radiant: Lending Pool.
  2. Using the FarmZAP contract, the attacker called the buyTokensAndDepositOnBehalf function to exchange 80,000 BNB for a staggering 3,529,864,186,667,202 $BabyDoge from the TreatSwap pair.
  1. The attacker further swapped 3,525,976,210,595,834 $BabyDoge for 13,208 BNB on the PancakeSwap pair and decreased the price of $BabyDoge.
  2. By triggering the swapAndLiquify action on the PancakeSwap pair and dumping $BabyDoge of the BabyDoge contract at a lower price, the attacker initiated a series of transactions.
  3. Next, the attacker swapped 13,208 BNB for 3,607,312,208,477,806 $BabyDoge on the PancakeSwap pair.
  4. In a subsequent step, the attacker exchanged 3,607,312,208,477,806 $BabyDoge for 80,509 BNB on the TreatSwap pair.
  5. Finally, the attacker repaid 80,072 BNB to the Radiant: Lending Pool, securing a profit of 437 BNB.

5 hours later of the exploit, the project owner included the FarmZAP contract in the fee-charging mechanism.

Here is the transaction https://bscscan.com/tx/0x0c7fa7a334a31c60d9e7f7fd58063aef8cc78680f8e506c4bf4f4761aafe89f2.

Root Cause

The root cause of this attack serves as a crucial lesson for the entire DeFi community. It highlights the significance of implementing comprehensive security measures and conducting thorough audits of smart contracts. In this case, the exclusion of the FarmZAP contract from the fee-charging mechanism created an exploitable vulnerability that allowed the attacker to manipulate the price of $BabyDoge on the PancakeSwap pair.

To prevent similar incidents in the future, projects should prioritize the implementation of robust security practices. This includes conducting regular audits by reputable third-party firms to identify and address potential vulnerabilities. Moreover, projects should establish mechanisms for ongoing monitoring and surveillance of token pairs on decentralized exchanges to promptly detect any suspicious or manipulative activities.

Furthermore, decentralized exchanges play a vital role in maintaining the integrity of the DeFi ecosystem. They should enhance their monitoring capabilities and implement safeguards to identify and prevent price manipulation attempts. This may involve utilizing advanced algorithms and data analysis techniques to detect abnormal trading patterns or sudden price fluctuations that could indicate fraudulent activities.

Additionally, it is crucial for the community to foster a culture of information sharing and collaboration. By sharing knowledge and experiences related to security vulnerabilities and attacks, the community can collectively learn and strengthen the defenses against potential threats. Projects and participants should actively engage in open dialogue, knowledge sharing, and the adoption of best practices to ensure the overall security and resilience of the DeFi ecosystem.

Overall, the attack on BabyDoge highlights the ongoing need for constant vigilance, robust security measures, and collaboration within the DeFi community. By learning from such incidents, the industry can continue to evolve and develop innovative solutions that uphold the principles of transparency, security, and trust in the decentralized financial landscape.

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io

Comments

All Comments

Recommended for you

  • A Total of 37,212.18 DMD Permanently Burned Over the Past 7 Days

    July 9, 2026 — According to the latest on-chain data released by DMDAO, a total of 37,212.18 DMD has been permanently burned over the past seven calendar days through the protocol's predefined trading and wealth management burn mechanisms.

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.