According to Foresight News, according to CertiK monitoring, the Swap-LP contract (0xe0c352c56af65772ac7c9ab45b858cb43d22f28f) on BNB Chain was attacked, resulting in a loss of approximately $1.1 million. The attacker (0xdead) transferred the stolen funds to Tornado Cash.
Specifically, the attacker manipulated a low-level call in the Swap-LP factory address, triggering the 0x33604058 function of the SwapLP pair. This caused all WDZD tokens in the pair to be transferred to the factory address. As a result, the attacker was able to use less WDZD to obtain more SWAP LP from the unverified address 0x3c4e06d17e243e2cb2e4568249b6f7213c43c743, and then destroyed the LP for profit.
