BlockSec: A flaw exists in the BSC chain's MT token buy restriction mechanism, allowing hackers to profit approximately $242,000.

CoinFeed reported on March 10th that, according to BlockSec Phalcon monitoring, a suspicious transaction targeting the MT-WBNB trading pool was detected on BSC several hours ago, resulting in an estimated loss of approximately $242,000. The root cause lies in a flaw in the buyer restriction mechanism: in deflationary mode, normal buys are rolled back, but the router and trading pair addresses are whitelisted. Attackers bypassed the restrictions by exchanging and removing liquidity from the router, obtaining MT tokens from the trading pair. The attackers then sold MT to accumulate pendingBurnAmount and called distributeFees() to directly destroy MT from the trading pair, artificially inflating the price, before exchanging the MT back to WBNB for profit. Furthermore, the referral rule allowing the first 0.2 MT to bypass buyer restrictions enabled the attackers to launch the attack.