Blockchain security firm SlowMist has reported that the AIDC token on the BNB Smart Chain was exploited after attackers took advantage of a flaw in the token’s burn mechanism, draining about 220.12 WBNB, worth roughly $120,929.
According to SlowMist, the attacker exploited a weakness in AIDCToken’s _sellTransfer() function. The contract accumulated a 30% burn amount without deducting it from the seller’s balance. When another transfer occurred, the contract mistakenly burned tokens from the PancakeSwap liquidity pool instead of the seller’s wallet.
🚨SlowMist TI Alert🚨
AIDC token on BSC has been exploited.
💸 Loss: 220.12 WBNB (~$120929.35)
🔍 Root Cause: AIDCToken’s `_sellTransfer()` accumulates a 30% burn amount without deducting it from the seller. Subsequently, any non-Pair transfer triggers… pic.twitter.com/EnutUjxcBY
— SlowMist (@SlowMist_Team) June 29, 2026
After the burn, the contract automatically called the sync() function, reducing the token reserves held in the liquidity pool. The attacker repeatedly manipulated the pool before swapping tokens and withdrawing almost all of its WBNB liquidity. SlowMist identified the affected liquidity pool as the PancakeSwap V2 AIDC/WBNB pair.
Small coding mistakes can cause major losses
The attack shows how a single error in a smart contract can quickly turn into a major financial loss.
Over the past few years, exploits involving Curve Finance, Euler Finance and Beanstalk have shown that coding mistakes in smart contracts and token logic, rather than flaws in blockchain networks, can allow attackers to manipulate liquidity pools and drain millions of dollars.
Faults involving burn functions, minting rules, price calculations and reserve updates have repeatedly allowed attackers to manipulate liquidity pools and drain funds. Security firms have increasingly urged developers to carry out multiple independent smart contract audits and stress testing before launching new tokens, especially those with custom tokenomics or automated burn features.
As decentralized finance continues to grow, these incidents also remind investors that audited code and careful contract design remain as important as market demand when assessing new crypto projects.
Security firms continue monitoring DeFi attacks
SlowMist published the attacker’s wallet address, the vulnerable contract and the affected liquidity pool as part of its investigation.
The firm said the exploit relied on repeatedly forcing the liquidity pool to absorb burn losses that should have been taken from sellers, allowing the attacker to manipulate reserves before making the final swap.
The latest incident adds to the list of smart contract exploits recorded this year. While blockchain networks themselves remain secure, vulnerabilities in individual protocols continue to provide opportunities for attackers, making security reviews and ongoing monitoring a priority across the decentralised finance sector.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights.
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools.
