PancakeSwap Exploit Drains ~$679K from BCE/USDT Pool

A reported PancakeSwap Exploit has exposed a vulnerability in the BCE/USDT liquidity pool on BNB Chain, with attackers draining about $679,000. Blockchain security firm Blocksec said the incident was confirmed on March 15, 2025. The attacker used malicious smart contracts to bypass PancakeSwap’s buy/sell limits, then manipulated the pool’s token burn mechanism. This created abnormal BCE/USDT pricing, opening an arbitrage window that enabled the theft. Key mechanics highlighted by analysts: - Two malicious contracts deployed to circumvent limit enforcement. - Circumvention via multiple smaller transactions to avoid single-transaction checks. - Timing/interaction tricks targeting the BCE burn function to distort pool ratios. - Multi-step swaps to obscure fund flows. PancakeSwap temporarily paused affected pools and began a comprehensive security audit, with additional monitoring and stricter limit enforcement planned. The report also places this PancakeSwap Exploit within a broader DeFi security trend: despite DeFi TVL rising (42% year-over-year cited), reported security incidents and estimated losses have continued to grow. Industry response is focusing on real-time abnormal-activity monitoring, enhanced auditing, and more robust insurance/limit controls. For traders, this is a reminder that DEX liquidity pools can face economic-manipulation attacks, not just coding bugs—raising short-term risks around affected pairs and potentially increasing caution and liquidity fragmentation across similar tokenomic pools.