USDC-OCA BSC liquidity pool drained for $422K via OCA deflation bug

Published: 2026-02-14 05:09:08 |

BlockSec Phalcon reports an exploit on a BSC-based USDC–OCA liquidity pool that resulted in roughly $422,000 worth of USDC drained. The attacker abused a flaw in OCA’s deflationary sellOCA() logic: each sell call removed an equivalent amount of OCA from the pool while swapping, artificially inflating the token price and permitting repeated profitable swaps. The exploit was executed across three transactions — the first performed the attack, and the subsequent two paid block-builder bribes (about 43 BNB and 69 BNB) to 48club-puissant-builder. The attacker’s estimated profit after costs is approximately $340,000. A separate transaction in the same block (position 52) failed, possibly due to a front-run by the attacker. BlockSec’s alert offers no investment advice. Key details for traders: exploit type (smart-contract logic/deflationary token bug), affected pair (USDC–OCA on BSC), total drain (~$422K USDC), attacker profit (~$340K after bribes), and on-chain indicators (three tx pattern with MEV/bribes).

Bearish

This exploit is bearish for short-term market sentiment around the affected token (OCA) and can weigh on BSC DeFi confidence. Immediate impacts: selling pressure on OCA as holders and liquidity providers react, short-term USDC outflows from the pool and potential liquidity withdrawal from related pools. The use of MEV/bribes signals active attacker sophistication, which can increase perceived protocol risk and push traders to reduce exposure to small-cap or deflationary tokens on BSC. Historically, similar pool-drain events (e.g., rug pulls, reentrancy/logic exploits) cause short-term price drops, heightened volatility, and reduced TVL in the affected ecosystem. Longer-term effects depend on project response: transparent audits, compensations, or contract fixes can restore confidence over weeks to months; absence of remediation or repeated incidents can produce lasting reputational damage and capital flight. For traders: expect higher volatility and potential arbitrage opportunities immediately after on-chain recovery activity, but increased risk premium for OCA and similar tokens until security is demonstrated.