•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
The PancakeSwap V2 pool for OCA/USDC on BNB Chain was exploited in a suspicious transaction detected today, resulting in the loss of almost $500,000 worth of USDC drained in a single transaction. Blockchain security reports said the attacker leveraged a vulnerability in the deflationary sellOCA() logic to gain the ability to manipulate the pool’s reserves. The amount reportedly taken by the attacker was approximately $422,000.
The attack reportedly used flash loans and flash swaps together with repeated calls to OCA’s swapHelper function. This enabled the attacker to remove OCA tokens directly from the liquidity pool during swaps, artificially inflating the on-pair price of OCA and allowing USDC to be drained from the pool.
Reports said the exploit was carried out across three transactions: one to execute the main manipulation and two additional transactions to provide builder bribes. Blocksec Phalcon wrote that, in total, 43 BNB plus 69 BNB were paid to 48club-puissant-builder, leaving an estimated final profit of $340K. The report also noted another transaction in the same block failed at position 52, likely because it was frontrun by the attacker.
Flash loans on PancakeSwap allow users to borrow large amounts of crypto assets without collateral, with the requirement that the borrowed amount plus fees be repaid within the same transaction block. They are commonly used for arbitrage and liquidation strategies on BNB Chain, and are typically facilitated by PancakeSwap V3’s flash swap function.
Another flash-loan-based attack was detected weeks earlier. In December 2025, an exploit reportedly enabled an attacker to withdraw approximately 138.6 WBNB from the PancakeSwap liquidity pool for the DMi/WBNB pair, netting approximately $120,000. That incident showed how combining flash loans with manipulation of an AMM pair’s internal reserves via sync() and callback functions could be used to deplete a pool.
In that December 2025 case, the attacker created an exploit contract and called the f0ded652() function as a specialized entry point. The contract then called flashLoan from the Moolah protocol, requesting approximately 102,693 WBNB. After receiving the flash loan, the contract initiated the onMoolahFlashLoan(…) callback, which first checked the DMi token balance in the PancakeSwap pool to prepare for reserve manipulation.
According to the reports, the vulnerability was not in the flash loan mechanism itself. Instead, it was attributed to the PancakeSwap contract, which allowed reserve manipulation through a combination of flash swap and sync() without protection against malicious callbacks.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
