Local Traders

Quick Summary

Local Traders, a P2P exchange on Binance Smart Chain was exploited due to a lack of permission checks in their smart contract. The
attacker modified the owner and token price resulting in a loss of 115,595 $USD.




Details of the Exploit

On May 23, 2023, the Local Traders platform was exploited on the Binance Smart Chain resulting in a loss of approximately 379.32
BNB worth around $115,595 at that time. The vulnerability was caused by a lack of permission checks in one of their functions
which allowed anyone to modify the owner using this function implementation. The attacker then called another function to modify
the price of LCT tokens to purchase them at low prices and sold them for profit. All stolen funds are currently held by the
attacker's address which has been reported and blacklisted by exchanges making it difficult for the hacker to cash out. The Local
Traders team is working on implementing a recovery plan for affected users.




Block Data Reference

Attacker address:

https://bscscan.com/address/0xd771dfa8fa59bd2d1251a0481fca0cf216276dd7




Malicious transaction:

https://bscscan.com/tx/0x49a3038622bf6dc3672b1b7366382a2c513d713e06cb7c91ebb8e256ee300dfb




Access gain transaction:

https://bscscan.com/tx/0x57b589f631f8ff20e2a89a649c4ec2e35be72eaecf155fdfde981c0fec2be5ba




Price change transaction:

https://bscscan.com/tx/bea605b238c85aabe5edc636219155d8c4879d6b05c48091cf1f7286bd4702ba