# BSX Security Incident: Root Cause Analysis & Post-Mortem

**Published by:** [BSX](https://paragraph.com/@bsx/)
**Published on:** 2025-05-30
**URL:** https://paragraph.com/@bsx/bsx-security-incident-root-cause-analysis-post-mortem

## Content

I. BSX Platform Security Update and Response to Recent IncidentBSX is committed to the security of our platform and the trust of our users. We are providing an update on a recent security incident that affected a specific component of our ecosystem. Our team, in collaboration with our external security partner ZeroShadow, has conducted an initial investigation and taken decisive action.II. Incident OverviewThe incident involved a sophisticated exploit targeting a specific aspect of the token authentication process within our collateral swap smart contract on the Base blockchain. This function is designed to allow users to exchange collateral within a designated liquidity pool. The attacker utilized an advanced technique, deploying a counterfeit token meticulously designed to mimic a legitimate asset (USDC). This counterfeit token ("USDC7") bypassed certain authentication parameters under specific conditions, which are common challenges within the DeFi space sometimes referred to as "token authentication bypass." The attacker then used this counterfeit token to exchange for legitimate assets within that single pool.III. Attack TimelinePreparation and Attack Phase10 May 2025: The hacker address 0x73136dcF0B9f2A4eAEf3F6371bdaD5B0A264f293 (0x7313) exploited the BSX USDC pool.Prior to that date, the hacker had deployed a "fake" token USDC7 (0x74aa98419130aAd27efA23217F45dFFbA1A7EeA2) and used it to manipulate the pool (0x26A54955a5fb9472D3eDFeAc9B8E4c0ab5779eD3), causing the pool to send USDC to the Aerodrome liquidity pool (0x27d8A472513E25F2cBEE50dA86BAF2f55c7c94E5)—where the exploiter withdrew their liquidity position into 0x7313.Attack Execution Through a series of swap transactions via 0x7313, the hacker converted the USDC tokens into 488 ETH (approximately $1.2 million USD) and 522.7 BNB (approximately $341,570 USD), all of which were sent to Tornado Cash in subsequent transactions.IV. Containment and Impact AssessmentOur security protocols enabled the swift detection of this anomaly. Immediate action was taken:The affected smart contract function was promptly disabled to prevent further unauthorized activity.The impacted area was isolated, ensuring the broader BSX platform and its core functionalities remained secure and fully operational.The financial impact was limited to approximately $1.54 million USD from the specific USDC liquidity pool targeted. Crucially, no other user funds, assets in other BSX pools, or open trading positions were affected by this isolated incident. The core trading functionalities of the BSX platform continued to operate without interruption. As a precautionary measure to protect user interests and ensure platform integrity, deposits to the platform and the specific collateral swap function were temporarily suspended. Withdrawal services remained, and continue to remain, fully operational across the BSX platform.V. Our Commitment to Security and TransparencyTransparency is a core value at BSX. We communicated with our community via our official channels (X, Telegram, Discord) upon identifying the incident and have been providing regular updates. BSX deeply regrets any concern this incident may have caused. This event, while unfortunate, was confined due to the multi-layered security architecture of our platform. We are leveraging this as an opportunity to further enhance our already rigorous security measures. In partnership with external auditors, we are implementing additional verification layers and conducting an exhaustive review of related smart contract components. We are confident in the fundamental robustness and resilience of the BSX platform. The swiftness of our response and the limited scope of the incident underscore the effectiveness of our broader security framework. We thank our community for their understanding and continued support. BSX is dedicated to maintaining the highest security standards and will continue to work tirelessly to protect our users' assets and ensure the integrity of our platform. Please rely solely on information from our official channels for ongoing updates. Together, we will continue to build a stronger and more secure BSX.

## Publication Information

- [BSX](https://paragraph.com/@bsx/): Publication homepage
- [All Posts](https://paragraph.com/@bsx/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@bsx): Subscribe to updates
- [Twitter](https://twitter.com/bsx_labs): Follow on Twitter