AIDCToken Hack

TOTAL LOST $121K
Low Other

Summarize with AI

Affected Chain 2026 Incident surface
Recovered - No recovery reported
All-Time Rank #1447 By amount stolen
Protocol Type Exploit/Other Target category

Incident Overview

In 29th June 2026, the AIDCToken protocol on the BNB Chain suffered a smart contract exploit targeting its liquidity pair on PancakeSwap, resulting in a loss of approximately 220 WBNB (~$121,000).

The exploit targeted a flawed automated taxation and token burn mechanism inside the AIDCToken implementation contract. During standard sell operations, the token's internal _sellTransfer() function accumulated a massive 30% burn fee liability without properly debiting the amount from the actual seller's personal balance.

Instead, whenever a separate, standard non-pair transfer transaction occurred, it would automatically trigger the internal _executeAccumulatedBurn() function. This routine incorrectly targeted and deducted the accumulated burn liability directly from the PancakeSwap uniswapPair contract balance rather than the active seller. Following the unvalidated deduction, a sync() invocation artificially deflated the AIDC token reserves held inside the Automated Market Maker (AMM). The attacker systematically repeated this transfer-and-burn sequence to continually shrink the pool's token reserve, skewing the relative asset pricing logic. They then performed a final, massive swap to drain nearly all remaining WBNB from the liquidity pair before washing the proceeds via 22 separate 10-BNB deposits into Tornado Cash.

Vulnerable Token Contract: 0x5021d718…a0c6fe

Affected Pool: 0x27250332…b7cbd8 (PancakeV2 AIDC/WBNB Pair)

Attacker Address: 0x89eb2c99…116b63

Incident Report

Protocol / Project AIDCToken
Date of Incident
Attack Technique Other
Classification Token
Primary Source View Post-Mortem

Protocol Information

Protocol Type Exploit/Other
Team Anonymous
Source Code Unverified

What the Attacker Needed to Succeed

Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.

Technical Knowledge Deep understanding of other and Solidity and EVM internals
Capital Required Seed capital to cover gas and initial position setup
On-Chain Access Ability to interact with smart contracts and deploy a custom exploit contract
Protocol Analysis Identification of the exploitable vulnerability in AIDCToken's contract logic - root cause: token
Execution Speed Precise transaction ordering and timing to exploit the vulnerability within a single atomic block
Obfuscation Plan A strategy to launder and move stolen funds - typically through mixers, cross-chain bridges, or decentralized DEX swaps to resist tracing

What Auditors Should Check

Could this have been caught in audit? Likely β€” with a thorough Other audit checklist and test coverage

If you're auditing a protocol with similar architecture to AIDCToken, these are the critical security checks that could have prevented this incident (June 2026).

  • Verify all logic paths related to Other are guarded by proper access controls and input validation
  • Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs

Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.

Free Trial

Sources & References

Learn to Prevent the Next AIDCToken

The AIDCToken hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.

Recreate exploit patterns safely Free Trial