shield Business Logic Flaw

How attackers exploited BDEX in November 2022 (business logic flaw)

Q: When did the BDEX hack happen?

The BDEX exploit was recorded on November 5, 2022 — 1,256 days ago.

Q: What type of exploit hit BDEX?

The BDEX incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

Q: How common is the Business Logic Flaw pattern seen at BDEX?

Our archive contains 144 documented business logic flaw incidents. The BDEX incident is one of them.

Q: How does BDEX compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is - EulerFinance (2023) at $200M. The BDEX loss was not publicly disclosed.

On November 2022, BDEX suffered a business logic flaw — the first of 144 documented business logic flaw incidents in our archive where the loss figure was not publicly disclosed but the exploit pattern is documented below.

Attack Mechanics: How the BDEX Business Logic Flaw Played Out

Exploit Class Applied to BDEX

The BDEX incident on November 5, 2022 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, BDEX is 1 of 144 documented business logic flaw incidents.

BDEX in Context

The BDEX incident joins a class whose largest loss to date is – EulerFinance (2023) at $200M.

Prior Business Logic Flaw Before BDEX

The nearest business logic flaw incident before BDEX was HEALTH, 16 days earlier on October 20, 2022. The same exploit class surfaced again within the business logic flaw attack surface.

Impact & Recovery for BDEX

BDEX Loss Figure

The loss figure for BDEX is not publicly disclosed. The primary source reports the exploit in non-USD terms, so no USD estimate is published here. For reference, the average loss across 144 business logic flaw incidents in our archive is $6.08M.

Timeline Since the BDEX Incident

The BDEX exploit occurred 3.4 years ago (1,256 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.

Primary Reference for BDEX

Public post-mortem / on-chain analysis for the BDEX incident: view source.

FAQ

How much did BDEX lose?

The BDEX loss figure is not publicly disclosed. The primary source reports the exploit in non-USD token terms, so no USD estimate is published here.

When did the BDEX hack happen?

The BDEX exploit was recorded on November 5, 2022 — 1,256 days ago.

What type of exploit hit BDEX?

The BDEX incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

How common is the Business Logic Flaw pattern seen at BDEX?

Our archive contains 144 documented business logic flaw incidents. The BDEX incident is one of them.

How does BDEX compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The BDEX loss was not publicly disclosed.

What implication does the study have for portfolio management?

It provides insights for investors and decision-makers, emphasizing the importance of incorporating monetary policy in assessing cryptocurrency volatility.

What period does the study cover?

2010 to 2015.