LittleBoyPlus has been exploited on BNB Chain, with security monitors estimating losses at about $377,000, or roughly 610 BNB.
The attack was flagged by F12sec, which identified the attacker address as 0x5449ded887576f43fc339851e942ebc1e6f8118b. Onchain activity shows the attacker used flash-loan liquidity during the transaction sequence before cashing out through BNB Chain trading pools.
The incident adds another loss to a week already dominated by contract-level exploits. Aztec’s old Private Rollup Bridge also lost 1,158 ETH in a separate drain, showing how live balances inside older or lightly monitored contracts can quickly become targets when an exposed withdrawal or accounting path remains callable.
The LittleBoyPlus attacker used borrowed liquidity to increase the size of the transaction without holding the full amount upfront. Flash loans are repaid inside the same transaction, making them useful for arbitrage, liquidations and exploit sequences that generate profit before the transaction closes.
In this case, the borrowed funds helped the attacker move through the target’s liquidity structure, trigger the vulnerable contract behavior and consolidate proceeds into BNB. The flash loan made the trade larger, but the loss came from project-level logic that allowed the attacker to create and monetize a liquidity imbalance.
That distinction matters. Public DEX liquidity often becomes the exit route in these attacks, while the weakness sits in the token contract, reward system, transfer rules or liquidity design behind the project itself.
LittleBoyPlus now joins a growing list of BNB Chain projects hit through custom token or liquidity mechanics.
A recent AROS attack drained about $295,000 on BNB Chain, while a BCE-USDT PancakeSwap pool lost about $679,000 after token-side behavior distorted the pool’s pricing.
The pattern is familiar: attackers target a specific contract path, use temporary capital to amplify the opportunity, and then pull value through available liquidity before the market can react.
No confirmed recovery, white-hat negotiation or compensation plan had been announced at the time of writing. The attacker address remains the main focus for tracking any further movement of funds.
The immediate priority for LittleBoyPlus is to secure remaining liquidity, confirm whether the same path can be triggered again and give users clear guidance on contract, pool and balance risk.
The six-figure loss is smaller than the largest DeFi incidents of the year, but it shows how quickly thinly monitored liquidity can be drained when a contract edge case meets flash-loan capital. For BNB Chain users, the next signal is whether funds move from the attacker address into mixers, bridges or exchanges, and whether the project can close the vulnerable path before any follow-on attempt.
The post LittleBoyPlus Loses $377K After Minting Bug Drains BNB Chain Liquidity appeared first on Crypto Adventure.
