MSCST (MSC Protocol)
Summary
MSCST is a BSC-based DeFi auto-staking token associated with MSC Protocol (MetaSuperCoin), which advertised an implausible fixed APY of 38,585% over 400 days with no public team or audits. On December 29, 2025, a flash loan attacker exploited a missing access control vulnerability in the protocol's releaseReward() function, draining approximately $130,000 (149 BNB) from the GPC/WBNB PancakeSwap liquidity pool. The project has been flagged by ZachXBT and received no recovery response from an identifiable development team.
Connected Entities
2 entitiesTimeline(4 events)
2022-06-26
MSC Protocol (MetaSuperCoin / MSCST) publicly announced via GlobeNewswire, advertising 38,585% APY and auto-compounding rewards on BSC.
2025-12-29
MSCST contract exploited via flash loan attack on BSC. Attacker (0xB0720D8541cD2b6fC35cCC39ec84e84383A7000b) borrowed 46.8M GPC tokens, manipulated GPC/WBNB PancakeSwap pool price, and extracted approximately 149 BNB (~$130,000) by calling the unprotected releaseReward() function.
2025-12-29
BlockSec Phalcon monitoring system detects the suspicious transaction on BSC targeting MSCST and issues alert.
2025-12-29
Multiple crypto outlets including PANews, Bitget News, KuCoin, WEEX, and Lookonchain report the exploit. Verichains publishes technical post-mortem.
Decision Log
- hash: 4RZQkk4ZGrk5VnCJk5NFuBBUfsizJpPWbLE3EUVMajh3
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:14 AM
last updated: 5/29/2026, 4:07:50 PM
avoid.net — verified advice for a post-truth world