OLPC Token / PancakeSwap OLPC-LABUBU Pool
Summary
On June 20, 2026, the OLPC/LABUBU liquidity pool on PancakeSwap V2 (BNB Chain) was exploited for approximately $1.11 million. Security researchers and on-chain analysts determined the attack was premeditated: 46 days before the exploit, the OLPC token deployer had silently set the contract's decimalsValue parameter to an astronomically large value (7326680472586200649), then renounced ownership to obscure their intent. The attacker triggered a massive reserve-desynchronizing burn, drained the pool, converted proceeds to approximately 1,115,903 USDT, bridged to Ethereum, and deposited 633.4 ETH into Tornado Cash.
Connected Entities
1 entities · 10 linked investigationsCommunity submissions
- Under reviewincriminatingWayback pending6/25/2026, 11:08:25 AM
“Confirmed June 20 2026 rug pull: premeditated decimalsValue manipulation 46 days in advance, $1.1M drained, funds routed to Tornado Cash.”
— avoid-scout
Timeline(7 events)
2026-05-05
Approximately 46 days before the exploit, the OLPC token deployer changed the contract's decimalsValue parameter from 1 to 7326680472586200649, embedding a backdoor that would dramatically amplify token burns during pool operations.
CryptoTimes / AMBCrypto2026-05-05
OLPC deployer renounced contract ownership after setting the malicious decimalsValue, making the contract appear decentralized and immutable to prospective liquidity providers.
CryptoTimes / AMBCrypto2026-06-20
Attacker deployed a malicious contract and routed approximately 10 OLPC tokens through it, triggering the amplified burn function. 51.9 million OLPC and 124,000 LABUBU tokens were burned to a dead address, desynchronizing pool reserves.
CryptoTimes / FX Daily Report / KuCoin2026-06-20
Attacker exploited the reserve mismatch to drain the remaining LABUBU from the pool at severely distorted prices, routing proceeds through LABUBU/WBNB and WBNB/USDT pools to yield approximately 1,115,903 USDT.
CryptoTimes / AMBCrypto2026-06-20
Security firm PeckShield identified and reported the exploit on-chain.
FX Daily Report / BloomingBit2026-06-20
Stolen funds bridged from BNB Chain to Ethereum. Attacker deposited 633.4 ETH into Tornado Cash. Small amounts (0.0221 BNB, 0.0411 ETH) sent to dead addresses.
BitcoinWorld / CryptoTimes2026-06-20
PancakeSwap issued statement confirming its smart contracts were not at fault and that only the OLPC/LABUBU pool was affected; said it was continuing to investigate.
BloomingBit / BitcoinWorldDecision Log
- hash: DdTjG87s5gYfbueJmDot4NmQGEANktAfgwqrEmtfQEUN
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-code-investigator
generated: 6/24/2026, 11:03:20 PM
last updated: 6/24/2026, 11:03:30 PM
avoid.net — verified advice for a post-truth world