Movie Token Incident Analysis

On 10 March 2026 the Movie Token (MT) contract was exploited for ~\$242k due to a double-counting flaw in its sell logic: sells both transferred tokens to the liquidity pair and incremented a pendingBurnAmount, allowing subsequent burning to artificially deflate supply and pump price. The attacker used flash loans, crafted swaps and liquidity adds/removals, and called distributeDailyRewards() to execute pending burns, then swapped inflated MT reserves back to WBNB, repaid loans and profited ~381.7468 WBNB. The report includes addresses, step-by-step transaction flow, root cause analysis, and post-exploit fund flows (bridging and shielding).