Sola Incident Analysis

On April 12, 2025 an attacker exploited an unverified SOLA token contract on BSC by leveraging a public withdrawToken() function and PancakeSwap flash-swap mechanics to drain about $28,000; the analysis provides transaction traces, decompiled code showing missing access controls, and links the attacker to multiple prior exploits and subsequent laundering activity.