DIP Token (Etherisc) Hack 2026 — $111K Exploit Analysis

DIP token drained $111K via missing return statement causing double transfers through PancakeSwap router

Details

Full Description

On June 16, 2026, a coding flaw in the DIP token, an essential utility asset of the Etherisc ecosystem, let an attacker siphon roughly $111,098 in USD Coin. The DIP token's _transfer() function was missing a 'return' statement in the branch that handles trades routed through the PancakeSwap router. The attacker exploited this by calling skim(router) to trigger double DIP transfers, then sync() to set the DIP reserve to an extremely low value, manipulating the AMM price to drain the pool. Each trade that touched the router effectively paid out twice, quietly bleeding USDC from the pool.

Laundering Analysis

The attacker drained approximately 111,097.6 USDC from the DIP token pool via PancakeSwap. No confirmed recovery or laundering path has been publicly disclosed. SlowMist logged the incident but did not name the attacker or confirm recovery prospects.

Sources

Related Hacks

Back to Browse