The $1.1M PancakeSwap LABUBI Drain Was a 46-Day Time Bomb. The On-Chain Signs Were There
— By Tony Rabbit in News

The LABUBI pool on PancakeSwap lost about 1.1 million dollars on June 20, but this was no flash loan zero day. On-chain data shows a mutable contract parameter changed weeks earlier and an ownership renounce that locked it in. Here is how it worked, and why the warning signs were visible before the drain.
On June 20, the OLPC and LABUBI trading pair on PancakeSwap V2, running on BNB Chain, was drained of roughly 1.1 million dollars, with the attacker converting the proceeds into about 1,115,903 USDT. According to the on-chain analysis circulating after the incident, the funds were then bridged from BNB Chain to Ethereum and 633.4 ETH was deposited into Tornado Cash. The headline number is ordinary by 2026 standards. What makes this one worth a close look is that it was not a sudden exploit of a hidden bug. It was a slow, premeditated setup hiding in plain sight.
A parameter changed 46 days before the attack
The mechanism came down to a single mutable value in the OLPC token contract. Roughly 46 days before the drain, the contract owner increased an internal parameter, reported as decimalsValue, from its normal value of 1 to an enormous number, 7326680472586200649. That change quietly amplified how many tokens were burned during ordinary operations. When it was finally triggered, the analysis describes an abnormal burn of about 51.9 million OLPC and 124,000 LABUBI tokens to a dead address. That burn distorted the pool reserves, and the attacker stepped in to exploit the imbalance.
The detail that turns a bug into a plan is what came next. After setting up the malicious parameter, the owner renounced ownership of the contract. Renouncing is usually marketed as a trust signal, proof that no one can change the rules anymore. Here it did the opposite: it locked the time bomb in place and made any reversal impossible.
Why this is a detection story, not just a hack story
Most exploit coverage stops at the loss. The more useful point for anyone trading new tokens is that the danger was structural and observable. A token contract that lets the deployer change a supply affecting parameter is a standing risk, no matter how calm the chart looks. An ownership renounce that happens after a suspicious change is not reassurance, it is a lock on whatever was set up beforehand. Both of those are exactly the kind of signals an automated contract audit is built to surface.
This is why we publish the Rug and Scam Rate Index, which tracks what share of recently launched tokens carry a critical safety flag, and why ownership status is one of the fields it reports. In the latest live reading, a large majority of recent tokens still have not renounced ownership at all, meaning the deployer retains control, the precondition for exactly this kind of setup. Renounce status alone is never the whole story, as the LABUBI case shows, but combined with mutable mint or burn authority it is one of the clearest warning lights on a contract.
How to check before you are the exit liquidity
You cannot read Solidity on every token you touch, but you can run the checks that matter in under a minute. Put any contract through the DEXTools Token Safety Checker to see its honeypot, mint and ownership status. Watch for contracts where the owner can still change supply behavior, and treat a recent ownership renounce as a question to investigate rather than a green light. Our guide on how to spot a rug pull walks through the full manual checklist, and liquidity pull versus slow rug covers the difference between a sudden drain and a patient one like this.
The LABUBI drain is a reminder that the most dangerous contracts are not always the ones that look broken today. Sometimes they are the ones that were quietly armed weeks ago. This article is information only and is not financial advice.