Woofun AI reports that the BSC-based DeFi mining protocol Little Boy Plus suffered a security breach resulting in losses of approximately $370,000, equivalent to around 610.555 BNB. The exploit stemmed from a vulnerability in the `LBPHashrate._update()` function at address `0x5e3c...85fe`, where a zero-value `transferFrom` parameter enabled the attacker to bypass OpenZeppelin’s authorization checks. This unauthorized execution triggered the `_harvest(pair)` function, which minted LBP tokens to the PancakePair address without increasing reserve funds, ultimately allowing the attacker to withdraw USDT via the `PancakePair.swap()` function.