**BSC Ecosystem Alert: Popular Project Hit by Flash Loan Attack, $130,000 Vanishes Instantly**

On-chain security issues sound the alarm once again. According to market feedback, the MSCST project on the BSC network was recently targeted by a carefully orchestrated flash loan attack, resulting in a loss of approximately $130,000. The key to this incident lies in a subtle yet deadly code flaw.

**Root Cause: Lack of Access Control, a Breach Point for Attackers**

Technical analysis shows that the problem originates from the releaseReward() function in the MSCST smart contract, which lacks the necessary access control mechanism (ACL). This means anyone can call this function, allowing attackers to manipulate the price of GPC tokens in the PancakeSwap liquidity pool (contract address 0x12da), executing a precise economic exploit.

**Insight: The Threat of Flash Loans Continues to Rise**

Such flash loan attacks have become a common risk in the DeFi ecosystem. Attackers borrow large sums, rapidly manipulate token prices, and exploit permission vulnerabilities within a single transaction to profit. This poses a threat to any project lacking thorough security audits or with insufficiently cautious code design. The MSCST incident serves as a reminder to developers that access control is not optional but a fundamental security necessity.