Binance Smart Chain Faces yet Another Flash Loan Attack: Belt Finance Loses $6.3 Million
Belt Finance, a Binance Smart Chain-based decentralized lending protocol, lost $6.3 million in a flash loan attack last week. The attackers took advantage of a series of inefficiencies in the smart contract to manipulate the price of the set and obtain profit from a series of transactions. This is just the last of a series of attacks that seem to be pointing to Binance Chain protocols due to their vulnerabilities.
Belt Finance Loses $6.3 Million in Flash Loan Attack
Belt Finance, a borrowing and loaning protocol that operates in the Binance Smart Chain suffered a flash attack last week that caused losses of over six million dollars. The attack, that used Pancakeswap as a tool for executing its strategy, used a series of operations to manipulate its belt/BUSD pool, a stable token in the protocol, and profit due to this inefficiency. The Belt Finance team declared in a post mortem report that the attackers managed to exploit this bug eight times before being detected.
The team of Belt Finance immediately suspended withdrawals and deposits to the affected pools and claimed the attack vector that was used for the attack has been patched after the attack. In addition to this, they are studying how to reimburse the users affected by this event. The team declared:
We are currently working to create a fair and comprehensive compensation plan for those affected with a snapshot of the accounts that were affected by this attack. We will release a compensation plan within the next 48 hours, a time frame necessary for us to get and go through all the logs to see exactly which users need to get compensated.
The team also denied allegations and rumors surrounding the sale of tokens by part of the members of Belt Finance. While some point in the direction of a possible rug pull, the similarity with other attackers can lead to believe this is yet another flash loan attack directed to poorly secured Binance Smart Chain (BSC) protocols.
Not the First Time
The BSC network has become a magnet for flash loan attacks in recent days. Just this month, PancakeBunny, another liquidity protocol in the chain, also suffered an attack that made them lost three million dollars, and Bogged Finance, a similar project, lost almost the same amount in a flash loan attack too. Alongside this, the defi protocol Burgerswap was siphoned for $7.2 million in a flash loan attack.
There are >8 #flashloan hacks recently, we believe, an well organized hackers are targeting #BSC now. It is very challenging time for the BSC communty. We are calling for the actions for all the #dapps:— Binance Smart Chain (@BinanceChain) May 30, 2021
This has led developers to believe there is an organized group targeting BSC protocols. This is what the official account of the Binance Smart Chain declared on Twitter, advising these protocols to stay on guard for this kind of attack and to work with audit companies to double-check their code for vulnerabilities.