Two more BSC flash-loan attacks, since Binance attacks are targeted
Two more BSC flash-loan attacks, since Binance attacks are targeted
Source: Gualtiero Boffi - Shutterstock
- In the last three days, two new defi platforms have suffered in the Binance Smart Chain attacks by hackers and lost $ 6.3 million or $ 7.2 million.
- BSC claimed that these attacks are targeted and calls on all developers to apply all possible security measures on his blockchain, including triple review of your code.
Another day, another attack on Binance Smart Chain. The blockchain network has seen barely a week without flash loan attack in the past two months. The latest is Belt Finance, a Defi platform that, according to experts, lost money from the same flash loan exploit from which its predecessors suffered from. Just two days ago, Burgerswap lost over $ 7 million through a similar exploit in a now deeply worrying trend.
The Belt Finance attack
The incident with Belt Finance was a textbook attack with a few small changes Rekt-Blog describes in detail. The attacker took advantage of a false stock assessment that helped him to add another step to the "notorious flash-loan Exploit season at the BSC".
rect added:
Another fork of a fork rolled from the assembly line, with $ 6.3 million fell directly into the hackers' hands. Although it is a somewhat more sophisticated attack than with some of the previous occurrences, all known license plates are available.
The attack began as many others with the acquisition of Busd, the StableCoin of Binance, from another defi platform, this time Pancakewap. According to security analysts, the attackers took up 8 flash loans from Pancakeswap for a total of $ 385 million. They then used the "Elipsis" strategy of the Beltbus Dresor because it was the most signed. Then they leaked the funds through the Venus strategy.
Elipsis is a decentralized stock exchange that enables users to exchange stable coins on BSC with low slipping, while Venus is the leading defi platform on BSC.
Mudit Guppa, a core developer at Sushswap, has dealt with the attack in detail. According to him, the amount lost to the hackers was much higher than initially known. He put the stolen money at $ 13 million.
he explained:
The functionality of Beltbus Multi-Strategy Vault is that a target balance is set for all strategies. If someone deposits money, it will be paid into the least signed strategy. If someone lodges money, they are pulling it off the most exaggerated strategy.
at the beginning of the exploit Venus was strongly signed and therefore the deposits went there. After the attacker's great deposit, Venus became the most exaggerated strategy and therefore the payments came from it.
- Mudit Guppa (@Mudit__Gupta) 30. May 2021
The burgerswap attack
A few days ago, another BSC platform was attacked and lost over $ 7 million. The attacker has captured burger token worth 3.2 million US dollars, wrapped BNB token worth $ 1.6 million and Tether from Burgerswap worth $ 1.4 million.The attack on Burgerswap took place on May 28, as the platform unveiled on Twitter. Around $ 7.2 million were stolen in the attack, in which the attackers created their own fake coin and formed a new retail couple with the burger token.
1/9
BURGERSWAP Flash Loan Attack Details:
On May 28th at 3 a.m. (UTC+8) #burgerSwap came across a flash loan attack; 7.2 million US dollars were stolen #burgerswap for 14 transactions;
- Burgerswap (@burger_swap) 28. May 2021
Burgerswap had become very popular with BSC after it started last year. It is a clone of Uniswap V2 - which means that its code is almost identical to that of V2. As Hayden Adams, founder of Uniswap, announced, the developers of Burgerswap accidentally issued an important code line that is responsible for securing the liquidity pools.
This thread sounds complicated. Here is what happened simply.
Uniswap V2 fork has removed the only line that forces X*y = K from the core:
The core could therefore be emptied very trivial.
This is the line that has been removed: https://t.co/in3nc1xmtm
I wonder why you did it https://t.co/b9tn3kp25u
- Hayden Adams (@Haydenzadams) May 2021
The Burgerswap token is currently trading at $ 6.57, compared to the all-time high of $ 25.18, which he reached on May 3. Its volume has lost about 30 percent since the attack.
We are in sight: BSC
In the middle of the increase in attacks on Defi platforms on Binance Smart Chain, the blockchain project claims that the attack on projects in his ecosystem aims. BSC used Twitter to recognize the unfortunate increase in flash loan attacks on its blockchain. It claimed that “well-organized hackers are now targeting BSC. It is a very challenging time for the BSC community.”
8 #flashloan Lately by well -organized hackers #dapps :
- Binance Smart Chain (@binancechain) 30. May 2021
BSC asked the DAPP developers to comply with a number of measures to improve their security. One of them is the collaboration with internal auditors to check the code. The developers also have to monitor their platforms in real time and pause when they discover an anomaly.
BSC Dapps must also plan an emergency plan in the event of the worst. To further ensure that all loopholes are recognized before attackers take advantage of them, you should plan a bounty program.
The warning to the developers comes days after a representative of Binance has stated that the stock exchange cannot do much to restore the cryptos, the attackers steal. Samy Karim recently spoke at the consensus conference and explained:
BSC is a public, approval -free infrastructure, so that everyone can provide projects there…. It is not possible how many people think that there is a kind of rollback,
Source: Crypto-news-flash.com
Kommentare (0)