Belt Finance, a decentralized finance (DeFi) platform based on smart contract network Binance Smart Chain (BSC), became the latest project to fall victim to a flash loan attack, losing over $6.2 million worth of tokens in the process.
“On May 29, 2021, a flash loan attack was initiated on the BSC 4Belt (USDT/USDC/BUSD/DAI) pool. The attacker created a smart contract that used PancakeSwap for flash loans and exploited our beltBUSD pool and its underlying strategy protocols and then proceeded to execute the contract 8 times for a total profit of 6,234,753 BUSD,” Belt Finance wrote in a post mortem announcement yesterday.
1/ We apologize for the wait, but we wanted to make this right.
Here is the link to our incident report: https://t.co/l1hmAlMGbM
— Belt Finance (@BELT_Finance) May 30, 2021
Another DeFi gone
Flash loan exploits are becoming increasingly prevalent in the DeFi space lately. Using this vector of attack, hackers usually take out massive loans on other platforms and use these funds to manipulate token prices on projects they are targeting.
This effectively allows the attackers to quickly and illicitly obtain substantial amounts of “extra” money while still being able to repay the loan afterward.
According to Belt Finance, only two of its liquidity pools were affected—beltBUSD and 4Belt—whose users lost 21.36% and 5.51% of funds, respectively.
Following the attack, deposits and withdrawals from the affected pools were suspended for 48 hours. At press time, Belt Finance developers have reported that they identified and successfully patched the exploit that enabled the attack.
“We are doing everything we can to ensure that nothing like this will ever take place again. We are also in the process of creating a compensation plan for our users. Our users and their assets are important to us, and while this attack is something we had not foreseen, we do not want this to affect our users in any negative way,” the developers stated.
Flash loan attacks intensify
The compensation plan is expected to be published on June 1. Meanwhile, Belt Finance’s team also reassured users that it has not sold its tokens and “this can be verified through the address plainly posted in our telegram group.”
“As attacks on the BSC ecosystem are becoming more and more common, this is fast becoming a concern for all members of the BSC community. We hope the BSC community can work together to address these issues and the causes that enable such attacks,” Belt Finance noted, concluding, “We will make this right.”
As CryptoSlate reported, several other BSC-based DeFi platforms have also been “flash loaned” recently. Just a few days ago, for example, BurgerSwap lost over $7.2 million worth of BNB, ETH, BURGER, and other tokens to a similar exploit. Prior to that, Pancake Bunny’s token plummeted by 90% after a $40 million flash loan attack.
Get an edge on the cryptoasset market
Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.
Like what you see? Subscribe for updates.