Jump to content

BSC's Belt Finance Loses $6.2 Million In Flash Loan Attack - Piracy News and Crypto Updates - InviteHawk - Your Only Source for Free Torrent Invites

Buy, Sell, Trade or Find Free Torrent Invites for Private Torrent Trackers Such As redacted, blutopia, losslessclub, femdomcult, filelist, Chdbits, Uhdbits, empornium, iptorrents, hdbits, gazellegames, animebytes, privatehd, myspleen, torrentleech, morethantv, bibliotik, alpharatio, blady, passthepopcorn, brokenstones, pornbay, cgpeers, cinemageddon, broadcasthenet, learnbits, torrentseeds, beyondhd, cinemaz, u2.dmhy, Karagarga, PTerclub, Nyaa.si, Polishtracker etc.

BSC's Belt Finance Loses $6.2 Million In Flash Loan Attack


Recommended Posts

Belt Finance, an AMM protocol incorporating multi-strategy yield optimization on Binance Smart Chain (BSC), has suffered a flash loan attack with losses amounting to $6.2 Million. The BUSD was stolen in 8 transactions, converted to 2680 anyETH, and partially withdrawn to Ethereum through 1inch V3. 1463 ETH remains in the cross-chain bridge.

The Belt Finance team tweeted:

"Partial funds of our 4Belt pool have been affected. (Accurate amount will be announced soon). We are now analyzing and fixing our contract for safety. Compensation plan and accident report will be up soon. Withdraw of BSC vaults will be paused until contract upgrade is complete."

What Are Flash Loan Attacks?
Flash loans are a new type of loan uncollateralized and administered by smart contracts developed by DeFi lending protocol, Aave. DeFi attacks such as Flash Loan attacks happen when the attacker takes out a flash loan from lending protocol and uses multiple gimmicks occurring at the same time to manipulate the market to work in their favor.

These attacks can take only seconds and still involve four or more DeFi protocols. These attacks are the most common as they are easy to pull off and get away with. With DeFi's surging popularity since 2020, flash loan attacks are increasing in number, with losses up to hundred million dollars. 

Analysis Of The Belt Finance Attacks
BSC's projects have been a target of flash loan attacks, with Belt Finance being the latest target. Research analyst Igor Igamberdiev (@FrankResearcher on Twitter) shared a detailed analysis of the attack via Twitter. The attacks began with each transaction having eight flash loans of $385M BUSD from PancakeSwap. 

The attacker then deposited 10M BUSD in bEllipsisBUSD strategy for the first transaction, becoming the 'Most Insufficient Strategy.' Another 187M BUSD was deposited to bVenusBUSD strategy ('Most Insufficient Strategy.')

The attacker then swapped 190M BUSD to 169M USDT through Ellipsis and withdrew more BUSD from bVenusBUSD strategy ('Most Overlooked Strategy'). Following this, 169M USDT was then swapped to 189M BUSD through Ellipsis, with more BUSD deposited to bVenusBUSD strategy ('Most Insufficient Strategy.'). These steps were over seven times.

Upon ending the repetition, the attacker repaid the flash loans and withdrew the profit. Igamberdiev notes that the beltBUSD price depends on the sum of the balances of all vault strategies. The vault deposits of BUSD are made to the Most Insufficient Strategy and withdrawn from the Most Overlooked Strategy. 

He further adds,

"In theory, repeated actions will not make a profit since the number of assets does not change. However, if there is a way to manipulate other strategies, it is possible to manipulate the beltBUSD price. Apparently, by buying and selling BUSD, the attacker manipulated this price with a bug in the bEllipsisBUSD strategy balance calculations."

The stolen BUSD was converted to 2680 anyETH through 1inch v3. It was partially withdrawn to Ethereum, while 1463 ETH is still moving away from the cross-chain bridge. Belt Finance tweeted an update saying,

"We're working on figuring out the 4Belt situation right now. beltBTC,beltETH,beltBNB are ok. We will make an announcement soon about how we are/will be going forward. Withdrawals are temporarily paused."

A Series Of Unfortunate Attacks 
PancakeBunny and BurgerSwap are two other projects on BSC that suffered flash loan attacks. PancakeBunny Finance lost 690,000 BUNNY tokens which were sold into ETH and BNB. The token lost 95.5% in its overall evaluation. 

BurgerSwap lost $7.2 million over 14 transactions and has suspended Swap and BURGER generation to prevent further losses. The team is investigating the situation and looking for a solution currently; BurgerSwap will publish details soon. 

BSC has called for all dApps to take the necessary action to prevent further attacks by working with audit companies and performing health checks. Forked projects have been asked to triple-check their changes from original versions. 

The application of risk control measures to actively monitor anomalies in real-time, pausing protocols if abnormalities occur, planning a contingency plan for worst-case scenarios, and setting up bounty programs by respective projects or on ImmuneFi are some of the measures BSC has requested. 

Link to comment
Share on other sites

Avoid unnecessary posts such as 'Thank you', 'Welcome', etc. Such posts will be deleted and user will be warned if it happens again. If caught spamming, the following actions are applicable -

  • First time - Warning
  • Second time - 5000 Points will be deducted
  • Third time - Ban for 7 days
  • Fourth time - Permanent Ban

If the post helped you, reward the user by reacting to the post like this -

1.jpg

Link to comment
Share on other sites

The last post in this topic was made more than 14 days ago. Only post in this topic if you have something valuable to add. Irrelevant posts are not allowed and you will be warned/banned for spamming old topics.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Read this before posting -
  • Only post if you have something valuable to contribute.
  • Avoid unnecessary posts such as 'Thank you', 'Welcome', etc. Such posts will be deleted and you will be warned if it happens again.
  • If the post helped you, reward the user by reacting to the post like this -                      1.jpg
Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Customer Reviews

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.