Belt Finance loses millions in latest BSC-based DeFi exploit

Belt Finance has change into the latest Binance Smart Chain-based decentralized finance, or DeFi, protocol to lose millions to an opportunistic hacker.

The Rekt Blog, which publish mortems DeFi exploits, stated that an attacker exploited a flaw in the way in which the protocol’s vaults calculates the worth of its collateral which helped to “add another notch to the now infamous flash loan exploit season on the BSC,” including:

“Yet another fork of a fork has rolled off the conveyor belt with $6.3M falling straight into the hands of the hacker.”

Rekt revealed {that a} complete of eight flash loans have been made on PancakeSwap for $385 million BUSD. The beltBUSD vault’s “Elipsis” technique was exploited because it was essentially the most undersubscribed technique on the platform.

Belt Finance makes use of an optimum yield aggregator to supply passive yield era to depositors. Elipsis is a decentralized trade that permits swapping of stablecoins with low slippage on the Binance Smart Chain. The beltUSD vault additionally deploys capital on the BSC-based protocols Venus, Alpaca, and Fortube for yield era.

On May 30, SushiSwap core developer Mudit Gupta posted a Twitter thread analyzing the incident, describing the flash mortgage assault as one of many “more complex hacks.”

Belt’s vaults function with a goal steadiness for every technique employed, he defined. When a consumer deposits cash right into a vault, the capital is allotted to essentially the most undersubscribed technique. When somebody withdraws cash from the vault, it withdraws it from essentially the most oversubscribed technique.

Gupta asserted the attacker exploited this technique to make a number of transactions throughout a number of methods, inflating the worth of its swimming pools earlier than repaying the flash mortgage and pocketing greater than $6 million in earnings. Gupta concluded:

“Basically, the issue happened because Belt incorrectly integrated with Elipsis. A similar issue happened last month as well in belt finance but at that time, the problem was a buggy integration with Venus. I wonder if belt has any bug-free integration.”

Venus is one other BSC protocol for lending and borrowing by way of the minting of artificial stablecoins.

Belt Finance is the latest in a lengthening listing of BSC DeFi protocols to get exploited. On May 28, the BurgerSwap DEX was attacked resulting in the draining of $7.2 million.

So far this yr, Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, and Spartan Protocol have all suffered exploits on Binance Smart Chain. Binance has now turned to blockchain intelligence company CipherTrace for analytics support in a bid to mitigate additional incursions.