As in so many other opportunities this year, a decentralized finance platform based on Binance Smart Chain has come under attack. In this case, it is Belt Finance, which suffered losses of USD 6.2 million as a result of the event.
Hacking occurred on Saturday , May 29, according to the official statement of the firm , was an attack Loan flash ( flash loan in English), the same used on many previous occasions for such offenders. The letter also details technical issues that they detected and that could have been the origin of the attack.
Until the problem is resolved, deposits and withdrawals have been suspended. Beyond that, the company reported that the flaw that made the hack possible has already been identified and fixed.
Belt developers reported that the crooks created a smart contract that PancakeSwap used to obtain loans and then exploited its beltBUSD pool to execute the contract eight times, for a total of BUSD 6,234,753.
“We are investigating the 4Belt situation right now. BeltBTC, beltETH and beltBNB are fine. We will soon make an announcement about what we are doing / will do. The recalls are temporarily suspended, “said Belt. Source: Belt Finance / twitter.com
Regarding losses, it is explained that users who used the beltBUSD vaults saw 21.36% of their funds affected, while users of the 4Belt pool lost 5.51% of their assets. In both cases, Belt informed that they will be compensated through a plan that will be detailed soon through their networks and platforms. The rest of their trunks and pools, they clarify, “did not suffer any damage and are safe.”
Belt Finance has more than $ 2 billion in total locked value and “tens of thousands of users,” according to its statement. In addition to working on correcting the problem, the company reported that it will require an audit to find out what happened. “We are deeply concerned about the security of our service and we understand that users are too,” they communicated.
Hacks to Binance DeFi keep repeating themselves
Due to the unusual frequency of these events, thefts to decentralized finance platforms mounted on BSC have made the headlines in replacement of hacks to DeFi of Ethereum , especially in the last month.
To cite the most recent cases, on May 21, 2021, CryptoNews reported on the exploitation of a flaw in the PancakeBunny code that led to the theft of USD 45 million.
Also, a few days later, on the 28th of the same month, this media reported an attack on the DeFi BurgerSwap in which the attackers seized USD 7 million. In this case, a flash loan modality was used as happened with Belt Finance.
To these two attacks we can add a third, which occurred in the first days of May, and also through flash loans . At that time, USD 30 million was stolen from Spartan, also taking advantage of a vulnerability in the platform.