Belt Finance Latest BSC Flash Loan Exploit Victim, Damages Total $50 Million USD

.

On Saturday, Belt Finance suffered a flash loan attack, following a series of exploits against DeFi protocols on the Binance Smart Chain.

6 Millions for Attacker Spell 50 Millions lost

According to a blog post by Belt Finance, the attack was carried out on the BSC 4Belt yield farming pool that accepts deposits in USDT, USDC, BUSD, and DAI. Following a very sophisticated exploit, the attacker then took off with a profit of 6.23 million USD.

However, the attacker’s profit does not take into account the overhead cost accrued in gas fees. In total Belt Finance estimates the total damage suffered by investors into the yield farming pool to total 50 million USD.

Attacker exploits complex Loophole in Yield Farming Strategy

Using flash loans (uncollateralized DeFi loans that are paid back within the same block), it is possible to create sophisticated attack vectors that exploit the complex structure of DeFi smart contracts.

According to Belt Finance, the attacker in the most recent smart contract hack executed on the Binance Smart Chain took out a flash loan worth 390 million BUSD on PancakeSwap, using a total of eight trading pairs. This made it possible to change the yield farming strategy in Belt’s deposit pools to the attacker’s favor, through several third-party DeFi platforms:

How the Belt Finance Attacker took off with 6.23 Million USD in Profits. Source: Belt Finance.

As of now, Belt Finance has suspended all deposits and withdrawals, expecting full functionality to be regained within 48 hours. On their Twitter account, Belt announced that they have patched the faulty smart contracts, with an external audit pending. Additionally, the yield farming platform wants to come up with a plan to compensate the investors affected by the incident.

 

Stay up to date on crypto news!

Sign up for our newsletter for all the hottest crypto stories, ICO reviews, and insights from leading experts of the crypto world - four times a week.

You have been signed up!