Belt Finance Was Exploited and Becomes The Victim Of FlashLoan Attack

Defi
Published on: 31.05.2021

Flash loan attacks are a type of DeFi attack where a cyberthief takes out a flash loan (a form of uncollateralized lending) from a lending protocol.

An AMM protocol that incorporates multi-strategy yield optimizing on Binance Smart Chain, Belt Finance was the recent victim of a flash loan exploitation.

On May 29, 2021, a flash loan attack was initiated on the BSC 4Belt (USDT/USDC/BUSD/DAI) pool. The attacker created a smart contract that used PancakeSwap for flash loans and exploited our beltBUSD pool and its underlying strategy protocols and then proceeded to execute the contract 8 times for a total profit of 6,234,753 BUSD. beltBUSD vault users suffered a 21.36% loss of funds, while 4Belt pool users suffered a 5.51% loss of funds. 

With regards of the incident Belt Finance halted asset withdrawal on the platform for 24–48 hours assuring their community that funds are safe.

EXPLOIT BRIEF HISTORY

  • The attacker acquired a flash loan of around 390 million BUSD from PancakeSwap for the exploit, which is close to the maximum amount of BUSD that could be garnered from all pools with BUSD on PancakeSwap
  • The attacker acquired a flash loan of around 390 million BUSD from PancakeSwap for the exploit, which is close to the maximum amount of BUSD that could be garnered from all pools with BUSD on PancakeSwap
  • The attacker’s contract simultaneously moved 190M BUSD to the Ellipsis.fi 3pool to exchange 190M BUSD to around 169.5M USDT.
  • The attacker then withdrew from the beltBUSD vault for a gain of around 0.5% on their 200M BUSD deposit, or about 1M BUSD (201M BUSD withdrawn from a 200M BUSD deposit). 
  • The attacker then swapped back the USDT to BUSD on Ellipsis, returning the LP to its previous value, and thus left the beltBUSD vault with a 1M BUSD loss.

This exploit transaction, starting from the PancakeSwap flashloan and ending with sending any ETH to the Ethereum mainnet, was repeated 8 times. The attacker caused a total loss of 50,030,452 BUSD to the beltBUSD pool, and used 43,795,699 BUSD as fees for PCS, Venus and Ellipsis. The attacker ultimately withdrew 6,234,753 BUSD to their wallet

 

ABOUT BELT FINANCE
Belt Finance is a stableswap AMM protocol that incorporates multi-strategy yield optimizing on Binance Smart Chain (BSC) and HECO Chain with low fees/slippage that also provides aggregation through vault compounding, lending and yield generation for maximum returns.

 

RESOURCES
Blog Post

Related
Subquery partners with Energy Web
Defi
15.05.2024
Subquery partners with Energy Web
IQ Protocol and LightLink Partnership
Defi
12.05.2024
IQ Protocol and LightLink Partnership
YFX partners with Chainlink
Defi
12.05.2024
YFX partners with Chainlink
Exploring Risks and Opportunities in DeFi Yield Farming
Defi
11.05.2024
Exploring Risks and Opportunities in DeFi Yield Farming
QuickNode partners with Morph
Defi
10.05.2024
Quicknode partners with Morph
Stay Up to Date with Us
Market Stats:
BTC Dominance: 54.59%(+0.15%/24h)
ETH Dominance: 14.99%(-0.17%/24h)
Defi Market Cap: $86.14B(-4.63%/24h)
Total Market Cap: $2366.81B(-0.79%/24h)
Total Trading Volume 24h: $76.62B(-22.32%/24h)
ETH Market Cap: $354.48B
Defi to ETH Ratio: 24.3%
Defi Dominance: 3.47%
Altcoin Market Cap: $1074.78B
Altcoin Volume 24h: $46.69B
Total Cryptocurrencies: 29740
Active Cryptocurrencies: 9955
Active Market Pairs: 82131
Active Exchanges: 765
Total Exchanges: 8534
BTC: 65568.91$(0.22%/1H)
ETH: 2953.37$(0.07%/1H)
AVAX: 34.77$(0.75%/1H)
BNB: 571.54$(0.29%/1H)
MATIC: 0.7$(-0.01%/1H)
FTM: 0.82$(1.2%/1H)
ADA: 0.46$(0.36%/1H)
DOT: 7.03$(0.22%/1H)
UNI: 7.3$(0.09%/1H)
LINK: 15.96$(1.7%/1H)
CAKE: 2.6$(0.43%/1H)
SUSHI: 1.09$(-0.19%/1H)
ONE: 0.02$(0.75%/1H)