DeFi Protocol bEarn Suffers $11M Flash Loan Attack

Share Article
In Brief
  • Hacker exploited smart contracts to drain BUSD pools.

  • bEarn's algorithmic stablecoin BDO dumps to $0.24.

  • Protocol plans 105% compensation for victims.

  • promo

    Gravity Dex Protocol: Bringing DeFi to Cosmos

The Trust Project is an international consortium of news organizations building standards of transparency.

It’s another day, and another decentralized finance (DeFi) flash loan exploit has reared its head. The latest victim is bEarn, which lost $11 million in stablecoins on May 16.

Sponsored



Sponsored

The Binance Smart Chain (BSC) based cross-chain auto yield farming protocol bEarn reported the incident which resulted in the draining of the bVault BUSD Alpaca strategy. A little over $10.8 million BUSD was stolen by an attacker who used flash loans to exploit the system.

bEarn Fi is a DeFi protocol that provides yield generation, an algorithmic stablecoin called bDollar, bridges, and gaming aggregation on BSC and Ethereum.

Sponsored



Sponsored

The protocol announced that it would be compensating victims of the hack along with a post mortem of events that led to the incursion.

Attack postmortem

The incident was the result of the improper implementation of the withdraw function, the report explained, adding that a mistake in using the smart contract from its launch allowed the strategy to withdraw more BUSD than needed.

The attacker took out a flash loan on Cream Finance for 7.8 million BUSD and used this to deposit and withdraw from the bVaults around 30 times. After this, the attacker withdrew 8.26 million BUSD and repaid the flash loan.

bEarn contacted Binance to get the attackers address blocked and prevent them transferring funds. It also froze all of its bVaults to prevent any further losses and contacted security firms to analyze the code. A snapshot was also taken of liquidity providers addresses in order to work on a compensation plan.

“We will create a compensation fund which will consist of a combination of the remaining saved funds, Dev Fund, DAO Fund and a portion of fees generated by the protocol.”

At the time of writing, bEarn’s algorithmic stablecoin had dumped 11% on the day and was trading well below a dollar at $0.24.

DeFi compensation funds

Users will be compensated with 87.5% of their deposits in BUSD immediately with an additional 7.5% in BDOv2 (bDollar) tokens. The final 10% will be in BDEX which will be released over time, resulting in a total recompense of 105%.

As attacks escalate, compensation plans are becoming more frequent and it’s likely that all DeFi projects will need to allocate a slice of their token supply for such purposes.

On May 16, BeInCrypto reported that staking platform xToken had allocated 2% or 20 million tokens to compensate victims of a similar exploit in which it lost $24 million.

Rari Capital, which was exploited on May 8 also using flash loans, made similar plans to use 2 million tokens to reimburse victims.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Sponsored
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Market signals, studies and analysis! Join our Telegram Today!

Go

Market signals, studies and analysis! Join our Telegram Today!

Go

Market signals, studies and analysis! Join our Telegram Today!

Go