Another day, another DeFi flash loan exploit on Binance Smart Chain. This time around, the victim is the multi-chain incubator project Impossible Finance.
“Earlier today there was a flash loan attack on our IF token. We are working with PeckShield, Watchpug, and other community whitehats to investigate the situation and will have a detailed event report.”
Copycat DeFi Attacker
SushiSwap core developer Mudit Gupta noted that it was a similar attack to the one that exploited the BurgerSwap protocol in late May. Back then, the attacker managed to drain over $7 million from the protocol executing flash loans with a fake token.
A vulnerability in the pool’s smart contract enabled the attacker to perform multiple swaps of the protocols native token IF to BUSD and then to BNB to repay the flash loan.
The Impossible Finance team confirmed on Telegram that it had allocated an insurance fund to compensate liquidity providers,
“We have also prepared an insurance fund to ensure that your funds are safe and remain our number one priority. All users funds who deposited into liquidity pools (“LPs”) PRIOR to the attack will be 100% compensated.”
Impossible Finance raised $7 million from an extensive list of venture capital and angel investors in early June in order to build a BSC incubator platform for multi-chain DeFi startups.
It joins the long list of BSC-based DeFi protocols that have been exploited this year which includes PancakeBunny, Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, Spartan Protocol, and Belt Finance.
BSC itself claimed that the wave of attacks was organized and targeted.
IF token price tanks
The IF token has predictably collapsed today, tanking over 60% from a high of $2.80 this time on June 21 to as low as $0.14 before recovering to just over $1 at the time of press.
According to CoinGecko, IF is currently trading 86% lower than its June 19 all-time high of $7.61.