Iron Finance DeFi Exploit Explained in Post Mortem

Share Article
In Brief
  • Iron Finance exploit results in $170,000 loss.

  • The team made a mistake after a FaaS upgrade.

  • Farms and tokens will be relaunched to reimburse users

  • promo

    Stake your points and qualify for the 200,000 USDT prize pool. Start staking now!

The Trust Project is an international consortium of news organizations building standards of transparency.

The latest decentralized finance protocol to get exploited is Iron Finance. The platform lost $170,000 from its liquidity pools following erroneous actions by the team.



Iron Finance is a partially collateralized stablecoin platform based on the Binance Smart Chain (BSC).

It reported that on March 16, two Iron Finance vFarm pools were “subject to an incident”. This ordeal resulted in the loss of user deposits.



It claims that an attacker managed to exploit the system and drain the pools. The bad actor(s) made off with $170,000 worth of its native SIL tokens. These were then sold for BUSD (Binance’s stablecoin) on the markets.

Resetting the Iron Finance Farms  

Value DeFi posted on Telegram explaining that a cloud service (FaaS) upgrade changed the reward rate integer. However, the Iron Finance team was unaware. It updated the pools with a different reward rate integer which is what caused the incident.

The pool rewards were inflated by the error and someone took advantage by draining all SIL rewards and selling them. The IRON/SIL and IRON/BUSD pools were affected.

The team claims that there was no flaw in the Iron Finance smart contracts and has taken responsibility for the incident.

It explained that vFarms will be relaunched on March 18 and the SIL token will be relaunched as sIRON. Iron Finance also published a document for affected users to enter their details. This is likely to help coordinate a refund process for the new tokens.

The update told users not to sell or redeem their IRON tokens for the time being. When the new pools launch on March 18, the full amount of BUSD will be redeemable.

The protocol was launched on BSC in early March with an IRON stablecoin pegged to USD. It’s partially backed by collateral like BUSD and USDT and partially backed algorithmically by SIL.

Decentralization Debate

The token relaunch is good news for those that lost funds. However, it cannot really be described as DeFi if some have the power to reset the system.

Similar incidents have occurred with Yam Finance and a number of other platforms in the past. The fledgling financial landscape is still evolving, striving for a balance between security and full decentralization.

Earlier this month the BSC-based DODO exchange was exploited for almost $2 million. As BSC grows, Binance’s blockchain is becoming a bigger target for malicious actors.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Limited offer! Learn to mine and trade crypto today for free


Earn up to $10,000 USD every week in CoinFLEX AMM+ Arena!

Earn Now

Be our Supreme Scorer and qualify for a grand prize pool of 200,000 USDT!