Trusted

Spartan DeFi Suffers $30M Loss in BSC Flash Loan Attack

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • Smart contracts exploited to drain SPARTA pools.
  • More BSC attacks to come, warn experts.
  • SPARTA tokens dump 40% over the weekend.
  • promo

The latest decentralized finance (DeFi) hack has resulted in major losses for the Binance Smart Chain-based Spartan Protocol.

In a report on May 2, security firm PeckShield detailed the exploit on the Spartan protocol which occurred the previous day. It stated that the incident was due to a flawed liquidity share calculation in the protocol, which was exploited to drain assets from the pool.

It added that this specific hack inflated the asset balance of the pool before burning the same amount of pool tokens to claim an unnecessarily large amount of underlying assets—$30 million worth in this instance.

The Rekt Blog, which details hacks and exploits in the DeFi ecosystem, has ranked this incursion as the sixth-highest on its leaderboards, tacking on “The era of BSC flash loans is upon us.”

Another DeFi postmortem

Rekt ran a postmortem on the attack. It found that a flash loan was taken on PancakeSwap for 100,000 wrapped BNB (wBNB), to be returned at the last step with 260 wBNB as the flash loan fee.

The attacker then swapped wBNB to the protocol’s native SPARTA token five times through the exploited Spartan pool, each time swapping 1,913 wBNB to get 621,865 SPARTA tokens. The process was completed a further ten times in order to inflate the asset balance in the pool.

Tokens were then burnt so that the liquidity could be withdrawn and the process was repeated until the flash loan of 100,260 wBNB was repaid and the attacker made off with over $30 million.

PeckShield explained:

“The vulnerability stems from the fact that the liquidity share calculation is querying the current balance which can then be inflated for manipulation. A correct calculation needs to make use of cached balance.”

The attacker used the 1inch exchange to swap all tokens to BTCB or BETH, Spartan to dump SPARTA, and Nerve Finance to swap BTCB and BETH to Anyswap versions where it withdrew the stolen funds.

More BSC exploits likely to come

The Rekt Blog warned of more of such attacks to come:

“A relatively straightforward story of another copied protocol who were too ambitious with their imitation. The era of BSC flash loans is upon us, and this won’t be the last time we see such attacks.”

It concluded that with so many developers rushing to copy the Ethereum blue chips onto Binance Smart Chain, there’s sure to be more opportunities for keen-eyed hackers.

SPARTA tokens dumped 40% over the weekend as news of the incursion circulated.

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

profile.jpg
Martin Young
Martin Young is a seasoned cryptocurrency journalist and editor with over 7 years of experience covering the latest news and trends in the digital asset space. He is passionate about making complex blockchain, fintech, and macroeconomics concepts understandable for mainstream audiences.   Martin has been featured in top finance, technology, and crypto publications including BeInCrypto, CoinTelegraph, NewsBTC, FX Empire, and Asia Times. His articles provide an in-depth analysis of...
READ FULL BIO
Sponsored
Sponsored