Spartan DeFi Suffers $30M Loss in BSC Flash Loan Attack

Share Article
In Brief
The Trust Project is an international consortium of news organizations building standards of transparency.

The latest decentralized finance (DeFi) hack has resulted in major losses for the Binance Smart Chain-based Spartan Protocol.



In a report on May 2, security firm PeckShield detailed the exploit on the Spartan protocol which occurred the previous day. It stated that the incident was due to a flawed liquidity share calculation in the protocol, which was exploited to drain assets from the pool.

It added that this specific hack inflated the asset balance of the pool before burning the same amount of pool tokens to claim an unnecessarily large amount of underlying assets—$30 million worth in this instance.



The Rekt Blog, which details hacks and exploits in the DeFi ecosystem, has ranked this incursion as the sixth-highest on its leaderboards, tacking on “The era of BSC flash loans is upon us.”

Another DeFi postmortem

Rekt ran a postmortem on the attack. It found that a flash loan was taken on PancakeSwap for 100,000 wrapped BNB (wBNB), to be returned at the last step with 260 wBNB as the flash loan fee.

The attacker then swapped wBNB to the protocol’s native SPARTA token five times through the exploited Spartan pool, each time swapping 1,913 wBNB to get 621,865 SPARTA tokens. The process was completed a further ten times in order to inflate the asset balance in the pool.

Tokens were then burnt so that the liquidity could be withdrawn and the process was repeated until the flash loan of 100,260 wBNB was repaid and the attacker made off with over $30 million.

PeckShield explained:

“The vulnerability stems from the fact that the liquidity share calculation is querying the current balance which can then be inflated for manipulation. A correct calculation needs to make use of cached balance.”

The attacker used the 1inch exchange to swap all tokens to BTCB or BETH, Spartan to dump SPARTA, and Nerve Finance to swap BTCB and BETH to Anyswap versions where it withdrew the stolen funds.

More BSC exploits likely to come

The Rekt Blog warned of more of such attacks to come:

“A relatively straightforward story of another copied protocol who were too ambitious with their imitation. The era of BSC flash loans is upon us, and this won’t be the last time we see such attacks.”

It concluded that with so many developers rushing to copy the Ethereum blue chips onto Binance Smart Chain, there’s sure to be more opportunities for keen-eyed hackers.

SPARTA tokens dumped 40% over the weekend as news of the incursion circulated.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Don’t get FUD! Win 1 ETH when you deposit $100 with Bybit!      


FOMO no more. Win 1 BTC when you trade $100 on Bybit!      


Bybit New Token Listing: Win In-Game NFTs and SIDUS Tokens.      

Win Now!