- Attacks on Binance Smart Chain protocols are intensifying with Spartan Protocol the latest DeFi project to be exposed and at least $30 million drained from one of its pools.
- According to blockchain security experts, attackers were able to take advantage of a flawed liquidity share calculation in the protocol.
Days after the Uranium Finance protocol was exploited and $50 million exposed, another Binance Smart Chain protocol has been attacked. Spartan Protocol was attacked on Sunday, exposing around $30 million. In a blog post, PeckShield Inc., a leading blockchain security company investigating the breach, said the attackers were able to exploit a flawed liquidity share calculation in the protocol to drain the digital assets from one of the pools.
In particular, the specific hack inflates the asset balance of the pool before burning the same amount of pool tokens to claim an unnecessarily large amount of underlying assets.
The wallet holding the stolen funds has since been identified and both PeckShield Inc and the Spartan team are monitoring it for any movement. While the funds are on the move and especially if there is an attempt to sell, it is easier for the culprits to be identified.
According to a Twitter posted a few hours after the attack, the project has plans to bounce back from this and rebuild itself.
They may have taken our funds, they may have kicked us when we were down, they may have thrown shade and spread mis-information, but they did not take our souls.
Spartans – we will rebuild. Assemble the shield wall. pic.twitter.com/9zu6IWycpt
— Spartan Protocol (@SpartanProtocol) May 3, 2021
Despite the project admitting that the exploitation was caused by a flaw in its coding, investors have once again cried to Binance and Changpeng Zhao, the CEO, to take some action. However, it would appear there’s little that he or Binance as a company can do for the investors.
According to Rekt, this becomes the sixth-largest exploitation in the DeFi space. The top five are EasyFi’s $59 million, Meerkat Finance’s $32 million, Kucoin’s $45 million, Alpha Finance’s $37.5 million and the most recent one, Uranium Finance’s $50 million.
The recurrence of exploits on BSC has been accelerated by the fast transactions and cheap fees offered on Binance Smart Chain (BSC). These have made it the preferred go-to network for attackers and even for sinister developers looking to steal from investors commonly referred to as a rug pull. Additionally, simple, under-funded, less-secure protocols are largely deploying on the BSC, for the same aforementioned reasons, and these vulnerable protocols have become easy pickings for attackers.
The end of Uranium Finance
Uranium Finance, suspected to be a rug pull, recently released a blog post explaining the attack to victims. In the post, the team confirmed a number of critical issues beyond the technical aspect of the attack. First, in collaboration with the Binance security team, the team is still committed to retrieving the stolen funds. On the same, the wallets holding the funds are still on the Binance Smart Chain and are being surveilled. Lastly, the team has no intention of bringing back the project under the circumstances.