Press "Enter" to skip to content

Hacked on DeFi project on BSC, illegal outflow equivalent to 3.3 billion yen


Huge outflow from Spartan Protocol

It turns out that the Spartan Protocol, a decentralized finance (DeFi) project, was hacked and cost more than $ 30 million.

On May 2, the official Twitter of the project reported that “our fund pool v1 was hacked”, and the situation was such as working with the crypto asset (virtual currency) exchange Binance to recover the stolen funds. I informed you.

Spartan Protocol is a project built on Binance Smart Chain (BSC), a unique blockchain provided by Binance. The Liquidity Pool (LP) provides users with asset swaps, synthetic asset generation, lending, derivatives and more.

The Spartan Protocol has asked for help, “if anyone can identify and analyze this attack,” the blockchain analytics firm PeckShield soon published an article in response.

Attack using a flaw in the protocol

According to PeckShield, the hack was “a flaw in the calculation of liquidity shares and was misused to illicitly drain assets from the pool.”

When a user withdraws an asset from the pool, the corresponding token in the pool is burned (burned, permanently disabled), but a flaw was found in the logic involved in the calculations.

Those who steal assets use this flaw to use complex techniques to inflate the pool’s asset balance and withdraw large amounts of assets that they would not otherwise be able to withdraw.

In addition, PeckShield found that the equivalent of 3.3 billion yen that was illegally leaked from the pool due to this attack is currently stored in a wallet called “0x3b6e”. The company’s team said it was closely monitoring the movement of the wallet.

BSC is strengthening security

PeckShield had just announced a partnership with the Binance Smart Chain (BSC) ecosystem on April 30th. The purpose is to strengthen the security of the DeFi system.

According to the announcement, the volume of transactions on the BSC and the number of active wallets have increased significantly in recent years, and as the market expands, the importance of ecosystem monitoring to ensure the safety of dApps (distributed apps) is important. He explained that it had risen.

PeckShield’s on-chain and off-chain monitoring solutions automatically analyze cryptocurrency transactions to provide reliable and fast risk assessment. The company says it helps the BSC community identify fraud, phishing, hacking, etc., track fraudulent transaction flows, and carry out investigations.

A series of fraudulent outflows

This security enhancement was announced after a series of exit frauds on the BSC.

In March, exit fraud was reported in the decentralized exchange “Turtle DEX” and the yield pharming pool “Meerkat Finance” built in BSC, where operators escaped with user funds. The damage amounted to 250 million yen for Turtle DEX and 3 billion yen for Meerkat Finance.

Relation: BSC-based Turtle DEX exit fraud, damage amount equivalent to 250 million yen

It also reported that multiple projects on the BSC were hit by a server in March, although it did not lead to a user fund outflow.

Relation: BSC pancake swap etc. to some DeFi server attack damage, alert

The Spartan Protocol hack did not seem to be able to detect fraudulent activity in advance, but the method and the wallet used by the criminal were identified. It is hoped that the monitoring function will evolve further in the future to prevent unauthorized leakage in advance.


Author: A. Yamada
Reference: PeckShield

Images used under Shutterstock license
“Cryptocurrency” means “cryptographic assets”

Disclaimer - OBN is an informational website which aims to give the latest blockchain related news to the readers. Articles on OBN should not be considered as investment advice. Trading cryptocurrencies is a high-risk investment, every user is advised to consult an expert before making any decisions.