BSC-Based 'Belt Finance' DeFi Protocol Exploited for $6.3 Million
- Belt Finance joins the ranks of 7 other BSC-based DeFi protocols hacked so far this year.
The Belt Finance protocol has become the latest Binance Smart Chain-based DeFi platform to lose millions to software exploitation.
According to a post on the Rekt blog, the attacker managed to drain the money through exploitation in the way that the protocol calculates the value of its collateral.
“An incorrect share valuation helps to add another notch to the now infamous flash loan exploit season on the BSC,” the post said. “Yet another Fork Fork A fork can occur when a blockchain diverges into two potential paths forward, there is a change in protocol, or a scenario occurs in which two or more blocks have the same block height.Because blockchain networks are decentralized, the participants on the network must come to an agreement when it comes to things like software upgrades to a network. This is called consensus.When consensus cannot be achieved on a software upgrade, a fork occurs, effectively representing a divergence in software th A fork can occur when a blockchain diverges into two potential paths forward, there is a change in protocol, or a scenario occurs in which two or more blocks have the same block height.Because blockchain networks are decentralized, the participants on the network must come to an agreement when it comes to things like software upgrades to a network. This is called consensus.When consensus cannot be achieved on a software upgrade, a fork occurs, effectively representing a divergence in software th Read this Term of a fork has rolled off the conveyor belt with $6.3M falling straight into the hands of the hacker.”
“Basically, the Issue Happened Because Belt Incorrectly Integrated with Ellipsis.”
May 30, SushiSwap core developer, Mudit Gupta described the incident in a Twitter thread. He explained that the attacker exploited several aspects of Belt’s operations to take out flash loans and then inflate the value of its pools; the attacker then repaid the loan, pocketing more than $6 million in the process.
“Basically, the issue happened because Belt incorrectly integrated with Ellipsis,” Gupta said. Ellipsis is a BSC-based Stablecoin Stablecoin Unlike other cryptocurrencies like Bitcoin and Ethereum, stablecoins are cryptocurrencies that have been designed to keep a stable value. Placing a greater emphasis on stability over volatility can be a huge draw for some investors. Many individuals can be turned off from large swings and uncertainty presented by cryptos relative to other traditional assets.Stablecoins control for this volatility by being pegged to another cryptocurrency, fiat money, or to exchange-traded commodities, including Unlike other cryptocurrencies like Bitcoin and Ethereum, stablecoins are cryptocurrencies that have been designed to keep a stable value. Placing a greater emphasis on stability over volatility can be a huge draw for some investors. Many individuals can be turned off from large swings and uncertainty presented by cryptos relative to other traditional assets.Stablecoins control for this volatility by being pegged to another cryptocurrency, fiat money, or to exchange-traded commodities, including Read this Term decentralized exchange.
Belt Finance got hacked today, losses worth ~$13mm. Withdrawals have been paused to prevent further losses. The exploit happened due to an incorrect valuation of 3eps shares. This was one of the more complex hacks in recent times?? pic.twitter.com/WCFDoDFyh0
— Mudit Gupta (@Mudit__Gupta) May 30, 2021
“A similar issue happened last month as well in belt finance, but at that time, the problem was a buggy integration with Venus. I wonder if belt has any bug-free integration (sic),” he continued. In addition, Venus is a lending protocol based on the Binance Smart Chain.
The Belt Finance exploitation marks the eighth time that a BSC-based protocol has been exploited by a hacker this year. Belt joins the ranks of Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon and Spartan Protocol.
Binance has reportedly sought analytical support from the cybersecurity firm, CipherTrace to prevent further exploitations from taking place on BSC.
The Belt Finance protocol has become the latest Binance Smart Chain-based DeFi platform to lose millions to software exploitation.
According to a post on the Rekt blog, the attacker managed to drain the money through exploitation in the way that the protocol calculates the value of its collateral.
“An incorrect share valuation helps to add another notch to the now infamous flash loan exploit season on the BSC,” the post said. “Yet another Fork Fork A fork can occur when a blockchain diverges into two potential paths forward, there is a change in protocol, or a scenario occurs in which two or more blocks have the same block height.Because blockchain networks are decentralized, the participants on the network must come to an agreement when it comes to things like software upgrades to a network. This is called consensus.When consensus cannot be achieved on a software upgrade, a fork occurs, effectively representing a divergence in software th A fork can occur when a blockchain diverges into two potential paths forward, there is a change in protocol, or a scenario occurs in which two or more blocks have the same block height.Because blockchain networks are decentralized, the participants on the network must come to an agreement when it comes to things like software upgrades to a network. This is called consensus.When consensus cannot be achieved on a software upgrade, a fork occurs, effectively representing a divergence in software th Read this Term of a fork has rolled off the conveyor belt with $6.3M falling straight into the hands of the hacker.”
“Basically, the Issue Happened Because Belt Incorrectly Integrated with Ellipsis.”
May 30, SushiSwap core developer, Mudit Gupta described the incident in a Twitter thread. He explained that the attacker exploited several aspects of Belt’s operations to take out flash loans and then inflate the value of its pools; the attacker then repaid the loan, pocketing more than $6 million in the process.
“Basically, the issue happened because Belt incorrectly integrated with Ellipsis,” Gupta said. Ellipsis is a BSC-based Stablecoin Stablecoin Unlike other cryptocurrencies like Bitcoin and Ethereum, stablecoins are cryptocurrencies that have been designed to keep a stable value. Placing a greater emphasis on stability over volatility can be a huge draw for some investors. Many individuals can be turned off from large swings and uncertainty presented by cryptos relative to other traditional assets.Stablecoins control for this volatility by being pegged to another cryptocurrency, fiat money, or to exchange-traded commodities, including Unlike other cryptocurrencies like Bitcoin and Ethereum, stablecoins are cryptocurrencies that have been designed to keep a stable value. Placing a greater emphasis on stability over volatility can be a huge draw for some investors. Many individuals can be turned off from large swings and uncertainty presented by cryptos relative to other traditional assets.Stablecoins control for this volatility by being pegged to another cryptocurrency, fiat money, or to exchange-traded commodities, including Read this Term decentralized exchange.
Belt Finance got hacked today, losses worth ~$13mm. Withdrawals have been paused to prevent further losses. The exploit happened due to an incorrect valuation of 3eps shares. This was one of the more complex hacks in recent times?? pic.twitter.com/WCFDoDFyh0
— Mudit Gupta (@Mudit__Gupta) May 30, 2021
“A similar issue happened last month as well in belt finance, but at that time, the problem was a buggy integration with Venus. I wonder if belt has any bug-free integration (sic),” he continued. In addition, Venus is a lending protocol based on the Binance Smart Chain.
The Belt Finance exploitation marks the eighth time that a BSC-based protocol has been exploited by a hacker this year. Belt joins the ranks of Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon and Spartan Protocol.
Binance has reportedly sought analytical support from the cybersecurity firm, CipherTrace to prevent further exploitations from taking place on BSC.