Belt Finance was exploited for $6.2 million in a flash loan strike

0
3078

A hacker took advantage of a flaw in the Belt Finance 4Belt pool by using flash loans.

BUSD, Binance’s native USD-pegged stablecoin, was changed to ETH through 1inch DEX and partially withdrawn from Binance Smart Chain onto Ethereum by the hacker.

Only $6.2 million was taken from Belt Finance’s vast $2.6 billion total value locked up in this breach (TVL).

The belt USD vault employs four different techniques. The Venus approach was used to leak cash due to a fault in the Elipsis technique.

To maintain equilibrium between the four strategies, the vault transfers new deposits to the most undersubscribed strategy and pays off withdrawals from the most overcrowded procedure. If the 3EPS pool becomes imbalanced, the Elipsis strategy flaw causes a value miscalculation.

The hacker transferred around $200 million from BUSD to USDT via flash loans, unbalancing the 3EPS pool and triggering the Elipsis strategy issue. The 4Belt collection would have overvalued the hacker’s shares at this moment, handing out an additional 0.5 percent profit when the flash loan ended. A single $200 million flash loan deal resulted in a $1 million profit.

Since $6 million in fees were paid to the 3EPS pool, the hacker made $6.2 million while suffering a total loss of $13 million.

This attack, along with other recent hacking indicators in the Binance Smart Chain ecosystem, has prompted criticism of the so-called “fork culture,” where whole codebases are cloned without proper checks. Several flash loan assaults have occurred in recent weeks as a result of this problem.

LEAVE A REPLY

Please enter your comment!
Please enter your name here