DeFi hacks on Binance Smart Chain continue as ‘Impossible Finance’ drained for $500k


Impossible Finance, a decentralized finance (DeFi) protocol on the Binance Smart Chain has been exploited for $500,000 in a flash loan attack. 

A flash loan attack is a common type of DeFi exploits in which hackers take an uncollateralized loan from a lending protocol and through a series of technical maneuvers manipulate the market in their favor.

Vulnerability 

The attack on the Impossible Finance liquidity pool happened on June 21 and resulted in a loss of 229.84 Ethereum (ETH), valued $500.000 at the time of the exploit. 

By using a fake token, hackers launched a flash loan attack to exhaust the protocol’s liquidity pool.

Auditing service WatchPug explained that the attack involved consecutive swaps at about the same price, draining the liquidity pool, “which is usually impossible.” 

At 4 AM UTC, Jun 21, $0.5M was stolen from Impossible Finance.

The hacker made multiple swaps in a row at about the same price and drained the LP, which is usually impossible.

How does Impossible Finance make the impossible possible?

Read our analysis:https://t.co/3r0p1dOFWz

— WatchPug (@WatchPug_) June 21, 2021

A vulnerability in the pool’s smart contract enabled multiple swaps of the protocol’s native Impossible Finance token (IF) to Binance USD stablecoin (BUSD) and then to the native coin of Binance Chain, Binance Coin (BNB).

According to Mudit Gupta, a core developer of SushiSwap, the hack design wasn’t that innovative, and it exploiting a similar vulnerability as the recent attack on BurgerSwap protocol, also built on the Binance Smart Chain, in which $7.2 million was stolen.  

Impossible finance got exploited today for $500k.https://t.co/mzCPRluOjn

Same exploit as the burger swap one:https://t.co/3PkVtn7Hi7

If the original project gets hacked, why don’t the forks react?

— Mudit Gupta (@Mudit__Gupta) June 21, 2021

Postmortem 

Impossible Finance published a report on the incident through the official announcement channel and said it had prepared an insurance fund.

The project announced all user funds deposited into liquidity pools prior to the attack will be 100% compensated, meanwhile, all liquidity pool rewards are paused and users are advised not to add or withdraw funds for IF/BUSD and IF/BNB pairs. 

Impossible Finance joins other flash loan exploits on the Binance Smart Chain, like Pancake Bunny and Belt Finance, after the network issued an official “call for action” to developers.

Copycat? Serial? The space is yet to profile all the DeFi predators out there. 

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis

Price snapshots

More context

Join now for $19/month Explore all benefits

Like what you see? Subscribe for updates.



Source

Recommended For You

About the Author: Bruce Kashinsky

I wrote my first computer chess program in 1971 @ Penn State University York, PA. campus. I was taking Computer Science, and Electrical Engineering. I am still on computers to this day.

Leave a Reply

Your email address will not be published. Required fields are marked *