Binance Smart Chain

Another DeFi Protocol Exploit on Binance Smart Chain

Binance Smart Chain

Spartan Protocol, a DeFi platform built on Binance Smart Chain, was exploited, resulting in a loss of more than $30 million. Earlier last week, Uranium Finance, another BSC-based DeFi project, lost $50 million in an exploit of its platform.

Spartan Protocol is a liquidity platform for synthetic assets on the Binance Smart Chain (BSC). Early Sunday UTC, Spartan was exploited due to a “flawed liquidity share calculation” in the protocol. The attacker drained over $30 million from its liquidity pool. 

The attack centers around the manipulation of “flash loans”, in which the borrower obtains and pays back the loan instantly before the transaction ends – like the loan never happened in the first place.

The attackers used flash loans to inflate the balance of the pool before burning an equivalent amount of pool tokens.

This incident was due to a flawed logic in calculating the liquidity share when the pool token is burned to withdraw the underlying assets, on-chain analysis and security startup Peckshield explained.

 

BSC-based Uranium Finance Loses $50M in Exploit

After the incident, the price of Spartan Protocol’s native token, SPARTA, plunged 30% on Sunday. At the time of writing (3 May, 10:52AM, HKT), SPARTA is trading at $1.25, up 6.8% over the last 24 hours.

The attack came just a few days after Uranium Finance, another BSC-based DeFi project, lost over $57 million in an exploit on April 28 from a similar attack.

BSC-based Uranium Finance had borrowed code extensively from Uniswap. It is a fork of Uniswap V2, with the added bonus of providing users with daily dividends to its users.

Uranium tweeted after the exploit: “Uranium migration has been exploited, the following address has 50m in it. The only thing that matters is keeping the funds on BSC, everyone please start tweeting this address to Binance immediately asking them to stop transfers.”

Earlier last month, attackers had taken advantage of vulnerabilities in Uranium’s smart contracts, resulting in an exploit of Uranium’s rewards contract.

The latest attack on Spartan Protocol makes it the sixth biggest monetary exploit in DeFi history, according to Rekt. And Uranium’s $57 million loss makes it the second-largest DeFi exploit behind EasyFi’s $59 million hack.