bitcoin
Bitcoin (BTC) $ 47,971.00 1.73%
ethereum
Ethereum (ETH) $ 3,424.41 2.51%
xrp
XRP (XRP) $ 1.07 1.82%
stellar
Stellar (XLM) $ 0.323654 1.35%
cardano
Cardano (ADA) $ 2.37 1.22%
tether
Tether (USDT) $ 0.999325 0.46%
chainlink
Chainlink (LINK) $ 28.23 3.20%
litecoin
Litecoin (LTC) $ 180.14 2.60%
bitcoin-cash
Bitcoin Cash (BCH) $ 634.88 0.12%
dogecoin
Dogecoin (DOGE) $ 0.240673 2.13%

DeFi hacks on Binance Smart Chain continue as ‘Impossible Finance’ drained for $500k

Share on facebook
Share on twitter
Share on reddit
Share on email
$85 million ‘Meebits’ NFT project exploited; attacker nabs $700,000 collectible

Impossible Finance, a decentralized finance (DeFi) protocol on the Binance Smart Chain has been exploited for $500,000 in a flash loan attack.

A flash loan attack is a common type of DeFi exploits in which hackers take an uncollateralized loan from a lending protocol and through a series of technical maneuvers manipulate the market in their favor.

Vulnerability 

The attack on the Impossible Finance liquidity pool happened on June 21 and resulted in a loss of 229.84 Ethereum (ETH), valued $500.000 at the time of the exploit.

By using a fake token, hackers launched a flash loan attack to exhaust the protocol’s liquidity pool.

Auditing service WatchPug explained that the attack involved consecutive swaps at about the same price, draining the liquidity pool, “which is usually impossible.”

At 4 AM UTC, Jun 21, $0.5M was stolen from Impossible Finance.

The hacker made multiple swaps in a row at about the same price and drained the LP, which is usually impossible.

A vulnerability in the pool’s smart contract enabled multiple swaps of the protocol’s native Impossible Finance token (IF) to Binance USD stablecoin (BUSD) and then to the native coin of Binance Chain, Binance Coin (BNB).

According to Mudit Gupta, a core developer of SushiSwap, the hack design wasn’t that innovative, and it exploiting a similar vulnerability as the recent attack on BurgerSwap protocol, also built on the Binance Smart Chain, in which $7.2 million was stolen.

Postmortem

Impossible Finance published a report on the incident through the official announcement channel and said it had prepared an insurance fund.

The project announced all user funds deposited into liquidity pools prior to the attack will be 100% compensated, meanwhile, all liquidity pool rewards are paused and users are advised not to add or withdraw funds for IF/BUSD and IF/BNB pairs.

Impossible Finance joins other flash loan exploits on the Binance Smart Chain, like Pancake Bunny and Belt Finance, after the network issued an official “call for action” to developers.

Copycat? Serial? The space is yet to profile all the DeFi predators out there.

The post DeFi hacks on Binance Smart Chain continue as ‘Impossible Finance’ drained for $500k appeared first on CryptoSlate.

This article originally appeared on CryptoSlate.

NordVPN banner adNordVPN banner adNordVPN banner ad
ADVERTISEMENT

Related Posts

bitcoin

Bitcoin (BTC)

$ 47,971.00 1.73%
ethereum

Ethereum (ETH)

$ 3,424.41 2.51%
binance-coin

Binance Coin (BNB)

$ 409.60 2.20%
dogecoin

Dogecoin (DOGE)

$ 0.240673 2.13%
xrp

XRP (XRP)

$ 1.07 1.82%
safemoon

SafeMoon (SAFEMOON)

$ 0.000002 4.35%

Subscribe to Alerts

Get email alerts on new stories.