Coindesk Logo

Belt Finance Victim of Flash Loan Attack in Latest Exploit of a BSC DeFi Protocol

Belt Finance Victim of Flash Loan Attack in Latest Exploit of a BSC DeFi Protocol

Belt Finance Victim of Flash Loan Attack in Latest Exploit of a BSC DeFi Protocol

Withdrawals and deposits are temporarily paused.

Withdrawals and deposits are temporarily paused.

Withdrawals and deposits are temporarily paused.

AccessTimeIconMay 30, 2021, 3:24 PM
Updated Aug 19, 2021, 9:47 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Belt Finance, a platform that provides automated market making for decentralized finance (DeFi), was hacked Saturday in a flash loan attack that resulted in a profit of $6.23 million for the perpetrator and an overall $50 million loss for the platform.

  • It's the latest attack on a DeFi protocol built on Binance Smart Chain, one of the so-called Ethereum killers that's built by centralized crypto exchange giant Binance.
  • In a blog post, Belt Finance said the attacker created a smart contract that used PancakeSwap for flash loans and exploited its beltBUSD pool and its strategy protocols and then proceeded to execute the contract eight times for a total profit of 6.23 million BUSD (US $6.23 million).
  • BeltBUSD vault users suffered a 21.36% loss of funds, while 4Belt pool users lost 5.51%, the protocol said. No other pools/vaults were affected. Overall, the attack cost the beltBUSD pool a combined loss of 50m BUSD (US $50 million) consisting of 43.8m in fees and the 6.23 million BUSD that the attacker withdrew as profit.
  • The protocol said it paused withdrawals and deposits as soon as it were aware of the attack and that the vulnerability that allowed the attack to occur has been patched.
  • In its blog post dated Sunday, Belt Finance said withdrawals and deposits would resume sometime in the next 24 to 48 hours and that it's working on a "compensation plan" that will be released in next 48 hours.

UPDATE (May 30, 23:14 UTC): Adds that beltBUSD pool's loss was a total 50 million BUSD with the 43.8 million in fees added to the 6.23 million in profits taken by the attacker.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.