The flash loan technique has been used yet again to exploit vulnerabilities in a network. This time hackers have targeted Belt Finance’s vault and pools, leading to a loss of nearly $6.2Million worth of BUSD.
The hacker successfully stole $6.2Million worth of BUSD. BUSD is basically known as Binance Native USD stablecoin. BUSD has the ability to be converted into Ethereum using 1nch Dex, which can then be withdrawn from Binance Smart Chain. Although $6.2Million is a lot, it was thankfully not enough that it would cripple Belt Finance into an uncomfortable position.
The Exploitation Process
According to reports, one out of the four strategies used for the beltBUSD was exploited. A bug in the Elipsis strategy was taken advantage of, helping hackers take out precious funds from the vault using the Venus strategy. To establish a balance between the four strategies, the main beltBUSD vault transfers new deposits to the most unused strategy and uses the most used strategy to help payout the withdrawals. The bug was used to make the four strategies unbalanced, leading to miscalculations in the value of the four strategies. By messing with the balance of the strategies using the bug, the hackers used flash loans to convert nearly $200Million worth of BUSD into USDT, making the 3EPS pool unbalanced.
The 4Belt pool would then making the hacker’s share have absurd value, meaning that an additional 0.5% profit would be generated and transferred to the hackers even after the flash loan does its work. Using this technique, the hackers used a single $200Million flash loan payout to generated a profit of nearly a million bucks. The same method was used by the hacker to exploit the pools several times, leading to a profit gain of around $6.2Million, leading to a massive #13Million in loss because of the $6Million fee that was transferred to the 3EPS pool.
Flash Loans and DeFi
The flash loan technique has been used in the past many times and has sometimes led to some substantial losses. DeFi ecosystems have been attacked several times. The fortunate part is that the flash loan attempt can be detected if the system is being constantly monitored for abrupt changes. But sometimes systems are left unmonitored, meaning that hackers can have all the time they want to exploit pools inside networks.
Due to this, the trader have started to speak against the ‘fork’ technique, which has led to many attacks. People are now looking for proper solutions to deal with hackers taking advantage of this flash loan technique.