2021 年 5 月の Binance Smart Chain 最大のハッキング
May was not the best month for the DeFi industry. Especially for the decentralized platform of one of the largest crypto exchanges Binance Smart Chain. Hackers managed to hack more than ten BSC-based projects, stealing almost $300 million in cryptocurrency within a month.
In addition to the obvious human factor in the form of “holes” in the security system and project code, DeFi is becoming a desirable target for attackers due to the lack of competent audit. May alone accounted for 14 of 27 incidents since the beginning of this year. We tried to recall the largest of them.
Total Loss: $30 Million
On May 2, the BSC-based Spartan Pools V1 protocol was hacked due to a loophole in determining the share of SPARTA WBNB liquidity in the pool. The hacker withdrew excess assets by increasing the pool balance before burning coins.
For the attack, a loan in the PancakeSwap protocol was used in the amount of 100,000 BNB, which was then returned by paying a commission of 260 BNB.
2) Value DeFi
Total Loss: $27 Million
The first attack on this project took place back in November 2020. Then, in the course of a "complex attack" on the MultiStables storage, the attacker managed to steal $7 million.
In the same year, there were several break-ins. On May 5th, a hacker managed to steal $10 million due to a banal human error of one of the project's developers in lines of code. Then, literally, a couple of days later, all pools that did not use a 50/50 asset ratio were hacked. An additional exploit tool was the Bancor formula, which was misused by the developers. It was used by a hacker who stole $11 million this time.
Total Loss: $25 Million
On May 12th, the project developers noticed a discrepancy in cost and offer, after which they immediately “froze” smart contracts. However, the attacker still managed to steal $25 million from the xBNTa liquidity pools, as well as xSNXa in the equivalent of ETH, BNT, SNX, xBNTa tokens.
One of the analysts in his Twitter account noted that the fact that a hacker used several vulnerabilities at once and the speed of action may indicate the involvement of someone who was directly involved in the project.
Total Loss: $100 Million
It's not so much about the hack as about the colossal $200 million liquidations in the BSC-based Venus protocol. The price of the XVS token has been manipulated. An unknown user is busy with over 4000 BTC and 9600 ETH, thus generating $100 million in bad debt.
A similar case happened in February 2021 on the Compound ETH service when debt in DAI increased by 30%, significantly increasing the liquidation of assets.
Total Loss: $42 Million
The attack fell on one of the popular methods among the "May hackers" instant loans. He borrowed a huge amount of BNB equivalent and manipulated funds in USDT BNB pairs, as well as BUNNY BNB, dropping the rate for a while to less than $1.
As a result, the project lost more than 40 million, and the value of the token fell by more than 80%.
This review is not an advertisement or a recommendation to action, but merely an informational one. The publisher and the author are not responsible for your decisions.