Following the attacks on BurgerSwap and JulSwap that fork Uniswap, the DeFi protocol that forks Curve has also become a hacker’s “cash machine.”
Original title: “Belt Finance is attacked by lightning loan, Fork Curve’s Pandora’s Box has been opened? 》
Written by: PeckShield
On May 30th, Beijing time, PeckShield’s “Paid Shield” warning showed that Belt Finance, an AMM protocol that combines multi-strategy revenue optimization on the BSC chain, was attacked by lightning loans.
Through tracking and analysis, PeckShield found that the attack originated from the attacker’s repeated buying and selling of BUSD, and the use of loopholes in the calculation of the balance of the bEllipsisBUSD strategy to manipulate the price of beltBUSD for profit.
What’s interesting is that Ellipsis is a project of Fork authorized by Curve on the DeFi protocol on Ethereum. Judging from past attacks related to Curve, has Pandora’s box been opened again?
The following is the attack process:
In the first step, the attacker borrowed 8 flash loans from PancakeSwap:
FLIP WBNB-BUSD: 107,736,995.2 BUSD
FLIP USDC-BUSD: 38,227,899.2 BUSD
FLIP BUSDT-BUSD: 153,621,552.7 BUSD
FLIP DAI-BUSD: 31,372,406.8 BUSD
FLIP UST-BUSD: 17,505,135.1 BUSD
FLIP VAI-BUSD: 17,294,888.2 BUSD
FLIP ALPACA-BUSD: 10,828,766.5 BUSD
FLIP CAKE-BUSD: 10,728,353.2 BUSD
Deposit 10 million BUSD into the bEllipsisBUSD strategy;
The second step is to deposit 187 million BUSD into the bVenusBUSD strategy, and then exchange 190 million BUSD into 169 million USDT through the Ellipsis contract;
Repeat the operation of withdrawal-exchange-charge 7 times: the attacker extracts more BUSD from the strategy bVenusBUSD, exchanges 190 million BUSD into 169 million USDT through the Ellipsis contract, and deposits BUSD into the bVenusBUSD strategy;
Since the price of beltBUSD depends on the sum of all machine gun pool balances, the attacker deposits BUSD into the bVenusBUSD strategy and then proposes BUSD. In theory, since the number of assets remains the same, even if the attacker repeats the operation multiple times, it will not make a profit. However, if other strategies are manipulated, the price of beltBUSD will be affected.
In this attack, the attacker manipulated the price by buying and selling BUSD multiple times, and then exploiting the loopholes in the calculation of the balance of the bEllipsis strategy.
Subsequently, the attacker used the Nerve (Anyswap) cross-chain bridge to convert the acquired assets into ETH in batches. CoinHolmes, an anti-money laundering situational awareness system under PeckShield, will continue to monitor asset movements.
This is already the fourth security incident on the BSC chain since this week. This week, we warned and analyzed the security incidents of Fork PancakeBunny and Uniswap. Attacks on the BSC chain showed a trend of acceleration and growth. Are Ethereum DeFi attackers attacking again or new imitation criminals have emerged?
When the attack accelerates, the security foundation of the entire DeFi field is worth reexamining, and attackers are not only focusing on a new star. PeckShield reminds Fork Curve that the DeFi protocol must self-check the code, eliminate similar vulnerabilities, or seek the help of a professional code audit team. It is not too late to lose.
Disclaimer: As a blockchain information platform, the articles published on this site only represent the author’s personal views, and have nothing to do with the position of ChainNews. The information, opinions, etc. in the article are for reference only, and are not intended as or regarded as actual investment advice.
