Flash Loans Strike: Belt Finance Exploited for $6.2 Million
The hacker managed to steal $6.2 million worth of BUSD, the Binance native USD-pegged stablecoin converted to ETH via 1inch DEX and partially withdrawn from Binance Smart Chain onto Ethereum.
- This hack was comparatively benign: only $6.2 million was stolen from Belt Finance’s massive $2.6 billion total value locked (TVL).
- The beltBUSD vault uses four strategies. A bug in the Elipsis strategy was used to leak out funds via the Venus strategy.
- The vault sends new deposits to the most undersubscribed strategy and pays out withdrawals from the most oversubscribed strategy to create balance between the four of them. The Elipsis strategy bug creates a value miscalculation if the 3EPS pool becomes unbalanced.
- Using flash loans, the hacker swapped about $200 million from BUSD to USDT, unbalancing the 3EPS pool and activating the Elipsis strategy bug. The 4Belt pool at this point would have overvalued the hacker’s shares, paying out an additional 0.5% profit after the conclusion of the flash loan. This resulted in a $1M profit from a single $200M flash loan transaction.
- The hacker repeated the transaction multiple times, netting $6.2M in profit and causing $13M in total losses, since $6M in fees were paid to the 3EPS pool.
- Along with other recent hacking indicents in the Binance Smart Chain ecosystem, this hack has led to a condemnation of ‘fork culture’ where entire codebases are replicated without thorough audits. This issue has led to several flash loan attacks over the past few weeks.