At 10:46 p.m. Beijing time, 19 hours after the hack, Belt released a full report of the incident, as well as a promise to release a compensation plan within 48 hours.
According to the report, the loss was $50 million and the hackers made a profit of $6.23 million. 21.36% of funds were lost to BeltBUSD vault users and 5.51% of funds were lost to 4Belt mining pool users. Other pools/vaults were not affected. Currently, Belt has suspended withdrawals and deposits and patched attack vectors on 4Belt and BeltBUSD. Withdrawals and deposits of funds will resume within the next 24-48 hours.
Looking back on this incident, there are some issues that need to be clarified and some interesting phenomena that deserve attention. In addition, after the official liberalization of withdrawals, some potholes need to be avoided by investors in time.
The problem lies in the strategy rather than BSC
BSC’s chain of thunderstorms has led some people to question the BSC chain itself: is BSC okay or not?
My opinion is that the wind and water will turn to my house this year. In last year’s DeFi boom, the same hacking incidents occurred frequently on Ether. Even in February this year, YFI, once the king of DeFi, was not spared. Attackers used lightning loans to cause Yearn Finance to lose up to $10 million.
Locked funds on BSC are second only to ethereum, so hackers naturally won’t let go. But it wasn’t until May of this year that hackers started to launch flash lending attacks on projects on BSC. For this reason, in our previous article, AmberGroup blockchain security expert Jiazhi Wu told Babbitt, “Before that, maybe the technical team didn’t try or didn’t quite know how to launch a flash credit on BSC, and with this experience, it’s much easier to launch a flash credit on BSC. “
In addition, as there was no cross-chain bridge on BSC before, the money could not escape the grasp of CoinSec, but later on, with anyswap and nerve providing decentralized cross-chain services, hackers could launder the money into ETH to escape from BSC, and CoinSec had no way to freeze it.
BSC’s recent frequent hacks have not even alerted a giant whale like SBF, which has placed funds on Belt, MDEX, pancakeswap, and Venus for seeding, with a total amount of around $800 million. Of that amount, $310 million is on Belt and happens to be in the 4Belt pool of funds. This means that SBF was not spared in this hack as well.
Ellipsis Laid Money
According to the official Ellipsis announcement, Belt invested its users’ money into Ellipsis, a strategy they named bEllipsisBUSD. hackers used Ellipsis’ 3Pool to convert BUSD-USDT-BUSD. The conversion volume was close to $18 billion. This generated almost $8 million in transaction fees for Ellipsis.
The spate of mines on BSC made some investors lose trust in most of the projects on it and go to invest in Coin backed projects, such as Venus.
In their view, even if something happens to Venus, there will be Coinan underwriting.
Precautions after releasing coin withdrawals
According to community users, it is expected that once Belt opens to withdraw coins, it will inevitably trigger the withdrawal of investors’ funds. Once everyone withdraws coins in a flurry it may cause a shortage of certain coins thus leading to excessive loss of swap slippage within the Belt pool. This means that users who withdraw their coins later may face slippage losses.
In order to avoid such losses, investors should withdraw coins in accordance with the pool ratios, rather than withdrawing a particular coin individually. As of press time, Belt’s locked position on BSC is $1.821 billion, of which $647 million is in 4Belt.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/belt-lightning-loan-attack-follow-up-total-losses-of-50-million-compensation-plan-released-within-48-hours/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.