On May 30, Beijing time, PeckShield alerted that Belt Finance, an AMM protocol combining multi-strategy revenue optimization on the BSC chain, was attacked by lightning loans.
Through tracking and analysis, PeckShield found that the attack originated from an attacker manipulating the price of beltBUSD by repeatedly buying and selling BUSD, exploiting a vulnerability in the bEllipsisBUSD strategy balance calculation for profit.
Interestingly, Ellipsis is a project authorized by the DeFi protocol Curve Fork on Ether, from the previous attacks related to Curve, is Pandora’s box opened again?
The following is the process of the attack.
In the first step, the attacker made 8 lightning loans from PancakeSwap.
FLIP WBNB-BUSD: 107,736,995.2 BUSD
FLIP USDC-BUSD: 38,227,899.2 BUSD
FLIP BUSDT-BUSD: 153,621,552.7 BUSD
FLIP DAI-BUSD: 31,372,406.8 BUSD
FLIP UST-BUSD: 17,505,135.1 BUSD
FLIP VAI-BUSD: 17,294,888.2 BUSD
FLIP ALPACA-BUSD: 10,828,766.5 BUSD
FLIP CAKE-BUSD: 10,728,353.2 BUSD
Deposit 10 million of these BUSD into the bEllipsisBUSD strategy.
In the second step, deposit 187 million BUSD into the bVenusBUSD strategy and then convert 190 million BUSD into 169 million USDT via the Ellipsis contract.
Repeat the withdrawal-exchange-fill operation seven times: the attacker withdraws more BUSD from the strategy bVenusBUSD, converts 190 million BUSD to 169 million USDT via the Ellipsis contract, and deposits the BUSD in the bVenusBUSD strategy.
Since the price of beltBUSD depends on the sum of all machine gun pool balances, the attacker deposits BUSD into the bVenusBUSD strategy and then withdraws BUSD, theoretically, the attacker will not profit even if he repeats the operation several times, since the amount of assets remains the same. However, if other strategies are manipulated, the price of belTUSD will be affected.
In this attack, the attacker manipulated the price by buying and selling BUSD multiple times, and then exploiting a vulnerability in the bEllipsis strategy balance calculation.
The attackers then converted the captured assets into ETH in batches via the Nerve (Anyswap) cross-chain bridge, and CoinHolmes, PeckShield’s anti-money laundering situational awareness system, will continue to monitor asset movements.
This is the fourth security incident on the BSC chain so far this week. This week, we alerted and analyzed the security incidents of Fork PancakeBunny and Uniswap. The attacks on BSC chain show an accelerating and growing trend, are Ether DeFi attackers striking again or have new copycat offenders emerged?
PeckShield suggests that Fork Curve’s DeFi protocol must be checked for similar vulnerabilities, or seek the help of a professional code audit team before it’s too late.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/the-fourth-attack-of-the-week-belt-finance-attack-process-analysis/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.