The misunderstood lightning loan: it’s just a tool

There were a total of 23 DeFi-related security incidents in May 2021, of which there were approximately 11 lightning lending attacks.

The misunderstood lightning loan: it's just a tool

According to the PeckShield situational awareness platform, there were 46 prominent security incidents across the blockchain ecosystem in the past month. There were 25 DeFi-related, 4 exchange-related, 3 ransom-related, 10 fraud-related, 2 wallet-related, and 2 smart contract-related incidents.

According to PeckShield statistics, there were 23 DeFi-related security incidents in May 2021 with approximately $280 million in losses, including about 11 lightning loan attacks, 15 DeFi-related security incidents on the BSC chain, 3 on the ethereum chain, and 1 on EOS. 1 on EOS.

Many people interpreted “lightning loans” as “a source of evil”, “a nuclear bomb built on DeFi” and “an empty glove for the attacker’s principal”.

In fact, these statements are a misinterpretation of lightning loans. Lightning loans simply use blockchain technology to bring a new possibility to what is not possible in the traditional lending market. In theory, lightning lending lending allows users to lend all the passes in a liquidity pool through unsecured lending and requires them to return the borrowed passes, as well as a fixed cost of borrowing, after a series of swap collateral clearing operations and before the transaction ends.

The first lightning attack on BSC was on May 2, when PeckShield traced and analyzed a lightning attack on the DeFi protocol Spartan Potocol. Since then, the frequency of lightning attacks on BSC chains has increased, including PancakeBunny, Bogged Finance, AutoShark, BurgerSwap, and JulSwap.

PeckShield observed that these lightning attacks are similar to the lightning attacks on ethereum, only that they have moved from ethereum to BSC. The ecology of DeFi is getting richer and more and more assets are bound to BSC, which makes it a “harvesting ground” for attackers to look at.

From the above 6 lightning loan attacks, we found that most of them are very similar to the attacks that happened on Ether before.

BurgerSwap is similar to the OUSD attack. There are similarities between BurgerSwap based on BSC and lightning loan + re-entry attack based on OUSD on Ether, both attackers first lend a lightning loan from a decentralized exchange offering lightning exchange, then deposit fake coins and native Token (BURGER, OUSD) in the smart contract, and attack the contract by re-entry attack in this step, and finally return the lightning loan to complete the attack.

On May 30, the AMM protocol Belt Finance, which combines multi-strategy revenue optimization on the BSC chain, was attacked by a lightning credit, and PeckShield traced and analyzed the attack to the attacker’s repeated buying and selling of BUSD, exploiting a vulnerability in the bEllipsisBUSD strategy balance calculation to manipulate the price of beltBUSD for profit.

It is worth noting that Ellipsis is a project authorized by DeFi protocol Curve Fork on Ether, and the arbitrage event of manipulating the price of Curve yPool many times to take advantage of the stablecoin spread has resurfaced, has the Pandora’s Box of Fork Curve been opened?

In summary, these resurfaced lightning loan attacks are well documented and not without defense.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-06-01 23:36
Next 2021-06-01 23:41

Related articles