The more secure the protocol is, the longer it can survive the cryptocurrency price crash meets hacker theft

If the coin falls, it may rise back one day; but if the coin is lost, it may be lost forever.

The more secure the protocol is, the longer it can survive the cryptocurrency price crash meets hacker theft

If the coin falls, it may rise again one day; but if the coin is lost, it may be lost forever.

On May 19, the crypto market suffered the largest plunge in its history, with trillions of dollars of market capitalization evaporating, more tragic than the “3-12” of 2019.

It’s really even more unfortunate if you were hit by the market crash and then had your coins stolen by hackers.

The reality is that this plunge was accompanied by several hacking incidents on the scale of tens or even billions of dollars.

  1. May 19, Venus was artificially caused to liquidate a large amount of money, more than $100 million in bad debts
  2. May 16, bEarn Fi was hacked, losing 11 million BUSD
  3. May 20, BSC Eco DeFi revenue aggregator PancakeBunny was hacked by lightning loan attack, losing about $45 million

Every week, or even every day, 1 project goes down.

The Cryptocurrency Smartchain has recently become predator prey. Hackers started feasting on the platform that replicates the ethereum code.

Today’s presentation is about one of the recently hacked protocols that was gobbled up, bEarn Fi, losing about $11 million worth of tokens.

The following is excerpted from Peckshield and bEarn attack analysis.

Beginning on May 16, 2021 at 10:36:20 AM + UTC, BearnFi’s BvaultsBank contract was hacked and approximately $11 million was lost from the pool.

The incident was caused by an error in the internal withdrawal logic that inconsistently read the same input amounts, but with different asset denominations between BvaultsBank and the associated strategy BvaultsStrategy.

BvaultsBank’s withdrawal logic assumes that the withdrawal amount is denominated in BUSD, while BvaultsStrategy’s withdrawal logic assumes that the withdrawal amount is denominated in ibBUSD.

However, ibBUSD is an interest-bearing token and is more expensive than BUSD.

  1. Borrow 7,804,239.111784605253208456 BUSD from CREAM through a lightning loan, pay back this loan in the last step and pay the necessary fees to cover the cost of the lightning loan.
  2. Deposit the borrowed BUSD funds to BvaultsBank and send them immediately to the relevant BvaultsStrategy and then to Alpaca Vault for the proceeds. As a result of this deposit above, Alpaca Vault simultaneously minted 7,598,066.589501626344403426 ibBUSD and returned it to BvaultsStrategy.
  3. Mine with the 7,598,066.589501626344403426 ibBUSD received via Alpaca FairLaunch.
  4. Remove the 7,804,239.111784605253208533 BUSD deposited above from BvaultsBank, however this is incorrectly interpreted as a withdrawal of 7,804,239.111784605253208533 ibBUSD, equivalent to 8,016, 006.09792806917101481 BUSD.
  5. Next, the user repeats the operation, still depositing 7,804,239.111784605253208533 BUSD to BvaultsStrategy and then to BvaultsBank in turn. However, since there are funds left over from the previous round, BvaultsStrategy will credit the user with 8,016, 006.09792806917101481 BUSD, and this money is mined again through Alpaca.
  6. Repeat the above operation and keep accumulating until the pool is finally depleted.
  7. In the last step, repay the 7,806,580.383518140634784418 BUSD borrowed in the first step through Lightning Lending.

The funds obtained by the attacker through the above attack are initially stored in this wallet: https://bscscan.com/address/0x47f341d896b08daacb344d9021f955247e50d089.

The BSC replicated code provides wealth opportunities for many hackers looking for vulnerabilities in the protocol. As we see the rapid rise and fall of TVL on the BSC ecosystem, it is clear that time is the most expensive means of security audit.

Living longer means being more secure, and conversely, being more secure means being able to live longer.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/the-more-secure-the-protocol-is-the-longer-it-can-survive-the-cryptocurrency-price-crash-meets-hacker-theft/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-05-20 12:41
Next 2021-05-20 12:51

Related articles