Belt Finance Victim of Flash Loan Attack in Latest Exploit of a BSC DeFi Protocol

Withdrawals and deposits are temporarily paused.

AccessTimeIconMay 30, 2021 at 3:24 p.m. UTC
Updated Sep 14, 2021 at 1:03 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Belt Finance, a platform that provides automated market making for decentralized finance (DeFi), was hacked Saturday in a flash loan attack that resulted in a profit of $6.23 million for the perpetrator and an overall $50 million loss for the platform.

  • It's the latest attack on a DeFi protocol built on Binance Smart Chain, one of the so-called Ethereum killers that's built by centralized crypto exchange giant Binance.
  • In a blog post, Belt Finance said the attacker created a smart contract that used PancakeSwap for flash loans and exploited its beltBUSD pool and its strategy protocols and then proceeded to execute the contract eight times for a total profit of 6.23 million BUSD (US $6.23 million).
  • BeltBUSD vault users suffered a 21.36% loss of funds, while 4Belt pool users lost 5.51%, the protocol said. No other pools/vaults were affected. Overall, the attack cost the beltBUSD pool a combined loss of 50m BUSD (US $50 million) consisting of 43.8m in fees and the 6.23 million BUSD that the attacker withdrew as profit.
  • The protocol said it paused withdrawals and deposits as soon as it were aware of the attack and that the vulnerability that allowed the attack to occur has been patched.
  • In its blog post dated Sunday, Belt Finance said withdrawals and deposits would resume sometime in the next 24 to 48 hours and that it's working on a "compensation plan" that will be released in next 48 hours.

UPDATE (May 30, 23:14 UTC): Adds that beltBUSD pool's loss was a total 50 million BUSD with the 43.8 million in fees added to the 6.23 million in profits taken by the attacker.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.