Ad
News
DeFi hacks on Binance Smart Chain continue as ‘Impossible Finance’ drained for $500k DeFi hacks on Binance Smart Chain continue as ‘Impossible Finance’ drained for $500k
🚨 This article is 3 years old...

DeFi hacks on Binance Smart Chain continue as ‘Impossible Finance’ drained for $500k

Impossible Finance suffered a $500,000 loss in the latest DeFi exploit.

DeFi hacks on Binance Smart Chain continue as ‘Impossible Finance’ drained for $500k

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Impossible Finance, a decentralized finance (DeFi) protocol on the Binance Smart Chain has been exploited for $500,000 in a flash loan attack.

A flash loan attack is a common type of DeFi exploits in which hackers take an uncollateralized loan from a lending protocol and through a series of technical maneuvers manipulate the market in their favor.

Vulnerability 

The attack on the Impossible Finance liquidity pool happened on June 21 and resulted in a loss of 229.84 Ethereum (ETH), valued $500.000 at the time of the exploit. 

By using a fake token, hackers launched a flash loan attack to exhaust the protocol’s liquidity pool.

Auditing service WatchPug explained that the attack involved consecutive swaps at about the same price, draining the liquidity pool, “which is usually impossible.” 

A vulnerability in the pool’s smart contract enabled multiple swaps of the protocol’s native Impossible Finance token (IF) to Binance USD stablecoin (BUSD) and then to the native coin of Binance Chain, Binance Coin (BNB).

According to Mudit Gupta, a core developer of SushiSwap, the hack design wasn’t that innovative, and it exploiting a similar vulnerability as the recent attack on BurgerSwap protocol, also built on the Binance Smart Chain, in which $7.2 million was stolen.  

Postmortem 

Impossible Finance published a report on the incident through the official announcement channel and said it had prepared an insurance fund.

The project announced all user funds deposited into liquidity pools prior to the attack will be 100% compensated, meanwhile, all liquidity pool rewards are paused and users are advised not to add or withdraw funds for IF/BUSD and IF/BNB pairs. 

Impossible Finance joins other flash loan exploits on the Binance Smart Chain, like Pancake Bunny and Belt Finance, after the network issued an official “call for action” to developers.

Copycat? Serial? The space is yet to profile all the DeFi predators out there. 

Posted In: DeFi, Hacks