Belt Finance is the Latest Casualty to Flash Loan Exploit

Flash loan attacks are a tool to exploit multiple platforms on the Binance Smart Chain. The latest exploit on Belt Finance has left many questioning if the DeFi space is really safe.

By
Chung Yee
on
May 31, 2021
Category:
BSC News

Attack on Belt Finance

With recent exploits still on people’s minds, Belt Finance became the latest casualty of flash loan attacks on the Binance Smart Chain on May 29th. These exploits are becoming increasingly rampant of late, making many question whether the flash loan contracts are secure at any level. Belt Finance is an Automated Market Market (AMM) on the Binance Smart Chain that optimizes yield, which has led to impressive engagement from investors. At the time of writing, it has $2.57 billion of Total Value Locked (TVL). It is estimated that losses are in seven figures, which is nothing to scoff at considering their TVL. 

In an official tweet by Belt Finance, all withdrawals are paused and a compensation plan with an incident report will be announced. The exact amount has not been determined and will be announced soon. 


Prior DeFi Exploits on the Binance Smart Chain 

Various DeFi protocols have suffered the same fate as Belt Finance. The following are some of the breaches that took place on the Binance Smart Chain in recent times:

May 2, 2021 - Spartan Protocol announced that they have lost approximately $30 million through an exploit. 

May 16, 2021 - bEearn Fi lost almost $11 million when one of its vaults was exploited

May 20, 2021 - PancakeBunny suffered an exploit draining $200 million 

May 28, 2021 - BurgerSwap was exploited and hackers stole $7.2 million worth of tokens


Why are Flash Loans ‘Convenient Tools’ in Exploits?

Flash loan exploit is the latest tool in the arsenal of a hacker. Flash loans are uncollateralized loans that allow the borrower to use the funds for a short period, allowing the borrower to pocket the difference and return the borrowed sum. There is no need for collateralization as the protocol will reverse the transaction if the debt is not repaid on time. 

In the past, 51% attacks on any protocol were almost impossible to carry out because a lot of resources were needed. On the other hand, flash loan exploits are low risk, low costs, and high reward for attackers. The risk of getting caught is low because hackers can conceal their identities through various tools.     


Will DeFi Withstand the Attacks?

There is no denial that DeFi has been a game changer, with innovative financial products being  introduced into the crypto market. The entire system is unique, innovative, permissionless and cheap compared to the conventional alternatives. According to the data in DeFi Pulse, a total of $57.05 billion is locked in various DeFi protocols. 

Source 

The positive trend does not seem to be abating. In early February, 2020 the value locked in DeFi protocols just exceeded $1 billion. Many detractors were of the opinion that the DeFi craze was merely a passing phase in the crypto space, one that would be replaced over time with a new craze. But, these protocols serve an important need; some of the most basic financial needs are borrowing and lending services, and these services are readily available through various DeFi protocols in a manner not possible on previous chains.       


Conclusion

The exploits are similar to ‘vermin’ that are infesting the industry, and the lack of ‘maturity’ in the DeFi space is the reason that such exploits are possible. Whilst solutions can be implemented to make the entire ecosystem safer, temporary solutions by using tools that monitor and provide emergency responses are important until that gap is bridged. One such project is by OpenZeppelin, who have created a tool called ‘Sentinels’, which monitors and defends smart contracts. There may be gaps in the protocols' level of safety, but user confidence can be bolstered by ample risk mitigation solutions such as a comprehensive compensation plan.

Tags:
No items found.
Chung Yee

Chung Yee has a legal background and has been involved in research works for the legal and compliance industry. Writing is his passion, centered on topics such as the blockchain and finance.

Text Link

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.