JulSwap and BurgerSwap Face Exploits, What are Flash Loan Attacks?

Another two platforms on Binance Smart Chain have been hit with flash loan attacks. Two BSC’s earliest Dexs were the targets.

By
Robert D. Knight
on
May 28, 2021
Category:
BSC News

BurgerSwap reported that it was hit with a $7.2 million exploit at around 3am on Friday, while JulSwap says it was exploited in a similar manner

BurgerSwap on Google

Both protocols are now faced with the prospect of trying to put the pieces back together after these damaging events. BurgerSwap has already said it is working on a detailed compensation package, but is faced with “rugpull” FUD and “inside job” claims. To further fuel such conspiracies and create additional difficulties for the BurgerSwap team, Hayden Adams, the creator of Uniswap, claims the exploit only occurred because BurgerSwap’s forked Uniswap code removed the specific line of code which would have prevented the exploit.


Growing Exploits on Binance Smart Chain

BurgerSwap and JulSwap now join a growing list of BSC-based protocols which have been attacked, finding themselves in the unhappy company of Venus, PancakeBunny, Spartan and Uranium. The BSC chain protocols have all faced either a flash loan attack, or some other kind of exploit in this month alone.

What are Flash Loan Attacks?

Flash loans were first proposed by Marble Capital in 2018. The concept of the flash loan is to borrow and repay money in a single blockchain transaction, theoretically giving the loan an effective time duration of 0. This allows any person to borrow large amounts of working capital at very negligible cost. Marble posited that this flash loan would allow anyone to successfully profit from arbitrage opportunities - exploiting the cost differences of the same asset across platforms.

As explained by Marble in their blog which first introduced the concept, the flash loan concept works as follows:

“There are now several DEXs on Ethereum such as 0x, Bancor, and Kyber, which often have small price differences. With flash lending, a trader can borrow from the Marble bank, buy a token on one DEX, sell the token on another DEX for a higher price, repay the bank, and pocket the arbitrage profit all in a single atomic transaction.”

As explained by Adelyn Zhou, the CMO of Chainlink Labs, flash loans can be used in ways other than originally intended so that individual’s with little or no market capital can manipulate the market as though they were a whale.

“The novelty of a flash loan is that it can temporarily make anyone in the world a very well-capitalized actor, with the potential to suddenly manipulate the market. In the recent string of attacks, we’ve seen malicious actors use flash loans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens so they can artificially move a token’s price on a single exchange. This sequence is essentially the foot in the door, allowing the attacker to then exploit that exchange’s anomalous pricing. ”

Importantly, the flash loan is only a tool which is used to make these attacks happen. Without vulnerabilities in the protocol’s themselves the flash loan attack would not be possible.

Final Thoughts

It has been a notably bad month for hacks and other exploits on Binance Smart Chain. While the ecosystem has grown at incredible speed, questions may be raised as to whether the incredible speed of this growth has also come at some cost to thoroughness and security. Other protocols on BSC would be wise to take note of these recent attacks, to learn the lessons of them, and to apply any fixes to their own platforms with haste. Malicious actors have acquired a taste for exploiting projects on BSC, and having made gains in the hundreds of millions of dollars, there is no reason to expect them to stop now.


Tags:
No items found.
Robert D. Knight

Robert D. Knight is an experienced journalist and copywriter who has been working in crypto for 4+ years. His bags are heavy in ETH and BTC, plus he also hodls some smaller cryptocurrency.

Text Link

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.