Hackers withdrew 50 million BUSD from the DeFi Belt Finance protocol

Belt Finance’s decentralized finance (DeFi) platform was hacked this weekend. The hackers withdrew 43 million BUSD and received another 6.23 million BUSD through an attack using quick loans.

In a blog post, the developers of the DeFi protocol on the Binance Smart Chain (BSC) Belt Finance blockchain reported that the attacker created a smart contract that used PancakeSwap to attack using fast loans and withdrew 43 million BUSD by exploiting a vulnerability in the BeltBUSD pool and its strategic protocols … The smart contract was then executed eight times for a total profit of 6.23 million BUSD.

According to the developers’ statement, BeltBUSD users lost 21.36% of their funds, while 4Belt users lost 5.51%. No other pools or storages were harmed. In general, the attack caused the BeltBUSD pool a cumulative loss of 50 million BUSD – 43.8 million BUSD in commissions and 6.23 million BUSD, which the attackers received as profit.

The developers noted that the withdrawal and deposit of money was suspended as soon as the attack became known, and that the vulnerability that caused the attack was fixed. In a blog post, the Belt Finance team reported that withdrawals and deposits will be resumed within 24-48 hours and that the developers are thinking of a “compensation plan” that will be presented in the next 48 hours.

Recall that last week, hackers withdrew about $ 7.2 million from the BurgerSwap protocol using an attack using fast loans. In May, PancakeBunny’s DeFi protocol was also hacked with instant loans, resulting in the attackers withdrawing $ 200 million worth of crypto assets. Spartan Protocol, bEarn Fi, Uranium Finance and several other projects at BSC suffered the same fate.