Spartan Protocol exploit results in loss of $30M

Published at: May 2, 2021

Spartan Protocol, a liquidity platform for synthetic assets on the Binance Smart Chain, was drained of $30 million in a coordinated attack on its liquidity pool late Saturday. 

The exploit targeted a “flawed liquidity share calculation” in the SPARTA/WBNB liquidity pool, which enabled the attacker to withdraw the funds, blockchain security company PeckShield explained. The security expert continued:

“In particular, the specific hack inflates the asset balance of the pool before burning the same amount of pool tokens to claim an unnecessarily large amount of underlying assets. The consequence of this attack results in more than $30M loss from the affected pool.”

The nuts and bolts of the attack center around the manipulation of flash loans, which were used to inflate the balance of the pool before burning an equivalent amount of pool tokens.

Spartan Protocol tweeted about the exploit late Saturday, explaining that the “Attacker used $61m in BNB to overcome the pools via [...] as yet unknown economic exploit path to remove roughly $30m in funds from the pools.”

What we know so far -*Attacker used $61m in BNB to overcome the pools via a as yet unknown economic exploit path to remove roughly $30m in funds from the pools.Reach out if you can help identify and analyse the exploit.https://t.co/aNTvdzKOeFCC @RektHQ @samczsun @bneiluj

— Spartan Protocol (@SpartanProtocol) May 2, 2021

Spartan Protocol’s latest update on the matter came early Sunday, where it linked followers to the PeckShield report:

Detailed analysis of the bug in Spartan Protocol v1.Where to now?Community fund a https://t.co/mfghq1UJjH for Spartan Protocol v2.Rebuild the shield wall.https://t.co/s11s9rWTtA

— Spartan Protocol (@SpartanProtocol) May 2, 2021

The attack goes down as one of the single largest monetary exploits in decentralized finance history, according to Rekt. Only five other DeFi exploits resulted in the loss of more funds: EasyFi ($59 million), Uranium Finance ($57.2 million), KuCoin ($45 million), Alpha Finance ($37.5 million) and Meerkat Finance ($32 million).

The value of SPARTA, Spartan Protocol’s native token, plunged 30% on Sunday to $1.17. It was down over 29% in Bitcoin (BTC) comparative and 31.4% versus Ether (ETH).

Theft and exploitation are nothing new for the cryptocurrency community. In addition to the recent string of DeFi attacks, crypto criminals stole an estimated $1.9 billion in 2020, according to Finaria, an Italian publication. Fraud was the leading crypto-based crime, followed by theft and ransomware. The year before, in 2019, criminals made off with an estimated $4.5 billion worth of cryptocurrency. 

Tags
Related Posts
DeFi attacks are on the rise — Will the industry be able to stem the tide?
The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to …
Adoption / May 14, 2022
Uniswap's BNB deployment should use multiple bridges, claims LIFI CEO
As Uniswap DAO’s vote to deploy to BNB chain continues, LIFI CEO Phillip Zentner argued in a February 6 forum post that the current proposal is flawed. According to him, the plan to use Wormhole as the sole governance bridge for Uniswap should be abandoned. Instead, he claimed that Uniswap researchers should work on a standardized system for using multiple bridges to handle governance decisions. The ongoing discussion on @Uniswap's forum is critical for the multi-chain ecosystem in 2023. TL;DR: Uniswap's model for x-chain governance will likely become industry standard. As an unbiased member of the community, @lifiprotocol is rooting …
Trading / Feb. 8, 2023
Poly Network offers to on board 'Mr. White Hat' as chief security advisor
Decentralized finance protocol Poly Network has offered the person behind a $610 million hack an advisery position and $500,000 — whether they like it or not. In a Tuesday update, the Poly Network team said, in a seeming attempt to gain access to the hacker’s expertise, that it would be inviting them to the position of chief security adviser. In addition, the project will be sending a $500,000 bounty for the attacker, whom Poly dubbed "Mr. White Hat," despite the fact they have previously refused any payment. “Poly Network has no intention of holding Mr. White Hat legally responsible, as …
Business / Aug. 17, 2021
The remaining steps to mainstream institutional investment
It has been said that you only get one chance to make a first impression. Perhaps the best example of this old adage is the cryptocurrency space. From exit scams and money laundering, to unaudited code and high carbon footprints, the crypto landscape has spent the better part of the past decade scrubbing itself of its infamous past. For many, the sanitizing of the decentralized ecosystem was inevitable — simply a matter of when, not if. This mindset hindered the sense of urgency that should have been on display and may have ultimately contributed to the skepticism exhibited by mainstream …
Adoption / May 29, 2021
Developers need to stop crypto hackers — or face regulation in 2023
Third-party data breaches have exploded. The problem? Companies, including cryptocurrency exchanges, don’t know how to protect against them. When exchanges sign new vendors, most just innately expect that their vendors employ the same level of scrutiny as they do. Others don’t consider it at all. In today’s age, it isn’t just a good practice to test for vulnerabilities down the supply chain — it is absolutely necessary. Many exchanges are backed by international financiers and those new to financial technologies. Many are even new to technology altogether, instead backed by venture capitalists looking to get their feet wet in a …
Bitcoin Regulation / Nov. 3, 2022