Another two platforms on Binance Smart Chain have been hit with flash loan attacks. Two BSC’s earliest Dexs were the targets.
Both protocols are now faced with the prospect of trying to put the pieces back together after these damaging events. BurgerSwap has already said it is working on a detailed compensation package, but is faced with “rugpull” FUD and “inside job” claims. To further fuel such conspiracies and create additional difficulties for the BurgerSwap team, Hayden Adams, the creator of Uniswap, claims the exploit only occurred because BurgerSwap’s forked Uniswap code removed the specific line of code which would have prevented the exploit.
Growing Exploits on Binance Smart Chain
BurgerSwap and JulSwap now join a growing list of BSC-based protocols which have been attacked, finding themselves in the unhappy company of Venus, PancakeBunny, Spartan and Uranium. The BSC chain protocols have all faced either a flash loan attack, or some other kind of exploit in this month alone.
What are Flash Loan Attacks?
Flash loans were first proposed by Marble Capital in 2018. The concept of the flash loan is to borrow and repay money in a single blockchain transaction, theoretically giving the loan an effective time duration of 0. This allows any person to borrow large amounts of working capital at very negligible cost. Marble posited that this flash loan would allow anyone to successfully profit from arbitrage opportunities – exploiting the cost differences of the same asset across platforms.
As explained by Marble in their blog which first introduced the concept, the flash loan concept works as follows:
“There are now several DEXs on Ethereum such as 0x, Bancor, and Kyber, which often have small price differences. With flash lending, a trader can borrow from the Marble bank, buy a token on one DEX, sell the token on another DEX for a higher price, repay the bank, and pocket the arbitrage profit all in a single atomic transaction.”
As explained by Adelyn Zhou, the CMO of Chainlink Labs, flash loans can be used in ways other than originally intended so that individual’s with little or no market capital can manipulate the market as though they were a whale.
“The novelty of a flash loan is that it can temporarily make anyone in the world a very well-capitalized actor, with the potential to suddenly manipulate the market. In the recent string of attacks, we’ve seen malicious actors use flash loans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens so they can artificially move a token’s price on a single exchange. This sequence is essentially the foot in the door, allowing the attacker to then exploit that exchange’s anomalous pricing. ”
Importantly, the flash loan is only a tool which is used to make these attacks happen. Without vulnerabilities in the protocol’s themselves the flash loan attack would not be possible.
It has been a notably bad month for hacks and other exploits on Binance Smart Chain. While the ecosystem has grown at incredible speed, questions may be raised as to whether the incredible speed of this growth has also come at some cost to thoroughness and security. Other protocols on BSC would be wise to take note of these recent attacks, to learn the lessons of them, and to apply any fixes to their own platforms with haste. Malicious actors have acquired a taste for exploiting projects on BSC, and having made gains in the hundreds of millions of dollars, there is no reason to expect them to stop now.
Source : bsc.news
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.